During a week of such tragedy, it’s hard to give much thought to network and information security (InfoSec). Yet, we must stay vigilant, lest abhorrent cyber criminals leverage such tragedies against us in social networking campaigns.

Java is a programming language (first implemented by Sun Microsystems) used most often to enhance web pages. Oracle’s Sun Java Runtime Environment (JRE) is one of the most popular Java interpreters currently used.

If you’re still using Java, you need to patch it yet again—even if you’re using a Mac. Over the last few days both Facebook and Apple have reported network breaches. In both cases, employees at those companies visited a particular web site that was infected with a zero day Java exploit, which then infected the victims with malware.

Java is a programming language (first implemented by Sun Microsystems) used most often to enhance web pages. Today, many operating systems (OS) implement a Java interpreter to recognize and process Java code from websites and other sources, although some operating systems are beginning to depreciate their Java support for security reasons. Oracle’s Sun Java Runtime Environment (JRE) is one of the most popular Java interpreters currently used.

This week’s security video summary comes a tad late due to my travel schedule this week. It covers updates on the two latest zero day exploits, Oracle’s critical patch update, and stories about a mobile phone botnet and US power plant breach. Click play below to watch the short episode, or check out the References for more details.

Java is a programming language (first implemented by Sun Microsystems) used most often to enhance web pages. Most operating systems today implement a Java interpreter to recognize and process Java code from websites and other sources. Oracle’s Sun Java Runtime Environment (JRE) is one of the most popular Java interpreters currently used.

Ready for a weekly dose of InfoSec? This episode has a strong “patch” theme, with many vendors releasing some big security updates this week. Besides the patches, I also cover a few new 0day exploits, including a serious Java one getting leveraged quite a bit in the wild, and a couple crazy sounding security-related news items. If you want all the details, click play below, or check out the Reference section.

I guess that means my decision to prepare my weekly security news video rather than my apocalyptical fallout shelter wasn’t a tragic mistake. If you are in the mood for some information security (infosec) news on the last Mayan calendar day of the, well, er…ever…then you’ve come to the right place.

This week, Oracle released their quarterly Critical Patch Update (CPU) for October 2012, as well as a separate Java SE security patch. Apple also released OS X Java updates, in relation to Oracle’s Java patch. I describe all these updates below.

Last week, I posted an alert about some highly critical flaws in Oracle Java; especially one in particular (CVE-2012-4681), which attackers have aggressively exploited in the wild. If an attacker can lure you to a web page or link containing malicious Java content, he can exploit these flaws to execute code on your computer, potentially gaining complete control of it. Oracle released an out-of-cycle update last week to fix this vulnerability, and two others.