When it comes to exploit kits, itās all about the timing. Exploit kits often integrate new or zero-day exploits in the hopes of getting a larger number of victims with systems that may not be as up-to-date with their patches. We found two vulnerabilities that were now being targeted by exploit kits, with one being…
Read MoreOur analysis of the Adobe Flash zero-day vulnerability used in the latest Pawn Storm campaign reveals that the previous mitigation techniques introduced by Adobe were not enough to secure the platform. Used in Pawn StormĀ to target certain foreign affairs ministries, the vulnerability identified as CVE-2015-7645 represents a significant change in tacticsĀ from previous exploits. It is…
Read More2015 has so far been a very busy year for security researchers. The data leaked from Hacking Team shocked many, thanks to the multiple zero-days that were disclosed, as well as emails discussing theĀ unscrupulous tradeĀ in exploits and “tools”. Cybercriminals (including exploit kit authors) have been hard at work integrating these newly-discovered flaws into their “products”…
Read MoreAdobe may have already patched a Flash Player vulnerability last week, but several usersāespecially those in the US, Canada, and the UK āare still currently exposed and are at risk of getting infected with CryptoWall 3.0. The Magnitude Exploit Kit included an exploit, detected asĀ SWF_EXPLOIT.MJTE, for the said vulnerability, allowing attackers to spread crypto-ransomware into…
Read MoreIn recent years, we noticed that more and more malicious Adobe Flash (.SWF) files are being incorporated into exploit kits like the Magnitude Exploit Kit, the Angler Exploit Kit, and the Sweet Orange Exploit Kit. However, we did some more digging and found out thatĀ the number of Flash files isnāt the only thing that has…
Read More