Search results for exploit kit | Breaking Cybersecurity News | The Hacker News

RedKit Exploit Kit : New web malware exploitation pack Trustwave researchers have spotted a new exploit kit called " RedKit Exploit Kit " that  being used in the wild is aiming to enter a market that is practically monopolized by the widely famous BlackHole and Phoenix exploit kits. In actual, The new kit has no official name, so the researchers dubbed it ' Redkit ' due to the red bordering used in the application's panel. " Logging to the admin panel presents you with options which are typically used by other exploit kits. The panel allows you to check the statistics for incoming traffic, upload a payload executable and even scan this payload with no less than 37 different AV's ," Trustwave reports . To deliver the malware, RedKit exploits two popular bugs: 1.)  The Adobe Acrobat and Reader LibTIFF vulnerability ( CVE-2010-0188 ). 2.)  The Java AtomicReferenceArray vulnerability ( CVE-2012-0507 ), lately used by the criminals behind the massive Fl...

A new campaign leveraging an exploit kit has been observed abusing an Internet Explorer flaw patched by Microsoft last year to deliver the RedLine Stealer trojan. "When executed, RedLine Stealer performs recon against the target system (including username, hardware, browsers installed, anti-virus software) and then exfiltrates data (including passwords, saved credit cards, crypto wallets, VPN logins) to a remote command and control server," Bitdefender  said  in a new report shared with The Hacker News. Most of the infections are located in Brazil and Germany, followed by the U.S., Egypt, Canada, China, and Poland, among others. Exploit kits or exploit packs are comprehensive tools that contain a collection of exploits designed to take advantage of vulnerabilities in commonly-used software by scanning infected systems for different kinds of flaws and deploying additional malware. The primary infection method used by attackers to distribute exploit kits, in this case the...

Intro: Why hack in when you can log in? SaaS applications are the backbone of modern organizations, powering productivity and operational efficiency. But every new app introduces critical security risks through app integrations and multiple users, creating easy access points for threat actors. As a result, SaaS breaches have increased, and according to a May 2024 XM Cyber report, identity and credential misconfigurations caused 80% of security exposures. Subtle signs of a compromise get lost in the noise, and then multi-stage attacks unfold undetected due to siloed solutions. Think of an account takeover in Entra ID, then privilege escalation in GitHub, along with data exfiltration from Slack. Each seems unrelated when viewed in isolation, but in a connected timeline of events, it's a dangerous breach. Wing Security's SaaS platform is a multi-layered solution that combines posture management with real-time identity threat detection and response. This allows organizations to get a ...

The official website of a prominent Israel-based, Middle East foreign policy-focused think tank, the Jerusalem Center for Public Affairs (JCPA) , has been compromised and abused by attackers to distribute malware . The Israeli think tank website JCPA – an independent research institute focusing on Israeli security, regional diplomacy and international law – was serving the Sweet Orange exploit kit via drive-by downloads to push malware onto the computers of the website's visitors by exploiting software vulnerabilities, researchers from security firm Cyphort reported on Friday. The Sweet Orange is one of the most recently released web malware exploitation kits, available for sale at selected invite-only cyber crime friendly communities and has been around for quite some time. However, Sweet Orange has also disappeared but in October 2013, shortly after the arrest of Paunch, the author of BlackHole , experts observed a major increase in the use of Sweet Orange. The ...

Blackhole Exploit Kit attack on WampServer & Wordpress sites Kimberly from  Stopmalvertising  found Blackhole Exploit Kit on Website of most popular Webserver software site WAMPSERVER . Almost at the bottom of the webpage they notice a Javascript requesting a file from jquery.googlecode.com . The URL is followed by a long string of parameters. The file  returns a 404, it's just there to fool people. Once the script decoded we obtain an iframe leading to vc-business.com/in.php .According to Analyse of Kimberly , If a vulnerable Java, Windows Media Player, Flash or Adobe Reader version is detected, the visitor will be redirected to 91.194.214.66/dng311011/c7a44076f6c722eb74725563b0a000a0/spl.php and from there to 30domaaaam.in/main.php?page=c76874df55550a3f . According to Norton Safe Web , 91.194.214.66 has been caught in distributing the ZeroAccess rootkit. Second Recent Attack by Blackhole Exploit discovered in  thousands of WordPre...

