Exploit News, Articles and Updates

Trustjacking exploit abuses iTunes feature to spy on iOS devices

Researchers presenting at RSA 2018 on Wednesday disclosed how attackers can gain persistent remote control over iOS devices by abusing a weakness in iTunes Wi-Fi sync, a feature that allows users to sync up iTunes content and data between Apple devices.

Evolving exploit builder kit ThreadKit used for RAT and banking trojan campaigns

Researchers from Proofpoint last week revealed that they have discovered a new exploit builder kit that has been used by the sophisticated Cobalt Gang cybercriminal group, as well as other attackers who have used it to spread malware including banking trojans and remote access trojans.

Russian hackers target European agency with updated DealersChoice Adobe Flash exploit tool

The aggressive Russian APT group Sofacy targeted yet another European government agency earlier this month, attempting to infect the organization with unknown malware using a crafty new variant of its Adobe Flash-based exploit platform DealersChoice.

Pwn2Own competition flushes out five Apple bugs, four Microsoft flaws

Independent researchers collected $267,000 in bug purchases this week at the annual Pwn2Own contest at CanSecWest in Vancouver, after demonstrating vulnerability exploits in Apple (5 bugs), Microsoft (4), Oracle (2), and Mozilla software (1).

RedisWannaMine cryptojacking attack exploits EternalBlue vulnerability and public Redis servers

A newly discovered and unusually sophisticated cryptojacking attack attempts to install cryptominers on both database and application servers by targeting misconfigured Redis servers, as well as Windows servers that are susceptible to the EternalBlue NSA exploit.

uTorrent apps found vulnerable to remote code execution, information disclosure

The developer of uTorrent for Windows and uTorrent Web has been scrambling to issue patched versions of the BitTorrent-based peer-to-peer fire-sharing apps after Google Project Zero researcher Tavis Ormandy found critical vulnerabilities that can result in remote code execution and information disclosure upon visiting malicious websites.

Researcher: Microsoft Word feature can be exploited to display videos that mine cryptocurrency

Malicious actors can abuse Microsoft Word's Online Video feature to deliver videos that secretly exhaust their viewers' computer processing power in order to mine cryptocurrencies, according to Israeli cybersecurity firm Votiro.

North Korea's APT37 hacking group expands its reach and ups its game, warns researchers

Reputed North Korean APT group TEMP.Reaper, the alleged culprit behind a zero-day ROKRAT malware campaign leveraging Adobe Flash Player vulnerability CVE-2018-4878, has been expanding its global target list despite remaining largely under the radar, according to a new FireEye research report.

Cryptominer campaign leveraging Oracle bug spreads worldwide via multiple infection tactics

A malicious campaign that's been exploiting a vulnerability in Oracle's WebLogic application servers in order to install a Monero cryptominer on victims' machines has reportedly used at least four different infection chain tactics to spread the threat worldwide, across virtually all industry sectors.

Stinging Telegram: Attackers exploit zero-day flaw in app to fool users into malicious downloads

Attackers were found exploiting a zero-day vulnerability in the Telegram messenger app to make the names and extensions of malicious files appear more legitimate, in hopes that users who received these files would be more willing to open them.

Crypto exchange BitGrail and token developer Nano at odds over alleged coin theft

Italian cryptocurrency exchange BitGrail is feuding with the developers of Nano virtual tokens, with both sides pointing fingers after BitGrail issued an announcement claiming a malicious actor stole 17 million Nano coins from the exchange.

Over 100 in-the-wild malware samples found searching for machines prone to Spectre and Meltdown

It hasn't taken long for cybercriminals to craft malware specifically designed to exploit the recently disclosed Spectre and Meltdown speculative execution bugs found in computer chips.

North Korea blamed for yet another cryptocurrency-focused phishing campaign

In other cryptocurrency news, attackers were discovered exploiting a recently patched Oracle flaw in order to secretly deploy a Monero cryptominer in organizations' WebLogic application servers.

Microsoft bug CVE-2017-11882 exploited to deliver Loki information stealer

Attackers continue to exploit a recently patched remote code execution vulnerability in the Microsoft Equation Editor component of Microsoft Office, this time using the bug to deliver a modified version of Loki information-stealing malware.

Researchers: Microsoft Office flaw exploited by suspected Iranian APT group

Researchers believe a suspected Iranian APT group is responsible for a recent cyber espionage operation that targeted a Middle Eastern government organization, using a recently patched remote code execution vulnerability in Microsoft Office as an attack vector.

Terror EK spotted using SSL certificates to beat security

Cybercriminals using the Terror exploit kit have recently starting using SSL certificates to help sneak the EK and its malware passed cybersecurity staffers.

Magniber ransomware in the wild, only targets South Korean targets

A new variety of ransomware has recently appeared and is displaying some very unusual behavior, primarily by only targeting South Korean entities and actively ignoring any other potential victims.

APT group's active exploit of Flash bug prompts emergency Adobe patch

Adobe Systems on Monday issued an emergency patch for a zero-day Flash Player vulnerability, after an APT group was discovered actively exploiting the bug as a means to infect machines with FinSpy surveillance malware.

Campaign leverages two malicious docs and RCE vulnerability to spread Orcus Rat

A malicious Microsoft Word document, discovered making the rounds via email, infects victims with the Orcus Rat remote administrative tool by automatically downloading a secondary doc capable of executing an RCE exploit.

Apple's iOS 11 release prevents backdoor exploit on Wi-Fi chips

Apple's release of iOS 11 patched an out-of-bounds write vulnerability in Wi-Fi chips that, if exploited, could have allowed attackers within range to execute arbitrary code on the firmware.

Attackers actively exploiting Apache Struts remote code execution bug

Almost immediately following the disclosure of a critical Apache Struts bug last Tuesday, exploit code for the vulnerability was published online and attackers reportedly began exploiting the flaw.

We're not suggesting you should hack cyberattackers back. But if we were...

The C&C infrastructures that cybercriminals rely on to compromise their victims can be just as vulnerable to exploits as the machines they infected in the first place, making them susceptible to possible retribution attacks.

WikiLeaks: CIA's Brutal Kangaroo toolset lets malware hop onto closed networks

WikiLeaks dumped more leaked CIA documents, publishing materials from a tool suite called Brutal Kangaroo that allows attackers to indirectly infiltrate a closed network or air-gapped computer using a compromised flash drive.

AdGholas malvertisers experiment with ransomware, delivered through Astrum EK

The AdGholas malvertising group conducted a new campaign in May and June 2017 using the Astrum EK to infect victims with Mole ransomware - an unusual change-up for these adversaries, who historically have favored banking trojans.