Hacking

Researchers at the Microsoft Malware Protection Center have observed a hacking team that they call Strontium aiming zero-day attacks at servers in governments, military forces and diplomatic organizations within members of NATO, journalists and political advisors as well as some governments withi Link: Strontium hacking team targets NATO members, political advisors

The Sofacy Group (also known as Pawn Storm or APT28) is well known for deploying zero-day exploits in their APT campaigns. For example, two recent zero-days used by the Sofacy Group were exploiting vulnerabilities in Microsoft Office CVE-2015-2424 and Java CVE-2015-2590. Link: Sofacy Recycles Carberp and Metasploit Code

Heimdal Security published an interesting post on the increase in malicious scripts that are being injected into legit websites in order to serve ransomware. Link: Hundreds million legit websites could serve Ransomware because of Script Injection compromise

In the media debacle that is United Airlines vs. their hacking enemies, one thing is finally clear—United Airlines is finally starting to realize that anyone who can infiltrate their systems may be better off on their side than against them. Link: The First Bug Bounty Program for Airlines May Be Detrimental to Customer Safety and Security