Neutrino Exploit Kit Activity Slows Down to a Trickle
The exploit kit (EK) landscape appears to have lost another major player, with unconfirmed rumors that the Neutrino exploit kit has shut down, or at least moved to a private client without being available on the “for-hire” market. French security researcher Kaffeine published today a message exchanged in the criminal underground. The text reads “we […] more…The Neutrino exploit kit has a new way to detect security researchers
The developers of the Neutrino exploit kit have added a new feature intended to thwart security researchers from studying their attacks. The feature was discovered after Trustwave’s SpiderLabs division found computers they were using for research couldn’t make a connection with servers that delivered Neutrino. “The environment seems completely fine except for when accessing Neutrino,” […] more…Magento sites targeted by Neutrino exploit kit
Some websites running the e-commerce platform Magento appear to have been infected with code that directs victims to the Neutrino exploit kit. It’s not exactly clear how the Magento sites were infected, wrote Denis Sinegubko, a senior malware researcher with Sucuri, a Delware-based security company. “At this point, we can suspect that it was some […] more…A New Exploit Kit in Neutrino
Robust and stealthier toolkits are predicted to emerge this year. This was first seen when the WhiteHole Exploit Kit appeared in the threat landscape. It took advantage of several vulnerabilities including the infamous CVE-2013-0422. Additionally, there have been reports of another new exploit kit called “Neutrino” being sold in the underground. The exploit, which we […] more…Down but Not Out: A Look Into Recent Exploit Kit Activities
by Martin Co and Joseph C. Chen Exploit kits may be down, but they’re not out. While they’re still using the same techniques that involve malvertisements or embedding links in spam and malicious or compromised websites, their latest activities are making them significant factors in the threat landscape again. This is the case with Rig […] more…The Top Vulnerabilities Exploited by Cybercriminals
Cybercriminals are shifting their focus from Adobe to Microsoft consumer products, and are now concentrating more on targeted attacks than on web-based exploit kits. Each year, Recorded Future provides an analysis of criminal chatter on the dark web in its Top Ten Vulnerabilities Report. It does this because it perceives a weakness in traditional vulnerability […] more…New Disdain Exploit Kit Detected in the Wild
By Chaoying Liu and Joseph C. Chen The exploit kit landscape has been rocky since 2016, and we’ve observed several of the major players—Angler, Nuclear, Neutrino, Sundown—take a dip in operations or go private. New kits have popped up sporadically since then, sometimes revamped from old sources, but none have really gained traction. Despite that […] more…AdGholas Malvertising Campaign Employs Astrum Exploit Kit
At the end of April this year, we found Astrum exploit kit employing Diffie-Hellman key exchange to prevent monitoring tools and researchers from replaying their traffic. As AdGholas started to push the exploit, we saw another evolution: Astrum using HTTPS to further obscure their malicious traffic. We spotted a new AdGholas malvertising campaign using the […] more…Will Astrum Fill the Vacuum in the Exploit Kit Landscape?
The decline of exploit kit activity—particularly from well-known exploit kits like Magnitude, Nuclear, Neutrino, and Rig during the latter half of 2016—doesn’t mean exploit kits are throwing in the towel just yet. This is the casse with Astrum (also known as Stagano), an old and seemingly reticent exploit kit we observed to have been updated […] more…Exploits: how great is the threat?
How serious, really, is the danger presented by exploits? The recent leak of an exploit toolset allegedly used by the infamous Equation Group suggests it’s time to revisit that question. Several zero-days, as well as a bunch of merely ‘severe’ exploits apparently used in-the-wild were disclosed, and it is not yet clear whether this represents […] more…CVE-2017-0022: Microsoft Patches a Vulnerability Exploited by AdGholas and Neutrino
Part of this month’s Patch Tuesday is an update for a zero-day information disclosure vulnerability (CVE-2017-0022), which we privately reported to Microsoft in September 2016. This vulnerability was used in the AdGholas malvertising campaign and later integrated into the Neutrino exploit kit. CVE-2017-0022 likely replaced the similar CVE-2016-3298 and CVE-2016-3351 vulnerabilities from the same campaign, […] more…Tracking the Decline of Top Exploit Kits
The latter half of 2016 saw a major shift in the exploit kit landscape, with many established kits suddenly dropping operations or switching business models. Angler, which has dominated the market since 2015, suddenly went silent. We tracked 3.4 million separate Angler attacks on our clients in the first quarter of 2016, and the rate […] more…Updated Sundown Exploit Kit Uses Steganography
This year has seen a big shift in the exploit kit landscape, with many of the bigger players unexpectedly dropping out of action. The Nuclear exploit kit operations started dwindling in May, Angler disappeared around the same time Russia’s Federal Security Service made nearly 50 arrests last June, and then in September Neutrino reportedly went […] more…New Bizarro Sundown Exploit Kit Spreads Locky
A new exploit kit has arrived which is spreading different versions of Locky ransomware. We spotted two cases of this new threat, which is based on the earlier Sundown exploit kit. Sundown rose to prominence (together with Rig) after the then-dominant Neutrino exploit kit was neutralized. Called Bizarro Sundown, the first version was spotted on October 5 with a second sighting two weeks […] more…Several Exploit Kits Now Deliver Cerber 4.0
We have tracked three malvertising campaigns and one compromised site campaign using Cerber ransomware after version 4.0 (detected as as Ransom_CERBER.DLGE) was released a month after version 3.0. More details of this latest iteration of Cerber are listed in a ransomware advertisement provided by security researcher Kafeine. The upgrades include shifting their ransom note to […] more…RIG Replaces Neutrino in Massive Malvertising Campaigns
The RIG exploit kit (EK) might be moving up the social ladder to become the top threat in its segment and leave Neutrino behind, recently observed malvertising campaigns suggest. read more more…More information
- WhatsApp blocked by judge for failing to hand over data
- Information overload, SIEM version
- Fake jQuery Domain Redirects Site Visitors to Scam Pages
- Der Vorname David: Bedeutung, Namenstag und Herkunft
- Brad Arkin: Fixing vulnerbilities won’t thwart hackers
- Cyber Insurance Firm Coalition Raises $250 Million at $5 Billion Valuation
- Zoom Paid Out $3.9 Million in Bug Bounties in 2022
- Insurer CNA Starts Notifying Customers of Ransomware Attack
- Collecting digital user data without invading privacy
- New Android Marshmallow devices must have default encryption, Google says