Exploit News, Articles and Updates

Def Con presenter: 'Synthetic clicks' exploit can help attackers install malware on Macs

A presentation at Def Con 2018 last week revealed an unpatched vulnerability in macOS devices that can allow malware to bypass certain security checks using a technique that fakes user mouse clicks.

Malvertising scam compromises 10,000+ websites; researchers suggest ad network and resellers may be culpable

A malicious actor posing as a web publisher compromised more than 10,000 WordPress websites in an elaborate malvertising campaign involving various ad resellers and at least one major ad network, according to researchers.

Dasan and D-Link routers targeted by apparent botnet in new wave of exploit attacks

An apparent botnet comprised of more than 3,000 separate source IPs generated a large, sudden spike in exploit attacks on July 19, targeting D-Link 2750B and certain Dasan GPON (Gigabit Passive Optical Network) small and home office routers.

Researchers detect fresh activity in Blackgear cyber espionage campaign

The long-running Blackgear cyber espionage campaign that has largely targeted Taiwanese, Japanese and South Korean targets recently commenced a new operation that abuses legitimate blog and social media sites to establish command-and-control infrastructure.

Cryptomining campaign targeting web servers vulnerable to Drupalgeddon 2.0 nets $11,000

An ongoing malware campaign that attempts to exploit web servers susceptible to the Drupalgeddon 2.0 bug in order to infect them with an XMRig-based cryptominer has generated around $11,000 in profits since commencing last April and peaking on May 20.

Adobe issues critical patch after Flash zero-day bug actively exploited in Middle East

Adobe Systems today issued patches for four software vulnerabilities in Flash Player, including a zero-day flaw that attackers have been exploiting in the wild in targeted attacks against Windows users in the Middle East, possibly in Qatar.

'Cyber incident' leaves Eventbrite-owned Ticketfly offline, ransom demanded.

The company didn't specify whether or not user information has been compromised but did acknowledge the incident in a tweet.

RIG EK campaign delivers researcher-phobic backdoor trojan Grobios

The RIG exploit kit has been causing trouble again, this time delivering a backdoor trojan called Grobios, which takes great pains to avoid detection and evade virtual and sandbox environments.

Patch Tuesday: Microsoft mends RCE bug reportedly exploited by cyber espionage group

Microsoft Corporation's Patch Tuesday release today fixed 67 bugs, including two that have been actively exploited in zero-day attacks, and another two whose details became public.

Malicious Monero miner spreads via arsenal of web server exploits

Researchers have discovered a versatile cryptominer worm that propagates itself by exploiting vulnerabilities in Microsoft's SMBv1 server, Oracle's WebLogic Server and Apache Struts, as well as by brute force attacking Microsoft SQL servers.

Doctors at RSA simulate emergency overdose caused by hacked medical pump

Doctors at RSA on Thursday presented a riveting simulation of a health care emergency caused by a medical device hack -- showing that physicians' trust in the integrity of their equipment can be misplaced.

Evolving exploit builder kit ThreadKit used for RAT and banking trojan campaigns

Researchers from Proofpoint last week revealed that they have discovered a new exploit builder kit that has been used by the sophisticated Cobalt Gang cybercriminal group, as well as other attackers who have used it to spread malware including banking trojans and remote access trojans.

Russian hackers target European agency with updated DealersChoice Adobe Flash exploit tool

The aggressive Russian APT group Sofacy targeted yet another European government agency earlier this month, attempting to infect the organization with unknown malware using a crafty new variant of its Adobe Flash-based exploit platform DealersChoice.

Pwn2Own competition flushes out five Apple bugs, four Microsoft flaws

Independent researchers collected $267,000 in bug purchases this week at the annual Pwn2Own contest at CanSecWest in Vancouver, after demonstrating vulnerability exploits in Apple (5 bugs), Microsoft (4), Oracle (2), and Mozilla software (1).

RedisWannaMine cryptojacking attack exploits EternalBlue vulnerability and public Redis servers

A newly discovered and unusually sophisticated cryptojacking attack attempts to install cryptominers on both database and application servers by targeting misconfigured Redis servers, as well as Windows servers that are susceptible to the EternalBlue NSA exploit.

uTorrent apps found vulnerable to remote code execution, information disclosure

The developer of uTorrent for Windows and uTorrent Web has been scrambling to issue patched versions of the BitTorrent-based peer-to-peer fire-sharing apps after Google Project Zero researcher Tavis Ormandy found critical vulnerabilities that can result in remote code execution and information disclosure upon visiting malicious websites.

Researcher: Microsoft Word feature can be exploited to display videos that mine cryptocurrency

Malicious actors can abuse Microsoft Word's Online Video feature to deliver videos that secretly exhaust their viewers' computer processing power in order to mine cryptocurrencies, according to Israeli cybersecurity firm Votiro.

North Korea's APT37 hacking group expands its reach and ups its game, warns researchers

Reputed North Korean APT group TEMP.Reaper, the alleged culprit behind a zero-day ROKRAT malware campaign leveraging Adobe Flash Player vulnerability CVE-2018-4878, has been expanding its global target list despite remaining largely under the radar, according to a new FireEye research report.

Cryptominer campaign leveraging Oracle bug spreads worldwide via multiple infection tactics

A malicious campaign that's been exploiting a vulnerability in Oracle's WebLogic application servers in order to install a Monero cryptominer on victims' machines has reportedly used at least four different infection chain tactics to spread the threat worldwide, across virtually all industry sectors.

Stinging Telegram: Attackers exploit zero-day flaw in app to fool users into malicious downloads

Attackers were found exploiting a zero-day vulnerability in the Telegram messenger app to make the names and extensions of malicious files appear more legitimate, in hopes that users who received these files would be more willing to open them.

Crypto exchange BitGrail and token developer Nano at odds over alleged coin theft

Italian cryptocurrency exchange BitGrail is feuding with the developers of Nano virtual tokens, with both sides pointing fingers after BitGrail issued an announcement claiming a malicious actor stole 17 million Nano coins from the exchange.

Over 100 in-the-wild malware samples found searching for machines prone to Spectre and Meltdown

It hasn't taken long for cybercriminals to craft malware specifically designed to exploit the recently disclosed Spectre and Meltdown speculative execution bugs found in computer chips.