#CYBER MONDAY LEGAL PROOFREADING SOFTWARE SOFTWARE#
Google also did not refer to Candiru by name, but described it as a "commercial surveillance company." Google patched the two vulnerabilities earlier this year.Ĭyber arms dealers like Candiru often chain multiple software vulnerabilities together to create effective exploits that can reliably break into computers remotely without a target's knowledge, computer security experts say. On Wednesday, Google (GOOGL.O) released a blog post where it disclosed two Chrome software flaws that Citizen Lab found connected to Candiru. "These agencies then choose who to target and run the actual operations themselves."Ĭandiru's tools also exploited weaknesses in other common software products, like Google's Chrome browser. "Sourgum generally sells cyberweapons that enable its customers, often government agencies around the world, to hack into their targets’ computers, phones, network infrastructure, and internet-connected devices," Microsoft wrote in a blog post. Microsoft did not directly attribute the exploits to Candiru, instead referring to it as an "Israel-based private sector offensive actor" under the codename Sourgum.
Microsoft fixed the discovered flaws on Tuesday through a software update. "Candiru's growing presence, and the use of its surveillance technology against global civil society, is a potent reminder that the mercenary spyware industry contains many players and is prone to widespread abuse," Citizen Lab said in its report. Attempts to reach Candiru for comment were unsuccesful.Įvidence of the exploit recovered by Microsoft Corp (MSFT.O) suggested it was deployed against users in several countries, including Iran, Lebanon, Spain and the United Kingdom, according to the Citizen Lab report.