Purple Fox EK Adds Microsoft Exploits to Arsenal

6 July 2020

The Purple Fox exploit kit (EK) has added two new exploits targeting critical- and high-severity Microsoft vulnerabilities to its bag of tricks – and researchers say they expect more attacks to be added in the future. The Purple Fox EK was previously analyzed in September, when researchers said that it appears to have been built to replace the Rig EK in the distribution chain of Purple Fox malware, which is a trojan/rootkit. The latest revision to the exploit kit has added attacks against flaws tracked as CVE-2020-0674 and CVE-2019-1458, which were first disclosed at the end of 2019 and early 2020.

Read full article on Threat Post

Date:

6 July 2020

Categorie(s):

NEWS

Tag(s):

CVE-2020-0674, Exploit Kits, Fox, Malware, Purple

McAfee Dominates AV-Comparatives PC Performance Test3 May 2024
Preparation: The Less Shiny Side of Incident Response – Joe Gross – ESW #3603 May 2024
Critical GitLab account takeover flaw added to CISA’s KEV Catalog2 May 2024
Microsoft, Google do a victory lap around passkeys2 May 2024
Understanding Scattered Spider, and how they perform cloud-centric identity attacks2 May 2024