Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Security

Submission + - "State-sponsored" zero-day exploit hits aerospace firm (sophos.com)

An anonymous reader writes: A European aeronautical supplier's website has been hacked, and infected with an as-yet unpatched Microsoft vulnerability that has been linked to state-sponsored cyberwarfare attacks.

The infection was discovered when a computer user attempted to visit the affected website, and received a warning message that a file on the site was infected by code which attempts to exploit the vulnerability in Microsoft XML Core Services which could allow Remote Code Execution (CVE-2012-1889).

According to security researcher Graham Cluley, "We know that a tried-and-trusted method of hacking into large companies and organisations is to target the supply chain. The theory goes that rather than try to hack a company which may have robust security practices and security teams, the bad actor can instead attack a smaller supplier who are less well placed to notice the security breach."

Sophos which identified the security breach, has declined to name the company involved — but has raised its threat level to "Critical".

This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

"State-sponsored" zero-day exploit hits aerospace firm

Comments Filter:

What this country needs is a dime that will buy a good five-cent bagel.

Working...