A coalition of law enforcement agencies coordinated by the U.K. National Crime Agency (NCA) has led to the arrest and extradition of a Belarussian and Ukrainian dual-national believed to be associated with Russian-speaking cybercrime groups. Maksim Silnikau (aka Maksym Silnikov), 38, went by the online monikers J.P. Morgan, xxx, and lansky. He was extradited to the U.S. from Poland on August 9, 2024, to face charges related to international computer hacking and wire fraud schemes. "J.P. Morgan and his associates are elite cyber criminals who practiced extreme operational and online security in an effort to avoid law enforcement detection," the NCA said in a statement. These individuals, the agency said, were responsible for the development and distribution of ransomware strains such as Reveton and Ransom Cartel , as well as exploit kits like Angler . Reveton, introduced in 2011, has been described as the "first ever ransomware-as-a-service business model." V...

A new Java 0-day vulnerability has been discovered, already wind in use by an exploit pack, taking advantage of a fresh zero-day vulnerability in Java and potentially letting hackers take over users' machines. Java 7 Update 10 and earlier contain an unspecified vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. The flaw was first spotted by 'Malware Don't Need Coffee' blog . This vulnerability is being attacked in the wild, and is reported to be incorporated into exploit kits. This exploit is already available in two Exploit Packs, that is available for $700 a quarter or $1,500 for a year. Similar tactics were used in CVE-2012-4681 , which was discovered last August. Source of this new Exploit available to download Here . The two most popular exploits packs used by hackers to distribute malware, the BlackHole Exploit Kit and the Cool Exploit Kit already having thi...

According to a Security Analyst ' Maarten Boone ' working  at Fox-IT company, the Developer of notorious Blackhole Exploit Kit  developer ' Paunch ' and his partners were arrested in Russia recently. Blackhole Exploit Kit  which is responsible for the majority of web attacks today, is a crimeware that makes it simple for just about anyone to build a botnet . This Malware kit was developed by a hacker who uses the nickname "Paunch" and his Team, has gained wide adoption and is currently one of the most common exploit frameworks used for Web-based malware delivery. The Blackhole exploit kit is a framework for delivering exploits via compromised or third-party websites, serve up a range of old and new exploits for Oracle's Java, Adobe's Flash and other popular software to take control of victim's machines. It the point of writing No Police Authority or Press has confirmed the claim made by Maarten about the arrest of Malware author. Plea...

A New York-based online ad network company AppNexus, that provides a platform specializing in real-time online advertising, has again been spotted as the origin of a recent "malvertising" campaign that makes use of the Angler Exploit Kit to redirect visitors to malicious websites hosting the Asprox malware. AppNexus servers process 16 billion ad buys per day, making it the biggest reach on the open web after Google. Back in May, AppNexus was serving malicious ads targeting Microsoft's Silverlight platform. The world's largest Internet Video Subscription service Netflix runs on Silverlight, and because of its popularity, hackers have been loading exploit kits with Silverlight. As part of this campaign, users of several high-profile websites including Java.com, Deviantart.com, TMZ.com, Photobucket.com, IBTimes.com, eBay.ie, Kapaza.be and TVgids.nl , last week were redirected to websites serving malicious advertisements that infected visitors by installing botnet ma...

Impassioned Framework Download - Another Crimeware Available for Free ! Russo is the creator of Impassioned Framework - Browser Exploitation Kit , a subscription-based software vulnerability exploit service. He is 23 year old the young hacker, This toolkits designed to be stitched into a Web site and probe visitor PCs for security holes that can be used to surreptitiously install malicious software. Impassioned Framework Recent Attack : Security weaknesses in the hugely popular file-sharing Web site thepiratebay.org have exposed the user names, e-mail and Internet addresses of more than 4 million Pirate Bay users using this Kit. Browsers Affected : - Chrome - Firefox - Msie 6 - Msie 7 - Msie 8 - Opera - Safari Os Affected : - Windows x - Unix and OS X NON AFFECTED Best exploits currently available: - MS09_002 - MS09_043 - MS Dshow - iepeers.dll - Firefox escape - Firefox CompareTo - Java Calendar - Adobe Reader Lib - Adobe Reader newPlayer - Adobe...

