CVE-2015-2590

Sofacy (also known as “Fancy Bear”, “Sednit”, “STRONTIUM” and “APT28”) is an advanced threat group that has been active since around 2008, targeting mostly military and government entities worldwide, with a focus on NATO countries. More recently, we have also seen an increase in activity targeting Ukraine. Back in 2011-2012, the group used a relatively tiny implant (known as “Sofacy” or SOURFACE) as its first stage malware. The implant shared certain similarities with the old...

Pawn Storm's 'ingenious' click-to-own Java 0day neutered

Oracle has crushed a critical click-to-play vulnerability attackers used in the NATO-busting hacking operation known as Pawn Storm, Trend Micro threat analyst Jack Tang says. The patch is part of a run of 154 fixes from Big Red including 25 for the ravaged Java runtime. The fix will either irk or amuse the sophisticated hacking group that used the then zero-day flaw (CVE-2015-2590) to attack web assets of NATO, the White House, and other prominent corporations. The same group is behind the XAgen...

Unauthenticated remote code execution among grizzly vulns.

Oracle has poured cold coffee on a recent Java zero-day that's already under active attack, with just one of the critical patches it's released to address 193 holes in its sprawling product suite. The zero day is the most urgent fix of the lot and of the two dozen other Java patches present among Big Red's quarterly patch release. Trend Micro researchers Brooks Li and Feike Hacquebord reported the flaw 13 July noting it is being attacked as part of the sophisticated 'Operation PawnStorm' hacking...