HackDig : Dig high-quality web security articles for hackers

Magnitude exploit kit – evolution

Exploit kits are not as widespread as they used to be. In the past, they relied on the use of already patched vulnerabilities. Newer and more secure web browsers with automatic updates simply do not allow known vulnerabilities to be exploited. It was very different back in the heyday of Adobe Flash because it’s just a plugin for a web browser, meaning
Publish At:2020-06-24 07:10 | Read:253 | Comments:0 | Tags:Featured Malware descriptions Browser Exploit Kits Malware D

Copycat criminals abuse Malwarebytes brand in malvertising campaign

While exploit kit activity has been fairly quiet for some time now, we recently discovered a threat actor creating a copycat—fake—Malwarebytes website that was used as a gate to the Fallout EK, which distributes the Raccoon stealer. The few malvertising campaigns that remain are often found on second- and third-tier adult sites, leading to the Fallout or
Publish At:2020-04-07 14:49 | Read:665 | Comments:0 | Tags:Exploits and vulnerabilities copycat criminals copycat sites

3 Malware Trends to Watch Out for in 2020

Malware closed out 2019 on a strong note. According to AV-TEST, malware authors’ efforts throughout the year helped push the total number of known malware above one billion samples. This development wouldn’t have been possible without the vigor exhibited by malware authors in the fall of 2019. Indeed, after detecting 8.5 million new samples in June and 9.56
Publish At:2020-02-09 10:21 | Read:495 | Comments:0 | Tags:IT Security and Data Protection exploit kits malware ransomw

A week in security (November 18 – 24)

Last week on Malwarebytes Labs, we looked at stalkerware’s legal enforcement problem, announced our cooperation with other security vendors and advocacy groups to launch Coalition Against Stalkerware, published our fall 2019 review of exploit kits, looked at how Deepfake on LinkedIn makes for malign interference campaigns, rounded up our knowledge about the
Publish At:2019-11-25 09:50 | Read:865 | Comments:0 | Tags:A week in security Coalition Against Stalkerware data leaks

Pulse VPN patched their vulnerability, but businesses are trailing behind

In April 2019, Pulse Secure published an advisory about a vulnerability in their software. In August, cybercriminals were massively scanning for systems that were running a vulnerable version. Now it’s October, and still many organizations have not applied the patches that are available for this vulnerability. This is a trend we’ve seen repeated wi
Publish At:2019-10-18 16:50 | Read:1508 | Comments:0 | Tags:Business cybercriminals exploit exploit kits exploits patch

Five years later, Heartbleed vulnerability still unpatched

The Heartbleed vulnerability was introduced into the OpenSSL crypto library in 2012. It was discovered and fixed in 2014, yet today—five years later—there are still unpatched systems.  This article will provide IT teams with the necessary information to decide whether or not to apply the Heartbleed vulnerability fix. However, we caution: The latter c
Publish At:2019-09-20 11:20 | Read:1388 | Comments:0 | Tags:Exploits and vulnerabilities cryptography EKs exploit kits e

Flash Player is Dead, Long Live Flash Player!

Adobe last week detailed plans to retire its Flash Player software, a cross-platform browser plugin so powerful and so packed with security holes that it has become the favorite target of malware developers. To help eradicate this ubiquitous liability, Adobe is enlisting the help of Apple, Facebook, Google, Microsoft and Mozilla. But don’t break out th
Publish At:2017-08-02 22:00 | Read:5694 | Comments:0 | Tags:Other adobe apple Benjamin Smedberg exploit kits Facebook Fl

Adobe Flash Player flaws remain the most used by Exploit Kits

Experts from the firm Recorded Future published a report on the most common vulnerabilities used by threat actors in the exploit kits. Recorded Future published an interesting report on the most common vulnerabilities used by threat actors in the exploit kits. The experts observed that Adobe Flash Player and Microsoft products (Internet Explorer, Silverlight
Publish At:2016-12-06 21:20 | Read:4914 | Comments:0 | Tags:Breaking News Cyber Crime Hacking Reports Adobe CVE-2016-018

