The good people of FireEye Labs posted on discovery of a IE 10 zero-day being used in watering hole attack on a breached server in the US [1].
FireEye are working with Microsoft, "It’s a brand new zero-day that targets IE 10 users visiting the compromised website–a classic drive-by download attack. Upon successful exploitation, this zero-day attack will download a XOR encoded payload from a remote server, decode and execute it." Those looking after IE 10 users may want to keep an eye on their proxy logs for the follow on download as a potential indicator. UPDATE FireEye have provided a great deal of detail on the attack in a second blog post, which is well worth a read and gives plenty of the indicators of compromise to run through your logs and filters: http://www.fireeye.com/blog/uncategorized/2014/02/operation-snowman-deputydog-actor-compromises-us-veterans-of-foreign-wars-website.html [1] http://www.fireeye.com/blog/technical/cyber-exploits/2014/02/new-ie-zero-day-found-in-watering-hole-attack-2.html Chris Mohan --- Internet Storm Center Handler on Duty |
Chris 105 Posts ISC Handler Feb 14th 2014 |
Thread locked Subscribe |
Feb 14th 2014 7 years ago |
There are details: http://www.fireeye.com/blog/uncategorized/2014/02/operation-snowman-deputydog-actor-compromises-us-veterans-of-foreign-wars-website.html
|
Anonymous |
Quote |
Feb 14th 2014 7 years ago |
Note to self - look at the next blog post link :)
Thank you for the link - I've added it to the Diary. |
Chris 105 Posts ISC Handler |
Quote |
Feb 14th 2014 7 years ago |
- http://www.theinquirer.net/inquirer/news/2328919/hackers-exploit-internet-explorer-10-zero-day-bug-in-targeted-attacks-on-military
Feb 14 2014 - "... Or you could just avoid the Microsoft browser altogether by running an alternative like Google Chrome or Mozilla Firefox." . |
PC.Tech 34 Posts |
Quote |
Feb 14th 2014 7 years ago |
Sign Up for Free or Log In to start participating in the conversation!