1 / 14

Patch Tuesday - Critical Patches and Vulnerabilities Oct-8

This article discusses the latest Patch Tuesday releases, including 1 critical patch and 8 CVEs, covering various Windows components and services. It also highlights vulnerabilities in Cisco, VMware, Oracle, Adobe, Apple, and other platforms.

jannad
Download Presentation

Patch Tuesday - Critical Patches and Vulnerabilities Oct-8

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. PREVIOUS GNEWS

  2. Patch Tuesday • Oct - 8 Patches – 1 Critical - 8 CVEs • MS15-001 - Windows Application Compatibility Cache, Privilege Escalation • MS15-002 - Windows Telnet Service, Remote Code • MS15-003 - Windows User Profile Service, Privilege Escalation • MS15-004 - Windows Components, Privilege Escalation • MS15-005 - Network Location Awareness Service, Security Bypass • MS15-006 - Windows Error Reporting, Security Bypass • MS15-007 - Network Policy Server RADIUS Implementation, DoS • MS15-008 - Windows Kernel-Mode Driver, Privilege Escalation • Other updates, MSRT, Defender Definitions, Junk Mail Filter

  3. Holes / Patches • Cisco • ISB8320-E High-Definition IP-Only DVR, Remote Auth • Mearki, multi vuln • ASA – syslog leak • Jabber Guest Server – multi vuln • VMWare • VMSA-2014-0014 - AirWatch • Oracle • Due out 20 Jan 2015 • Adobe • APSB15-01 – Flash Player • Apple, • iOS 8.1.2 • Safari 8.0.2 • Xcode 6.2 beta 3 • OS X NTP

  4. Hacking • VPN bypass for NetFlix Regions • NetFlix Denies proxy crack down • UEFI, ByPass Secure Boot and more • Google Drops 8.1/Word 0-day • MS drops call for better disclosure • Google shreds Aviator broswer • White Hat Security responds • “Advising users to not use Aviator misses the bigger picture.” • Google to stop patching Webview • Use alternate browser or full ROM • UDP Braodcast = Root Execution on Asus Routers • Multiple 0-days for Corel titles • Schneider patches Wonderware SCADA server

  5. Hacking • 8 patches for OpenSSL • 2,4Ghz Wireless Keyboard Sniffer • New ATM hack “black-box” • Requirs physical access • New variant of CryptoWall • SilkRoad Reloaded • It’s not just for Tor anymore • Skeletonkey - ByPass AD • Inception Framework • RAM only, polymorphic • RedStar OS • PenToo RC3.7

  6. Corp • BitStamp Off-line Post breach • Box Inc IPO • Cyber is Physical – German steel mill damaged • XBox One SDK Leaked • mini board roundup • 86Duino • A10-OLinuXino-Lime • Arduino TRE • Banana Pi • BPi D1 • HummingBoard-i1 • Odroid-C1 • Orange P • pcDuino3 Nano

  7. Govt • New DoJ ‘Cyber Security Unit’ • Feds Hate Security, esp. encryption • North Korean Sanctions • CentCom twitter hacked • New Jersey requires insurance providers to encrypt • G Chill • UK Draft Communications Data Bill “Snoopers Charter” • National Standard for Breach Notifications? • EFF and Krebs have good comments against proposal • All the Patriots Are Dead • or how some pieces of the patriot act expire in 2015 • NK ‘Glorious Leader’ game developer hacked

  8. data collection via twitter http://resources.infosecinstitute.com/intelligence-information-gathering-collecting-twitter-followers-25-lines-python AIX for Pentesters https://www.sans.org/reading-room/whitepapers/unix/aix-penetration-testers-35672 McCain's security bill https://www.congress.gov/bill/112th-congress/senate-bill/3342 Global Chilling http://pen.org/global-chill Hacking Point of Sale - SlavaGomzine http://www.amazon.co.uk/Hacking-Point-Sale-Application-Solutions/dp/1118810112 MS14-068 to Full Compromise – Step by Step https://www.trustedsec.com/december-2014/ms14-068-full-compromise-step-step/ Improve mac scanning for ssh http://www.securityorb.com/delayed-slow-ssh-connection-mac-os-x-systems-fix Papers

  9. project artillery Threat Intell Apple brute forcer Openwall 3.1 wifiwhisperer Automate phishing powersploit script collection GitRob automated git search EFF Mobil App News feed (not on iPhone) Tools

  10. Cons Past • CCC – Copy finger prints from a photo • CCC – Mac BootKit • Encryption • Tor • Privacy / Rights • Automobiles • But wait there’s more….. • CCC – 2014 Videos http://media.ccc.de/browse/congress/2014/ • CCC – PodCast chaosradio.ccc.de

  11. Cons Future • Shmoo 16-18 Jan • Dallas Tech-Security Conference 22 Jan • Darknet and the primordial soup of Cyber Crime 12 Feb • B-Sides Austin 12 – 13 Mar • CanSecWest 18 - 20 Mar • InfoSec Southwest 10 – 12 Apr • B-Sides Nashville 11 Apr • B-Sides San Antonio ? May • ThotCon 0x6 14 – 15 May • PenTest Austin (SANS) 18 – 23 May • DefCon 23 6 – 9 Aug

  12. DHA ( 1st Wednesday / looking for new spot, plano) TX2600 ( 1st Fri / Wild Turkey 35&WalnutHill, dallas ) (1st Fri / 1418 Coffeehouse, plano) The Lab.MS ( 2nd Monday / varies, plano) Crypto Party ( 3rd Thursday / Improving Enterprises, addison) NAISG ( 4th Thursday / CrossPointe Theatre, carrollton ) LockPick DFW ( Last Monday / looking for new spot, dallas ) Dallas MakerSpace Random / carrollton Local

  13. All images scavenged without permission All images scavenged without permission

More Related