Cyberattackers used spyware from the Israeli firm Candiru to target at least 100 human rights defenders, dissidents, journalists, activists and others across 10 countries. Candiru spyware exploits two privilege escalation vulnerabilities in Microsoft Windows Server, CVE 2021 33771 and CVE-2021-31979. The two flaws were patched by Microsoft on Tuesday, the company notes in an alert. Microsoft says it began initiating patching after being alerted by Citizen Lab, which tracks illegal hacking and surveillance. Researchers say they identified more than 750 websites linked to Candirus spyware infrastructure.”]
Source: https://www.cuinfosecurity.com/israeli-firm-candirus-spyware-used-to-target-dissidents-a-17087