Java 0Day and the Targeted Nitro Attacks Campaign Analysis

Symantec, Kaspersky Labs, Trend Micro, Sophos and other security vendors continue to surf on the Java 0day targeted attack stuff. The vendors have agreed, in communion, that Java 0day was potentially used by the Chinese Nitro gang, through spear-phishing campaign. Nitro gang is well-known since another targeted campaign in 2011, reported by Symantec, focusing on …

Microsoft Internet Explorer 0Day reported by ZDI to Microsoft ?

As you may know Microsoft has release MS12-063 out-of-band security bulletin, how fix 5 security vulnerabilities including CVE-2012-4969, the Internet Explorer 0day I discovered exploited in the wild by the Nitro gang last weekend. After analyzing MS12-063 and all the vulnerabilities fixed in this bulletin, I was surprised to see that CVE-2012-4969 was credited to …

Zero-Day Season Is Really Not Over Yet

I can confirm, the zero-day season is really not over yet. Less than three weeks after the discovery of the Java SE 7 0day, aka CVE-2012-4681, potentially used by the Nitro gang in targeted attacks, a potential Microsoft Internet Explorer 7 and 8 zero-day is actually exploited in the wild. First I would like to …

Analyse d’une attaque RFI (Remote File Inclusion)

Comme tous les jours, un serveur web Internet est fréquement la cible d’attaques automatisées provenant de “scanner” RFI (Remote File Inclusion). Pour avoir une explication plus généraliste des attaques du type RFI, nous vous proposons de consulter Wikipedia. Nous allons dans l’exemple ci-dessous analyser le comportement d’une attaque d’un de ces scanner. Prenons comme base …