Information Security

Researchers have unveiled a new offensive framework called Manjusaka that they call “the Chinese brother of Sliver and Cobalt Strike.” “A fully functional version of Command and Control (C2), written in GoLang with a simplified Chinese user interface, is freely available and can easily create new implants with custom configurations, increasing the potential for wider …

Chinese hackers use a new Manjusaka hacking framework similar to Cobalt Strike Read More »

Microsoft on Friday revealed a possible connection between the Raspberry Robin USB worm and the notorious Russian cybercrime group Evil Corp. The tech giant said it noticed the FakeUpdates (also known as SocGholish) malware being delivered via existing Raspberry Robin infections on July 26, 2022. Raspberry Robin, also known as QNAP Worm, is known to …

Microsoft Links Raspberry Robin USB Worm to Russian Evil Corp Hackers Read More »

A malicious campaign has taken advantage of seemingly harmless Android dropper apps on the Google Play Store to expose users’ devices to banking malware. These 17 Dropper Apps, Dubbed Combined Daudruber By Trend Micro, disguised as productivity apps and utilities such as document scanners, QR code readers, VPN services, call recorders, and more. All these …

Discover Over Ten Android Apps on Google Play Store Drop Bank Malware Read More »

A cyber mercenary who “ostensibly sells public security and information-analytics services to commercial customers” has used several Windows and Adobe exploits in limited, highly targeted attacks against European and Central American entities. The company, which Microsoft describes as a private sector offensive actor (PSOA), is an Austria-based company called DSIRF associated with developing and attempting …

Microsoft reveals Austrian company exploits Windows and Adobe Zero-Day Exploits Read More »

Up to 30 malicious Android apps with a cumulative download of nearly 10 million have been found on the Google Play Store to distribute adware. “All of them are integrated into different programs, including image editors, virtual keyboards, system tools, utilities, communication applications, background gathering applications, and more,” Dr. Webb said in his book on …

These 28+ Android Apps With 10 Million Downloads From Play Store Contains Malware Read More »

Atlassian has rolled out fixes to fix a critical vulnerability related to the use of encrypted credentials affecting the Questions For Confluence app for Confluence Server and Confluence Data Center. bug tracker CVE-2022-26138arises when the application in question is enabled on either service, causing a Confluence user account to be created with the username ‘System …

Atlassian introduces security patch to critical confluence risks Read More »