Collaborate Disseminate
For the past year, attackers have been using an exploit kit that changes the DNS settings of home and small-business routers through users’ browsers. The tool, dubbed Novidade, was first used in Brazil in August 2017, but researchers from antivir… Continue reading Attack Kit Hijacks DNS of Home and Business Routers
Threat actors have updated their malware to include a macro-based delivery framework. Continue reading Cobalt Group Pushes Revamped ThreadKit Malware
Kraken ransomware recently added the Fallout exploit kit as another means of reaching users and encrypting their information. Working with the Insikt group from Recorded Future, the McAfee Advanced Threat Research team found evidence that the authors o… Continue reading Kraken Ransomware Now Being Distributed by Fallout Exploit Kit
New security reports have landed indicating that the infamous GandCrab ransomware is currently being distributed by a new exploit kit known as Fallout. The Fallout EK is pushing the ransomware alongside downloader Trojans and potentially unwanted progr… Continue reading Fallout EK Spreads GandCrab, Leverages CVE-2018-4878, CVE-2018-8174
Overview This is the ninth edition of our Quarterly Exploit Kit activity roundup series, in which we share our analysis of recent exploit kit activity. Exploit kits (EKs) are rapidly deployable software packages designed to leverage vulnerabilities … Continue reading Exploit kits go cryptomining – Summer 2018 edition
Spam is back with a vengeance, thanks to the demise of attack vectors such as Adobe Flash. Continue reading ThreatList: Spam’s Revival is Tied to Adobe Flash’s Demise
A story published here on July 12 about a new sextortion-based phishing scheme that invokes a real password used by each recipient has become the most-read piece on KrebsOnSecurity since this site launched in 2009. And with good reason — sex sells (the second most-read piece here was my 2015 scoop about the Ashley Madison hack).
But beneath the lurid allure of both stories lies a more unsettling reality: It has never been easier for scam artists to launch convincing, targeted phishing and extortion scams that are automated on a global scale. And given the sheer volume of hacked and stolen personal data now available online, it seems almost certain we will soon witness many variations on these phishing campaigns that leverage customized data elements to enhance their effectiveness. Continue reading The Year Targeted Phishing Went Mainstream
Catch up with Day 3 of our Security SOS Week – here’s the third episode of our week-long online security summit. Continue reading Trends in malware – ransomware, cryptojacking, what next? [PODCAST]
Here is a look at what exploit kits, CVEs and other web-based threats are keeping security professionals working overtime in 2018. Continue reading ThreatList: Exploit Kits Still a Top Web-based Threat
After being faithful to its own Magniber ransomware for several months, Magnitude EK joins others to adopt GandCrab.
Categories:
Exploits
Threat analysis
Tags: EKexploit kitgandcrabMagnituderansomware
(Read more…)
The post Magnitude … Continue reading Magnitude exploit kit switches to GandCrab ransomware