Attacks/Breaches

Snowman Attack Campaign Targets IE10 Zero-Day Bug

Military personnel appear to be the targets of watering-hole attacks from a hacked VFW website.

(Image: spencer77)
(Image: spencer77)

Comment  | 
Print  | 
Comments
Newest First  |  Oldest First  |  Threaded View
Mathew
50%
50%
Mathew,
User Rank: Apprentice
2/18/2014 | 10:05:02 AM
Update to story: IE9 and IE10 affected
The VFW issued a statement Friday confirming that its site was hacked:

On February 12, the VFW National Headquarters was notified of a unique and evolved attack on its website. The attackers were able to breach several layers of VFW cyber-security software, installing malicious code that would prompt a malware download to the computers of visitors to vfw.org using Internet Explorer 9 or 10. VFW immediately identified the threat and rectified the code. At this point, there is no indication that any member or donor data was compromised. VFW is currently working with federal law enforcement and a computer security incident response team to locate the source of the attack and determine the extent of the event.

Lorna Garey
50%
50%
Lorna Garey,
User Rank: Ninja
2/14/2014 | 11:46:54 AM
IE preferred browser?
Given that the attackers hope victims will be working on sensitive data on the infected computers, that implies they think these will be work devices, not personal. What browser does the Pentagon standardize on? It doesn't seem like IE is a smart choice.
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-9728
Published: 2015-08-31
The UDF filesystem implementation in the Linux kernel before 3.18.2 does not validate certain lengths, which allows local users to cause a denial of service (buffer over-read and system crash) via a crafted filesystem image, related to fs/udf/inode.c and fs/udf/symlink.c.

CVE-2014-9729
Published: 2015-08-31
The udf_read_inode function in fs/udf/inode.c in the Linux kernel before 3.18.2 does not ensure a certain data-structure size consistency, which allows local users to cause a denial of service (system crash) via a crafted UDF filesystem image.

CVE-2014-9730
Published: 2015-08-31
The udf_pc_to_char function in fs/udf/symlink.c in the Linux kernel before 3.18.2 relies on component lengths that are unused, which allows local users to cause a denial of service (system crash) via a crafted UDF filesystem image.

CVE-2014-9731
Published: 2015-08-31
The UDF filesystem implementation in the Linux kernel before 3.18.2 does not ensure that space is available for storing a symlink target's name along with a trailing \0 character, which allows local users to obtain sensitive information via a crafted filesystem image, related to fs/udf/symlink.c and...

CVE-2015-0942
Published: 2015-08-31
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-6742, CVE-2015-6743, CVE-2015-6744, CVE-2015-6745, CVE-2015-6746, CVE-2015-6747. Reason: This candidate originally combined multiple issues that have different vulnerability types and other complex abstraction issues. Notes: All CV...

Dark Reading Radio
Archived Dark Reading Radio
Another Black Hat is in the books and Dark Reading was there. Join the editors as they share their top stories, biggest lessons, and best conversations from the premier security conference.