Exploit

This tag is used to identify information related to a proof of concept or active exploit. An exploit is code that takes advantage of a vulnerability and may be used by a threat agent, creating risk for an asset.

Microsoft Security Advisory (2934088) Vulnerability in Internet Explorer Could Allow Remote Code Execution

Feb
27

Microsoft has issued a security advisory for a zero-day exploit which was first identified in January and recently used in attacks against users of the US Veterans of Foreign Wars official site, as well as a decoy site for the French aerospace association GIFAS.

Posted By Ken Walling read more

Adobe Flash Zero-Day Exploit Drops PlugX Remote Access Tool

Feb
21

Adobe has released a patch out of their normal patch release cycle to address three critical vulnerabilities in their Flash Player software, including removing a vulnerability being used by a zero-day exploit which drops PlugX, a remote access tool which can be used by an attacker to maintain covert access of a victim's compromised system. Update APSB14-07 should be applied as soon as possible to Windows and Linux systems that have Adobe Flash Player installed.

Posted By Ken Walling read more

CIO Brief: Cyber Attack Destroys Data on 32K Computers in South Korea

Mar
25

Approximately 32,000 financial and media industry computers were infected by an attack in South Korea last Wednesday.  Originally, it was thought that the IP address of origin was Chinese.  But as per a BBC report, the IP address was configured on a server at the Nonghyup Bank, which was one of the banks hit in the attack.  In other words, the attack seems to have come from within. Another thing to consider is this:  the attacks were very successful at destroying data and bringing down systems.

Posted By Ken Walling read more

Customers Can't Trust Vendors to Act Responsibly

Mar
21

A back door has been discovered in theTP-Link TL-WDR4300 dual band WiFi router. This is a popular SOHO class router with a major problem that the vendor seems to be ignoring. Sekurak, a Polish Security group, reportedly reached out to TP-Link several times (out of a professional courtesy that shows a responsible blend of full disclosure and caution), but received no reply.

Posted By Ken Walling read more
Subscribe to RSS - Exploit