Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Security

+ - "State-sponsored" zero-day exploit hits aerospace firm->

Submitted by Anonymous Coward
An anonymous reader writes "A European aeronautical supplier's website has been hacked, and infected with an as-yet unpatched Microsoft vulnerability that has been linked to state-sponsored cyberwarfare attacks.

The infection was discovered when a computer user attempted to visit the affected website, and received a warning message that a file on the site was infected by code which attempts to exploit the vulnerability in Microsoft XML Core Services which could allow Remote Code Execution (CVE-2012-1889).

According to security researcher Graham Cluley, "We know that a tried-and-trusted method of hacking into large companies and organisations is to target the supply chain. The theory goes that rather than try to hack a company which may have robust security practices and security teams, the bad actor can instead attack a smaller supplier who are less well placed to notice the security breach."

Sophos which identified the security breach, has declined to name the company involved — but has raised its threat level to "Critical"."

Link to Original Source
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

"State-sponsored" zero-day exploit hits aerospace firm

Comments Filter:

When you make your mark in the world, watch out for guys with erasers. -- The Wall Street Journal

Working...