April 20, Softpedia – (International) Russian hackers exploit Windows, Flash Player zero-day flaws in targeted attack. Microsoft is working to patch a privilege escalation flaw in its operating system (OS) affecting Windows 7 and earlier products after FireEye researchers reported the zero-day attack, allegedly run by a Russian group dubbed APT28, on Adobe Flash Player that relies on the Flash vulnerability to gain access to the targeted system. Adobe released a patch addressing the flaw with its current version of Flash Player. Source
April 20, Softpedia – (International) New variant of Upatre malware downloader integrates full SSL encryption. Talos researchers discovered new versions of the Upatre malware that adopts encrypted communication with command and control (C&C) servers, including a version that uses secure sockets layer (SSL) cryptographic protocol to hide the type of data flowing between the infected client and the C&C server. The new version of the malware downloads the payload in the background while the communication is encrypted. Source