Exploit kits: fall 2019 review November 19, 2019 https://blog.malwarebytes.com/exploits-and-vulnerabilities/2019/11/exploit-kits-fall-2019-review/ Spoiler: Fall 2019 overview Fall 2019 overview Spelevo EK Fallout EK Magnitude EK RIG EK GrandSoft EK Underminer EK KaiXin EK Purplefox EK Capesand EK
Exploit kits turn to fileless malware to evade security tools November 26, 2019 https://www.scmagazineuk.com/exploit-kits-turn-fileless-malware-evade-security-tools/article/1667023
So basically exploit kits are pretty much dead, because who cares about IE. I have to say kuddos to browser developers, because sandboxes combined with ad-blockers have made it very hard to exploit modern browsers.
BTW, after quite a while, hackers are trying to exploit Chrome again via exploit-kits. Avast thinks they may eventually try to load ransomware on the system via a couple of holes in Chrome and Windows. Of course you can use protection tools like MBAE, HMPA, OSArmor and Sandboxie against this stuff, besides your AV of course. And these particular holes are already patched, but hackers can also use zero days. https://twitter.com/AvastThreatLabs/status/1450476708939767815
Magnitude EK Expands Arsenal With PuzzleMaker Exploit Chain October 20, 2021 https://www.securityweek.com/magnitude-ek-expands-arsenal-puzzlemaker-exploit-chain
Thanks, I read it on some Dutch website. But now that I think of it, would be interesting to know if they try to lure people into visiting websites, or if they try to make use of malvertising. Of course adblockers would most likely help to protect against this.
