Pawn Storm: First Java Zero-Day Attack in Two Years Targets NATO & US Defense Organizations

Overnight, Trend Micro’s research teams identified a new attack in the ongoing Pawn Storm campaign that is focused on high-profile, sensitive targets. The Trend Micro™ Smart Protection Network™ has enabled us to identify email messages targeting a NATO member as well as a US defense organization.

This latest Pawn Storm attack is also notable because it is being carried out using a new, unpatched vulnerability against Oracle’s Java, making this the first known zero-day attack against Java since 2013. The attack leverages a three-year-old vulnerability in Microsoft Windows Common Controls CVE-2012-015 which is addressed in MS12-027.

Our researchers have reported this vulnerability to Oracle and are working with them to address it.

Until a patch is available, we recommend disabling Java. For additional information, you can also view our write-up on how to better protect yourself when using Java: How to Use Java – If You Must.

We will continue to monitor this situation and provide updates when we have them.

from Trend Micro Simply Security http://ift.tt/1M0cOPC
via IFTTT