Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Compare cell phone plans using Wirefly's innovative plan comparison tool ×
Security

Submission + - "State-sponsored" zero-day exploit hits aerospace firm (sophos.com)

An anonymous reader writes: A European aeronautical supplier's website has been hacked, and infected with an as-yet unpatched Microsoft vulnerability that has been linked to state-sponsored cyberwarfare attacks.

The infection was discovered when a computer user attempted to visit the affected website, and received a warning message that a file on the site was infected by code which attempts to exploit the vulnerability in Microsoft XML Core Services which could allow Remote Code Execution (CVE-2012-1889).

According to security researcher Graham Cluley, "We know that a tried-and-trusted method of hacking into large companies and organisations is to target the supply chain. The theory goes that rather than try to hack a company which may have robust security practices and security teams, the bad actor can instead attack a smaller supplier who are less well placed to notice the security breach."

Sophos which identified the security breach, has declined to name the company involved — but has raised its threat level to "Critical".

This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

"State-sponsored" zero-day exploit hits aerospace firm

Comments Filter:

If you would know the value of money, go try to borrow some. -- Ben Franklin

Working...