HackDig : Dig high-quality web security articles for hacker

A week in security (November 18 – 24)

Last week on Malwarebytes Labs, we looked at stalkerware’s legal enforcement problem, announced our cooperation with other security vendors and advocacy groups to launch Coalition Against Stalkerware, published our fall 2019 review of exploit kits, looked at how Deepfake on LinkedIn makes for malign interference campaigns, rounded up our knowledge about the
Publish At:2019-11-25 09:50 | Read:124 | Comments:0 | Tags:A week in security Coalition Against Stalkerware data leaks

Pulse VPN patched their vulnerability, but businesses are trailing behind

In April 2019, Pulse Secure published an advisory about a vulnerability in their software. In August, cybercriminals were massively scanning for systems that were running a vulnerable version. Now it’s October, and still many organizations have not applied the patches that are available for this vulnerability. This is a trend we’ve seen repeated wi
Publish At:2019-10-18 16:50 | Read:531 | Comments:0 | Tags:Business cybercriminals exploit exploit kits exploits patch

Five years later, Heartbleed vulnerability still unpatched

The Heartbleed vulnerability was introduced into the OpenSSL crypto library in 2012. It was discovered and fixed in 2014, yet today—five years later—there are still unpatched systems.  This article will provide IT teams with the necessary information to decide whether or not to apply the Heartbleed vulnerability fix. However, we caution: The latter c
Publish At:2019-09-20 11:20 | Read:444 | Comments:0 | Tags:Exploits and vulnerabilities cryptography EKs exploit kits e

Flash Player is Dead, Long Live Flash Player!

Adobe last week detailed plans to retire its Flash Player software, a cross-platform browser plugin so powerful and so packed with security holes that it has become the favorite target of malware developers. To help eradicate this ubiquitous liability, Adobe is enlisting the help of Apple, Facebook, Google, Microsoft and Mozilla. But don’t break out th
Publish At:2017-08-02 22:00 | Read:3982 | Comments:0 | Tags:Other adobe apple Benjamin Smedberg exploit kits Facebook Fl

Adobe Flash Player flaws remain the most used by Exploit Kits

Experts from the firm Recorded Future published a report on the most common vulnerabilities used by threat actors in the exploit kits. Recorded Future published an interesting report on the most common vulnerabilities used by threat actors in the exploit kits. The experts observed that Adobe Flash Player and Microsoft products (Internet Explorer, Silverlight
Publish At:2016-12-06 21:20 | Read:4059 | Comments:0 | Tags:Breaking News Cyber Crime Hacking Reports Adobe CVE-2016-018

New Bizarro Sundown Exploit Kit Spreads Locky

A new exploit kit has arrived which is spreading different versions of Locky ransomware. We spotted two cases of this new threat, which is based on the earlier Sundown exploit kit. Sundown rose to prominence (together with Rig) after the then-dominant Neutrino exploit kit was neutralized. Called Bizarro Sundown, the first version was spotted on October 5 wit
Publish At:2016-11-19 12:05 | Read:3668 | Comments:0 | Tags:Bad Sites Exploits Ransomware Bizarro Sundown exploit kits L

The Impact of the JohnyCryptor Ransomware

What has caused a seemingly typical ransomware from turning into one of the most popular malware threats this year? I’ve uncovered the facts, so allow me to give some insight into how this ransomware became one of the most feared strains this year.The First Johnycryptor Ransomware Major HitsIn early July 2016, various security vendors spotted the first
Publish At:2016-11-04 02:05 | Read:3042 | Comments:0 | Tags:Cyber Security Featured Articles decryption exploit kits Joh

Hacks for sale: Exploit kits provide easy avenue for unskilled attackers

One of the most common cyber-attack vehicles we’ve seen over the years involves so-called “exploit kits.” These are collections of exploits bundled together and sold as commercial software or as a service. A typical kit includes a collection of web pages with exploits for several vulnerabilities in popular web browsers, browser add-ons, or other types of sof
Publish At:2016-09-20 03:45 | Read:3539 | Comments:0 | Tags:Cybersecurity Exploit Kits Security Intelligence Report Tren

