In this week’s ShadowTalk, Richard Gold and Simon Hall join Michael Marriott to discuss the latest spate of attacks by the threat actor known as Magecart. We dig into the history of Magecart, different approaches to web skimming, and provide advice on how organizations can best protect against this threat. Fallout exploit kit identified distributing […]
In this week’s ShadowTalk, Richard Gold and Simon Hall join Rafael Amado to discuss SSL (Secure Sockets Layer) interception, a technique used to inspect HTTPS (Hyper Text Transfer Protocol Secure) traffic sent between a client and a webserver. On 30 June, an important Payment Card Industry deadline passed that requires all websites that accept payment […]
What is Attack Surface Reduction? Attack Surface Reduction is a powerful tool used to protect and harden environments. It’s a broad term that means many things to different people. In this case, we use the OWASP definition: “attack surface describes all of the different points where an attacker could get into a system, and where […]
In ShadowTalk this week, Dr Richard Gold and Simon Hall join Rafael Amado to discuss misconceptions around vulnerabilities and exploits, other techniques for gaining code execution, and how organizations can prioritize the patching of vulnerabilities. Banco de Chile attackers used wiper malware to obfuscate theft Fresh analysis of Banco de Chile’s reported 24 […]
In Shadow Talk this week, Dr Richard Gold joins us to discuss the issue of security debt, a term used to refer to the accumulation of security risks over time, such as missed patches, misapplied configurations, mismanaged user accounts. Richard looks into how many of the attacks we see on a regular basis are actually […]
Exploit kit activity is waning. Collectively these malware distribution tools used to be a prominent method of infection. They rely on compromised websites, malicious adverts and social engineering to direct web traffic to their landing pages and attempt the exploitation of vulnerable software. Operated by various actors and groups, exploit kits possess different features, use […]
A previously undetected exploit kit has been offered for sale on the clear web forum HackForums since February 8, 2017 with the name “Blaze Exploit Kit”. It was offered for sale by a user with the nickname “Cat Warrior” (see Figure 1) who has a good reputation on the forum and who had previously operated […]
On February 13, 2017, the security researcher David Montenegro (@CryptoInsane) posted a series of tweets claiming that the source code for the BEPS exploit kit had been leaked online. Montenegro’s posts were accompanied by screenshots which showed a log file purportedly taken from the dump, which featured references to the actor “Kriminalac” and the Yugoslavian […]
Exploit kit users need to drive web traffic to their landing pages. Without traffic, they can’t exploit vulnerable web users and serve malicious software (the objective of an exploit kit almost all of the time). The more visitors they get, the more likelihood there is of a successful exploitation and a successful infection. For exploit […]
We’ve previously written on the most popular vulnerabilities that exploit kits are using. But how might the exploit kit market develop over the next year? There are five identifiable of factors that may impact the status of the exploit kit marketplace. The resources held by exploit kit developers The amount of custom they received The […]