Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More
Get access to immediate incident response assistance.
Get access to immediate incident response assistance.
Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More
Even though it's sometimes easy to forget that there are exploit kits other than BlackHole, other groups still strive for sales in the exploit kits market. So, while some of those toolkits are sophisticated enough to compete head-to-head with BlackHole, such as Redkit (which isn't red anymore), others provide lower-end solutions which typically costs less. One of those lower-end toolkits would be Sakura.
Today we've come across a new version of this toolkit, labeled 1.1.
The toolkit attack code isn't obfuscated except for some character encoding:
The included PDF file attempts to exploit the libTiff (CVE-2010-0188) vulnerability while the Java applet attempts to exploit CVE-2012-0507.
Needless to say, customers of Trustwave Secure Web Gateway (SWG) are protected by default.
Trustwave is a globally recognized cybersecurity leader that reduces cyber risk and fortifies organizations against disruptive and damaging cyber threats. Our comprehensive offensive and defensive cybersecurity portfolio detects what others cannot, responds with greater speed and effectiveness, optimizes client investment, and improves security resilience. Learn more about us.
Copyright © 2024 Trustwave Holdings, Inc. All rights reserved.