Search results for exploit kit | Breaking Cybersecurity News | The Hacker News

According to release announcement on Pastebin by unknown developers in a Russian-language BlackHole Exploit Kit 2.0 released with more latest Exploits. BlackHole is one of the most dominant exploit toolkits currently available in the underground market. It enables attackers to exploit security holes in order to install malicious software on victim's systems. The new variant doesn't rely on plugindetect to determine the Java version that's installed, thus speeding up the malware download process. Old exploits that were causing browsers to crash and "scary visual effects" have been removed. The exploit kit is offered both as a "licensed" software product for the intrepid malware server operator and as malware-as-a-service by the author off his own server. Some interesting claims by developer about new version: prevent direct download of executable payloads only load exploit contents when client is considered vulnerable drop use of PluginDetect library (performanc...

Hackers are using a new exploit for a bug in the out-of-date but popular Java 6 platform to attack victims, and has been added to a commercially available Neutrino exploit kit. The use of Java 6 still is prevalent, opening up a significant number of users to the threat. F-secure analyst Timo Hirvonen warned about the exploit over Twitter, advising that he had found an exploit in the wild actively targeting an unpatched vulnerability in Java 6, named CVE-2013-2463 . The exploit's proof-of-concept was made public last week, prior to in-the-wild attacks surfacing on Monday. Oracle is aware of the hole but, since Java 6 is no longer supported, the company will not patch the issue. The vulnerability lies in Java Runtime Environment's 2D sub-component, which is used to make two-dimensional graphics. Because no patch is available, the exploits provides cybercriminals and other attackers an effective vehicle to launch attacks targeting users and organiz...

A Large number of WordPress websites were compromised in last two weeks with a new malware campaign spotted in the wild. WordPress , a Free and Open source content management system (CMS) and blogging tool, has been once again targeted by hackers at large scale. Researchers at Sucuri Labs have detected a " Malware Campaign " with an aim of getting access to as many devices they can by making innumerable WordPress websites as its prey. The Malware campaign was operational for more than 14 days ago, but it has experienced a massive increase in the spread of infection in last two days, resulted in affecting more than 5000 Wordpress websites. The Security researchers call this malware attack as " VisitorTracker ", as there exists a javascript function named visitorTracker_isMob() in the malicious code designed by cyber criminals. This new campaign seems to be utilizing the Nuclear Exploit Kit and uses a combination of hacked WordPress sites, hidden iframes and nu...

Ransomware is an emerging threat in the evolution of cybercriminals techniques to part you from your money. Typically, the malicious software either lock victim's computer system or encrypt the documents and files on it, in order to extort money from the victims. Though earlier we saw the samples of Ransomware tended to be simple with dogged determinations to extort money from victims. But with the exponential rise in the samples of Ransomware malwares, the recent ones are more subtle in design, including Cryptolocker , Icepole , PrisonLocker , CryptoDefense and its variants. Now, the ransomware dubbed as Crytowall , a latest variant of the infamous ransomware Cryptolocker is targeting users by forcing them to download the malicious software by through advertising on the high profile domains belonging to Disney, Facebook, The Guardian newspaper and others. Cryptolocker is designed by the same malware developer who created the sophisticated CryptoDefense ( Trojan.Crypt...

Cyber criminals have exploited the power of two online advertising networks, Google's DoubleClick and popular Zedo advertising agency , to deliver malicious advertisements to millions of internet users that could install malware on a user's computer. A recent report published by the researcher of the security vendor Malwarebytes suggests that the cyber criminals are exploiting a number of websites, including The Times of Israel, The Jerusalem Post and the Last.fm music streaming website, to serve malicious advertisements designed to spread the recently identified Zemot malware . Malvertising is not any new tactic used by cybercriminals, but Jerome Segura, a senior security researcher with Malwarebytes, wrote in a blog post that his company " rarely see attacks on a large scale like this. " "It was active but not too visible for a number of weeks until we started seeing popular sites getting flagged in our honeypots," Segura wrote. "That's ...

