Cybersecurity experts report that a version of CANVAS, an exploit platform to test vulnerabilities in computer systems, was leaked into the VirusTotal database, so now all users of this platform can access the tool.
VirusTotal, owned by Google, is a platform on which users can upload samples of the virus to the database to determine if they have been detected by any of the most popular antivirus engines. On the other hand, CANVAS was developed by Immunity, a firm created by Dave Aitel, former hacker of the National Security Agency (NSA).
Experts report that the exposed version of the tool is CANVAS v7.26, released in September 2020. Ege Balci, director of PRODAFT’s threat intelligence team, confirmed the leak through his Twitter account.
Last Tuesday, French security researcher Julien Voisin found a functional exploit for Spectre, a dangerous hardware security flaw on Linux systems, which also appears to have been developed by Immunity.
Researchers also posted screenshots of the CANVAS interface, adding a new post on Twitter: “The quality of this framework is remarkable; since it was leaked, Immunity should do it open source.” As you will remember, Metasploit is a free exploit development framework created by expert H.D. Moore. Although very similar to CANVAS, it has been rewritten in Ruby after being originally written in Perl. The filtered version of CANVAS is also available in a Telegram chat group.
What do you think about this technology application? Is it useful? Are you willing to learn more about this? To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) website.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.