Federal Friday - 2.28.14 - Flash Zero Day Targets Foreign Policy Sites

Blog Post created by jschim Employee on Feb 28, 2014

Federal Friday has come again, which means another week has passed us by. It's been a busy week for the Moose of Rapid7 with an imminent move for our Boston HQ for on the horizon. We also had a great week at RSA with SC Magazine naming Nexpose the Best Vulerability Management Solution!


The threat landscape has had a wild few days with a major security flaw for Apple desktops and iOS devices as well as another IE zero day being discovered. In addition, a detailed report from FireEye pointed out a zero day vulnerability in Flash (CVE-2014-0502). This particular vuln targeted 3 non-profit institutions; as visitors went to their sites they were redirected to a server hosting the zero day exploit. According to the post by FireEye this is a targeted attack on a specific sector intended to gain additional user data as well as any information regarding public-policy and defense. This nasty exploit targets computers with the following OS' and configurations:

  • Windows XP
  • Windows 7 and Java 1.6
  • Windows 7 and out-of-date versions of MS Office 2007 or 2010



Not to be outdone US-CERT released put out an Alert about Phishing campaigns that will be popping up and on-going through the tax season. It's bad enough that doing your taxes can be stressful, especially if you know you're going to have to write a check to Uncle Sam, but now you danger_phishing.pngneed to watch out for these targeted campaigns. Keep in mind, while they cast a wide net, these campaigns will have the look and feel of an email coming from the IRS. To help you protect yourself US-CERT listed the below steps:



Less than 30 days until the boys of summer are back (I'm going to get some heat around here for this)...