February 5, Softpedia – (International) Flash Player 16.0.0.305 patches zero-day vulnerability. Adobe released an update for its Flash Player affecting version 16.0.0.296 and earlier versions for Windows and Macintosh that fixes a zero-day vulnerability reported by Trend Micro researchers. The vulnerability was leveraged by attackers through the Hanjuan exploit kit in malvertising campaigns on popular Web sites targeting Internet Explorer and Mozilla Firefox users. Source
February 5, Softpedia – (International) Kovter trojan distributed via malvertising on Huffington Post. AOL removed malicious content from its network after Cyphort researchers discovered the spread of a previously observed malvertising campaign which delivers the Kovter trojan for ad-fraud to popular Web sites through three advertising networks. The researchers also found that this campaign utilizes different command and control (C&C) servers. Source
February 4, Reuters – (International) Accused Silk Road operator convicted on U.S. drug charges. A federal jury convicted the suspected founder of the underground Silk Road Web site February 4 on several charges, including conspiracies to commit money laundering, computer hacking, and drug trafficking for his role in an approximately $200 million anonymous online drug sale scheme involving Bitcoins. Source
February 4, Dark Reading – (International) Apple iOS now targeted in massive cyber espionage campaign. Trend Micro researchers discovered two malicious applications which utilize Apple’s iOS operating system connected to Operation Pawn Storm, a cyber espionage campaign targeting personal information, text messages, contact lists, voice recordings, pictures, lists of installed apps and processes, and geolocation data from personnel in Western military, government, defense industry firms, and the media. Source
February 3, PCWorld – (International) Dangerous Internet Explorer vulnerability opens door to powerful phishing attacks. Microsoft reported that it is working on a security update to address an Internet Explorer universal cross-site scripting (XSS) vulnerability discovered by a Deusen researcher that could allow attackers to bypass the Same-Origin Policy to launch phishing attacks or hijack users’ accounts on any Web site. Source