Security news aggregator

Latest coverage for Reverse Shell

A reverse shell lets an attacker control a compromised host remotely; egress filtering, least privilege, and endpoint monitoring can limit impact.

2 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

A reverse shell is an interactive command channel that a compromised host initiates to a remote system controlled by an attacker. The remote endpoint listens while the victim makes the outbound connection, which can make the channel viable even when inbound connections are blocked; it does not, by itself, bypass every firewall or security control. Attackers commonly obtain one after exploiting a vulnerable service, using stolen credentials, or executing malicious code, then operate with the compromised account’s permissions.

Its security significance is remote command execution: an attacker may install tools, steal accessible secrets, move to other systems, or attempt privilege escalation. Outbound traffic from an unusual process, destination, port, or time can provide a useful detection signal, especially when endpoint telemetry links a connection to a shell or scripting interpreter. Key defenses are restrictive egress filtering, patching exposed services, least privilege, and network segmentation. If detected, isolate the host, terminate the channel, and investigate the originating process and persistence mechanisms.

Showing 2 most recent headlines Filtered view

Cybersecurity researchers have unearthed a new controller component associated with a known backdoor called BPFDoor as part of cyber attacks targeting telecommunications, finance, and retail sectors in South Korea, Hong Kong, Myanmar, Malaysia, and Egypt in 2024

Trend Micro Research, News and Perspectives 1 year, 3 months ago

BPFDoor’s Hidden Controller Used Against Asia, Middle East Targets

A controller linked to BPF backdoor can open a reverse shell, enabling deeper infiltration into compromised networks. Recent attacks have been observed targeting the telecommunications, finance, and retail sectors across South Korea, Hong Kong, Myanmar, Malaysia, and Egypt.