Lumension® Endpoint Intelligence Center

Intelligence Center » News Archive » Website of U.S. oil and gas company abused in watering hole attack

Website of U.S. oil and gas company abused in watering hole attack

2014/09/17

Securityweek - (International) Researchers at Bromium found that attackers injected malicious code into the Web site of an unnamed U.S. oil and gas company in an effort to infect the computers of its visitors, known as a watering hole attack. The malicious script used on the compromised Web site utilized the Internet Explorer vulnerability CVE-2013-7331 which allows resources loaded into memory to be queried. [ed.: this vulnerability was just patched with MS14-052, demonstrating once again the importance of proactive security.]

Source: http://www.securityweek.com/website-us-oil-and-gas-company-abused-watering-hole-attack

Note: This news synopsis is taken from the DHS Daily Open Source Infrastructure Report, a daily [Monday through Friday, except US Federal holidays] summary of open-source published information concerning significant critical infrastructure issues; a 10-day archive of the DOSIR can be found at: http://www.dhs.gov/dhs-daily-open-source-infrastructure-report.


Last Updated: 27 May 2016 10:21:45