LCG Kit Document Builder Now Using Microsoft Word Macros to Install Malware Payloads
A weaponized document builder service known as LCG Kit added the ability to use Microsoft Word macros to load the necessary shellcode for installing malware.
Ninety-Five Percent of Webshell Attacks Written in PHP
Webshells are dangerous in the hands of APT groups. According to IBM Managed Security Services (MSS), 95 percent of webshell attacks are written in PHP.
Command Injection: A Deadly Needle in the Haystack
Command injection attacks may not get a lot of hype, but they can be seriously damaging to an enterprise that isn't careful about its security.
The Webshell Game Continues
IBM X-Force researchers have noted a dramatic increase in the use of malicious webshell attacks throughout the first half of 2016.
Got WordPress? PHP C99 Webshell Attacks Increasing
IBM MSS X-Force researchers found that C99 webshell attacks are increasing, particularly against content management systems such as WordPress.
The State of Return Oriented Programming in Contemporary Exploits
Return Oriented Programming (ROP) is the general case of a technique often used when exploiting security vulnerabilities caused by memory corruption issues. ROP has become a more frequently used technique in the exploitation of memory corruption...
Multistage Exploit Kits Boost Effective Malware Delivery
Like ICBM missiles, multistage exploit kits first launch a nonthreatening stage and then use the second stage to inflict damage without raising suspicion.