Attacks/Breaches
2/14/2014
10:58 AM
Connect Directly
RSS
E-Mail

Snowman Attack Campaign Targets IE10 Zero-Day Bug

Military personnel appear to be the targets of watering-hole attacks from a hacked VFW website.

(Image: spencer77)
(Image: spencer77)

Comment  | 
Print  | 
Comments
Newest First  |  Oldest First  |  Threaded View
Mathew
50%
50%
Mathew,
User Rank: Apprentice
2/18/2014 | 10:05:02 AM
Update to story: IE9 and IE10 affected
The VFW issued a statement Friday confirming that its site was hacked:

On February 12, the VFW National Headquarters was notified of a unique and evolved attack on its website. The attackers were able to breach several layers of VFW cyber-security software, installing malicious code that would prompt a malware download to the computers of visitors to vfw.org using Internet Explorer 9 or 10. VFW immediately identified the threat and rectified the code. At this point, there is no indication that any member or donor data was compromised. VFW is currently working with federal law enforcement and a computer security incident response team to locate the source of the attack and determine the extent of the event.

Lorna Garey
50%
50%
Lorna Garey,
User Rank: Ninja
2/14/2014 | 11:46:54 AM
IE preferred browser?
Given that the attackers hope victims will be working on sensitive data on the infected computers, that implies they think these will be work devices, not personal. What browser does the Pentagon standardize on? It doesn't seem like IE is a smart choice.
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, September 16, 2014
Malicious software is morphing to be more targeted, stealthy, and destructive. Are you prepared to stop it?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-5700
Published: 2014-09-22
Multiple cross-site scripting (XSS) vulnerabilities in Baby Gekko before 1.2.2f allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to admin/index.php or the (2) username or (3) password parameter in blocks/loginbox/loginbox.template.php to index.php. NOTE: some o...

CVE-2014-0484
Published: 2014-09-22
The Debian acpi-support package before 0.140-5+deb7u3 allows local users to gain privileges via vectors related to the "user's environment."

CVE-2014-2942
Published: 2014-09-22
Cobham Aviator 700D and 700E satellite terminals use an improper algorithm for PIN codes, which makes it easier for attackers to obtain a privileged terminal session by calculating the superuser code, and then leveraging physical access or terminal access to enter this code.

CVE-2014-3595
Published: 2014-09-22
Cross-site scripting (XSS) vulnerability in spacewalk-java 1.2.39, 1.7.54, and 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.4 through 5.6 allows remote attackers to inject arbitrary web script or HTML via a crafted request that is not properly handled when logging.

CVE-2014-3635
Published: 2014-09-22
Off-by-one error in D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8, when running on a 64-bit system and the max_message_unix_fds limit is set to an odd number, allows remote attackers to cause a denial of service (dbus-daemon crash) or possibly execute arbitrary code by sending one m...

Best of the Web
Dark Reading Radio