Crimepack 3.1.3 Exploit kit Leaked, available for Download ! Part 1 : Java Exploit As stated above, I focus on a malware that exploits a recent JRE vulnerability: CVE-2010-0840 to execute malicious files on a victim system. This malware comes inside a jar file, which contains the following two classes: Crimepack.class and KAVS.class. Part 1.1 : Crimepack.class This class is the engine of the malware, it is obfuscated, but you can quickly strip off the obfuscation (my python beta tool is great…), once you get rid of the obfuscation you can see the following code: As always, we have an Applet that access to the data parameter, generates a random name for the exe payload that will be dropped in the system temp directory and then executed. So at this point as you can see we have nothing new, the above is a common Java downloader… but let's scroll down: Above, we can see that the malware is creating a new instance of the KAVS class (description follows), in order to trigge...

Warning for Adobe users! Another zero-day vulnerability has been discovered in Adobe Flash Player   that is actively being exploited by cyber crooks in drive-by download attacks, security researchers warned today. This is for the third time in last few weeks when Adobe is dealing with a zero day vulnerability in Flash Player. The Adobe Flash Player Vulnerability identified as CVE-2015-0313 , exists in the latest version of Flash Player, i.e. version 16.0.0.296 and earlier. In late January, Adobe released an updated version of its Flash player software that patches zero-day vulnerability, tracked as CVE-2015-0311 , spotted by French security researcher Kafeine. This Adobe Flash Player Vulnerability was also being actively exploited via Malvertisement and drive-by-download attacks. In case of a "drive-by-download" attack, an attacker downloads a malicious software to a victim's computer without their knowledge or explicit consent. As a result, the flaw cou...

Hackers are always in search for an elite method to create loopholes in the cyberspace to implement the dark rules in the form of vulnerability exploitation. Top Trustworthy sites such as The New York Times , BBC , MSN , AOL and many more are on the verge of losing their face value as a malwertized advertisement campaign are looming around the websites, according to SpiderLabs. Here's what Happens to Users when Clicking Ads on these Big Brand Sites: The advertisements on the legit sites trick users into clicking on it, making them believe that these circulated ads come from a trusted networks. Once clicked, the malicious Ad redirects the user to a malicious website that hosts Angler Exploit Kit (AEK) to infect visitors by installing malware and ransomware on their computer. Angler Exploit Kit includes many malicious hacking tools and zero-day exploits that let hackers execute drive-by attacks on visitors' computers. In this case, the Angler kit scan...

Group-IB , a Russian cybercrime investigation company has discovered a zero-day vulnerability, affects Adobe Reader X and Adobe Reader XI. The vulnerability is also included in new modified version of Blackhole Exploit-Kit , which is used for the distributing the banking Trojans (Zeus, Spyeye, Carberp, Citadel) with the help of exploitation different vulnerabilities in client-side software. The particular exploit is available in underground forums for as much as $50,000 and bug is dangerous because it permits cybercriminals to run arbitrary shellcode by bypassing the sandbox feature integrated into the more recent versions of Adobe Reader. For now this flaw is distributed only in only small circles of the underground but it has the potential for much larger post-exploitation methods. The exploit is limited to  Microsoft Windows installations of Adobe Reader and it can't be fully executed until the user closes his Web browser (...

Who else didn't see this coming? It was so obvious as I stressed earlier that the  Let's Encrypt free HTTPS certificates would not just help legitimate website operators to encrypt its users' traffic, but also help criminals to bother innocent users with malware through secure sites. Let's Encrypt allows anyone to obtain free SSL/TLS ( Secure Socket Layer/Transport Layer Security ) certificates for their web servers that encrypt all the Internet traffic passed between a server and users. Let's Encrypt is recognized by all major browsers, including Google's Chrome, Mozilla's Firefox and Microsoft's Internet Explorer. The organization started offering Free HTTPS certs to everyone from last month, and it is very easy for anyone to set up an HTTPS website in a few simple steps ( How to Install Free SSL Cert ). However, the most bothersome part is that Let's Encrypt free SSL certs are not only used by website owners to secure its...

