1 / 11

PREVIOUS GNEWS

PREVIOUS GNEWS. Patch Tuesday. 7 Patches – 2 Critical – 11 CVEs Affected – SCOM, Print Spooler, XML, .NET, Other updates, MSRT, Defender Definitions, Junk Mail Filter. MS13-001 - Windows Print Spooler Components, Remote Code Execution

brac
Download Presentation

PREVIOUS GNEWS

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. PREVIOUS GNEWS

  2. Patch Tuesday • 7 Patches – 2 Critical – 11 CVEs • Affected – SCOM, Print Spooler, XML, .NET, • Other updates, MSRT, Defender Definitions, Junk Mail Filter • MS13-001 - Windows Print Spooler Components, Remote Code Execution • MS13-002 - Microsoft XML Core Services, Remote Code Execution • MS13-003 - System Center Operations Manager, Elevation of Privilege • MS13-004 -.NET Framework, Elevation of Privilege • MS13-005 - Windows Kernel-Mode Driver, Elevation of Privilege • MS13-006 - Microsoft Windows, Security Feature Bypass • MS13-007 - Open Data Protocol, Denial of Service

  3. Holes / Patches • Oracle, Due out 15 Jan • Adobe • APSA13-01 – ColdFusion  3 CVEs • APSB13-01 – Adobe Flash Player  1 CVEs • APSB13-02 – Adobe Reader and Acrobat  27 CVEs • Apple, • Nothing to see here • Cisco • Wireless LAN Controller  XSS, DoS • Unified IP Phones Local Kernel System Call Input Validation • Java • 7-10 introduces new security controls

  4. Holes / Hacking • Mysql – multiple zero day (remote root, BO, priv escalation) • CVE-2012-5611, CVE-2012-5612, CVE-2012-5613, CVE-2012-5614, and CVE-2012-5615 • wii U network – secret debug menu in japenses (mod passwords,/ view forum posts / etc) • MS congratulated hacker for JailBreak • “Microsoft issued a statement saying that it does not consider the results of the jailbreak to be part of a security vulnerability,”…..” Microsoft also said it applauded clockr for his “ingenuity” to document these security gaps.” • Yahoo mail XSS • Yahoo finally adds “always use HTTPS” function to mail options • ruby on rails • CVE-2013-0156 Auth bypass

  5. Holes / Hacking • FB hacker cup registration open • GPS • $2500 in gear could bring down 30% of CORS with 45 second message • 25 GPU cluster • pirate bay uk proxy shuts down • New proxies rush to fill gap • skype silence tunnel • Like Kaminsky DNS only quieter • Hacker hides in Cat Collar • Concealed malware storage ala MIB

  6. Corp • freebsd servers breached • no evidence of modifications • google to scan and block silent chrome extensions, no auto-install • ubuntu for smartphones • Google to disband 3LM?? • Dell to buy credent. • bluecoat to buy crossbeam • apple stumbles in patent foo • Quantum Spin Liquid (QSL), new communications in the future? • Google removed 50 mil links • Stallman "apple is your enemy" • FB actually protects data for once

  7. Legal • google fined for ignoring safari privacy • Singapore updates computer law • digital search and 4th amendment • FTK KFF (known file filter) feature pulling data not related to the warrent • Mckinson not charged in britian • TX teen fights and loses battle against rfid enabled school badge

  8. Papers • SANS Reading Room • anonymous browsing • PDF obsfucation • exploiting embeeded devices • analyzing pcaps • using bro ids • Dutch disclousre guide • http://news.hitb.org/content/dutch-government-publishes-security-flaw-disclosure-guide • Forensics in win8 • http://resources.infosecinstitute.com/forensic-analysis-windows-8/ • Malware Analysis in Windows CLI • http://resources.infosecinstitute.com/command-line-for-windows-malware-analysis-forensics-part-i/ • nmap NSE • http://resources.infosecinstitute.com/nmap-scripting-engine-categories

  9. Papers • Gggooglescan – autmated google scraper • PCI risk assessment guidancehttps://www.pcisecuritystandards.org/documents/PCI_DSS_Risk_Assmt_Guidelines_v1.pdf • NIST final crpyto draft SP 800-38F • NIST secure cloud for comments Draft IR 7904 • SNORT mirror traffic on home routers • https://s3.amazonaws.com/snort-org/www/assets/217/Mirror_Traffic_With_Home_Router.pdf • SNORT DAQs • https://www.sans.org/reading_room/whitepapers/detection/analysis-snort-data-acquisition-modules_34027 • FCC smart phone security checklist • http://news.hitb.org/content/fcc-unveils-smartphone-security-checklist

  10. tools • Hashcat • elcomsoft pgp / trucrypt cracker • Yara – rule based malware detection • Cuckoo update 0.5 • NIST software reference library • http://www.nsrl.nist.gov/ • http://soldierx.com/

  11. CON Events zero nights in russia http://2012.zeronights.org/ CCC https://isc.sans.edu/diary.html?storyid=14803&rss ccc - dementia anti-forensics http://events.ccc.de/congress/2012/Fahrplan/events/5301.en.html general CCC https://www.securelist.com/en/blog/208194065/29c3_Hamburg_DE forensics challange https://www.honeynet.org/challenges/2012_13_message_picture

More Related