A new watering-hole attack targets a zero-day vulnerability in Internet Explorer 10. Security firm FireEye warned that, beginning on Tuesday, it had spotted drive-by attacks launched from the US Veterans of Foreign Wars Website. FireEye said it’s been working with Microsoft to investigate the attacks. The gang behind what FireEye has dubbed the “Operation Snowman” attack campaign appears to have hacked into the VFW Website and altered its HTML code, including introducing JavaScript that creates a malicious iFrame that targets a never-before-seen use-after-free bug.”]
Source: https://www.darkreading.com/attacks-breaches/snowman-attack-campaign-targets-ie10-zero-day-bug