Following the recent debacle of the critical Java 0-day that was being actively exploited in the wild, in an attempt to minimize its users' attack surface Mozilla has enabled "Click To Play" for recent versions of Java on all platforms, ensuring that the Java plugin will not load unless a user specifically clicks to enable the plugin.
Kaspersky Lab released its annual Kaspersky Security Bulletin, which provides the overall malware and cyber-threat statistics for 2012.
Microsoft has delivered on its promise and has issued a security update for Internet Explorer to address the zero-day memory-corruption vulnerability in versions 9 and earlier that is currently being exploited in attacks.
Users who have downloaded and are using the "Release To Manufacturing" version of Windows 8 or the 90-day trial version of Windows 8 Enterprise should be aware that the Adobe Flash Player version integrated in Internet Explorer 10 hasn't been automatically updated by Microsoft and makes them vulnerable to code execution attacks due to four separate security flaws.
Malware peddlers are taking advantage of the fact that Adobe has pulled its Flash Player app from Google Play and decided to concentrate on PC browsing and mobile apps bundled with Adobe AIR, and have begun offering Android malware disguised as the aforementioned legitimate software.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.