15 matches found
Vermont Grid 'Hack' Latest Tumble Down Attribution Rabbit Hole
A Vermont utility was for a brief moment last week at the center of a geopolitical scandal in which the Russian government was implicated in an attack against a U.S. electric grid. As it turns out, a laptop at Burlington Electric Department was infected with the Neutrino Exploit Kit. There was no...
Malvertising Campaign Pushing Neutrino Exploit Kit Shut Down
A global malvertising campaign exposing potentially one million users to the risk of being infected with CrypMIC ransomware delivered via the Neutrino Exploit Kit has been shut down, according to researchers. Cisco’s Talos Security Intelligence and Research Group, which discovered the criminal...
SoakSoak Botnet Pushing Neutrino Exploit Kit and CryptXXX Ransomware
Researchers are reporting a surge in CryptXXX ransomware infections delivered via business websites compromised to redirect to the Neutrino Exploit Kit. Attackers are targeting websites running the Revslider slideshow plugin for WordPress, according to a report released Tuesday by Invincea. Behin...
Neutrino EK Spotted Leveraging Patched IE Zero Day
Attackers behind the Neutrino Exploit Kit didn’t take long to co-op a recently patched Internet Explorer zero-day into its arsenal. Researchers claim the kit has been pushing CVE-2016-0189, a vulnerability that was reportedly used in targeted attacks on South Korean organizations earlier this yea...
Exploit Kits Quickly Adopt Exploit Thanks to Open Source Release
A security researcher recently published source code for a working exploit for CVE-2016-0189 and the Neutrino Exploit Kit EK quickly adopted it. CVE-2016-0189 was originally exploited as a zero-day vulnerability in targeted attacks in Asia. The vulnerability resides within scripting engines in...
CryptXXX Ransomware Updates Ransom Note, Payment Site
For the second time since June 1, the handlers of CryptXXX ransomware have changed their ransom note and Tor payment site. More importantly to those developing detection signatures and administrators, this update no longer makes changes to the file extensions of encrypted files. “To make it more...
The Changing Face of Pseudo-Darkleech
The pseudo-Darkleech campaign is one of the most notorious and ongoing attacks of recent years, making use of major exploit kits to deliver primarily different strains of ransomware. The campaign has been a bit of chameleon since it was disclosed in March 2015 by researchers at Sucuri. The latest...
Jkanime Site Infected, Redirecting to Exploit Kit, Ransomware
An anime site popular in Mexico and South America was this week infected with malware redirecting visitors to a Neutrino Exploit Kit landing page. The site, Jkanime, streams anime video and has 33 million monthly visitors. Neutrino is currently the top dog among exploit kits after two of the bigg...
CryptXXX Jumps From Angler to Neutrino Exploit Kit
Crooks behind the revamped CryptXXX 3.100 ransomware have switched its distribution from the Angler Exploit Kit to the Neutrino Exploit Kit. The sudden change in distribution was spotted on Monday by researchers at the SANS Internet Storm Center. “This is not the first time we’ve seen campaigns...
WordPress Hacks Behind Spike in Neutrino EK Traffic
Unsurprisingly, a rash of compromised WordPress websites is behind this week’s surge in Neutrino Exploit Kit traffic, researchers at Zscaler said. In a report published yesterday, Zscaler said it spotted attacks against sites running older versions of the content management system, 4.2 and earlie...
Angler Exploit Kit, Bedep Malware Inflating Video Views
A new sort of hacktivism emerged last week when experts from Trustwave published new research revealing that attackers are using the Angler exploit kit and the Bedep Trojan in order to drive artificial views to politically controversial videos. The motivation for the scheme, it appears, is to...
AOL Advertising Network Abused to Distribute Malware
Security researchers have uncovered a malvertising campaign used to distribute malware to visitors of The Huffington Post website, as well as several other sites, through malicious advertisements served over the AOL advertising network. At the end of last year, Cyphort Labs, security firm...
Many Flash, Java Users Running Older, Vulnerable Versions
It’s long been known that Java and Flash are favored targets of attackers, thanks to their huge install bases and numerous security issues. And the users who are targeted by these attacks aren’t doing themselves any favors either, as new research shows that 19 percent of business users are runnin...
Warning : Java 6 vulnerable to zero-day exploit; added to Neutrino exploit kit
Hackers are using a new exploit for a bug in the out-of-date but popular Java 6 platform to attack victims, and has been added to a commercially available Neutrino exploit kit. The use of Java 6 still is prevalent, opening up a significant number of users to the threat. F-secure analyst Timo...
neutrino-exec.txt
!/usr/bin/perl Neutrino 0.8.4 Atomic Edition Perl exploit discovered & written by Ams [email protected] DESCRIPTION: First exploit destroys "/data/sess.php" file simply strips tags, then we are able to bypass authorization and using admin privelegies our exploit uploads basic shell to...