Categories

Category Archives: Exploits

Popular adult site beeg[dot]com pushes malware

Popular adult website serving up drive-by download and redirects to an exploit kit.

Adobe Flash Player Zero-Day: details and mitigation

A new vulnerability in Adobe’s Flash Player found.

A new zero-day discovered in Internet Explorer 10 and was used in targeted attacks.

Hard times on The Moscow Times

A reported malware alert for The Moscow Times turned out to be just that after the newspaper told readers to bypass the “fake warning”.

A Tumblr of trouble

Tumblr is a hot spot for malware infections, spam and other security issues. But this one disguises itself as a legitimate JavaScript.

Bug Bounties and the Price of Security

Digging for bugs and exploits for money? There are advantages as well as disadvantages to establishing a universal bug bounty program.

Malwarebytes finds an exploit in the Brazilian forum for TeamSpeak, a popular software among avid video game players.

Stuxnet: new light through old windows

A lesser known (and almost bypassed) version of Stuxnet shines new light on its attackers intentions and cyber arm capabilities.

Gmail Security Flaw Allows for Password Theft

A new vulnerability in Gmail allows for password theft of Google accounts.

An in-the-wild exploit targets Silverlight, a web plugin used by popular sites such as Netflix.

A lesser known aspect of the popular cloud storage Google Drive is its built-in site publishing feature that allows you to upload an entire directory containing static web files (HTML, JavaScript, CSS, etc.) and to publish your own website. Bad guys are uploading malicious scripts and using them as part of a well thought chain […]

[Update]: Microsoft has announced it will issue a patch for the newly discovered IE zero day tomorrow as part of the November Patch Tuesday. The vulnerability, now labeled CVE-2013-3918 affects an ActiveX control in Internet Explorer. More details can be found on Microsoft’s website. Last week we heard about a Windows zero day that allows attackers […]

PHP Hack Redirects To Magnitude Exploit Kit

Google’s Safe Browsing system deemed the official PHP website, PHP.net, malicious.

Lock – Unlock, Biometrics Failure

Signwave Unlock free by Battelle on the Leap Motion controller not quite ready from prime time yet.

Vulnerability Bounty Hunting In Action

Last week, security researcher Roy Castillo posted a recount of interactions with Facebook about a bug that he had found. Will bug bounty hunting become the norm?

A Q&A about the Mac FBI “ransomware”

Cyber Criminals Never Waste A Tragedy

We are accustomed to seeing criminals take advantage of big events to push malware, so we always keep an eye out for malicious emails or websites. This one was no exception with customized spam messages and malicious links all leading to nasty infections. The emails come with a subject line such as “Aftermath to explosion […]

Redkit Exploit Kit does the splits

Exploit Kit authors must really love Java . Not only is it ripe with vulnerabilities but its own language provides a great platform to write and deliver malware in different ways. We are used to seeing encrypted payloads (XOR, AES encryption), applets containing both the exploit itself and the binary payload. Today we will talk […]

New Exploit Kit, Ransomware and AV evasion

Ransomware is still going strong and infecting countless PCs. We happened to stumble upon an interesting sample part of the Urausy family which bypassed detection on all major antivirus products for almost an entire day before slowly being detected. In this post we will give some information on its background (where it came from) and […]

Subscribe to our YouTube Channel