Entries with tag department of energy.

Microsoft Zero-Day Vulnerability Targets US Nuclear Researchers

Microsoft has confirmed that a zero-day vulnerability exists in all versions of Internet Explorer 8, the company’s most popular browser. Security researchers say hackers have used the vulnerability in attacks against US Department of Energy nuclear-weapons scientists as well as US Department of Labor employees. The DoE’s Site Exposure Matrices website, used for information related to illnesses in employees who work in developing or disarming nuclear weapons, was specifically targeted in a watering-hole attack. In these attacks, hackers use website flaws to implant malware, which infects subsequent visitors. One security expert says these types of attacks will be successful unless users begin utilizing advanced browser protection software, such as virtual containers. Similar recent attacks have affected the Council on Foreign Relations think tank, NBC, and Capstone Turbine, a renewable energy firm, according to NextGov, a news and analysis website for US federal IT managers. Microsoft indicated it will issue a fix for its browser vulnerability but has not said when. The company’s next regularly scheduled security update will be on 14 May. (Computerworld)(ZDNet)(NextGov)

Showing 1 result.