Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Embarrassing Oversight Leads to Exploit Hub’s Compromise

Exploit Hub, an exploit marketplace orginally launched by NSS Labs in 2010, but spun off by the testing firm in March of this year, said on Tuesday that they were compromised by a quasi-rival group going by the name Inj3ct0r Team.

Exploit Hub, an exploit marketplace orginally launched by NSS Labs in 2010, but spun off by the testing firm in March of this year, said on Tuesday that they were compromised by a quasi-rival group going by the name Inj3ct0r Team. As it turned out, the information stolen by the attackers wasn’t of any real value as it was already publicly available.

Exploit Hub is a marketplace for researchers to buy and sell publically known exploits (no o-days allowed), of which Exploit Hub takes a 30-percent cut. In a way, Exploit Hub has plenty of positive points, such as paying researchers for their work, but faces the same setbacks, including low pay scales. Yet, it is the total opposite of exploit houses like Vupen, by design.

According to a public notice on Facebook, Exploit Hub was breached on Tuesday by a group going by the name Inj3ct0r Team. Oddly enough, Inj3ct0r Team also sells exploits, most of them publically known or scraped from other sources. It would seem that they planned to add Exploit Hub’s collection to their own, but they failed.

“Today (December 11th), the Inj3ct0r Team has hacked [Exploit Hub]… and stole private exploits worth $242,333,” an announcement from the group boasted.

“We hacked [Exploit Hub] because the people who publish private exploits on [there] need know that the ExploitHub Admins are lamers and can not provide them with adequate security.”

As it turns out, the cause for the breach was a lapse in security policy.

“After our initial investigation we have determined that the web application server itself was compromised and access to the database on that server was available to the attacker. The server was compromised through an accessible install script that was left on the system rather than being removed after installation, which was an embarrassing oversight on our part,” Exploit Hub explained.

“The exploit information provided in Inj3ct0r’s attack announcement text file and SQL dump consists of exploit names, prices, the dates they were submitted to the market, the Authors’ IDs, and the Authors’ usernames, all of which is publicly available information retrievable from the web application’s normal browse and search functions; this is not private information and it was already publicly accessible by simply searching the product catalog through the website.”

Advertisement. Scroll to continue reading.

The incident it still being investigated, but so far, Exploit Hub admins are reasonably sure that nothing critical was stolen or compromised. As of 0600 on Wednesday, the Exploit Hub domain remains offline.

Correction: This article originally incorrectly stated that Exploit Hub was part of NSS Labs but has been corrected to reflect that it was spun-off from NSS Labs in March Of 2012 and has been independent since.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

After the passing of Amit Yoran, Tenable has appointed Steve Vintz and Mark Thurmond as co-CEOs.

Former Wiz executive Trish Cagliostro has joined Orchid Security as Chief Revenue Officer.

Transcend has named former UnitedHealth Group CISO Aimee Cardwell as CISO in Residence.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.