Also in this playlist...
This transcript is automatically generated
Find the Labor Department gets -- -- yet we're talking about the latest in the cyber threat the agency's website reportedly exploded for a flaw in Microsoft's Internet Explorer -- -- security experts say that.
Hackers used a vulnerability.
To target nuclear weapons researchers.
With the up Energy Department used the website and in this type of thing is called -- water holding attack Microsoft census confirmed the flaw exists and it's -- an explorer eight working to remedy that with us from DC is the man who found the security vulnerability senior researcher convinced yet.
Eddie Mitchell are.
There's a lot -- talked about is very important but I wanna start sort of that the beginning with this idea of water hole it was an uncle that a lot of people familiar with if I'm understanding it right.
You're back hacker you can basically use a third party in this -- got the Labor Department -- -- -- -- -- goal -- to steal nuclear secrets so.
-- that would that would really mean nobody safe is that is that really what's happening here.
Yeah that that's correct so.
With these sort of you know Fred actors that are looking to to steal -- confidential or intellectual property.
What they're doing is there setting up fraudulent web sites or sending what's called spear Phishing emails to users.
You know -- obviously the users the target.
And they're getting and the click on links or.
Open attachments are such that that drop -- malicious -- and watering hole attacks what's really interesting here and we've actually seen this more and more.
Recently is are actually compromising.
Legitimate web sites.
Those web sites that the targeted users that thereafter are more likely to visit -- just not so we -- on -- -- they use the Internet you go to that site get the malware there and then they're in trouble just because they go.
-- to the website so.
Who's doing business the Chinese this the work of the Chinese sore.
The Sosa attribution here is always extremely extremely difficult.
There are some very very interesting similarity is looking at the malicious code and comparing that to previous attacks that we've seen.
And some other security.
That that deal on this -- intelligence.
Have drawn conclusions.
To a known Chinese threat actor group they have to -- -- -- but it's not it's or -- and it's.
It's it we we -- -- able to independently come -- confirm that but there are a lot of interesting similarities that we had seen that -- that one could use him to make to draw that conclusion.
Ask you then for a little bit of perspective for someone you know.
Like me are just people watching that are just generally know about this kind of stuff to look at -- -- met this really is scary because now any website -- go to.
I'm I'm -- is not much I can do about it is that really true engine people just be -- if I mean.
Just -- pretty easy Internet general people big companies and everything else or is there some level of perspective here that were on top of this and we're doing something -- -- get it under control.
You know I think a lot of these sort of traditional advice that you hear from various security experts certainly applies in this case.
So obviously keep your system pack -- up to date with the latest -- versions of the most targeted plug browser plug in such as that jobs are anything from from Adobe right or possibly switch to -- More secure browser while it.
Let me stop -- there for 12 is that the one thing I did want to touch on is there a is there specific reason a -- -- use explore.
-- a change browsers and go to way this is Firefox or Google -- did you find something in there this is no Internet Explorer is not something.
People should use period.
So this I'm not committed to say that however the newer versions IE nine and I ten have some additional.
Features in them from a security perspective that make them a better choice than say IE eight for.
At least consumer home you know I user.
But you know obviously.
You know something like Google Chrome has -- what's called silt and sand box that that prevents malicious code from from executing outside that sandbox.
So it's a little bit more difficult I'll say.
Two to exploit that -- them less -- say like I.
Got -- -- finish -- thought real quick and then now absolutely so so obviously our organization.
What we've done is we've developed a product that basically.
Protects the user from this sort of malicious code by isolating those applications and protected environments.
I got out his ticket information the guy was on -- and help define it Eddie Mitchell thanks a lot appreciate it.
-- I appreciate it thank you.
Filter by section