Abstract: After the vanishing of Angler and Neutrino Exploit kits (EK), the underground cyber world of EK was left with only one major player with Rig EK. Pseudo-Darkleech and EITEST, the two most popular website compromise campaigns, both redirected their victims to Rig EK. However, a few days back, our systems recently detected a major … Continue reading “Sundown Exploit Kit and The EITEST Campaign”
Tag: silverlight
Microsoft Silverlight Vulnerability CVE-2016-3367 Analysis
On Tuesday, Microsoft released a security update for Silverlight (MS16-109). Silverlight vulnerabilities are always one of the attacker’s favorite targets because most of them allow remote code execution. In this blog, I will explain what the vulnerability is about and the exploit indicators. Patch Diff and Root Cause: Patch diff is a very common way … Continue reading “Microsoft Silverlight Vulnerability CVE-2016-3367 Analysis”
Angler ExploitKit weaponizes Silverlight MS16-006
In January’s Patch Tuesday Microsoft addresses a vulnerability in Silverlight that was reported by Kaspersky. A week later on January 13 Kaspersky reported that the vulnerability was already being exploited in the wild and we set our RTI to “Actively Attacked”. Just 5 weeks later there has been a new development: security researcher @Kafeine has … Continue reading “Angler ExploitKit weaponizes Silverlight MS16-006”
Silverlight MS16-006 seen in targeted attacks
On January 12 Microsoft published MS16-006 a new version of Silverlight, Microsoft’s Flash competitor that is widely installed due to its initial use by Netflix. The new version addresses 2 critical vulnerabilities. On January 13, Kaspersky who had reported that bug to Microsoft, explained that the vulnerability was already being exploited in the wild. They … Continue reading “Silverlight MS16-006 seen in targeted attacks”