Category Archives: Exploits

New Flavor of Dirty COW Attack Discovered, Patched

By | December 7, 2016

Dirty COW (designated as CVE-2016-5195) is a Linux vulnerability that was first disclosed to the public in October 2016. It was a serious privilege escalation flaw that allowed an attacker to gain root access on the targeted system. It was described as an “ancient bugby Linus Torvalds and was quickly patched once it was disclosed, Read More »

One Bit To Rule A System: Analyzing CVE-2016-7255 Exploit In The Wild

By | December 2, 2016

Recently, Google researchers discovered a local privilege escalation vulnerability in Windows which was being used in zero-day attacks, including those carried out by the Pawn Storm espionage group. Microsoft was able to release a patch by the next Patch Tuesday, November 8. This entry provides a complete analysis of the vulnerability based on samples acquired… Read More »

Pawn Storm Ramps Up Spear-phishing Before Zero-Days Get Patched

By | November 9, 2016

by Feike Hacquebord and Stephen Hilt The effectiveness of a zero-day quickly deteriorates as an attack tool after it gets discovered and patched by the affected software vendors. Within the time between the discovery of the vulnerability and the release of the fix, a bad actor might try to get the most out of his previously… Read More »

New Bizarro Sundown Exploit Kit Spreads Locky

By | November 4, 2016

A new exploit kit has arrived which is spreading different versions of Locky ransomware. We spotted two cases of this new threat, which is based on the earlier Sundown exploit kit. Sundown rose to prominence (together with Rig) after the then-dominant Neutrino exploit kit was neutralized. Called Bizarro Sundown, the first version was spotted on October 5 with a second sighting two weeks… Read More »

CVE-2016-3298: Microsoft Puts the Lid on Another IE Zero-day Used in AdGholas Campaign

By | October 31, 2016

Microsoft’s Patch Tuesday for October fixed another previous zero-day vulnerability in Internet Explorer (IE) via MS16-118 and MS16-126: CVE-2016-3298. Before the was lid put on it, the security flaw was employed alongside CVE-2016-3351 by operators of the AdGholas malvertising campaign, analysis and disclosure of which were made with our collaboration with Proofpoint’s @kafeine last July… Read More »

Patch Your Flash: Another Zero-Day Vulnerability Hits Adobe Flash

By | October 27, 2016

Adobe has released an out-of-bound patch for Flash Player due to a zero-day vulnerability. According to Adobe’s bulletin (APSB16-36), versions of Flash from 23.0.0.185 and earlier (released on October 11) are affected. (Adobe Flash Player for Linux uses a separate version numbering system; for that product versions 11.2.202.637 and earlier are vulnerable.We urge all users who… Read More »

CVE-2016-6662 Advisory: Recent MySQL Code Execution/Privilege Escalation Zero-Day Vulnerability

By | September 30, 2016

Earlier this week, an independent researcher publicly disclosed a severe vulnerability in MySQL. This is a very popular open-source DBMS which is used by many organizations to manage their backend databases and websites. Proof of concept code was provided as part of the disclosure. This particular vulnerability was designated as CVE-2016-6662, one of two serious… Read More »

Microsoft Patches IE/Edge Zero-day Used in AdGholas Malvertising Campaign

By | September 30, 2016

Special thanks to @kafeine In July 2016, we worked with @kafeine of Proofpoint to help bring down the AdGholas malvertising campaign. This campaign started operating in 2015, which affected a million users per day during its peak before it was shut down earlier this year. It used the Angler and Neutrino exploit kits to attack victims.… Read More »