A previously undocumented threat activity cluster dubbed Earth Minotaur is leveraging the MOONSHINE exploit kit and an unreported Android-cum-Windows backdoor called DarkNimbus to facilitate long-term surveillance operations targeting Tibetans and Uyghurs. "Earth Minotaur uses MOONSHINE to deliver the DarkNimbus backdoor to Android and Windows devices, targeting WeChat, and possibly making it a cross-platform threat," Trend Micro researchers Joseph C Chen and Daniel Lunghi said in an analysis published today. "MOONSHINE exploits multiple known vulnerabilities in Chromium-based browsers and applications, requiring users to update software regularly to prevent attacks." Countries affected by Earth Minotaur's attacks span Australia, Belgium, Canada, France, Germany, India, Italy, Japan, Nepal, the Netherlands, Norway, Russia, Spain, Switzerland, Taiwan, Turkey, and the U.S. MOONSHINE first came to light in September 2019 as part of cyber attacks targeting t...

Google's Threat Analysis Group (TAG) on Thursday disclosed that it acted to mitigate threats from two distinct government-backed attacker groups based in North Korea that exploited a recently-uncovered remote code execution flaw in the Chrome web browser. The campaigns, once again "reflective of the regime's immediate concerns and priorities," are said to have targeted U.S. based organizations spanning news media, IT, cryptocurrency, and fintech industries, with one set of the activities sharing direct infrastructure overlaps with previous attacks  aimed at security researchers  last year. The shortcoming in question is  CVE-2022-0609 , a use-after-free vulnerability in the browser's Animation component that Google addressed as part of updates (version 98.0.4758.102) issued on February 14, 2022. It's also the first zero-day flaw patched by the tech giant since the start of 2022. "The earliest evidence we have of this exploit kit being actively deploy...

In October, we had reported that the creator of the infamous Blackhole  exploit kit was  arrested in Russia  and now the Russian Ministry of Internal Affairs has also confirmed that ' Paunch ', the mastermind behind infamous  BlackHole  exploit kit, along with Gang of 12 other criminals were arrested on October 4, 2013 in Russia. Russian security firm Group-IB has disclosed that it has assisted the police in the investigation of Paunch, who was residing in the city of Togliatti . 27-years old ' Paunch ' is the author of the notorious BlackHole and Cool exploit kits that are today popular among cybercriminals and costs $500 to $700 a month in for buyers. Cool and Blackhole exploit kits are the ready-made hacking tools for easily serving malware from compromised sites, in result to install malware on users' computers using exploits of zero-day vulnerabilities in latest web browsers. The general damage caused by the criminal gang is estimated aroun...

New Java Exploits boosts BlackHole exploit kit A widely disseminated exploit kit popular with hackers has been updated to take advantage of a recently discovered Java vulnerability. Researchers at Microsoft reported last week that it had observed this vulnerability being exploited in the wild. The Java exploit allows attackers to bypass the Java Runtime Environment's sandbox platform to install malicious code remotely. The malicious Java applet is loaded from an obfuscated HTML file. The Java applet contains two Java class files one Java class file triggers the vulnerability and the other one is a loader class used for loading. Named CVE-20120-0507, the flaw essentially allows hackers to bypass the Java sandbox, which is a mechanism designed to blunt attacks from malicious code. For its part, the BlackHole exploit kit, available underground, allows users armed with only basic computer knowledge to set up malicious websites to target vulnerable computers through the web browser...

Security researchers have uncovered a malvertising campaign used to distribute malware to visitors of The Huffington Post website, as well as several other sites, through malicious advertisements served over the AOL  advertising  network . At the end of last year, Cyphort Labs, security firm specialized in detecting malware threats, came across some malicious advertisements that were being served on the United States and Canadian versions of the popular news website The Huffington Post . The malicious advertisements eventually redirected visitors of the news website to other websites hosting exploit kits, in order to attack victims' computers and install malware. Researchers discovered that the malvertising campaign originates with ads being served by AOL's Advertising.com network. Once clicked, users are redirected through a series of redirects, some of which used HTTPS encrypted connections, to a page that served either the Neutrino Exploit Kit or the Sweet...

Here we are with our weekly roundup, showcasing last week's top cyber security threats and challenges. Just in case you missed any of them (ICYMI), THN Weekly Round-Up helps you provide all important stories of last week in one shot. We advise you to read the full story (just click ' Read More ' because there's some valuable advice in it as well). Here's the list: 1. Facebook to Launch Its Own Satellite to Beam Free Internet Facebook has revealed its plans to launch a  $500 Million Satellite  by next year in an effort to provide free or cheap Internet access in the developing countries. The social network giant has teamed up with the French satellite provider  Eutelsat  Communications to  beam free Internet  access to several parts of countries in Sub-Saharan Africa. For detailed information on Facebook's Satellite Project –  Read more … 2. Angler Exploit Kit Campaign Generating $30 Million Took Down Researchers...