A dirt-cheap, do-it-yourself hacking kit sold by a Russian Web site is being used by more than 1,000 malicious Web sites, a security company said Monday.
Those sites have confiscated hundreds of thousands of computers using the "smartbomb" kit, which sniffs for seven unpatched vulnerabilities in Internet Explorer and Firefox, then attacks the easiest-to-exploit weakness.
For $15 to $20, hackers can buy the "Web Attacker Toolkit," said San Diego-based Websense in an online alert. The tool, which uses a point-and-click interface, can be planted on malicious sites -- or on previously-compromised computers -- to ambush unsuspecting users.
"It puts a bunch of code on a site that not only detects what browser the victim is running, but then selects one of seven different vulnerabilities to exploit, depending on how well patched the browser is," said Dan Hubbard, senior director of security and research at Websense.
Both Firefox and Internet Explorer vulnerabilities are among the seven.
With the move to the cloud, CISOs must shift priorities from operating security programs to overseeing (monitoring and auditing) outsourced cybersecurity programs.
2022 was a boon year for IT salaries. 2023 came in like a beast with layoffs, raise freezes, and ChatGPT, but that beast has few teeth.
Age is only a number. Don't let a high number cancel your career.
