Phoenix Exploit Kit - Remote Code Execution

Exploit Title: Phoenix Exploit Kit - Remote Code Execution Exploit Author: CrashBandicot @DosPerl Date: 2016-06-30 Tested on: MSWin32 Vuln file : geoip.php 492. isset$GET'bdr' ? eval$GET'bdr' : explode'nop','nop nop nop'; PoC : http://localhost/Phoenix/includes/geoip.php?bdr=phpinfo; Screen :...

On the Rise of Ransomware, Bitcoin Phishing, and Exploit Kits

Mike Mimoso and Chris Brook recap the news of the week, including a Bitcoin phishing campaign, the Kaspersky Lab ransomware report, misconfigured email servers, and a decline in Angler exploit kit traffic. Download: ThreatpostNewsWrapJune242016.mp3 Music by Chris Gonsalves...

Jkanime Site Infected, Redirecting to Exploit Kit, Ransomware

An anime site popular in Mexico and South America was this week infected with malware redirecting visitors to a Neutrino Exploit Kit landing page. The site, Jkanime, streams anime video and has 33 million monthly visitors. Neutrino is currently the top dog among exploit kits after two of the bigg...

Nuclear, Angler Exploit Kit Activity Has Disappeared

Criminal hackers are fickle about their attack vectors. You need to look no further for evidence of this than their constant migration from one exploit kit to another. And while there is an expansive menu of exploit kits, attackers do seem to congregate around a precious few. Researchers who stud...

CryptXXX Jumps From Angler to Neutrino Exploit Kit

Crooks behind the revamped CryptXXX 3.100 ransomware have switched its distribution from the Angler Exploit Kit to the Neutrino Exploit Kit. The sudden change in distribution was spotted on Monday by researchers at the SANS Internet Storm Center. “This is not the first time we’ve seen campaigns...

Angler Exploit Kit Evading EMET

We recently encountered some exploits from Angler Exploit Kit EK that are completely evading Microsoft’s Enhanced Mitigation Experience Toolkit EMET. This is something we are seeing for the first time in the wild, and we only observed it affecting systems running Windows 7. Angler EK uses complex...

Angler Exploit Kit Evading EMET

We recently encountered some exploits from Angler Exploit Kit EK that are completely evading Microsoft’s Enhanced Mitigation Experience Toolkit EMET. This is something we are seeing for the first time in the wild, and we only observed it affecting systems running Windows 7. Angler EK uses complex...

Angler Exploit Kit Evading EMET

We recently encountered some exploits from Angler Exploit Kit EK that are completely evading Microsoft’s Enhanced Mitigation Experience Toolkit EMET. This is something we are seeing for the first time in the wild, and we only observed it affecting systems running Windows 7. Angler EK uses complex...

Updated CryptXXX Ransomware Big Money Potential

CryptXXX ransomware has received a major overhaul by its authors, putting it on the fast track to unseat Locky as top moneymaker for criminals. Researchers at Proofpoint said that on May 26, cybercriminals released an updated CryptXXX 3.100 version of the ransomware that includes a new StillerX...

Persistent EITest Malware Campaign Jumps from Angler to Neutrino

A two-year-old EITest malware campaign is still going strong, fueled by the fact it has shifted its distribution technique over time. Now, researchers at the SANS Institute’s Internet Storm Center, are reporting EITest is morphing again based on analysis of the malware campaign conducted earlier...

CVE-2 0 1 6-1 0 1 9 Flash vulnerability being added to exploit kit package-vulnerability warning-the black bar safety net

4 on number 2, security researcher @Kafeine found that Magnitude of vulnerability use tools to pack a few changes. Very grateful he found the collection of these samples, we analyzed them and found that the Magnitude of the tool in the package to update an unknown Adobe Flash PlayerCVE-2 0 1 6-1 ...

New Decryptor Unlocks CryptXXX Ransomware

When exploits kits, in particular Angler, spread ransomware infections, people get nervous. The latest strain to appear in the virulent Angler kit is CryptXXX, which researchers at Proofpoint and Fox IT tied to the same group dropping old-school Reveton ransomware and Bedep click-fraud malware...

CVE-2016-1019: A New Flash Exploit Included in Magnitude Exploit Kit

On April 2, security researcher @Kafeine at Proofpoint discovered a change to the Magnitude Exploit Kit. Thanks to their collaboration, we analyzed the sample and discovered that Magnitude EK was exploiting a previously unknown vulnerability in Adobe Flash Player CVE-2016-1019. The in-the-wild...

CVE-2016-1019: A New Flash Exploit Included in Magnitude Exploit Kit

On April 2, security researcher @Kafeine at Proofpoint discovered a change to the Magnitude Exploit Kit. Thanks to their collaboration, we analyzed the sample and discovered that Magnitude EK was exploiting a previously unknown vulnerability in Adobe Flash Player CVE-2016-1019. The in-the-wild...

Locky Ransomware Variant Changes C2, Spread Via Nuclear Exploit Kit

Security experts warn companies need to brace for new harder-to-detect and more determined variants of the Locky ransomware spotted recently in the wild. The news comes just as reported Locky ransomware attacks have waned in recent weeks. Locky is now trying to evade detection by changing the way...

GongDa vs. Korean News

On Jan. 27, we observed visitors to a Korean news site being redirected to the GongDa Exploit Kit EK, potentially exposing them to malware infection. We will be referring to this site as KNS. GongDa is an exploit kit that can compromise vulnerable endpoints by use of exploits, allowing harmful...

GongDa vs. Korean News

On Jan. 27, we observed visitors to a Korean news site being redirected to the GongDa Exploit Kit EK, potentially exposing them to malware infection. We will be referring to this site as KNS. GongDa is an exploit kit that can compromise vulnerable endpoints by use of exploits, allowing harmful...

Malvertising Campaign Hits Top Websites to Spread Ransomware

Hackers are always in search for an elite method to create loopholes in the cyberspace to implement the dark rules in the form of vulnerability exploitation. Top Trustworthy sites such as The New York Times, BBC, MSN, AOL and many more are on the verge of losing their face value as a malwertized...

Malvertising Campaign Lands On Top Websites

Big-name websites were hit with a cunning malvertising campaign over the weekend that attempted to sneak TeslaCrypt ransomware on computers vulnerable to the potent Angler Exploit Kit. Top sites running the malicious ads included The New York Times owned NYTimes.com, Answers.com and AOL.com,...

Angler Exploit Learns New Tricks, Finds Home On Popular Website

Researchers report Angler Exploit Kit attacks have become more brazen and are now targeting top websites with new tricks that can evade browser-based antimalware protection. Karl Sigler, a SpiderLabs researcher at Trustwave, told Threatpost his lab found the Angler Exploit Kit on a popular websit...