HackDig : Dig high-quality web security articles for hackers

Exploit kits: fall 2019 review

Despite a slim browser market share, Internet Explorer is still being exploited in fall 2019 in a number of drive-by download campaigns. Perhaps even more surprising, we’re seeing new exploit kits emerge. Based on our telemetry, these drive-bys are happening worldwide (with the exception of a few that are geo-targeted) and are fueled by malvertising
Publish At:2019-11-19 16:50 | Read:1880 | Comments:0 | Tags:Exploits and vulnerabilities Capesand EK exploit kit Fallout

Botched Flash 0day Gets Patched

Adobe has just released a patch for the infamous Flash Player to fix a vulnerability actively exploited in the wild by some exploit kits. This vulnerability was actually a zero-day (CVE-2016-1019) but exploit kit authors botched its integration which resulted in only affecting older versions of Flash. Another saving grace was the fact that a “mitigatio
Publish At:2016-04-09 22:35 | Read:4173 | Comments:0 | Tags:Exploits CVE-2016-1019 exploit Magnitude zero day

Magnitude EK Malvertising Campaign Adds Fingerprinting Gate

When it comes to malvertising, the Angler exploit kit is almost always the weapon of choice used by cyber criminals to push out malware onto their victims. As we’ve seen in many high profile cases recently, these attacks are also more sophisticated and use fingerprinting, a technique to weed out non genuine victims, directly served by the fraudulent ad
Publish At:2016-04-03 02:35 | Read:4036 | Comments:0 | Tags:Exploits fingerprinting Magnitude malvertising

Magnitude EK Malvertising Déjà Vu

During the past few days we have witnessed an increase in the number of malvertising incidents involving the Magnitude exploit kit. The last time we blogged about this was in mid November 2015 and we attributed the event to the fact that Magnitude EK had just integrated a newer Flash exploit (CVE-2015-7645). We fast-forward a few months and see that things h
Publish At:2016-02-26 02:15 | Read:4822 | Comments:0 | Tags:Malvertising Magnitude malvertising

Magnitude Exploit Kit Activity Increases Via Malvertising Attacks

During the past few days we have noticed a higher than usual number of malvertising attacks pushing the Magnitude exploit kit – which had been relatively quiet – to drop ransomware. Magnitude EK is one of those exploit kits we don’t hear about as much in comparison to others such as Angler EK or Nuclear EK. Its unique URL pattern makes it e
Publish At:2015-11-13 09:00 | Read:4455 | Comments:0 | Tags:Exploits Malvertising CVE-2015-7645 EK exploit kit Magnitude

Magnitude – an exploit kit par excellence

Magnitude – an exploit kit par excellence Trustwave has had sight of the inner workings and underlying infrastructure of the Magnitude exploit kit – the coming EK that is rapidly filling the gap left by Blackhole. As Blackhole declines following the arrest of its developer, Paunch, so
Publish At:2014-08-15 10:38 | Read:4970 | Comments:0 | Tags:News News_malware Blackhole exploit kit Magnitude Russia Tru

Tools