Michael Mimoso

Adobe will release a round of patches on Tuesday for its Reader and Acrobat products, and also has issued a separate advisory that it is working on a update for a vulnerability in ColdFusion that the company said is currently being exploited.

The scope of watering hole attacks utilizing a previously unreported vulnerability in Internet Explorer has widened to as many as four new sites, all of them with politically charged leanings.

Microsoft plans to release a pair of critical bulletins on Tuesday for its first round of 2013 monthly security updates, but still has no announcement regarding a patch for the zero day vulnerability and exploit in Internet Explorer reported over the Christmas holiday.

This week’s watering hole attack exploiting a zero-day vulnerability in Internet Explorer was not limited to the influential Council on Foreign Relations site. A Metasploit contributor said an energy manufacturer’s website has been serving malware related to the attack since September.

UPDATE – Microsoft responded this weekend with temporary mitigations and workarounds for a zero-day vulnerability in Internet Explorer exploited in an attack on the Council on Foreign Relations website.

The mystery wrapped inside a riddle that is the Gauss malware’s encryption scheme may be closer to falling. Late last week, researcher Jens Steube, known as Atom, put the wraps on a tool that should bring experts closer to breaking open the encryption surrounding the espionage malware’s payload.

UPDATE – Another high profile watering hole attack has been discovered, this one targeting visitors to the Council on Foreign Relations website.