STE WILLIAMS

WebEx on Firefox is among the targets of a new exploit kit that’s started circulating on Russian nastyware exchanges.

The Disdain-based exploit kit is described here by security services outfit IntSights, which says the exploit kit is offered by someone using the handle “Cehceny”.

David Montenegro (@CryptoInsane) says Disdain is a copy-paste of the open source BEPS exploit kit.

This is a Copy Paste of BEPS Exploit Kit( Open Source ) .. 🤔🤔 pic.twitter.com/ROWd3YH5Tf

— David Montenegro (@CryptoInsane) August 9, 2017

IntSights says the kit includes:

Disdain is rented on a daily, weekly, or monthly basis at US$80, $500, and $1,400 respectively. Victims who hit the exploit are scanned, and the kit tries to attack a number of known vulnerabilities from between 2013 and this year.

That’s where the Cisco WebEx plug-in comes in: CVE-2017-3823, which landed in January this year, is an API error that exposes an unpatched user to remote code execution.

The other 14 CVEs the kit tests for are browser bugs (Internet Explorer, Firefox and Edge) and three Flash bugs. The other vulns probed are below.

All vectors have patches available. ®

Sponsored:
The Joy and Pain of Buying IT – Have Your Say

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2017/08/16/disdain_exploit_kit/