Exploit News, Articles and Updates

Magniber ransomware in the wild, only targets South Korean targets

A new variety of ransomware has recently appeared and is displaying some very unusual behavior, primarily by only targeting South Korean entities and actively ignoring any other potential victims.

APT group's active exploit of Flash bug prompts emergency Adobe patch

Adobe Systems on Monday issued an emergency patch for a zero-day Flash Player vulnerability, after an APT group was discovered actively exploiting the bug as a means to infect machines with FinSpy surveillance malware.

Campaign leverages two malicious docs and RCE vulnerability to spread Orcus Rat

A malicious Microsoft Word document, discovered making the rounds via email, infects victims with the Orcus Rat remote administrative tool by automatically downloading a secondary doc capable of executing an RCE exploit.

Apple's iOS 11 release prevents backdoor exploit on Wi-Fi chips

Apple's release of iOS 11 patched an out-of-bounds write vulnerability in Wi-Fi chips that, if exploited, could have allowed attackers within range to execute arbitrary code on the firmware.

Attackers actively exploiting Apache Struts remote code execution bug

Almost immediately following the disclosure of a critical Apache Struts bug last Tuesday, exploit code for the vulnerability was published online and attackers reportedly began exploiting the flaw.

We're not suggesting you should hack cyberattackers back. But if we were...

The C&C infrastructures that cybercriminals rely on to compromise their victims can be just as vulnerable to exploits as the machines they infected in the first place, making them susceptible to possible retribution attacks.

WikiLeaks: CIA's Brutal Kangaroo toolset lets malware hop onto closed networks

WikiLeaks dumped more leaked CIA documents, publishing materials from a tool suite called Brutal Kangaroo that allows attackers to indirectly infiltrate a closed network or air-gapped computer using a compromised flash drive.

AdGholas malvertisers experiment with ransomware, delivered through Astrum EK

The AdGholas malvertising group conducted a new campaign in May and June 2017 using the Astrum EK to infect victims with Mole ransomware - an unusual change-up for these adversaries, who historically have favored banking trojans.

Terror Exploit Kit ditches carpet bombing techniques; attacks now more surgical

The Terror Exploit Kit is rapidly evolving, no longer bombarding victims with multiple exploits in scattershot fashion, but rather applying only the hacking tools that work best against a specific compromised machine.

Shadow Brokers threatens monthly leak of more NSA tools to monthly subscribers

The Shadow Brokers group that has been leaking alleged NSA hacking tools, is now threatening to launch a "Dump of the Month" service that will deliver more stolen tools and data to paying subscribers.

FBI, CIA launch probe into WikiLeaks; Apple, Google assure zero-day fixes

The information released has yet to be verified but revealed multiple zero days that Apple and Google said are being fixed.

20K Overwatch hackers banned in S. Korea

Overwatch players can rest easier knowing that they can get a fair shake in their online battles after a thousands of hackers have been banned from the game.

ElTest malware campaign changes tactics, scraps use of gates and obfuscation

The long-lived ElTest malware campaign that infects victims through compromised websites evolved once again in the last quarter of 2016, ending its use of exploit kit gates and obfuscation, according to researchers with Palo Alto Networks' Unit 42 threat research team.

Sofacy APT doubles down on its 'DealersChoice' Flash exploit campaign

Russian APT group Sofacy has upped the ante in its campaign to compromise organizations with its "DealersChoice" Flash Player exploit tool, even after Adobe patched a key Flash vulnerability that the tool was observed exploiting.

Stegano malvertising campaign invades major news websites, warns report

A recently discovered exploit kit called Stegano is infecting select machines via malicious banner ads that, by conservative estimates, have been delivered to over a million users in just the last two months.

Gooligan ad fraud malware infects 1.3M Android users

A newly discovered malware program that targets older versions of the Android OS has infected roughly 1.3 million Google accounts, currently breaching devices at a clip of 13,000 victims per day.

Qualcomm launches bug bounty programme to find chip flaws

White hat hackers invited to squash bugs in processors from chip vendor Qualcomm in a bid to fix the "Achilles Heel" of the IT industry.

Linux flaw exposed in a minute by pressing enter key

Researchers have discovered a major vulnerability in Cryptesetup utility that can impact many GNU/Linux systems that just requires the enter key to be pressed for about 70 seconds.

This is PoisonTap, Kamkar tool can hack locked PCs

Security researcher Samy Kamkar rolled out a hacking tool dubbed PoisonTap that can crack into a locked computer fully exposing the device to a myriad of potential hacking problems.

PwnFest hackers exploit vulns in Google Pixel, Safari, and Microsoft Edge

Researchers exploited vulnerabilities in Google's Pixel phone, Apple's Safari browser, and Microsoft Edge browser at the PwnFest 2016 hacking event.

Floki Bot: The Rest of the Story

Last week we took the 100,000 foot level view of the relatively new floki bot. This bot - allegedly modeled after Zeus 2.0.8.9 is selling in the underground marketplaces for around $1,000.

Google and Microsoft in dust-up over vulnerability disclosure

Ten days after privately disclosing an actively exploited, critical Windows vulnerability to Microsoft Corporation, Google's Threat Analysis Group went public with the flaw, despite the lack of a patch.

Zero days used in attacks on DNC, Podesta

Russian hackers are employing zero-day exploits to infect target networks, according to security researchers at ESET.

Researchers discover exploit of Intel flaw allows ASLR bypass

Security researchers published details of the exploit in a research report entitled "Jump Over ASLR: Attacking the Branch Predictor to Bypass ASLR."

Oracles issues large batch of updates

Oracle released its latest batch of patches on Tuesday to address 253 security vulnerabilities for 76 products.

Nearly 6K e-commerce sites hacked, including GOP group

Hackers exploited security vulnerabilities and weak passwords to burrow their way into a number of e-commerce sites, including that of the National Republican Senatorial Committee.