In many instances, researchers and engineers have found ways to hack into modern, internet-capable cars, as has been documented and reported several times. One famous example is the Chrysler Jeep hack that researchers Charlie Miller and Chris Valasek discovered. This hack and those that have come before it have mostly been reliant on specific vulnerabilities in specific makes and/or brands of cars. And once reported, these vulnerabilities were quickly resolved. But what should the security industry’s response be when a hack is found that is not only successful in being able to drastically affect the performance and function of the car, but is also stealthy and vendor neutral?Read More
The exploit kit landscape has been rocky since 2016, and we’ve observed several of the major players—Angler, Nuclear, Neutrino, Sundown—take a dip in operations or go private. New kits have popped up sporadically since then, sometimes revamped from old sources, but none have really gained traction. Despite that fact, cybercriminals continue to develop more of them.
CVE-2017-0199 was originally a zero-day remote code execution vulnerability that allowed attackers to exploit a flaw that exists in the Windows Object Linking and Embedding (OLE) interface of Microsoft Office to deliver malware. It is commonly exploited via the use of malicious Rich Text File (RTF) documents, which was used by the DRIDEX banking trojan discovered earlier this year.Read More