Information Security News
by Sean Gallagher
A Russia-based hacking group is seeking to maximize the value of its zero-day exploits before patches issued by Adobe (released on October 26) and Microsoft (released yesterday) become widely available. In a report issued today, researchers at Trend Micro noted that spear phishing activity—malicious e-mails sent to "various governments and embassies around the world"—had ramped up significantly after these exploits were announced.
The flaws, discovered last week by Google's Threat Analysis Group, have been used in a long-running spear-phishing campaign against government, political, and military targets in the US and Europe. It's all an apparent intelligence collection effort run by the group known variously as Pawn Storm, Fancy Bear, APT28, Sofacy, and Strontium. This is the same group blamed for the hack of the Democratic National Committee and the e-mail accounts of Hillary Clinton Campaign Chairman John Podesta, former Secretary of State Colin Powell, and other political figures in the US.
While Adobe patched the vulnerability (CVE-2016-7855) with an emergency update on October 26, the Microsoft vulnerability was not patched until November 8. That's more than a week after Google announced the discovery of the exploit.
by David Kravets
Republican presidential nominee Donald Trump defeated Democrat Hillary Clinton. Trump will now become the 45th president, succeeding President Barack Obama.
"I say it is time for us to come together as one people," Trump, the president-elect, told supporters in New York, shortly after Clinton called him to concede the election.
Here is where Trump stands on the issues near and dear to Ars: