Re: US CERT: Washington, DC Radio Station Web Site Compromises

[Paul Ferguson <fergdawgster () gmail com>]

I don't recall seeing a US-CERT advisory when a particular website has
been compromised.

I think that it is only "of government interest" because these
particular watering hole attacks used comprised websites in the
Washington, D.C., area which are highly popular with people living in
that area -- namely government employees and government contractors.

See also:

http://www.invincea.com/2013/05/k-i-a-wtop-com-fednewsradio-and-dvorak-blog-site-serving-malware-media-sites-compromised-to-push-fake-av/

- ferg


On Tue, May 21, 2013 at 12:36 PM, Jeffrey Walton <noloader () gmail com> wrote:

> Thanks Paul.
>
> Have you ever seen US CERT issue against a website? Or is this new
> reporting introduced with the recent email procedure change.
>
> Jeff
>
> On Tue, May 21, 2013 at 2:26 PM, Paul Ferguson <fergdawgster () gmail com> wrote:
> > No conspiracy theories here -- just "yet another" watering hole attack.
> >
> > See also:
> >
> > https://en.wikipedia.org/wiki/Watering_Hole
> >
> > It has become a fairly common attack/victimization methodology.
> >
> > - ferg
> >
> >
> > On Tue, May 21, 2013 at 10:46 AM, Jeffrey Walton <noloader () gmail com> wrote:
> >
> > > This is kind of interesting.... I've don't believe I have ever
> > > received a US CERT bulletin calling out a website for distributing the
> > > flyby goodness.
> > >
> > > I wonder if the radio station does not fully support the current
> > > regime. Could it be more tactics like we have recently seen at the
> > > IRS?
> > >
> > > https://www.us-cert.gov/ncas/alerts/TA13-141A



--
"Fergie", a.k.a. Paul Ferguson
 fergdawgster(at)gmail.com
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.