#chrome

By Deeba Ahmed According to the latest research findings from VirusTotal, cybercriminals and threat actors are increasingly relying on mimicked versions… This is a post from HackRead.com Read the original post: VirusTotal Reveals Apps Most Exploited by Hackers to Spread Malware

Threat actors are increasingly mimicking legitimate applications like Skype, Adobe Reader, and VLC Player as a means to abuse trust relationships and increase the likelihood of a successful social engineering attack. Other most impersonated legitimate apps by icon include 7-Zip, TeamViewer, CCleaner, Microsoft Edge, Steam, Zoom, and WhatsApp, an analysis from VirusTotal has revealed. "One of the

BigTree CMS 4.4.16 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted PDF file.

In Quest KACE Systems Management Appliance (SMA) through 12.0, a hash collision is possible during authentication. This may allow authentication with invalid credentials.

Researchers have disclosed a new offensive framework called Manjusaka that they call a "Chinese sibling of Sliver and Cobalt Strike." "A fully functional version of the command-and-control (C2), written in GoLang with a User Interface in Simplified Chinese, is freely available and can generate new implants with custom configurations with ease, increasing the likelihood of wider adoption of this

By Asheer Malhotra and Vitor Ventura. Cisco Talos recently discovered a new attack framework called "Manjusaka" being used in the wild that has the potential to become prevalent across the threat landscape. This framework is advertised as an imitation of the Cobalt Strike framework. The implants for the new malware family are written in the Rust language for Windows and Linux. A fully functional version of the command and control (C2), written in GoLang with a User Interface in Simplified Chinese, is freely available and can generate new implants with custom configurations with ease, increasing the likelihood of wider adoption of this framework by malicious actors. We recently discovered a campaign in the wild using lure documents themed around COVID-19 and the Haixi Mongol and Tibetan Autonomous Prefecture, Qinghai Province. These maldocs ultimately led to the delivery of Cobalt Strike beacons on infected endpoints. We have observed the same threat actor using the Cobalt Strike beac...

PyroCMS v3.9 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities.

"Bruggling" emerges as a novel technique for pilfering data out from a compromised environment — or for sneaking in malicious code and attack tools.

This week on Lock and Code, we talk with some of the team behind Malwarebytes Labs about whether we've lost the fight for data privacy. The post Have we lost the fight for data privacy? Lock and Code S03E16 appeared first on Malwarebytes Labs.

Categories: Podcast Tags: Data privacy Tags: facebook Tags: Google Tags: lock and code Tags: lock and code podcast Tags: malwarebytes labs Tags: podcast This week on Lock and Code, we talk with some of the team behind Malwarebytes Labs about whether we've lost the fight for data privacy. (Read more...) The post Have we lost the fight for data privacy? Lock and Code S03E16 appeared first on Malwarebytes Labs.