Threatpost – (International) Attackers go phishing for payroll workers with Java CVE-2012-1723 exploit. Java flaw CVE-2012-1723 that Oracle patched in June has been the target of several pieces of malware and Web-based attacks recently. Now researchers indicate there is a phishing scam targeting payroll and HR employees that involves an exploit for the Java bug as well. The latest version of this kind of attack is using a scare tactic, telling recipients of the phishing email the certificate they use to access their payroll system is about to expire and needs to be renewed. If the user clicks on the embedded link, they will end up on a site serving a variety of exploits, including one for the Java flaw.
Ali Loney, on August 06, 2012