Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security

An Up-to-Date Browser Should Keep Users Safe From Most Exploit Kits (bleepingcomputer.com) 53

Exploit kits, once a preferred choice of attackers to invade a victim's browser and find way to their computer, are increasingly diminishing in their effectiveness. If you have an updated browser, chances are it packs adequate resources to fight such attacks. Catalin Cimpanu, writing for BleepingComputer: Exploit kits (EK) have been around on the criminal underground for more than a decade and were once pretty advanced, often being a place where researchers found zero-days on a regular basis. But as browsers got more secure in recent years, exploit kits started to die out in 2016-2017. Most operators were arrested, moved to other things, and nobody developed new exploits to add to the arsenal of EK left on the market, which slowly began falling behind when it came to their effectiveness to infect new victims.

A Palo Alto Networks report published yesterday details statistics about the vulnerabilities used by current exploit kits in the first three months of the year (Q1 2018). According to the gathered data, researchers found 1,583 malicious URLs across 496 different domains, leading to landing pages (URLs) where an EK attempted to run exploits only for only a meager eight vulnerabilities. All eight were old and known bugs, with the newest dating back to 2016. Seven of the eight vulnerabilities targeted Internet Explorer, meaning that using a more modern browser like Chrome and Firefox is a simple, yet effective way of avoiding falling victim to exploit kits.

This discussion has been archived. No new comments can be posted.

An Up-to-Date Browser Should Keep Users Safe From Most Exploit Kits

Comments Filter:
  • Re: (Score:4, Interesting)

    by kurkosdr ( 2378710 ) on Friday June 22, 2018 @06:17PM (#56831432)
    Browser exploit kits are not profitable anymore because browsers auto-update, it's that simple. OSes on the other hand don't always auto-update (or update at all for the case of mobile devices and IoT ) which is where the exploit underground has moved...
  • by ElizabethGreene ( 1185405 ) on Friday June 22, 2018 @11:09PM (#56832298)

    The article and summary implies that a currently patched version of IE would be vulnerable. This is not the case. :/

    Microsoft, who in full disclosure is my employer, fails at a lot of things. You don't have to make up new ones on our behalf.

    (This is obviously my opinion and not that of the company that buys my groceries. I understand that working for Microsoft means my opinion is invalid.)

    • by jon3k ( 691256 )
      Don't worry no one uses IE so it doesn't matter.
    • by Tukz ( 664339 )

      Your "employer" discontinued Internet Explorer, who cares if it's vulnerable? Don't use a discontinued product if you care about security.

"The vast majority of successful major crimes against property are perpetrated by individuals abusing positions of trust." -- Lawrence Dalzell

Working...