Pulse

By GCN Staff

Blog archive

Microsoft issues fix for zero-day IE flaw

Microsoft’s monthly Patch Tuesday update includes a fix for a recently discovered zero-day vulnerability in Internet Explorer that the company said was being exploited. The flaw is present in all versions of Windows from XP through the most recent version, 8.1.

The security company FireEye said it had found exploits of the flaw carried out against IE 7, 8, 9 and 10, on PCs running XP or Windows 7, Computerworld reported. FireEye said the exploits were part of a watering hole campaign involving an infected website in the United States. The company didn’t identify the site but said it focused on domestic and international security policy.

Watering hole attacks are becoming popular among malicious actors as an alternative to attacks such as spear phishing. Like spear phishing, they’re highly targeted, but instead of sending someone a targeted email that will try to induce them to click on a link to an infected site, watering hole attacks pick sites their targets are likely to visit, infect the site and then lie in wait. When the target — either an individual or someone from a targeted group — visits the site, the user's computers can be compromised.

The exploit FireEye found was unusual because it was designed to erase itself when the PC is rebooted, Darien Kindlund, the company’s manager of threat intelligence, told Computerworld. Such an attack harder to detect because it leaves no trace after the restart, but it also means that the attackers must have operators on hand when a target, likely identified by its IP address, visits the site to take advantage.

Posted by Kevin McCaney on Nov 12, 2013 at 11:10 AM


Featured

  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

Stay Connected