CVE-2015-2360

Perhaps one of the most explosively discussed subjects of 2015 was the compromise and data dump of Hacking Team, the infamous Italian spyware company. For those who are not familiar with the subject, Hacking Team was founded in 2003 and specialized in selling spyware and surveillance tools to governments and law enforcement agencies. On July 5, 2015, a large amount of data from the company was leaked to the Internet with a hacker known as “Phineas Fisher” claiming responsibility for the brea...

Malware may have come from nation-state team, says Russian firm

Kaspersky Lab has unearthed an attack on its corporate network which hit high profile victims in several Western, Middle East and Asian nations, including covert surveillance attempts during the ongoing Iranian nuclear talks. The Duqu 2.0 malware platform associated with the attacks was exploiting up to three zero-day vulnerabilities, a highly unusually feature that strongly suggests nation-state involvement. The last remaining zero-day (CVE-2015-2360) was patched by Microsoft on 9 June with the...

Microsoft releases eight security bulletins today, updating a set of forty five software vulnerabilities. This month’s updates touch a smaller set of Microsoft software, but two of the Bulletins address kernel-level vulnerabilities and require a restart. Some are being exploited as a part of serious targeted attack activity: Two are rated Critical (MS15-056 for Internet Explorer and MS15-057 for Windows Media Player) because of their remote code execution severity. The Internet Explorer bull...