Establishing Digital Trust: Don't Sacrifice Security for Convenience
The Shadowserver Foundation recently reported that recent weeks have seen a surge in attacks on high-profile human rights and foreign policy Web sites. "Visiting these websites can initiate a chain reaction in which malicious code is loaded from multiple websites and results in a system compromise for vulnerable systems without other mitigating factors," the report states.
"Data typically sought included messages, intellectual property, research, and business intelligence such as contracts and negotiations, according to security specialists," News24 reports.
"The researchers did not attribute the attacks to a particular group but described the infections as an 'A.P.T.' -- or advanced persistent threat -- security jargon for an intelligence-seeking attack made by a foreign government," writes The New York Times' Nicole Perlroth. "Shadowserver recommends that users run their computers’ software updates as frequently as possible to avoid becoming infected."
"Shadowserver uncovered Flash exploits waiting for visitors of the Web sites for Amnesty International Hong Kong and the Center for Defense Information, a Washington, D.C. think-tank," writes Krebs on Security's Brian Krebs. "The home page for the International Institute for Counter-Terrorism was found to be serving up malware via a recent Oracle Java vulnerability (CVE-2012-0507), while the Cambodian Ministry of Foreign Affairs site was pointing to both Flash and Java exploits."