SECURITY WARNINGS & Notices - Please post them here

[Asyn]

Microsoft Security Bulletin Advance Notification for January 2013
http://technet.microsoft.com/en-us/security/bulletin/ms13-jan

[Asyn]

Microsoft "Fix it" available for Internet Explorer 6, 7, and 8
http://blogs.technet.com/b/srd/

Researchers Bypass Microsoft Fix It for IE Zero Day
http://threatpost.com/en_us/blogs/researchers-bypass-microsoft-fix-it-ie-zero-day-010413
http://blog.exodusintel.com/2013/01/04/bypassing-microsofts-internet-explorer-0day-fix-it-patch-for-cve-2012-4792/
http://forum.avast.com/index.php?msg=881171

[bob3160]

Conficker targets photography lovers
"The appliances in question, which “reads” film negatives
and reproduces the photos on a computer, have been found
to contain the Conficker.B variant."

[polonus]

X-mas 2012 exploit hole found up for NVidia drivers through which malcreants could take full control of the machine. Patch your drivers here: http://www.geforce.com/

polonus

[Asyn]

Exynos 4 critical security hole affects many Galaxy devices
http://www.h-online.com/open/news/item/Exynos-4-critical-security-hole-affects-many-Galaxy-devices-1770075.html

Samsung to fix Exynos vulnerability in software update 'as quickly as possible'
http://www.androidcentral.com/samsung-fix-exynos-vulnerability-software-update-soon-possible

Report: Samsung pushes fix for Exynos 4 flaw to Galaxy SIII
http://www.h-online.com/open/news/item/Report-Samsung-pushes-fix-for-Exynos-4-flaw-to-Galaxy-SIII-1778211.html

[Asyn]

Security Advisory for ColdFusion
http://www.adobe.com/support/security/advisories/apsa13-01.html

[polonus]

New Java zero-day actively being abused. Users are advised to disable java inside the browser for now: http://labs.alienvault.com/labs/index.php/2013/new-year-new-java-zeroday/ link article poster =  jaime.blasco

polonus

[Asyn]

Current Foxit Reader can execute malicious code
http://www.h-online.com/security/news/item/Current-Foxit-Reader-can-execute-malicious-code-1780636.html
http://secunia.com/advisories/51733/

[Asyn]

Critical vulnerability in Ruby on Rails parameter parsing
http://www.h-online.com/security/news/item/Critical-vulnerability-in-Ruby-on-Rails-parameter-parsing-1780073.html

Exploits for Ruby on Rails holes now in circulation
http://www.h-online.com/open/news/item/Exploits-for-Ruby-on-Rails-holes-now-in-circulation-1781158.html

[Asyn]

New Java zero-day actively being abused. Users are advised to disable java inside the browser for now: http://labs.alienvault.com/labs/index.php/2013/new-year-new-java-zeroday/ link article poster =  jaime.blasco

Protecting Users Against Java Vulnerability
https://blog.mozilla.org/security/2013/01/11/protecting-users-against-java-vulnerability/

Apple Blocks Java 7 Plug-in on OS X to Address Widespread Security Threat
http://www.macrumors.com/2013/01/11/apple-blocks-java-7-on-os-x-to-address-widespread-security-threat/

[polonus]

Hi Asyn,

Well, we all have to wait until coming Tuesday's Oracle patch cycle: http://isc.sans.edu/diary/Oracle+Patch+Tuesday+Pre-Release/14920
Link from SANS Internet Storm Centre's by Stephen Hall (Version: 1) of what is coming patched,

polonus

[Asyn]

Hi Asyn,

Well, we all have to wait until coming Tuesday's Oracle patch cycle: http://isc.sans.edu/diary/Oracle+Patch+Tuesday+Pre-Release/14920
Link from SANS Internet Storm Centre's by Stephen Hall (Version: 1) of what is coming patched,

polonus

Pol, the problem is, there's no Java fix listed (yet).
Neither here, btw: http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html

[Arizona]

MY BAD

[mchain]

Hi Asyn,

Well, we all have to wait until coming Tuesday's Oracle patch cycle: http://isc.sans.edu/diary/Oracle+Patch+Tuesday+Pre-Release/14920
Link from SANS Internet Storm Centre's by Stephen Hall (Version: 1) of what is coming patched,

polonus

Pol, the problem is, there's no Java fix listed (yet).
Neither here, btw: http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html

MY BAD

No need to apologize or edit your post.  The root problem is that all .jre versions have been found to have legacy code in it that is continuously expliotable down to the kernel level; the only way to mitigate that is to either disable java plugin in your browser(s) or remove it entirely or use an operating system resistant to such exploits.

[polonus]

Users should watch out for rogue chrome updates provided by malware sites as normal chrome browser updates are performed automatically without any user interaction. See: https://www.virustotal.com/file/19d087ddaadf8fc3d5b8a422dc303e6ea6cdac2a55b4b14e9f28aec9c8902439/analysis/

polonus