Dutch News site spread Malware on 100000 Computers Dutch popular news site NU.nl appears to be serving Java exploit (drive-by malware) to users of IE. Nu.nl has approximately one hour long served the Javascript code that attempted to provide visitors to the news site with a trojan to infect. The attackers made use of servers in India which an exploit kit was placed. The Ministry of Security and Justice issue a warning for malware yesterday by Nu.nl estimated to have infected 100,000 computers. Erik Loman, developer at security firm SurfRight, made ​​known on Twitter on the front page of the news javascript code ' g.js ' was blocked. The code triggered by Loman a nuclear exploit pack on a web server in India was placed. The exploit script checked the browser and common plugins like Flash and Adobe Reader security hole. If an exploit was found, the server sent the Sinowal-malware, a trojan of Russian origin, which is continuously updated and attempts to steal bank detail...

Sucuri Malware Labs notify that some zero-day exploits are available to Hackers which are being used to Hack into Parallels' Plesk Panel (Port Number 8443). These attacks was keep on raising from last few months as you can see in the Graph: At least 4000 new websites were infected each day, Sucuri malware researcher Daniel Cid. On other News Portals , there was a news recently that Some 50,000 websites have been compromised as part of a sustained iframe injection attack campaign. Security analyst found that, The majority of the sites being targeted are running Plesk Panel version 10.4.4 or older versions. Brian Krebs on his blog report that Hackers in the criminal underground are selling an exploit that extracts the master password needed to control Parallels' Plesk Panel. This zero-day exploit for Plesk is being sold on the black market for around $8,000 per purchase. Many of the queries probed for web hosting software Plesk, a finding backed by the Sans Interne...

Security researcher has discovered some new features in the most dangerous Vawtrak , aka Neverquest , malware that allow it to send and receive data through encrypted favicons distributed over the secured Tor network . The researcher, Jakub Kroustek from AVG anti-virus firm, has provided an in-depth analysis ( PDF ) on the new and complex set of features of the malware which is considered to be one of the most dangerous threats in existence. Vawtrak is a sophisticated piece of malware in terms of supported features. It is capable of stealing financial information and executing transactions from the compromised computer remotely without leaving traces. The features include videos and screenshots capturing and launching man-in-the-middle attacks. HOW VAWTRAK SPREADS ? AVG anti-virus firm is warning users that it has discovered an ongoing campaign delivering Vawtrak to gain access to bank accounts visited by the victim and using the infamous Pony module in order to ste...

A new sophisticated and stealthy Apache backdoor meant to drive traffic to malicious websites serving Blackhole exploit kit widely has been detected by  Sucuri recently. Researchers claimed that this backdoor affecting hundreds of web servers right now. Dubbed Linux/Cdorked.A , one of the most sophisticated Apache backdoors we have seen so far. The backdoor leaves no traces of compromised hosts on the hard drive other than its modified httpd binary, thereby complicating forensics analysis. All of the information related to the backdoor is stored in shared memory.  The configuration is pushed by the attacker through obfuscated HTTP requests that aren't logged in normal Apache logs. The HTTP server is equipped with a reverse connect backdoor that can be triggered via a special HTTP GET request. This means that no command and control information is stored anywhere on the system. ESET researchers  analyzed the binary and ...

Cryptome Webpages infected with Blackhole exploit kit Cryptome.org a popular website and similar to Wikileaks was hacked by the cybercriminals & Attackers were able to hide malicious scripts on every one of the site's 6,000 pages. Anyone visiting with a vulnerable browser will have found themselves infected with Blackhole, most likely adding their computer to a larger bot. Cryptome attack, website owners only know they have a problem when users contact them with the bad news after detecting it with security software wise to its many techniques for staying out of sight. Cryptome official write , " A reader reported today that accessing a file on Cryptome caused this intrusion warning " and " Replacement with clean files is proceeding, probably done by end of day ." Two years ago, the organisation published Microsoft's secret Global Criminal Compliance handbook, which laid out how the company was gathering certain data from users of some of its services...