New Bizarro Sundown Exploit Kit Spreads Locky

A new exploit kit has arrived which is spreading different versions of Locky ransomware. We spotted two cases of this new threat, which is based on the earlier Sundown exploit kit. Sundown rose to prominence (together with Rig) after the then-dominant Neutrino exploit kit was neutralized. Called Bizarro Sundown, the first version was spotted on October 5 wit
Publish At:2016-11-19 12:05 | Read:4464 | Comments:0 | Tags:Bad Sites Exploits Ransomware Bizarro Sundown exploit kits L

The Impact of the JohnyCryptor Ransomware

What has caused a seemingly typical ransomware from turning into one of the most popular malware threats this year? I’ve uncovered the facts, so allow me to give some insight into how this ransomware became one of the most feared strains this year.The First Johnycryptor Ransomware Major HitsIn early July 2016, various security vendors spotted the first
Publish At:2016-11-04 02:05 | Read:3793 | Comments:0 | Tags:Cyber Security Featured Articles decryption exploit kits Joh

Hacks for sale: Exploit kits provide easy avenue for unskilled attackers

One of the most common cyber-attack vehicles we’ve seen over the years involves so-called “exploit kits.” These are collections of exploits bundled together and sold as commercial software or as a service. A typical kit includes a collection of web pages with exploits for several vulnerabilities in popular web browsers, browser add-ons, or other types of sof
Publish At:2016-09-20 03:45 | Read:4302 | Comments:0 | Tags:Cybersecurity Exploit Kits Security Intelligence Report Tren

Creators of the Nuclear EK are gaining nearly 100K USD each month

According to security experts at Check Point the creators of the Nuclear EK are gaining nearly 100K USD each month, most victims are in Europe and US. Most people interested working with a cloud business model nowadays, even malware programmers. It is better than just one time selling a security exploit, authors of malware are now selling malware as a cloud-
Publish At:2016-05-26 07:20 | Read:4867 | Comments:0 | Tags:Breaking News Cyber Crime Malware crimeware kits Cybercrime

Toymaker’s website pushes ransomware that holds visitors’ files hostage

The website belonging to Maisto International, a popular maker of remote-controlled toy vehicles, has been caught pushing ransomware that holds visitors' files hostage until they pay a hefty fee.Malicious files provided by the Angler exploit kit were hosted directly on the homepage of Maisto[.]com, according to antivirus provider Malwarebytes. The attack cod
Publish At:2016-04-29 12:40 | Read:4683 | Comments:0 | Tags:Law & Disorder Risk Assessment Technology Lab Uncategorized

“Nuclear” exploit kit service cashes in on demand from cryptoransomware rings

Security researchers at Cisco Talos and Check Point have published reports detailing the inner workings of Nuclear, an "exploit kit" Web service that deployed malware onto victims' computers through malicious websites. While a significant percentage of Nuclear's infrastructure has been recently disrupted, the exploit kit is still operating—and looks to be a
Publish At:2016-04-22 16:25 | Read:5474 | Comments:0 | Tags:Risk Assessment Technology Lab DigitalOcean exploit kits nuc

Angler Exploit Kit Spreading Cryptowall 4.0 Ransomware

As expected, it didn’t take long for one of the most popular exploit kits, Angler, to start spreading the latest iteration of Cryptowall ransomware.A drive-by campaign that uses a one-two punch to drop Cryptowall 4.0 has been observed in the wild this week, according to researchers at Heimdal Security. First, the password stealing malware Pony is dro
Publish At:2015-12-03 05:35 | Read:3488 | Comments:0 | Tags:Malware Ransomware angler Cryptowall Cryptowall 4.0 exploit


Share high-quality web security related articles with you:)


Tag Cloud