wiredmikey writes "Security researchers from FireEye have discovered a new IE 10 Zero-Day exploit (CVE-2014-0322) being used in a watering hole attack on the US Veterans of Foreign Wars' website. According to FireEye, attackers compromised the VFW website and added an iframe to the site's HTML code that loads the attacker's page in the background. When the malicious code is loaded in the browser, it runs a Flash object that orchestrates the remainder of the exploit. Dubbed 'Operation SnowMan' by FireEye, the attack targets IE 10 with Adobe Flash. According to a recently-released report from CrowdStrike Strategic Web Compromises (SWC), where attackers infect strategic Websites as part of a watering hole attack to target a specific group of users, were a favorite attack method for groups operating out of Russia and China. FireEye believes the attackers behind the campaign, thought to be operating out of China, are associated with two previously identified campaigns: Operation DeputyDog and Operation Ephemeral Hydra. 'A possible objective in the SnowMan attack is targeting military service members to steal military intelligence,' FireEye said."
Attend or create a Slashdot 20th anniversary party! DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Check out the new SourceForge HTML5 Internet speed test. ×