Meltdown CPU vulnerability was bad, and Microsoft somehow made the flaw even worse on its Windows 7, allowing any unprivileged, user-level application to read content from and even write data to the operating system's kernel memory. For those unaware, Spectre and Meltdown were security flaws disclosed by researchers earlier this year in processors from Intel, ARM, and AMD, leaving nearly every PC, server, and mobile phone on the planet vulnerable to data theft. Shortly after the researchers disclosed the Spectre and Meltdown exploits , software vendors, including Microsoft, started releasing patches for their systems running a vulnerable version of processors. However, an independent Swedish security researcher Ulf Frisk found that Microsoft's security fixes to Windows 7 PCs for the Meltdown flaw—which could allow attackers to read kernel memory at a speed of 120 KBps—is now allowing attackers to read the same kernel memory at a speed of Gbps, making the issue even wo...

Fake LinkedIn Emails Link to Blackhole Exploit Malware Cyber Criminals have been busy pumping out spam emails that pose as legitimate LinkedIn notices, enticing you to click on a link in order to read what message some random stranger has left for you. The incident was identified by researchers at security provider GFI Labs . If your Click the links, It will send you directly to a site housing a blackhole exploit kit that will attempt to take advantage of any system vulnerabilities in order to infect your PC with malware, Exactly which attempts to drop Cridex onto the PC. Cridex malware variant from the wild caught on camera that shows CAPTCHA tests used by some online services are still weak and can be broken by malware. The spammers did a good job crafting the bogus LinkedIn notices LinkedIn logo at the top left, familiar blue coloring, no obvious spelling mistakes, disguised links and even a spoofed sender's address it's pretty easy to spot the fake emails when you...

Vulnerability Discovered in SpyEye Botnet , Exploit Available for Download Blind SQL injection Vulnerability Discovered in SpyEye Botnet by S4(uR4 ( r00tw0rm.com ) Exploit : Vulnn type : Blind SQL injection vuln script : frm_cards_edit.php Affected version : ALL May use any botnet from : https://spyeyetracker.abuse.ch/monitor.php What is SpyEye ? W32/SpyEye Aliases :  This is a list of aliases for the variant of SpyEye discovered in early February 2011 that has been actively targeting Norwegian banking websites: Trojan-Spy.Win32.SpyEyes.evg (Kaspersky) PWS-Spyeye.m (McAfee) Trojan:Win32/EyeStye.H (Microsoft) A variant of Win32/Spy.SpyEye.CA (NOD32) W32/Malware.QOOC (Norman) Trojan.Zbot (Symantec) Mal_Xed-24 (Trend Micro) Brief overview SpyEye is a trojan with backdoor capabilities that attempts to steal sensitive information related to online banking and credit card transactions from an infected machine. SpyEye is sold via its author in an easy to configure ...

THE BBC'S MUSIC WEBSITES have been hacked to stream malware using drive-by downloads for anyone browsing the infected webpages. Hackers set the drive-by malware up at the BBC's 6 Music website and the BBC 1Xtra radio station website. Researchers at the insecurity outfit Websense found the exploits and put its report up on its security labs blog. "The BBC - 6 Music Web site has been injected with a malicious iframe, as have areas of the BBC 1Xtra radio station Web site," an anonymous Websense insecurity researcher wrote. Websense claims the injected iframe is at the bottom of the BBC 6 Music webpage and has been set up to automatically download some dodgy code from a .cc website. Apparently the hack is exactly the same on the BBC's 1Xtra website. "If an unprotected user browsed to the site they would be faced with drive-by downloads, meaning that simply browsing to the page is enough to get infected with a malicious executable," Websense continued. ...

More than one billion of unique visitor spend about 6 billion hours on YouTube to watch videos, according to monthly YouTube Stats. Security researchers from Bromium Labs recently found that YouTube advertising network has been abused by rogue advertisers to distribute malware. YouTube In-Stream Ads were redirecting users to malicious websites, hosting the ' Styx Exploit Kit ' and was exploiting client side vulnerabilities by drive-by-download attack to infect users' computer with Caphaw Banking Trojan . The Exploitation process relied upon a Java vulnerability ( CVE-2013-2460 ) and after getting dropped into the target computer system, the malware detects the Java version installed on the operating system and based upon it requests the suitable exploit. "We don't yet know the exact bypass which the attackers used to evade Google's internal advertisement security checks. Google has informed us that they're conducting a full investigation of this abuse an...