Comment on Operation PawnStorm uses Java Vulnerability

By   Kevin Epstein
Vice President of Threat Operations , Proofpoint | Jul 16, 2015 09:00 pm PST

A group of hackers known for targeting military, government and media organizations is currently using an exploit for a vulnerability in Java that hasn’t been patched by Oracle. The zero-day exploit was observed by researchers from Trend Micro in attacks against the armed forces of an unnamed NATO country and a U.S. defense organization. Those targets received spear-phishing emails that contained links to Web pages hosting the exploit.

Kevin Epstein, VP, Advanced Security and Governance, Proofpoint :

“Adversaries continue to use spear-phishing to initiate attacks because it works; as Proofpoint’s Human Factor research has shown, eventually every target clicks*.  Organizations relying on legacy secure email gateway-only protection will be compromised – hence the move by best-in-breed defenders to adopt more modern protection in the form of incremental targeted attack protection and threat response systems.”[su_box title=”Kevin Epstein, VP, Advanced Security and Governance, Proofpoint” style=”noise” box_color=”#336588″]proofpoint_logoProofpoint Inc. (NASDAQ:PFPT) is a leading security-as-a-service provider that focuses on cloud-based solutions for threat protection, compliance, archiving & governance, and secure communications. Organizations around the world depend on Proofpoint’s expertise, patented technologies and on-demand delivery system to protect against phishing, malware and spam, safeguard privacy, encrypt sensitive information, and archive and govern messages and critical enterprise information[/su_box]