Multiple websites have been compromised by attackers via JavaScript drive-by attacks. The attacks are part of a campaign that uses so-called “watering hole attacks” The attacks attempt to exploit a recently discovered IE8 bug (CVE-2012-4792), as well as one of the two Java vulnerabilities spotted earlier this month. The fact that attackers are including exploits for long-patched updates highlights the slow speed with which many people update their systems, says Avast’s Jindrich Kubec.”]
Source: https://www.darkreading.com/attacks-breaches/china-accused-of-java-ie-zero-day-attacks