Attackers use Windows flaw to target activists on Google

Powered by SC Magazine
 

Politically motivated, highly targeted.

Hackers were exploiting a Windows and Internet Explorer flaw disclosed in January to attack Google users, the search giant said on Friday.

“We’ve noticed some highly targeted and apparently politically motivated attacks against our users. We believe activists may have been a specific target,” Google’s security team confirmed in a blog post.

The attacks had also aimed at users of “another popular social site”, it said, but did not disclose which site. 

Microsoft said it was investigating reports of "limited, targeted attacks" in an updated advisory.

The Windows “MHTML” flaw affected Internet Explorer browsers, allowing an attacker to spoof web content and steal user information.

It stemmed from the way Windows handled MIME-formatted content and affected both servers and desktops. 

Google’s security team said this style of attack was a new area of threat for web users.

“It represents a new quality in the exploitation of web-level vulnerabilities. To date, similar attacks focused on directly compromising users' systems, as opposed to leveraging vulnerabilities to interact with web services,” they said.

In January, Microsoft issued a temporary fix (found here) to prevent attackers exploiting the client-side weakness, but was yet to release an actual patch. 

A server-side resolution was yet to be developed.

“We’re working with Microsoft to develop a comprehensive solution for this issue,” said Google’s security team.

Google’s server side protections to date had made the vulnerability “harder to exploit”, but they were “not tenable long-term solutions”.  

Copyright © iTnews.com.au . All rights reserved.


Attackers use Windows flaw to target activists on Google
 
 
 
Top Stories
Turnbull introduces data retention legislation
Still no definition of metadata to be stored.
 
Images: the next frontier in data analytics?
Barclay’s global data chief says we’re still at the starting line.
 
Crime Commission prepares core systems overhaul
Will replace 30 year-old national criminal database.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
In which area is your IT shop hiring the most staff?




   |   View results
IT security and risk
  27%
 
Sourcing and strategy
  12%
 
IT infrastructure (servers, storage, networking)
  21%
 
End user computing (desktops, mobiles, apps)
  14%
 
Software development
  26%
TOTAL VOTES: 414

Vote
Would your InfoSec team be prepared to share threat data with the Australian Government?

   |   View results
Yes
  55%
 
No
  45%
TOTAL VOTES: 194

Vote