New IE8 Zero-day was used in the DOL Watering Hole attack



A Few days ago Alienvault Labs reported U.S Department of Labor website was hacked and redirects to malware page.  In their report, they mentioned the exploit used in the attack was CVE-2012-4792.

After further analysis security researchers have discovered the vulnerability exploited in the cyber attack wasn’t CVE-2012-4792 but a new zero-day affecting the Internet Explorer 8.



CVE identifier CVE-2013-1347 has been assigned for this new IE vulnerability. Microsoft noted that Internet Explorer 6, IE7, IE9, and IE10 are not affected by the vulnerability.
“U.S Department of Labor website wasn’t the only entity affected and we can confirm that at least 9 other websites were redirecting to the malicious server at the same time” AlienVault reports.

According to their report, the cyber attack targets the websites belong to several non-profit groups and institutes as well as a big european company that plays on the aerospace, defence and security markets.
Invincea’s founder Anup Ghosh told NextGov that the “target of the attack are [Energy Department] folks in a watering hole style attack compromising one federal department to attack another”.

vijay

Recent Posts

Facebook is the least-trusted major tech company- study

Facebook Is the Least Trusted Major Tech Company Among Americans For Protecting Personal Data, Suggests Polls Facebook, the social networking…

16 hours ago

10 Best Free Sports Streaming Sites

A majority of people still rely on either cable or satellite-based television services for watching live sports or for streaming. Surprisingly there…

16 hours ago

How to create your own WhatsApp stickers on Android smartphones

Create your own custom stickers for WhatsApp, here’s how WhatsApp, the Facebook-owned instant messaging platform, had last week rolled out a new feature…

2 days ago

Apple Announces Repair Program For Faulty iPhone X and 13-Inch MacBook Pro Units

Apple offers free repairs to fix quality problems in some faulty iPhone X units and 13-inch MacBook Pro models Apple…

2 days ago

WhatsApp iOS beta open for public; How to download it now

WhatsApp officially launches an iOS public beta, here is how you can download and register WhatsApp Beta programme that was…

3 days ago

Greek ISPs Ordered To Block The Pirate Bay, 1337x, YTS And Other Domains

Court Orders Greek ISPs To Block 38 Domains, Including The Pirate Bay, YTS and 1337x Greek ISPs (Internet Service Providers)…

3 days ago