InfoSec News

Microsoft may have known about last week's Internet Explorer zero-day bug for some time, according to its own security advisory.
An emergency update closes a critical vulnerability that is already being exploited in the wild. Microsoft has also closed four security other holes

In July of this year Oracle sent a vulnerability notification to it's users for the Oracle Security Alert CVE-2012-3132. At the time of the publication of the security bulletin it was noted that this exploit was not remotely exploitable. The remote capabilities, or lack thereof, in this vulnerability was called into question, with a very interesting write up on the Kaspersky Labs Security News Service. Many organizations I have worked with would initially deem this a very low risk, due to the lack of remote capabilities, so it may be time for a reassessment of the risk.

I am not on the Oracle Security newsfeeds, so if anybody has a notification from Oracle that they are permitted to share, we would love to help get the word out.

tony d0t carothers - gmail (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Motorola Mobility, a division of Google, has created an ad that mocks the troubled Apple Maps application in iOS 6.
Internet Storm Center Infocon Status