A group of hackers known for targeting military, government and media organizations is currently using an exploit for a vulnerability in Java that hasn’t been patched by Oracle. The zero-day exploit was observed by researchers from Trend Micro in attacks against the armed forces of an unnamed NATO country and a U.S. defense organization. Those targets received spear-phishing emails that contained links to Web pages hosting the exploit.
Kevin Epstein, VP, Advanced Security and Governance, Proofpoint :
“Adversaries continue to use spear-phishing to initiate attacks because it works; as Proofpoint’s Human Factor research has shown, eventually every target clicks*. Organizations relying on legacy secure email gateway-only protection will be compromised – hence the move by best-in-breed defenders to adopt more modern protection in the form of incremental targeted attack protection and threat response systems.”