Tag Archive for: exploit

Exploit Kits Surge Worldwide as Rig EK Climbs to Second Place in Check Point’s ‘Most Wanted’ Malware – Korea IT Times (press release)

/in

Exploit Kits Surge Worldwide as Rig EK Climbs to Second Place in Check Point's 'Most Wanted' Malware
Korea IT Times (press release)
SAN CARLOS, Calif., April 13, 2017 (GLOBE NEWSWIRE) — Check Point® Software Technologies Ltd. (NASDAQ:CHKP) has revealed a massive uplift in Exploit Kit usage by cybercriminals worldwide, with Rig reaching second place in the company's March …

and more »

exploit kit – read more

Criminals Prepare For Global Cyberattack With Sundown Exploit Kit – The Merkle

/in

The Merkle

Criminals Prepare For Global Cyberattack With Sundown Exploit Kit
The Merkle
Not too long ago, we touched upon the fact of how exploit kits have suddenly lost popularity among cyber criminals. As it turns out, there is a new player on the market, which goes by the name of Sundown. Even though Sundown has been around for some …

exploit kit – read more

Booby-trapped Word documents in the wild exploit critical Microsoft 0day

/in

(credit: Rob Enslin)

There’s a new zeroday attack in the wild that’s surreptitiously installing malware on fully-patched computers. It does so by exploiting a vulnerability in most or all versions of Microsoft Word.

The attack starts with an e-mail that attaches a malicious Word document, according to a blog post published Saturday by researchers from security firm FireEye. Once opened, exploit code concealed inside the document connects to an attacker-controlled server. It downloads a malicious HTML application file that’s disguised to look like a document created in Microsoft’s Rich Text Format. Behind the scenes, the .hta file downloads additional payloads from “different well-known malware families.”

The attack is notable for several reasons. First, it bypasses most exploit mitigations: This capability allows it to work even against Windows 10, which security experts widely agree is Microsoft’s most secure operating system to date. Second, unlike the vast majority of the Word exploits seen in the wild over the past few years, this new attack doesn’t require targets to enable macros. Last, before terminating, the exploit opens a decoy Word document in an attempt to hide any sign of the attack that just happened.

Read 4 remaining paragraphs | Comments

Technology Lab – Ars Technica

Apache Struts 2 exploit used to install ransomware on servers

/in

Attackers are exploiting a vulnerability patched last month in the Apache Struts web development framework to install ransomware on servers.

The SANS Internet Storm Center issued an alert Thursday, saying an attack campaign is compromising Windows servers through a vulnerability tracked as CVE-2017-5638.

The flaw is located in the Jakarta Multipart parser in Apache Struts 2 and allows attackers to execute system commands with the privileges of the user running the web server process.

This vulnerability was patched on March 6 in Struts versions 2.3.32 and 2.5.10.1. Attackers started exploiting the flaw almost immediately, leaving very little time for server administrators to deploy the update.

To read this article in full or to leave a comment, please click here

Network World Security