HackDig : Dig high-quality web security articles for hackers

New Flash Player Zero-Day in The Wild

A new Flash Player zero-day has been found in the wild and is being used in targeted attacks. Adobe has published a security bulletin and said it expects to release a patch during the week of October 19. The vulnerability which has been assigned as CVE-2015-7645 is rated critical and affects Adobe Flash Player 19.0.0.207 and earlier versions. This means tha
Publish At:2015-10-15 02:45 | Read:3564 | Comments:0 | Tags:Zero-Days anti exploit exploit zero day zeroday

Angler Exploit Kit Strikes on MSN.com via Malvertising Campaign

The same ad network – AdSpirit.de – which was recently abused in malicious advertising attacks against a slew of top media sites was caught serving malvertising on MSN.com. This is the work of the same threat actors that were behind the Yahoo! malvertising. The incident occurred when people who where simply browsing MSN’s news, lifestyle or
Publish At:2015-08-27 19:30 | Read:5122 | Comments:0 | Tags:Malvertising angler anti exploit Jerome Segura malvertising

New Malwarebytes Anti-Exploit Version Is Out!

We have just released Malwarebytes Anti-Exploit 1.07. This latest version brings in some new features, improvements and bug fixes. Malwarebytes Anti-Exploit uses a combination of one enforcement layer and three protection layers to block attacks. In this version, we have added new mitigation techniques to stop threats earlier during the exploitation phase. L
Publish At:2015-07-02 03:10 | Read:3851 | Comments:0 | Tags:Malwarebytes News angler EK anti exploit exploit Malwarebyte

Recent Flash Player 0-day Exploit Goes Mainstream

On June 23rd, security firm FireEye released a report about targeted attacks leveraging a Flash Player zero-day vulnerability (CVE-2015-3113) in Adobe Flash Player up to version 18.0.0.160. The firm stated that some users would receive a phishing email containing a link to a site hosting the zero-day exploit. The announcement went out around the same time as
Publish At:2015-06-29 06:25 | Read:8462 | Comments:0 | Tags:Exploits 0day anti exploit CVE-2015-3113 exploit Flash Playe

Dutch Users Victim of Large Malvertising Campaign

Security firm Fox-IT has identified a large malvertising campaign that began affecting Dutch users on June 11. In their blog post, they say that several major news sites were loading the bogus advertisement that ultimately lead to the Angler exploit kit. Looking at our telemetry we also noticed this attack, and in particular on Dutch news site Telegraaf[.]nl
Publish At:2015-06-16 09:45 | Read:4231 | Comments:0 | Tags:Malvertising anti exploit exploit malvertising Malwarebytes

Unusual Exploit Kit Targets Chinese Users (Part 1)

We are very accustomed to seeing the same exploit kits over and over. Angler EK, Nuclear EK or Fiesta EK all have become familiar faces on this blog. Today, we are looking at an exploit kit that we have not seen before. Contrary to its counterparts, it is not used on mainstream websites or via malvertising attacks but rather it specifically targets Chinese w
Publish At:2015-05-29 01:10 | Read:4666 | Comments:0 | Tags:Exploits anti exploit exploit exploit kit Malwarebytes websi

Exploit Kit authors give up on Malwarebytes users

It is a well-known fact that malware authors try really hard to avoid security researchers and their analysis tools. For instance, many binaries have anti VM features and will behave differently if they detect that they are running in a non genuine environment. Exploit kits also perform similar tricks despite some limitations since they are browser based. Ka
Publish At:2015-05-20 14:55 | Read:4170 | Comments:0 | Tags:Exploits angler EK anti exploit exploit kits Malwarebytes ex

Booby-trapped Hugo Boss Advert Spreads Cryptowall Ransomware

Malicious advertising attacks (malvertising) have been plaguing mainstream sites and their visitors a lot these past few years. While some are easy to spot and get rid of, others tend to be much more sophisticated and hard to shine light on. On Saturday 11th, we discovered a malicious advert that was displayed on huffingtonpost.com as well as other popular s
Publish At:2015-04-14 03:05 | Read:4824 | Comments:0 | Tags:Malvertising anti exploit Anti-Malware exploit flash malvert

Top Adult Site RedTube Compromised, Redirects to Malware

DISCLAIMER: THIS POST INCLUDES SOME LANGUAGE AND TOPICS THAT MIGHT NOT BE SUITABLE FOR ALL READERS, PLEASE BE ADVISED AND PROCEED WITH CAUTION. We’ve documented adult sites leading to malware before on this blog, but this one is a little bit different. This time around, the source of the problem is not malvertising, but rather a malicious iframe plac
Publish At:2015-02-18 14:40 | Read:4527 | Comments:0 | Tags:Exploits angler anti exploit exploit flash exploit iframes m

Exploit Kits: A Fast Growing Threat

[ Breaking 01/21/15: New Adobe Flash Player Zero-Day has been found in the wild by security researcher Kafeine. Malwarebytes Anti-Exploit detects and protects you from this threat.] When we talk to people that have been infected, they often ask how it happened. In a growing number of cases, they have been doing nothing more than reading a news website or bro
Publish At:2015-01-21 23:50 | Read:3839 | Comments:0 | Tags:Exploits anti exploit drive-by downloads exploit kits exploi

The New Malwarebytes Anti-Exploit 1.05

While we’re still riding high on Malwarebytes Anti-Exploit winning the V3 Security Innovation of the year award, we are also happy to announce the general availability of the new Malwarebytes Anti-Exploit 1.05.1.1014. While with 0.10 beta we did a complete re-write of the underlying service architecture, this build is a complete re-write or refactor of
Publish At:2014-12-01 17:10 | Read:3623 | Comments:0 | Tags:Malwarebytes News anti exploit exploit Malwarebytes

Large malvertising campaign under way involving DoubleClick and Zedo

Earlier today, we warned people that both The Times of Israel and The Jerusalem Post were affected by a malvertising attack. It appears that this is a much larger and ongoing campaign that is affecting a number of other popular websites. The reason this is really big is because it involves doubleclick.net (a subsidiary of Google for online ads) and Zedo (a p
Publish At:2014-09-19 06:00 | Read:3845 | Comments:0 | Tags:Malvertising anti exploit malvertising

Announce

Share high-quality web security related articles with you:)

Tools