Search results for: CVE-2012-0158

exploits for sale

22% of exploits for sale in underground forums are more than three years old

Trend Micro released a research urging organizations to focus patching efforts on the vulnerabilities that pose the greatest risk to their organization, even if they are years old. Older exploits for sale more popular with criminals The research found that 22% of exploits for sale in underground forums are more than three years old. “Criminals know that organizations are struggling to prioritize and patch promptly, and our research shows that patch delays are frequently taken … More


Have you patched these top 10 routinely exploited vulnerabilities?

The US Cybersecurity and Infrastructure Security Agency (CISA) is urging organizations to patch a slew of old and new software vulnerabilities that are routinely exploited by foreign cyber actors and cyber criminals. “Foreign cyber actors continue to exploit publicly known—and often dated—software vulnerabilities against broad target sets, including public and private sector organizations. Exploitation of these vulnerabilities often requires fewer resources as compared with zero-day exploits for which no patches are available,” the agency noted. … More


Which vulnerabilities were most exploited by cybercriminals in 2019?

Which ten software vulnerabilities should you patch as soon as possible (if you haven’t already)? Table of top exploited CVEs between 2016 and 2019 (repeats are noted by color) Recorded Future researchers have analyzed code repositories, underground forum postings, dark web sites, closed source reports and data sets comprising of submissions to popular malware repositories to compile a list of the ten most exploited vulnerabilities by cybercriminals in 2019. The list The list is comprised … More

Word malware

AKBuilder: A builder for exploit-laden Word documents

One doesn’t have to be a great coder to become a successful cybercriminal, as underground markets are filled with offerings that automate one or another step of an attack chain. Take for example the AKBuilder, a builder for Word documents that carry exploits for several vulnerabilities and a malicious, encrypted payload. The evolution of AKBuilder According to SophosLabs principal researcher Gábor Szappanos, two versions of the builder have, at one time or another, found their … More

Juniper Networks

Espionage group uses cybersecurity conference invite as a lure

A cyber espionage group that has been targeting organizations in Southeast Asia for years is misusing a legitimate conference invite as a phishing lure to trigger the download of backdoor malware. The APT in question is Lotus Blossom, and the security conference is Palo Alto Networks’ CyberSecurity Summit that is scheduled to take place in Jakarta, Indonesia, on November 3. About Lotus Blossom Lotus Blossom is a group that has been operating at least since … More

deep web

Cyber espionage group uses low profile tools to hunt high profile targets

Kaspersky Lab researchers investigated a threat actor that was undertaking aggressive cyber espionage activity in the Asian region, targeting multiple diplomatic and government entities with a particular focus on China and its international affairs. This group, named Dropping Elephant (also known as “Chinastrats”), used their unsophisticated tools to attack some high profile Western targets as well. In February 2016, following an alert from a partner, Kaspersky Lab’s Global Research and Analysis Team began its investigation … More

Middle-Eastern energy firms targeted with reconnaissance Trojan

An email spam campaign targeting companies in the petroleum, gas and helium industries has been spotted by Symantec researchers. Most of them are in the so-called Middle East (UAE, Saudi Arabia, Qatar, Kuwait and Oman), but UK, US, African, Asian, and Latin American companies have also been targeted. “The initial infection vector involves the use of spam emails coming from the moneytrans[.]eu domain, which acts as an open relay Simple Mail Transfer Protocol (SMTP) server. … More

Cyberespionage campaign targeting government-affiliated organizations

Kaspersky Lab experts published a new research report about NetTraveler, which is a family of malicious programs used by APT actors to successfully compromise more than 350 high-profile victims in 40 countries. The NetTraveler group has infected victims across multiple establishments in both the public and private sector including government institutions, embassies, the oil and gas industry, research centers, military contractors and activists. According to Kaspersky Lab’s report, this threat actor has been active since … More

Cyber espionage campaign uses professionally-made malware

Trend Micro researchers have discovered a new, massive cyber espionage campaign that has been hitting as many as 71 victims each day, including government ministries, technology companies, academic research institutions, nongovernmental organizations and media outlets. Dubbed “Safe,” the campaign has first been spotted in October 2012 and has so far resulted in nearly 12,000 unique IP addresses spread over more than 100 countries to be connected to two sets of command-and-control (C&C) infrastructures, but the … More

Targeted data stealing attacks using fake attachments

ESET has uncovered and analyzed a targeted campaign that tries to steal sensitive information from different organizations, particularly in Pakistan (with limited spread around the world). During the course of ESET investigations several leads were discovered that indicate the threat has its origin in India and has been going on for at least two years. This targeted attack used a code signing certificate issued to a seemingly legitimate company to sign malicious binaries and improve … More

Week in review: Targeted attacks exploiting Windows flaw, massive Utah data breach and Flashback malware fallout

Here’s an overview of some of last week’s most interesting news, podcasts and articles: Smart meters vulnerable to false data injection False data injection attacks exploit the configuration of power grids by introducing arbitrary errors into state variables while bypassing existing techniques for bad measurement detection. Poor internal security processes spell disaster Poor internal security management processes present more risk than malicious threats. More than 50 percent of an AlgoSec survey respondents incurred a system … More

Microsoft warns of targeted attacks exploiting Windows flaw

With the April Patch Tuesday, Microsoft has issued six bulletins – four critical, two important – and has delivered patches for 11 vulnerabilities. One particular bulletin (MS12-027) stands out and patching the vulnerability (CVE-2012-0158) documented in it should be considered a priority, as Microsoft shared that it is currently being exploited in the wild. The flaw is in Windows Common Controls ActiveX control and consequently affects a great many Microsoft products such as Office 2003 … More