ExploitHub confirms breach
Posted on 13 December 2012.
ExploitHub.com, the well-known online marketplace where one can buy exploit code for disclosed vulnerabilities, has confirmed that its web application server was compromised, but that no confidential or sensitive data was stolen during the attack.

A group called "Inj3ct0r Team", which apparently runs a rival online exploit market, claimed responsibility for the attack. To prove they did it, they published a small part of a database they found on the server.

"The exploit information provided in Inj3ct0r's attack announcement text file and SQL dump consists of exploit names, prices, the dates they were submitted to the market, the Authors' IDs, and the Authors' usernames, all of which is publicly available information retrievable from the web application's normal browse and search functions; this is not private information and it was already publicly accessible by simply searching the product catalog through the website," ExploitHub commented the leak.

"The server was compromised through an accessible install script that was left on the system rather than being removed after installation, which was an embarrassing oversight on our part."

"Being a high profile target, the ExploitHub endures attacks daily. Due to this high level of risk, the ExploitHub system is architected in such a manner as to drastically limit and contain the impact of a successful compromise of its public-facing component, the web application server, to prevent the further compromise of any valuable product data such as exploit code," they explained.

"Current assessment of the attack indicates that the impact was limited to compromise of data from only the web application server which does not house exploit code or other product data," they concluded, and added that they will continue the investigation into the matter.


New Zeus variant targets users of 150 banks

Posted on 19 December 2014.  |  A new variant of the infamous Zeus banking and information-stealing Trojan has been created to target the users of over 150 different banks and 20 payment systems in 15 countries, including the UK, the US, Russia, Spain and Japan.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Mon, Dec 22nd