Security Alerts & News
by Tymoteusz A. Góral

#1617 FruityArmor APT group used recently patched Windows zero-day
One of the four zero-day vulnerabilities Microsoft patched last week was being used by an APT group called FruityArmor to carry out targeted attacks, escape browser-based sandboxes, and execute malicious code in the wild.

Anton Ivanov, a researcher at Kaspersky Lab, was credited by Microsoft for discovering the vulnerability last Tuesday but little was known about how it was actually being exploited until today.

The vulnerability, CVE-2016-3393, stemmed from the way a component, Windows graphics device interface (GDI), handled objects in memory. GDI is an application programming interface in Windows that helps apps that use graphics and formatted text on the video display and printer.
Read more
#1617 FruityArmor APT group used recently patched Windows zero-day
#1616 Mobile applications leak device, location data
#1615 This ransomware is now one of the three most common malware threats
#1614 Locky ransomware learns new evasive tricks
#1613 3.2 million debit cards compromised; SBI, HDFC Bank, ICICI, YES Bank and Axis worst hit
#1612 Weebly confirms hack; millions of Foursquare accounts also exposed
#1611 The Reign of Ransomware (PDF)
#1610 Cisco ASA software identity firewall feature buffer overflow vulnerability
#1609 “Most serious” Linux privilege-escalation bug ever is under active exploit
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12