Previous Story
Breach at Italian surveillance vendor prompts security alert
The security research firm gave whoever needed it detailed information on how the bug could be escalated into full control of the affected system.
Zscaler wrote in a blog post that in addition to these vulnerabilities, it found various modules and other tools Hacking Team used to compromise victims.
Hardly did the Italian surveillance software developer, Hacking Team could imagine that its spying software sold to intelligence agencies around the world could be misused so.
Hacking Team says that “a major threat exists” as a result of the source code having been made available online.
The update patched a mix of vulnerability classes, including memory address randomization issues, heap buffer overflows, memory corruption bugs, security bypass vulnerabilities, same-origin bypasses, and use-after-free flaws. Are you going to continue using Adobe Flash Player, or are you uninstalling it from your computer?
Luckily, Adobe has released an emergency patch for the flaw, meaning Flash users that update their web browser to run the new version will be safe from the attack.
Jonathan is our Google Nexus and Android enthusiast.
The data dump of internal documents, emails and source code allegedly belonging to the Milan-based firm on Sunday featured the flaw, and sparked white hats into action.
However, a second document, an invoice for 480,000 euros to the same security service, calls into question repeated denials by the Hacking Team that it has ever done business with Sudan, which is subject to heavy trade restrictions. The problem affects Windows, Mac and Linux computers.
Adobe said in a security advisory it was aware of the critical vulnerability (CVE-2015-5119) in Adobe Flash Player 18.0.0.194 and earlier versions for Windows, Macintosh and Linux.
He said the Hacking Team exploit is reminiscent of the “ActionScript-Spray” attack used in CVE-2014-0322 and first documented by Bromium researcher Vadim Kotov.
Specifically, the leaks have also lead to concerns Hacking Team is selling its surveillance products to countries global organisations, including the United Nations, NATO, European Parliament, and the U.S. have blacklisted. In the most recent email, dated May 28th last, a named Defence Forces member tells a Hacking Team employee he looked forward to meeting him the following week.
