(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
HPE Network Node Manager i (NNMi) Multiple Security vulnerabilities
 
Moodle CVE-2016-9186 Arbitrary File Upload Vulnerability
 
Moodle CVE-2016-9187 Arbitrary File Upload Vulnerability
 
Google Android Bluetooth CVE-2016-6719 Remote Privilege Escalation Vulnerability
 

It's been go time for spear phishing as the window for Adobe and Windows zero-day exploits closes with recent patches. (credit: Wikipedia)

A Russia-based hacking group is seeking to maximize the value of its zero-day exploits before patches issued by Adobe (released on October 26) and Microsoft (released yesterday) become widely available. In a report issued today, researchers at Trend Micro noted that spear phishing activity—malicious e-mails sent to "various governments and embassies around the world"—had ramped up significantly after these exploits were announced.

The flaws, discovered last week by Google's Threat Analysis Group, have been used in a long-running spear-phishing campaign against government, political, and military targets in the US and Europe. It's all an apparent intelligence collection effort run by the group known variously as Pawn Storm, Fancy Bear, APT28, Sofacy, and Strontium. This is the same group blamed for the hack of the Democratic National Committee and the e-mail accounts of Hillary Clinton Campaign Chairman John Podesta, former Secretary of State Colin Powell, and other political figures in the US.

While Adobe patched the vulnerability (CVE-2016-7855) with an emergency update on October 26, the Microsoft vulnerability was not patched until November 8. That's more than a week after Google announced the discovery of the exploit.

Read 5 remaining paragraphs | Comments

 
Multiple NVIDIA Products Multiple Local Privilege Escalation Vulnerabilities
 
SAP Message Server HTTP Daemon Denial of Service Vulnerability
 
Google Android Account Manager Service CVE-2016-6718 Local Privilege Escalation Vulnerability
 
Google Android AOSP Launcher CVE-2016-6716 Local Privilege Escalation Vulnerability
 
Google Android Framework APIs CVE-2016-6715 Privilege Escalation Vulnerability
 
Multiple NVIDIA Products GPU Display Driver Multiple Local Privilege Escalation Vulnerabilities
 
URL Redirection Vulnerability In Verint Impact 360
 
[security bulletin] HPSBGN03670 rev.1 - HPE Business Service Management (BSM) using Java Deserialization, Remote Code Execution
 
[SECURITY] [DSA 3709-1] libxslt security update
 
Google Android Conscrypt CVE-2016-6709 Information Disclosure Vulnerability
 
Google Android Download Manager CVE-2016-6710 Information Disclosure Vulnerability
 
Google Android Bluetooth CVE-2014-9908 Denial of Service Vulnerability
 
SAP NetWeaver Java AS 'Webdynpro' Component Information Disclosure Vulnerability
 
Google Android Runtime Library CVE-2016-6703 Remote Code Execution Vulnerability
 
Google Android libjpeg CVE-2016-6702 Remote Code Execution Vulnerability
 
Phoenix Contact ILC PLC Authentication Bypass and Information Disclosure Vulnerabilities
 
Google Android System Server CVE-2016-6707 Remote Privilege Escalation Vulnerability
 
Google Android libzipfile CVE-2016-6700 Privilege Escalation Vulnerability
 

---
Johannes B. Ullrich, Ph.D.
STI|Twitter|LinkedIn

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Google Android Mediaserver CVE-2016-6699 Remote Code Execution Vulnerability
 

Enlarge / Republican president-elect Donald Trump gives a thumbs up to the crowd during his acceptance speech at his election night event at the New York Hilton Midtown. (credit: Chip Somodevilla | Getty Images)

Republican presidential nominee Donald Trump defeated Democrat Hillary Clinton. Trump will now become the 45th president, succeeding President Barack Obama.

"I say it is time for us to come together as one people," Trump, the president-elect, told supporters in New York, shortly after Clinton called him to concede the election.

Here is where Trump stands on the issues near and dear to Ars:

Read 18 remaining paragraphs | Comments

 
Internet Storm Center Infocon Status