Good news ! Hackbusters community is waiting for you !  https://discuss.hackbusters.com
KnowBe4 has been running the HackBusters site for a few years now, providing you with trending IT security news. We are expanding it and have launched a new exciting online community! The forum is divided into four main topics or categories: Social Engineering, Ransomware, Phishing and Security Awareness Training. You are invited to be one of the first to join us at: https://discuss.hackbusters.com.

Exploit kits: Spring 2018 review

Shutterstock_1033292395-3-600x300

Since our last report on exploit kits, there have been some new developments with the wider adoption of the February Flash zero-day, as well as the inclusion of a new exploit for Internet Explorer. We have not seen that many changes in the drive-by landscape for a long time, although these are the results of improvements closely tied to malspam campaigns and exploits embedded within Microsoft Office.

Since both Flash and the VBScript engine are pieces of software that can be leveraged for web-based attacks, it was only natural to see their integration into exploit kits. While Internet Explorer is not getting any younger, CVE-2018-8174 brings an update to an otherwise 2-year-old vulnerability (CVE-2016-0189), which is still used in some drive-by campaigns. As far as Flash is concerned, CVE-2018-4878 has been adopted by almost all exploits kits. At the time of this writing, a newer Flash vulnerability (CVE-2018-5002) is available but has not been spotted in any EK so far.

...(continued)
View All Trending Stories