Two of the zero-day Windows flaws patched by Microsoft as part of its Patch Tuesday update earlier this week were weaponized by an Israel-based company called Candiru in a series of “precision attacks” to hack more than 100 journalists, academics, activists, and political dissidents globally.
The spyware vendor was also formally identified as the commercial surveillance company that Google’s Threat Analysis Group (TAG) revealed as exploiting multiple zero-day vulnerabilities in Chrome browser to target victims located in Armenia, according to a report published by the University of Toronto’s Citizen Lab.
“Candiru’s apparent widespread presence, and the use of its surveillance technology against global civil society, is a potent reminder that the mercenary spyware industry contains many players and is prone to widespread abuse,” Citizen Lab researchers said. “This case demonstrates, yet again, that in the absence of any international safeguards or strong government export controls, spyware vendors will sell to government clients who will routinely abuse their services.”
Founded in 2014, the private-sector offensive actor (PSOA) — codenamed “Sourgum” by Microsoft — is said…
http://feedproxy.google.com/~r/TheHackersNews/~3/kxKUMcFXWq8/israeli-firm-helped-governments-target.html