Security experts often mention exploits as one of the most serious problems with data and systems safety; although it’s not always clear what the difference is between exploits and the malware in general.
Exploits are a subset of malware. These malicious programs contain data or executable code, which is able to take advantage of one or more vulnerabilities in the software running on a local or remote computer. You have a browser and there is a vulnerability in it that allow “an arbitrary code” to run on your system without your knowledge. Browsers, along with Flash, Java, and Microsoft Office, are among the most targeted software categories.Read more
A highly advanced adversary dubbed Hurricane Panda is targeting major infrastructure companies with a zero-day exploit—and it has been since last spring. The timestamp of the attack suggests that the vulnerability has been actively exploited in the wild for at least five months.
CrowdStrike first detected suspicious activity on a 64-bit Windows Server 2008 R2 machine that was attributed to a compromise by the group. It uncovered that the attacks begin with compromising web servers and deploying Chopper webshells, and then escalating privileges using the newly discovered Local Privilege Escalation tool, which exploits a previously unknown vulnerability.Read more