Home Tags Exploit

Tag: exploit

There are several methods of classifying exploits. The most common is by how the exploit contacts the vulnerable software. A remote exploit works over a network and exploits the security vulnerability without any prior access to the vulnerable system. A local exploit requires prior access to the vulnerable system and usually increases the privileges of the person running the exploit past those granted by the system administrator. Exploits against client applications also exist, usually consisting of modified servers that send an exploit if accessed with a client application. Exploits against client applications may also require some interaction with the user and thus may be used in combination with the social engineering method. Another classification is by the action against the vulnerable system; unauthorized data access, arbitrary code execution, and denial of service are examples. Many exploits are designed to provide superuser-level access to a computer system. However, it is also possible to use several exploits, first to gain low-level access, then to escalate privileges repeatedly until one reaches root. Normally a single exploit can only take advantage of a specific software vulnerability. Often, when an exploit is published, the vulnerability is fixed through a patch and the exploit becomes obsolete until newer versions of the software become available. This is the reason why some black hat hackers do not publish their exploits but keep them private to themselves or other hackers. Such exploits are referred to as zero day exploits and to obtain access to such exploits is the primary desire of unskilled attackers, often nicknamed script kiddies.

Threatpost News Wrap, April 28, 2017

Mike Mimoso and Chris Brook recap this year's SOURCE Boston Conference and discuss the week in news, including the long term implications of the NSA's DoublePulsar exploit, and the HipChat breach.

APT Threat Evolution in Q1 2017

Kaspersky Lab is currently tracking more than a hundred threat actors and sophisticated malicious operations in over 80 countries.

During the first quarter of 2017, there were 33 private reports released to subscribers of our Intelligence Services, with IOC data and YARA rules to assist in forensics and malware-hunting.

Attackers Using Legitimate Tools in Attacks, Symantec Reports

According to Symantec, attackers are increasingly 'living off the land', using email, macros and Powershell to exploit end-users.

Cyber-Attackers Using Legitimate Tools, Symantec Reports

According to Symantec, attackers are increasingly "living off the land," using email, macros and Powershell to exploit end users.

Zimperium Acquisition Program Publishes Exploits for Patched Android Bugs

Exploits for patched Android elevation of privilege vulnerabilities were published through the Zimperium N-Days Exploit Acquisition Program.

Yes, Windows patches are a mess, but you should still install...

With a zero-day Word exploit nipping at our heels, it’s time to work around the recent crop of bugs and get your Windows systems patched.  Windows and Office patches have presented many challenges the past few months.

February Patch Tuesday was dropped, then Microsoft came back with an obviously forgotten Flash patch. March had a big batch of bugs.

And April has had more than its fair share of bugs, too, including one that dismantles Windows Update on certain AMD Carrizo computers.To read this article in full or to leave a comment, please click here

N-day Nvidia, Android driver security flaw details revealed

Zimperium has revealed the details of two N-day vulnerabilities submitted through its exploit acquisition scheme.

Hajime, the mysterious evolving botnet

Hajime (meaning ‘beginning’ in Japanese) is an IoT worm that was first mentioned on 16 October 2016 in a public report by RapidityNetworks.
In this blogpost we outline some of the recent ‘improvements’ to Hajime, some techniques that haven’t been made public, and some statistics about infected IoT devices.

NSA’s DoublePulsar Kernel Exploit In Use Internet-Wide

Scans show tens of thousands of Windows servers infected with the DoublePulsar kernel exploit leaked by the ShadowBrokers two weeks ago.

Researchers claim China trying to hack South Korea missile defense efforts

Deployment of THAAD upsets China, seen as espionage tool.

Best Practices for Securing Open Source Code

Attackers see open source components as an obvious target because there's so much information on how to exploit them.

These best practices will help keep you safer.