2301

Note: Fix is available now: http://forum.avast.com/index.php?msg=876713

2302

Samsung to fix Exynos vulnerability in software update ‘as quickly as possible’
http://www.androidcentral.com/samsung-fix-exynos-vulnerability-software-update-soon-possible

2303

Trojan horse for Linux here: http://www.symantec.com/security_response/writeup.jsp?docid=2012-122012-3441-99&inid=us_sr_carousel

2304

AMD warns of security hole in its Catalyst Control Center
http://www.h-online.com/security/news/item/AMD-warns-of-security-hole-in-its-Catalyst-Control-Center-1773314.html

2305

Sudoku and malware with your coffee?
http://nakedsecurity.sophos.com/2012/12/19/sudoku-and-malware-with-your-coffee/

2306

nvidia-display-driver-service-attack-escalates-privileges-windows-machines-122712

https://threatpost.com/en_us/blogs/nvidia-display-driver-service-attack-escalates-privileges-windows-machines-122712

Suggest disabling the nvidia display driver service for domain-based machines in particular for the time being until nVidia issues a fix/update.

2307

Microsoft “Fix it” available for Internet Explorer 6, 7, and 8

http://blogs.technet.com/b/srd/

2308

SQL injection vulnerability hits all Ruby on Rails versions
http://www.h-online.com/open/news/item/SQL-injection-vulnerability-hits-all-Ruby-on-Rails-versions-1776203.html

2309

“Vulnerability in Internet Explorer Could Allow Remote Code Execution”

“Microsoft is aware of targeted attacks that attempt to exploit this vulnerability through Internet Explorer 8.”

http://technet.microsoft.com/en-us/security/advisory/2794220

Hey, I’m just a Linux user for the last few years, but maybe Windows users need to know about this stuff?

2310

Fatal error leads TURKTRUST to issue dangerous SSL certificates
http://www.h-online.com/security/news/item/Fatal-error-leads-TURKTRUST-to-issue-dangerous-SSL-certificates-1777291.html
http://technet.microsoft.com/en-us/security/advisory/2798897
http://googleonlinesecurity.blogspot.com/2013/01/enhancing-digital-certificate-security.html
https://blog.mozilla.org/security/2013/01/03/revoking-trust-in-two-turktrust-certficates/

2311

Microsoft Security Bulletin Advance Notification for January 2013
http://technet.microsoft.com/en-us/security/bulletin/ms13-jan

2312

Researchers Bypass Microsoft Fix It for IE Zero Day
http://threatpost.com/en_us/blogs/researchers-bypass-microsoft-fix-it-ie-zero-day-010413
http://blog.exodusintel.com/2013/01/04/bypassing-microsofts-internet-explorer-0day-fix-it-patch-for-cve-2012-4792/
http://forum.avast.com/index.php?msg=881171

2313

Conficker targets photography lovers
"The appliances in question, which “reads” film negatives
and reproduces the photos on a computer, have been found
to contain the Conficker.B variant."

2314

X-mas 2012 exploit hole found up for NVidia drivers through which malcreants could take full control of the machine. Patch your drivers here: http://www.geforce.com/

polonus

2315

Report: Samsung pushes fix for Exynos 4 flaw to Galaxy SIII
http://www.h-online.com/open/news/item/Report-Samsung-pushes-fix-for-Exynos-4-flaw-to-Galaxy-SIII-1778211.html

2316

Security Advisory for ColdFusion
http://www.adobe.com/support/security/advisories/apsa13-01.html

2317

New Java zero-day actively being abused. Users are advised to disable java inside the browser for now: http://labs.alienvault.com/labs/index.php/2013/new-year-new-java-zeroday/ link article poster = jaime.blasco

polonus

2318

Current Foxit Reader can execute malicious code
http://www.h-online.com/security/news/item/Current-Foxit-Reader-can-execute-malicious-code-1780636.html
http://secunia.com/advisories/51733/

2319

Critical vulnerability in Ruby on Rails parameter parsing
http://www.h-online.com/security/news/item/Critical-vulnerability-in-Ruby-on-Rails-parameter-parsing-1780073.html

Exploits for Ruby on Rails holes now in circulation
http://www.h-online.com/open/news/item/Exploits-for-Ruby-on-Rails-holes-now-in-circulation-1781158.html

2320

Protecting Users Against Java Vulnerability
https://blog.mozilla.org/security/2013/01/11/protecting-users-against-java-vulnerability/

Apple Blocks Java 7 Plug-in on OS X to Address Widespread Security Threat
http://www.macrumors.com/2013/01/11/apple-blocks-java-7-on-os-x-to-address-widespread-security-threat/