Exploit kits (EKs) are not be as popular as they were several years ago, but it doesn’t mean that they are not a cyberthreat anymore; most of them have even evolved rather then disappear.
Today we will present the recently discovered Flash and Internet Explorer zero-day vulnerabilities.
The first of the flaws, named CVE-2018-4878, is present in Adobe’s Flash Player; this cyberthreat was first exploited by a North Korean hacker group in targeted cyber attacks against individuals in South Korea. Soon after its discovery, Adobe released a patch, but it still continued to be used in a huge amount of cyber attacks.
The second flaw is CVE-2018-8174, a critical issue that allows hackers to remotely execute arbitrary code on all supported versions of Windows. After running a malware analysis on it, researchers found that the flaw is an updated version of a 2-year-old VBScript vulnerability (CVE-2016-0189) that continues to be used by cybercriminals. This flaw has been already patched too, with the May 2018 Patch Tuesday updates.
The new EKs represent a big cybersecurity problem because they contain even the recently patched Flash Player zero-day tracked as CVE-2018-5002; a threat that is still being exploited in targeted attacks all over the world.
To stay away from any threats like this, we recommend the install of antivirus for Windows or antivirus for Mac on every device that you own, depending on which OS your device is running.
If you are a company, it is also recommended to hire every year a specialized cybersecurity company that will run annual tests on your company’s network. These tests include penetration testing and ethical hacking tests;
Both Flash and VBScript engines are pieces of software that can be exploited for web-based attacks, and because of this it was natural to see their integration into exploit kits; like as always happens soon after a proof of concept became publicly available, RIG adopted the exploit for the new VBScript engine flaw, becoming the first EK to do so. The same toolkit also included an exploit for Flash bug, and numerous other payloads such as Bunitu, Ursnif, and the SmokeLoader backdoor.
The EKs are being used continuously on South Korea and they are now targeting both CVE-2018-4878 and CVE-2018-8174. Researchers consider this toolkit one of the most sophisticated EKs on the market, thanks to its own Magnigate filtering, a Base64-encoded landing page, and a fileless payload.
Another very dangerous EK is GreenFlash Sundown. It has an elusive nature, researchers say, because it continues to strike via compromised OpenX ad servers and it uses CVE-2018-4878 too; this cyber threat is used to deliver the Hermes ransomware or a cryptocurrency miner.
Last EK, named GrandSoft EK, only targets Internet Explorer by leveraging the older CVE-2016-0189 Internet Explorer exploit; this one doesn’t have any obfuscation EK feature implemented and is being used by the hackers for delivering payloads like AZORult stealer.
The recent influx of zero-days has given the exploit kits a much-needed boost. We noticed an increase in RIG EK campaigns. Nowadays most of the cyber attacks are concentrated on Microsoft Office–related exploits, but there is a cascading effect happening into exploit kits.
We would continue to monitor this cyberthreat. Meanwhile, users should keep a keen eye out for any cyber attacks. Remember to use an antivirus for Windows or antivirus for Mac in every device that you own, depending on which OS your machine is running, If you are a company we recommend to hire every year a specialized cybersecurity company that will run annual tests on your company’s network, tests like this include: penetration testing and ethical hacking.
Regular users are the most affected by malware this day because most of them do not care about what antivirus they have installed in their systems.
Users can download antivirus developed by our company directly by clicking the download banner from the end of the page.
Our free download antivirus can help users to protect their Mac or Windows devices against malware and adware.
We offer a free antivirus one day license to all our users who want to test the full power of our antivirus solution.
Our antivirus can detect a vast spectrum of threats, from dangerous malware to nasty browsers extensions used for mining the crypto-currency.
The antivirus our company is offered is a certified product of OPSWAT.
Most of the companies don't care about cybersecurity until they suffer a breach.
A healthy company must perform a penetration test from time to time. The penetration test must execute against all the assets of the company, including the workers who are the most vulnerable to the social engineering attacks.
A penetration test can be done either by a security specialist from inside of the company or by hiring an external cyber security company who can take care of everything.
Besides penetration test, a company must have a minimum healthy cybersecurity system installed like antivirus or firewall.
CyberByte company can perform various penetration tests on all the spectrum of PCI/DSS compliance to the red team, perimeter testing, and social engineering.
We also provide services to employee profiling and cyber threat monitoring, since most of the data breaches this day come from the inside of the company.
To check our penetration test services go to the Services tab from the main menu.
Windows users can download free antivirus solution CyberByte by clicking the banner. The free antivirus will help you to know if your PC is infected. Windows free antivirus of CyberByte is an awarded software for malware detection.
Mac / MacOS / OS X users can download free Mac antivirus solution CyberByte by clicking the banner. The free antivirus will help you to know if your Mac is infected. MacOS / OS X free antivirus of CyberByte is an awarded software for malware detection. The free antivirus for Mac is available for new MacOS and older OS X versions.
Features of CyberByte™ antivirus:
- Protects you from all kind of threats
- CyberByte™ custom detection engine includes Mac and Windows malware protection and detection
- Fastest scanning times in the market
- Crypto Mining rogue extensions/malware detection
- Ransomware detection - don’t negotiate with ransomware cyber terrorists – keep your Mac and Windows safe
- Active live protection from background
- Certified Threat Detector by OPSWAT
- Easy to Install
- Easy to Manage
- Incredible value for money
Invisible, protecting you from behind the scenes - You will not feel it is installed on your computer, easy on the resources, like a protection software should be.
Original technology that combines behavioral heuristic analysis with powerful signatures database – the CyberByte™ Protection Engine delivers top of the line protection in an instant.
Fastest scanning times in the market – your time is precious, but also so is your digital life – CyberByte™ delivers fast scanning saving both time and your valuable data.
Don’t negotiate with ransomware cyber terrorists – keep your Mac safe and don’t ever end up paying for what is already yours.
Protect others as well – the CyberByte™ Protection Engine not only detects the threat but stops it from spreading to other Macs or Windows machines.
Don’t let strangers use your resources – more than 80% of the attacks are crypto mining driven. Are you sure your computer is not mining for crypto while you read this text?
Our malware protection will continuously look after your device providing the best security against viruses. Give us the chance to prove it by downloading the antivirus for your device.
CyberByte Antivirus is a certified product by OPSWAT (OPSWAT is a San Francisco-based software company that provides solutions to secure and manage IT infrastructure. Founded in 2002, OPSWAT delivers solutions that provide manageability of endpoints and networks, and that help organizations protect against
zero-day attacks by using multiple antivirus engine scanning and document sanitization.
To learn more about OPSWAT’s innovative and unique solutions, please visit http://www.opswat.com).
CyberByte Antivirus comes in two flavors:
MacOS Version - the free download Mac antivirus available on our website (https://mac.cyberbyte.org)
Windows Version - the free download Windows antivirus available on our website (https://pc.cyberbyte.org)
The procedure is simple:
Just free download antivirus from CyberByte website either for Mac or Windows.
Install it using the antivirus installer package.
Windows and Mac users will free malware scan their devices. The scan duration depends on how many files the end user has.
CyberByte antivirus will show if any files are infected after the scan is finished.