Threatpost – (International) Attackers go phishing for payroll workers with Java CVE-2012-1723 exploit. Java flaw CVE-2012-1723 that Oracle patched in June has recently been the target of several pieces of malware and web-based attacks. Now researchers indicate there is a phishing scam targeting payroll and HR employees, which also involves an exploit for the Java bug. The latest version of this type of attack uses a scare tactic, telling recipients of the phishing email that the certificate they use to access their payroll system is about to expire and needs to be renewed. If the user clicks on the embedded link, they will end up on a site serving various exploits, including one for the Java flaw.