Critical Infrastructure

More Details of Sykipot Exploits Of Adobe Reader Flaw Surface

More evidence is beginning to emerge that the Adobe Reader zero-day bug revealed recently is being used in targeted attacks against companies and federal agencies. Researchers recently have come across fresh samples of malware exploiting the vulnerability by using files crafted to draw in employees of federal contractors and other related organizations.

Attackers have been going after various pieces of the DNS infrastructure for a long time now, and it’s not unusual for there to be somewhat organized campaigns that target certain vertical industries or geographic regions. But researchers lately have been seeing an interesting pattern of compromises in which attackers somehow add new names to existing domains and use those sub-domains to piggyback on the good reputation of the sites and push counterfeit goods, pills and other junk. And now they’re using the attack to push exploits via the Black Hole Exploit Kit.

Another certificate authority in The Netherlands has been hacked, though this time the attack does not appear to have affected the certificate-issuing operations of Gemnet, a subsidiary of KPN. The company, which does business with the Dutch government among other organizations, said it has taken its Web site offline while it investigates the attack.

The security industry has no shortage of hard problems to solve, but the one that’s getting the most attention right now is finding a way to improve, or ideally, replace, the CA infrastructure. The latest in what has become a series of recent proposals to help shore up the certificate authority system comes from a pair of Google security researchers who have laid out a plan for providing auditable public logs of certificates as well as proofs for each certificate that’s issued.

The United States Department of Homeland Security cried foul yesterday morning, debunking claims from both the Illinois Statewide Terrorism and Intelligence Center (STIC) and Applied Control Solutions that a water station in Illinois was hacked earlier this month.

A flurry of reports late last week described an attack on an unnamed Springfield, Ill. water treatment facility where the plant’s supervisory control and data acquisition software (SCADA) were compromised by Russian computers.

Siemens said on Tuesday that it is working with the U.S. Department of Homeland Security to investigate a cyber intrusion into a water treatment plant in South Houston, Texas, but couldn’t confirm that a default, three digit password hard coded into an application used to control the company’s SCADA software played a role. 

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.