Watering Hole Attack Claims US Department of Labor Website

Watering Hole Attack Claims US Department of Labor Website:

http://threatpost.com/watering-hole-attack-claims-us-department-of-labor-website/

 

Sub-site of US Department of Labour hacked:

http://www.h-online.com/security/news/item/Sub-site-of-US-Department-of-Labour-hacked-1854156.html

 

Zero Day Exploit In IE 8 Targets Nuclear Weapons Researchers

"Attackers exploited a previously unknown and currently unpatched security bug in Microsoft's Internet Explorer browser to surreptitiously install malware on the computers of federal government workers involved in nuclear weapons research, researchers said Friday.

The attack code appears to have exploited a zero-day vulnerability in IE version 8 when running on Windows XP, researchers from security firm Invincea said in a blog post. The researchers have received reports that IE running on Windows 7 is susceptible to the same exploit but have not been able to independently confirm that. Versions 6 and 7 of the Microsoft browser don't appear to be vulnerable. The blog post didn't mention the status of IE 9 or 10."

http://arstechnica.com/security/201...-exploit-targets-nuclear-weapons-researchers/


Another reason, if one was really needed, to keep updated software.

 

Re: Zero Day Exploit In IE 8 Targets Nuclear Weapons Researchers

See: http://technet.microsoft.com/en-us/security/advisory/2847140
http://blogs.technet.com/b/msrc/archive/2013/05/03/microsoft-releases-security-advisory-2847140.aspx

 

Re: Zero Day Exploit In IE 8 Targets Nuclear Weapons Researchers

IE6 not vulnerable Used to love it, & if it had ALL the plugins available for it as FF does, i might be still using it

 

Re: Zero Day Exploit In IE 8 Targets Nuclear Weapons Researchers

Color me shocked, you and your love for ancient software. Upgrading to Vista and IE7 soon I guess?

 

Re: Zero Day Exploit In IE 8 Targets Nuclear Weapons Researchers

From the executive summary:

 

Microsoft admits zero-day bug in IE8, pledges patch

 

Brian is always on the ball. Though I don't know if this is sanctioned by MS - it would certainly behove those that are concerned with the standing exploit on IE 8.

Thanks for this JR.

• Poster note: due to thread merge: all social bookmarks became broken, Facebook, Twitter, etc - Takes a bit of effort to fix those. Just sayin'.

 

IE 8 Zero Day Found as DoL Watering Hole Attack Spreads to Nine Other Sites:

http://threatpost.com/ie-8-zero-day-found-as-dol-watering-hole-attack-spreads-to-nine-other-sites/

 

• http://blogs.technet.com/b/srd/arch...tigate-internet-explorer-8-vulnerability.aspx

 

See also:
Microsoft Security Advisory: Vulnerability in Internet Explorer could allow remote code execution: May 8, 2013
http://support.microsoft.com/kb/2847140
Note that the Fix It and the above MS KB contain the same Fix - or workaround until Microsoft releases a full patch, I suspect via Windows Update.

 

http://www.cert.org/blogs/certcc/2013/05/keep_calm_and_deploy_emet.html

EMET 4