exploit kit download | Breaking Cybersecurity News | The Hacker News

The corporate data leaked in the recent cyber attack on the infamous surveillance software firm Hacking Team has revealed that the Adobe Flash zero-day (CVE-2015-5119) exploit has already been added to several exploit kits. Security researchers at Trend Micro have discovered evidences of the Adobe Flash zero-day (CVE-2015-5119) exploit being used in a number of exploit kits before the vulnerability was publicly revealed in this week's data breach on the spyware company. The successful exploitation of the zero-day Flash vulnerability could cause a system crash, potentially allowing an attacker to take full control of the affected system. Adobe Flash Zero-Day Targeted Japan and Korea According to the researchers, the zero-day exploit, about which the rest of the world got access on Monday, was apparently used in limited cyber attacks on South Korea and Japan . "In late June, [Trend Micro] learned that a user in Korea was the attempted target of various ...

The official website of a prominent Israel-based, Middle East foreign policy-focused think tank, the Jerusalem Center for Public Affairs (JCPA) , has been compromised and abused by attackers to distribute malware . The Israeli think tank website JCPA – an independent research institute focusing on Israeli security, regional diplomacy and international law – was serving the Sweet Orange exploit kit via drive-by downloads to push malware onto the computers of the website's visitors by exploiting software vulnerabilities, researchers from security firm Cyphort reported on Friday. The Sweet Orange is one of the most recently released web malware exploitation kits, available for sale at selected invite-only cyber crime friendly communities and has been around for quite some time. However, Sweet Orange has also disappeared but in October 2013, shortly after the arrest of Paunch, the author of BlackHole , experts observed a major increase in the use of Sweet Orange. The ...

Vulnerability Management (VM) has long been a cornerstone of organizational cybersecurity. Nearly as old as the discipline of cybersecurity itself, it aims to help organizations identify and address potential security issues before they become serious problems. Yet, in recent years, the limitations of this approach have become increasingly evident.  At its core, Vulnerability Management processes remain essential for identifying and addressing weaknesses. But as time marches on and attack avenues evolve, this approach is beginning to show its age. In a recent report, How to Grow Vulnerability Management into Exposure Management (Gartner, How to Grow Vulnerability Management Into Exposure Management, 8 November 2024, Mitchell Schneider Et Al.), we believe Gartner® addresses this point precisely and demonstrates how organizations can – and must – shift from a vulnerability-centric strategy to a broader Exposure Management (EM) framework. We feel it's more than a worthwhile read an...

The source code for the smallest but sophisticated banking Trojan Tinba has been leaked through an online post in an underground forum, which make it available for anyone who knows where to look for free malware generation tools. The files posted on the closed russian underground forum turned out to be the source code of Tinba version1 , which was discovered around mid-2012 and they say it is the original, privately sold version of the crimeware kit that infected thousands of computers in Turkey. Tinba , also known as Zusy, is a tiny but deadly banking Trojan that comprises just 20 Kilobytes of code that gives it ability to slip past detection by some antivirus engines and uses a number of well-word man-in-the-browser tricks in an attempt to defeat two-factor authentication. It infects systems without any advanced encryption or packing and has capability to hook into browsers and steal login data and sniff on network traffic. Last week, researchers at CSIS in Denmark...