Microsoft also victim of recent watering hole attack
Microsoft has followed in the steps of Twitter, Facebook and Apple, and has confirmed on Friday that it has recently experienced a security intrusion.
“During our investigation, we found a small number of computers, including some in our Mac business unit, that were infected by malicious software using techniques similar to those documented by other organizations,” stated Matt Thomlinson, General Manager of Microsoft’s Trustworthy Computing Security, and added that so far, they have found no evidence of customer data being affected, but that the investigation is still ongoing.
“This type of cyberattack is no surprise to Microsoft and other companies that must grapple with determined and persistent adversaries. We continually re-evaluate our security posture and deploy additional people, processes, and technologies as necessary to help prevent future unauthorized access to our networks,” he concluded.
He shared no more details about the breach for the time being.
The watering hole in question was the iPhoneDevSDK forum site, popular with mobile developers, and the attacker have managed to infect the visitors’ computer by serving exploits for (at the time unpatched) Java vulnerabilities.
It is still unknown whether the attack was aimed at these high-profile targets, but what is known is that it wasn’t limited to them – any visitor that still had Java enabled on his browser or computer was bound to be affected.
So let me reiterate once more: if you don’t need Java, remove it from your devices. If you’re not sure whether you need it or not, remove it and see how it goes. If you miss it and can’t do without it, you can always install it again.