Cybersecurity researchers have identified a new Golang-based backdoor which uses Telegram for command-and-control communications, thought to be of Russian origin. Once launched, the malware checks its location and if different, moves its own content accordingly, launching a copied version. It uses an open-source library for Golang Telegram Bot API bindings for command-and-control purposes. The malware can execute commands via PowerShell, relaunch itself and, in future, potentially capture screenshots.
Edimax Camera RCE Vulnerability Exploited to Spread Mirai Malware
The Akamai Security Intelligence and Response Team (SIRT) has issued an alert about a command injection vulnerability in Edimax’s Internet of Things (IoT) devices. The
