Update: Some worrying information’s at the bottom of the post. As reported by Ars Technica, the 15th February, Facebook was victim of a watering hole attack, involving a “popular mobile developer Web forum“. The attack was using a Java 0day that has been urgently patched, in Oracle Java CPU of first February, by version 7 update 11 … Continue reading Facebook, Apple & Twitter Watering Hole Attack Additional Informations
As mentioned by Jindrich on Twitter, it seems that the entity or entities behind the watering hole attacks don’t care to be caught or detected and it also seems that they don’t care if the Internet Explorer and Java vulnerability are patched. They act as the opportunists and try to take advantage from the timeframe … Continue reading Reporters Without Borders Victim of Watering Hole Campaign
Through a collaboration with (Jindrich Kubec (@Jindroush), Director of Threat Intelligence at avast! / Eric Romang (@eromang), independent security researcher), we can confirm that the watering hole campaigns are still ongoing, targeting multiple web high value web sites, including as example a major Hong Kong political party. We can also confirm that a second major Hong Kong political … Continue reading Watering Hole Campaign Use Latest Java and IE Vulnerabilities
Microsoft, announcing in an Advanced Notification, will release, this Monday at 10 a.m. PST, an out-of-band security update to address vulnerability CVE-2012-4792, who was actively exploited in the wild targeting different organizations like Council on Foreign Relations (CFR.org), a foreign policy web group. This vulnerability was acknowledged by Microsoft, in MSA-2794220, the 30 December, but was exploited … Continue reading Microsoft Out-Of-Band Patch for Internet Explorer CVE-2012-4792 Vulnerability