Another security story from The Register to start the week off:
Attackers have added a recent dangerous Adobe vulnerability to the Magnitude exploit kit, according to respected independent malware researcher "Kafeine". The remote code execution vulnerability (CVE-2015-3113) revealed last week allows attackers to hijack un-patched machines targeting Internet Explorer on Windows 7 and XP.
Web villains [sic] designated APT 3 by FireEye sleuths are already exploiting the flaw through phishing attacks. Now the researcher known as Kafeine says the vulnerability has been added to the Magnitude exploit kit in what is a significant elevation of risk for Flash users.
Kafeine says Magnitude attackers are using the exploit to drop the Cryptowall ransomware.
"CVE-2015-3113 has been spotted as a zero day by FireEye, exploited in limited targeted attacks. It's now making its path to exploit kits," he says.
Magnitude, said to generate as of August up to $US100,000 a month for its author, maintains about a third of the exploit kit market according to Trustwave. The researchers say the Magnitude author, thought to be a single Russian, could make up to $3 million a year.
(Score: 3, Insightful) by Nerdfest on Monday June 29 2015, @02:15PM
The last couple of articles have been about exploits targeting IE, PHP, and Flash. I'm glad we've moved on from those bad old days of the 90's.
(Score: 3, Insightful) by DarkMorph on Monday June 29 2015, @04:08PM
(Score: 2) by Nerdfest on Monday June 29 2015, @06:10PM
True, but PHP really does seem to help you a lot in writing exploitable code.