Creators of the Nuclear EK are gaining nearly 100K USD each month

According to security experts at Check Point the creators of the Nuclear EK are gaining nearly 100K USD each month, most victims are in Europe and US. Most people interested working with a cloud business model nowadays, even malware programmers. It is better than just one time selling a security exploit, authors of malware are now selling malware as a cloud-
Publish At:2016-05-26 07:20 | Read:4041 | Comments:0 | Tags:Breaking News Cyber Crime Malware crimeware kits Cybercrime

Toymaker’s website pushes ransomware that holds visitors’ files hostage

The website belonging to Maisto International, a popular maker of remote-controlled toy vehicles, has been caught pushing ransomware that holds visitors' files hostage until they pay a hefty fee.Malicious files provided by the Angler exploit kit were hosted directly on the homepage of Maisto[.]com, according to antivirus provider Malwarebytes. The attack cod
Publish At:2016-04-29 12:40 | Read:3763 | Comments:0 | Tags:Law & Disorder Risk Assessment Technology Lab Uncategorized

“Nuclear” exploit kit service cashes in on demand from cryptoransomware rings

Security researchers at Cisco Talos and Check Point have published reports detailing the inner workings of Nuclear, an "exploit kit" Web service that deployed malware onto victims' computers through malicious websites. While a significant percentage of Nuclear's infrastructure has been recently disrupted, the exploit kit is still operating—and looks to be a
Publish At:2016-04-22 16:25 | Read:4543 | Comments:0 | Tags:Risk Assessment Technology Lab DigitalOcean exploit kits nuc

Angler Exploit Kit Spreading Cryptowall 4.0 Ransomware

As expected, it didn’t take long for one of the most popular exploit kits, Angler, to start spreading the latest iteration of Cryptowall ransomware.A drive-by campaign that uses a one-two punch to drop Cryptowall 4.0 has been observed in the wild this week, according to researchers at Heimdal Security. First, the password stealing malware Pony is dro
Publish At:2015-12-03 05:35 | Read:2830 | Comments:0 | Tags:Malware Ransomware angler Cryptowall Cryptowall 4.0 exploit

Nuclear Exploit Kit Spreading Cryptowall 4.0 Ransomware

In short order, the newest version of Cryptowall has begun showing up in exploit kits.The SANS Internet Storm Center said on Tuesday that an attacker working off domains belonging to Chinese registrar BizCN has been moving the ransomware via the Nuclear Exploit Kit. SANS ISC handler and Rackspace security engineer Brad Duncan said that until recently, Cryp
Publish At:2015-11-25 16:45 | Read:3511 | Comments:0 | Tags:Malware Ransomware Web Security Angler Exploit Kit BizCN Bra

Cisco shuts down million-dollar ransomware operation

Security researchers have disrupted an online criminal operation they estimated drew $30 million per year pushing ransomware on unsuspecting people browsing the Internet.The takedown was performed by investigators from Cisco Systems' Talos security unit, which was researching the Angler Exploit kit. The hack-by-numbers tool is sold in underground crime forum
Publish At:2015-10-06 17:15 | Read:3205 | Comments:0 | Tags:Law & Disorder Risk Assessment Technology Lab angler exploit

Malvertising campaign targeted the Forbes Website, million users at risks

Security researchers at FireEye have uncovered a new malvertising campaign that exploited the popular Forbes.com news website. Security experts at FireEye have uncovered a new malvertising campaign that exploited the popular Forbes.com news website. The malvertising campaign was discovered earlier this month, according to the
Publish At:2015-09-23 12:20 | Read:2527 | Comments:0 | Tags:Cyber Crime Angler Cybercrime Exploit kits malvertising Neut

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud