Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Security

+ - "State-sponsored" zero-day exploit hits aerospace firm->

Submitted by Anonymous Coward
An anonymous reader writes: A European aeronautical supplier's website has been hacked, and infected with an as-yet unpatched Microsoft vulnerability that has been linked to state-sponsored cyberwarfare attacks.

The infection was discovered when a computer user attempted to visit the affected website, and received a warning message that a file on the site was infected by code which attempts to exploit the vulnerability in Microsoft XML Core Services which could allow Remote Code Execution (CVE-2012-1889).

According to security researcher Graham Cluley, "We know that a tried-and-trusted method of hacking into large companies and organisations is to target the supply chain. The theory goes that rather than try to hack a company which may have robust security practices and security teams, the bad actor can instead attack a smaller supplier who are less well placed to notice the security breach."

Sophos which identified the security breach, has declined to name the company involved — but has raised its threat level to "Critical".

Link to Original Source
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

"State-sponsored" zero-day exploit hits aerospace firm

Comments Filter:

"Dump the condiments. If we are to be eaten, we don't need to taste good." -- "Visionaries" cartoon

Working...