The growth of commercial spyware based intelligence providers without legal or ethical supervision

Attackers have long used commercial products developed by legitimate companies to compromise targeted devices. These products are known as commercial spyware. Commercial spyware operations mainly target mobile platforms with zero- or one-click zero-day exploits to deliver spyware. This threat...

Potent Skygofree Malware Packs ‘Never-Before-Seen’ Features

Researchers have identified a powerful new Android malware strain called Skygofree capable of eavesdropping on WhatsApp messages, siphoning private data off phones and allowing adversaries to open reverse shell modules on targeted devices, giving attackers ultimate remote control. Researchers sai...

CVE-2 0 1 6-1 0 1 9: a Magnitude attack tool flash vulnerability-vulnerability warning-the black bar safety net

Last month, Proofpoint has a security researchers found the Magnitude of attack tools there appears to be some new stuff. So in their cooperation we analyzed the sample and found that Magnitude EK added before exist in the Adobe Flash Player Vulnerability, cve-2 0 1 6-1 0 1 9, and then the wild u...

Zerodium Hosts Million-Dollar iOS 9 Bug Bounty

Exploit vendor Zerodium, a company started by VUPEN founder Chaouki Bekrar, today announced it will host a month-long million-dollar bug bounty focused on Apple iOS 9. Bekrar said in a statement there is a $3 million pool available for the bounty, which will close on Oct. 31 or earlier if the tot...

September 2015 Adobe Shockwave Security Patch

Adobe today released a new version of its Shockwave Player that patches two critical vulnerabilities that could be remotely exploited. Adobe said that it is not aware of public exploits for either security flaw. The vulnerability affects Shockwave for Windows, versions 12.1.9.160 and earlier and...

Cybercrime Group Switches from Angler Exploit Kit to Neutrino

A prominent cybercrime actor or group has been kicking the tires on the Neutrino Exploit Kit to move ransomware and other malware, the SANS Institute’s Internet Storm Center reported today. Neutrino is a tier below the prolific Angler Exploit Kit, which is frequently at the heart of new attacks,...

Attacking ECMAScript Engines with Redefinition

Posted by Natalie Silvanovich = function return n; ECMAScript has a property where almost all functions and variables can be dynamically redefined. This can lead to vulnerabilities in situations where native code assumes a function or variable behaves a certain way when accessed or does not have...

Heze city science and technology information network suffered HackingTeam leakage of 0day vulnerabilities attack-exploit warning-the black bar safety net

For the attacker, the HackingTeam data leak certainly gives them a“spring”. Attackers in the data leak the next day it will be baked 0day vulnerabilities added to the mainstream exploit kits. Copy the leaked 0day attack HackingTeam leakage of various 0day information can be easily reused. In...

Microsoft Issues Critical, Out-of-Band Patch for All Versions of Windows

Microsoft released an out-of-band patch Monday that addresses a critical remotely exploitable flaw in all versions of Windows. The vulnerability stems from how Windows’ Adobe Type Manager Library handles OpenType fonts. If a user was tricked into either opening a rigged document or visiting an...

Free Tool Looks for HackingTeam Malware

UPDATE–Researchers at Rook Security have released a new tool that looks for HackingTeam malware on target systems, and also have published a set of indicators of compromise to help organizations look for signs of an infection from the intrusion software. The HackingTeam Remote Control System is t...

Netragard Shutters Controversial Exploit Acquisition Program

Netragard, one of the small number of companies that buys and sells exploits, has shut down its exploit acquisition program in the wake of the HackingTeam breach. Among the revelations in the cache of documents leaked after the attack on HackingTeam was information about Netragard selling an...

Adobe today released HackingTeam leaked 0day vulnerability patch-vulnerability warning-the black bar safety net

Spyware vendor Hacking Team is after the invasion, the internal 400GB data stolen and published online, and then, in Flash Player 0dayzero-daysecurity vulnerabilities will be crazy use. And Adobe is planning to release today this 0day vulnerability patch. Hacking Team, one of the world's most...

Adobe Flash ActionScript 3 ByteArray use-after-free vulnerability

Overview Adobe Flash Player contains a vulnerability in the ActionScript 3 ByteArray class, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Adobe Flash Player versions 9.0 through version 18.0.0.194 contain a use-after-free...

AdThief iOS Malware Affecting 75K Jailbroken Devices

A relatively new form of malware on iOS is estimated to have stolen revenue from 22 million ads and infected upwards to 75,000 devices so far. The malware, iOS/AdThief, was first identified back in March but wasn’t fully articulated until Axelle Aprville, a researcher with Fortinet, looked into t...