Home Tags Exploit

Tag: exploit

There are several methods of classifying exploits. The most common is by how the exploit contacts the vulnerable software. A remote exploit works over a network and exploits the security vulnerability without any prior access to the vulnerable system. A local exploit requires prior access to the vulnerable system and usually increases the privileges of the person running the exploit past those granted by the system administrator. Exploits against client applications also exist, usually consisting of modified servers that send an exploit if accessed with a client application. Exploits against client applications may also require some interaction with the user and thus may be used in combination with the social engineering method. Another classification is by the action against the vulnerable system; unauthorized data access, arbitrary code execution, and denial of service are examples. Many exploits are designed to provide superuser-level access to a computer system. However, it is also possible to use several exploits, first to gain low-level access, then to escalate privileges repeatedly until one reaches root. Normally a single exploit can only take advantage of a specific software vulnerability. Often, when an exploit is published, the vulnerability is fixed through a patch and the exploit becomes obsolete until newer versions of the software become available. This is the reason why some black hat hackers do not publish their exploits but keep them private to themselves or other hackers. Such exploits are referred to as zero day exploits and to obtain access to such exploits is the primary desire of unskilled attackers, often nicknamed script kiddies.

How the CIA infects air-gapped networks

Sprawling “Brutal Kangarooldquo; spreads malware using booby-trapped USB drives.

5 weeks after Wcry outbreak, NSA-derived worm shuts down a Honda...

Automaker briefly stops making cars to contain worm that first struck in May.

University College London Ransomware Linked to AdGholas Malvertising Group

Proofpoint has connected the University College London ransomware to Mole, spread by AdGholas malvertising campaigns and the Astrum Exploit Kit.

Say Goodbye to SMBv1 in Windows Fall Creators Update

The SMBv1 file-sharing protocol abused by the NSArsquo;s EternalBlue exploit to spread WannaCry ransomware is being disabled in the upcoming Windows Fall Creators Update, or Redstone 3.

12-year-old security hole in Unix-based OSes isn’t plugged after all

“Stack Clashrdquo; poses threat to Linux, FreeBSD, OpenBSD, and other OSes.

Honeypots and the Internet of Things

According to Gartner, there are currently over 6 billion IoT devices on the planet. Such a huge number of potentially vulnerable gadgets could not possibly go unnoticed by cybercriminals. As of May 2017, Kaspersky Lab’s collections included several thousand different malware samples for IoT devices, about half of which were detected in 2017.

FIN10 Hacking Group Attacking Canadian Casinos, FireEye Finds

FireEye report looks into the activities of the FIN10 cyber-extortion group that has been active since 2013, without using zero-day malware or ransomware to exploit victims.

Advanced CIA firmware has been infecting Wi-Fi routers for years

Latest Vault7 release exposes network-spying operation CIA kept secret since 2007.

Nigerian phishing: Industrial companies under attack

In late 2016, the Kaspersky Lab Industrial Control Systems Cyber Emergency Response Team reported on phishing attacks that were primarily targeting industrial companies from the metallurgy, electric power, construction, engineering and other sectors.

As further research demonstrated, this was just part of a bigger story that began much earlier and is unlikely to end any time soon.

SambaCry is coming

Not long ago, news appeared online of a younger sibling for the sensational vulnerability EternalBlue.

The story was about a new vulnerability for *nix-based systems – EternalRed (aka SambaCry). On May 30th our honeypots captured the first attack to make use of this particular vulnerability, but the payload in this exploit had nothing in common with the Trojan-Crypt that was EternalBlue and WannaCry.

Dvmap: the first Android malware with code injection

In April 2017 we started observing new rooting malware being distributed through the Google Play Store. Unlike other rooting malware, this Trojan not only installs its modules into the system, it also injects malicious code into the system runtime libraries.

Vxers exploit Intel’s Active Management for malware-over-LAN

Platinum attack spotted in Asia, needs admin credentials Microsoft is warning against a new way to exploit Intel's Active Management Technology, this time to pass messages between infected machines over business LANs.…