Capstone Turbine Corporation Also Targeted in the CFR Watering Hole Attack...
Since the release of MSA-2794220 by Microsoft, regarding the CVE-2012-4792 vulnerability, a Fix-it solution has been provided KB2794220. I urgently advise you to apply this Fix-it solution, or to use...
View ArticleChinese Uygur Minority Also Targeted in the CFR Watering Hole Attack And More
In my last blog post I reported you that the watering hole attack, involving an Internet Explorer 0day, was not limited to CFR.org, but also to energy manufacturer Capstone Turbine Corp. I also...
View ArticleForgotten Watering Hole Attacks On Space Foundation and RSF Chinese
As I announced you on Twitter, this blog post will present targeted attacks who have start mid-September and wasn’t discussed or presented in public. These attacks have end around mid-October. My next...
View ArticleMicrosoft Out-Of-Band Patch for Internet Explorer CVE-2012-4792 Vulnerability
Microsoft, announcing in an Advanced Notification, will release, this Monday at 10 a.m. PST, an out-of-band security update to address vulnerability CVE-2012-4792, who was actively exploited in the...
View ArticleWatering Hole Campaign Use Latest Java and IE Vulnerabilities
Through a collaboration with (Jindrich Kubec (@Jindroush), Director of Threat Intelligence at avast! / Eric Romang (@eromang), independent security researcher), we can confirm that the watering hole...
View ArticleExploitation Demo of Fake Mandiant APT1 Report PDF
As mentioned by Symantec & Seculert, a spear phishing campaign has involved a fake Mandiant APT1 PDF report, a report published by Mandiant earlier this week (APT1: Exposing One of China’s Cyber...
View ArticleCVE-2013-1347 Microsoft Internet Explorer 8 Vulnerability Metasploit Demo
Timeline : Watering hole campaign first reported on a private mailing list the 2013-04-30 Watering hole campaign publicly disclosed by AlienVault and Invincea the 2013-04-30 0day exploit spotted by...
View ArticleDepartment of Labor Watering Hole Campaign Review
On April 30th, the watering hole campaign was published on a private mailing list and the May 1st, Invicia and AlienVault publicly reported, with technical details, that United States Department of...
View ArticleDOL Watering Hole Campaign and Sexy Swedish Soccer Supporter
As I explained in my previous blog post, nine websites were involved in the DOL watering hole campaign. The first involved website was University Research Co. Cambodia (www[.]urccambodia[.]org) from...
View ArticleMS13-051 / CVE-2013-1331 What We Know About Microsoft Office Zero Day
MS13-051 Microsoft Office bulletin was release Tuesday 11th 2013 during the traditional Patch Tuesday. This bulletin fix one vulnerability, CVE-2013-1331, with a base CVSS score of 9.3 and targeting...
View Article