Attackers Use Microsoft Security Hole Against Energy, Defense, Finance Targets

 

Internet Explorer zero-day vulnerability actively being exploited in the wild

 

 

” By the time Microsoft warned customers of a nasty security hole in its web browser Saturday, a sophisticated group of attackers were already using the vulnerability against defense and energy companies, according to FireEye, the security company.

  Things went from bad to worse over the weekend. FireEye’s researchers watched as the attackers shared their exploit with a separate attack group, which began using the vulnerability to target companies in the financial services industry, according to Darien Kindlund, the director of threat intelligence at FireEye.

  Even after Microsoft issued its advisory on Saturday, Mr. Kindlund said, “There was a notable increase in proliferation.”

  Soon, the attackers were using the vulnerability for so-called watering hole attacks, in which hackers infect a popular website with malware, then wait for victims to click to the site and infect their computers.”

 

Read more