Home Tags Exploit

Tag: exploit

There are several methods of classifying exploits. The most common is by how the exploit contacts the vulnerable software. A remote exploit works over a network and exploits the security vulnerability without any prior access to the vulnerable system. A local exploit requires prior access to the vulnerable system and usually increases the privileges of the person running the exploit past those granted by the system administrator. Exploits against client applications also exist, usually consisting of modified servers that send an exploit if accessed with a client application. Exploits against client applications may also require some interaction with the user and thus may be used in combination with the social engineering method. Another classification is by the action against the vulnerable system; unauthorized data access, arbitrary code execution, and denial of service are examples. Many exploits are designed to provide superuser-level access to a computer system. However, it is also possible to use several exploits, first to gain low-level access, then to escalate privileges repeatedly until one reaches root. Normally a single exploit can only take advantage of a specific software vulnerability. Often, when an exploit is published, the vulnerability is fixed through a patch and the exploit becomes obsolete until newer versions of the software become available. This is the reason why some black hat hackers do not publish their exploits but keep them private to themselves or other hackers. Such exploits are referred to as zero day exploits and to obtain access to such exploits is the primary desire of unskilled attackers, often nicknamed script kiddies.

Hackers release the exploit code for Huawei router vulnerability that helped to enable the Satori IoT botnet.
Researchers warn of copycat type attacks as exploit code used in Mirai variant goes public.
Thousands of attempts have been made to exploit a zero-day vulnerability in the Huawei home router HG532.
A critical buffer overflow vulnerability affecting Windows users has been fixed.
When analysts investigate an indicator of compromise, our primary goal is to determine if it is malicious as quickly as possible.
Identifying attack patterns helps you mitigate quicker.
At the end of September, Palo Alto released a report on Unit42 activity where they – among other things – talked about PYLOT malware. We have been detecting attacks that have employed the use of this backdoor since at least 2015 and refer to it as Travle.

Coincidentally, KL was recently involved in an investigation of a successful attack where Travle was detected, during which we conducted a deep analysis of this malware.
The same flaw that was used to exploit Equifax is now being used by attackers to mine for the Monero crypto-currency.
Win 10 version of Keeper has 16-month-old bug allowing sites to steal passwords.
The 19-year-old vulnerability impacts websites from Facebook to Paypal as well as popular software.
From version 12 onward, ME-equipped chips will defend against patch rollbacks Intel's Coffee Lake and Cannon Lake x86 processors can be fortified by computer manufacturers to prevent in hardware attempts to downgrade, exploit and potentially neuter Chi...
Sites vulnerable to newly revived ROBOT exploit included Facebook and PayPal.
On December 12, 2017, a research paper with the title Return of Bleichenbacher's Oracle Threat was made publicly available.

This paper describes how some Transport Layer Security (TLS) stacks are vulnerable to variations of the classic Bleichenbac...