Thousands of Hacked WordPress Sites Abused to Infect Millions of Visitors

A Large number of WordPress websites were compromised in last two weeks with a new malware campaign spotted in the wild. WordPress, a Free and Open source content management system CMS and blogging tool, has been once again targeted by hackers at large scale. Researchers at Sucuri Labs have...

WordPress Hacks Behind Spike in Neutrino EK Traffic

Unsurprisingly, a rash of compromised WordPress websites is behind this week’s surge in Neutrino Exploit Kit traffic, researchers at Zscaler said. In a report published yesterday, Zscaler said it spotted attacks against sites running older versions of the content management system, 4.2 and earlie...

Cybercrime Group Switches from Angler Exploit Kit to Neutrino

A prominent cybercrime actor or group has been kicking the tires on the Neutrino Exploit Kit to move ransomware and other malware, the SANS Institute’s Internet Storm Center reported today. Neutrino is a tier below the prolific Angler Exploit Kit, which is frequently at the heart of new attacks,...

Rig Exploit Kit 3.0 Claims 1 Million Malvertising Victims

LAS VEGAS – A rampant malvertising campaign fueled by a new version of the Rig Exploit Kit has claimed at least 950,000 victims worldwide and is doing so with an unprecedented success rate. Researchers at Trustwave said in advance of this week’s Black Hat conference that they have been watching...

Angler Exploit Kit Landing Page Patterns

Angler exploit kit is a web exploit kit that operates by delivering malicious payload to the victim's computer. Remote attackers can infect users with Angler exploit kit by enticing them to visit a malicious web page. Successful infection will allow the attacker to perform Remote Code Execution o...

Fiesta Exploit Kit Landing Page

Fiesta is an exploit kit used by attackers targeting computer users. Remote attackers can infect users with Fiesta by enticing them to visit a malicious landing page...

Adobe Patches Hacking Team Zero Days in Flash

Adobe has put the two outstanding Hacking Team Flash Player zero-day vulnerabilities in check. Today, Adobe released an updated Flash Player that patches CVE-2015-5122 and CVE-2015-5123, two use-after-free bugs uncovered and exploited by the controversial Italian surveillance software vendor. The...

Beta (Sundown) Exploit Kit Landing Page

Beta exploit kit, a.k.a. Sundown exploit kit, is a web exploit kit that operates by delivering malicious payload to the victim's computer. Remote attackers can infect users with Beta exploit kit by enticing them to visit a malicious web page. Successful infection will allow the attacker to perfor...

Angler Exploit Kit Evasion Techniques Cryptowall 3.0

The Angler Exploit Kit is turning into a model for malware rapidly integrating new evasion techniques. Starting in early June, URL patterns used by the notorious exploit kit have been changing almost daily, coinciding with it pushing Cryptowall 3.0 ransomware. SANS Internet Storm Center handler...

Magnitude Exploit Kit Adobe Flash Zero Day 0Day

The urgency to patch Adobe Flash Player installations ramped up over the weekend when exploits for a recently patched zero-day vulnerability were found in the Magnitude Exploit Kit. French researcher Kafeine said on Sunday that a sample he encountered was dropping two instances of Cryptowall...

FBI Says Cryptowall Cost Victims $18 Million Since 2014

In a little more than a year, consumers affected by the Cryptowall ransomware have reported to the FBI more than $18 million in losses related to infections from the malware. Cryptowall is among the group of ransomware families that encrypt the files on victims’ computers and then demands a ranso...

Cryptowall 3.0 Infections Spike from Angler EK, Malicious Spam

Since the Angler Exploit Kit began in late May spreading Cryptowall 3.0 ransomware, traffic containing the malware has continued to grow, putting more potential victims in harm’s way. Today, the SANS Internet Storm Center reported that Cryptowall 3.0 infections are emanating from not only the...

Angler Exploit Kit Exploiting New Adobe Vulnerability, Dropping Cryptowall 3.0

While the Angler Exploit Kit may have already established itself as one of the more sophisticated kits on the underground market, it appears it’s still finding ways to evolve. Angler, this week, was spotted dropping the latest iteration of CryptoWall ransomware and leveraging yet another previous...

Apple Blocks Older Versions of Flash Player

On the heels of a major Adobe Flash Player update two weeks ago, Apple last night updated its blacklist to include older versions of the software. In its advisory, Apple said it will begin blocking out-of-date versions of Flash in its Safari browser. “If you’re using an out-of-date version of the...

Exploit Kit Delivers Pharming Attacks Against SOHO Routers

Attacks targeting small office and home router DNS settings, long a target for network intruders seeking to redirect web traffic to malicious sites, have for the first time been included in an exploit kit—one that specializes in cross-site request forgery attacks. An exploit kit has been spotted ...

Malvertising Leads to Magnitude Exploit Kit, Ransomware Infection

Criminals are injecting malicious redirect code into advertisements in order to route user traffic toward sites hosting the Magnitude exploit kit, which, in turn, infects those users with strains of file-encrypting ransomware. Magnitude predominately relies on drive-by-download attacks in which i...

Angler Exploit Kit Pushing New, Unnamed Ransomware

Attackers are using the infamous Angler exploit kit to disseminate a new, yet unnamed variant of the TeslaCrypt and AlphaCrypt ransomware, according to Rackspace security researcher Brad Duncan. Duncan analyzed the threat on the SANS Internet Storm Center, saying that the malware presents its...

Angler Exploit Kit, Bedep Malware Inflating Video Views

A new sort of hacktivism emerged last week when experts from Trustwave published new research revealing that attackers are using the Angler exploit kit and the Bedep Trojan in order to drive artificial views to politically controversial videos. The motivation for the scheme, it appears, is to...

RIG Exploit Kit Landing Page

RIG exploit kit is a web exploit kit that operates by delivering malicious payload to the victim's computer. Successful infection will allow the attacker to download additional malware to the target...

New Utility Decrypts Files Lost to TeslaCrypt Ransomware

Crypto-ransomware variants have enterprises on edge because of the threat of irreversibly damaged files. Some organizations, including most recently the Tewksbury, Ma., police department have gone as far as to pay hundreds of dollars in ransom for the recovery key. Some technology companies are...