Search the Community
Showing results for tags 'kit'.
Exploit Kits: Past, Present and Future March 16, 2015 View research paper: The Evolution of Exploit Kits Exploit kits are a fast-growing online threat that cybercriminals seem to have favored in the last few years to execute Web-based attacks to distribute malware. Exploit kits are old tools released by Russian programmers dating back to 2006. As seen in the diagram below, exploit kits have continuously grown in numbers from 2006 to 2013. The market seemingly changed and took a significant dip however in 2014. The rise of exploit kits in underground markets push exploit kit developers to improve the stealth and efficiency of their products and services. Currently, there are 70 different exploit kits found in the wild, taking advantage of more than a hundred vulnerabilities. What is an Exploit Kit? Exploit kits are programs or more often scripts that exploit vulnerabilities in programs or applications. The most prevalent exploits are browser exploits that enable the download of malicious files. Exploits introduce code to victims’ computers that then downloads and executes a malicious file. Several kits have since been developed and sold or rented out like commercial products in underground markets. The easiest hack toolkit made available in the crimeware market on record was seen sometime in 2006. A typical exploit kit usually provides a management console, several vulnerabilities targeted to different applications, and several add-on functions that make it easier for a cybercriminal to launch an attack. The Timeline Record of Exploit Kits The following research paper discusses the following: Exploit Kit Attack Scenario – there are four stages that illustrate how a typical attack scenario happens. Detailed below, the stages include contact, redirect, exploit, and finally, infect. Overview of 2014 Exploit Kit Activity – this section discusses the exploit kit trends traced back from 2006 to 2014, including its threat distribution. Exploit Kits are presently one of the most popular types of Web attack toolkits thriving in the cybercriminal underground market, and we predict that exploit kits will be more prevalent in 2015. Internet Explorer, Adobe Flash, and Adobe Reader are the most common software targeted by cybercriminals. Exploit kits pose serious security risks to all computer users ranging from private users to corporate networks. As such, it is critical to know and understand how exploit kits work, where they came from, what are the current trends, and how to defend against them. NO-MERCY Regards Source : Exploit Kits: Past, Present and Future - Security News - Trend Micro USA
Source: https://github.com/SecurityObscurity/cve-2015-0313 PoC: http://www.exploit-db.com/sploits/36491.zip Adobe Flash vulnerability source code (cve-2015-0313) from Angler Exploit Kit Reference: Trend Micro Discovers New Adobe Flash Zero-Day Exploit Used in Malvertisements Malware don't need Coffee: CVE-2015-0313 (Flash up to 126.96.36.1996) and Exploit Kits https://helpx.adobe.com/security/products/flash-player/apsa15-02.html Source: http://www.exploit-db.com/exploits/36491/
Another security advisory covering Siemens industrial kit has reached the public, this time covering wireless industrial networking hardware. ICS-CERT advises that the Ruggedcom range of 802.16e (Wimax, for those with long memories) switches from the company carries a range of vulnerabilities that let attackers scam admin privileges for themselves. The vulnerabilities are: CVE- 2015-1448 – attackers can get administrative access to the kit over the network, without authentication; CVE- 2015-1449 – a buffer overflow in the integrated Web server means an attacker over port 443 might get remote code execution access; and CVE- 2015-1357 – a real treat: password hashes and other sensitive information “might” be stored in an insecure format and accessible from local files or security logs. Products impacted are in the company's WIN 51xx, WIN 52xx, WIN 70xx and WIN 72xx series. These are Wimax base stations designed for harsh environment deployments. The ICS-CERT note puts the kit in a wide range of industries worldwide, including chemical, communications, critical manufacturing, dams, defence, energy, food and agriculture, government facilities, transportation systems, and water and wastewater systems. Siemens is asking customers to get in touch (online support request to get a firmware update. And in a separate advisory, the company also updated the firmware for its Scalance-X switches (which connect things like programmable logic controllers to the control interfaces) to block yet a separate authentication failure in the Web interface. Details here. Source