Researchers at the Microsoft Malware Protection Center have observed a hacking team that they call Strontium aiming zero-day attacks at servers in governments, military forces and diplomatic organizations within members of NATO, journalists and political advisors as well as some governments withi Link: Strontium hacking team targets NATO members, political advisors
The Sofacy Group (also known as Pawn Storm or APT28) is well known for deploying zero-day exploits in their APT campaigns. For example, two recent zero-days used by the Sofacy Group were exploiting vulnerabilities in Microsoft Office CVE-2015-2424 and Java CVE-2015-2590. Link: Sofacy Recycles Carberp and Metasploit Code
Heimdal Security published an interesting post on the increase in malicious scripts that are being injected into legit websites in order to serve ransomware. Link: Hundreds million legit websites could serve Ransomware because of Script Injection compromise
In the media debacle that is United Airlines vs. their hacking enemies, one thing is finally clear—United Airlines is finally starting to realize that anyone who can infiltrate their systems may be better off on their side than against them. Link: The First Bug Bounty Program for Airlines May Be Detrimental to Customer Safety and Security
Gone are the days when we would build install various tools on linux laptop with nmap, nessus, kismet, metasploit etc. Then came the bootup CD images whereby you could just boot off of the CD/DVD and perform pentesting. Pentesting Tools have evolved so much that all one needs is a tablet which is very convenient and does not look out of …
