1 / 14

GNEWS PREVIOUS

GNEWS PREVIOUS. Patch Tuesday. Apr - 8 Patches – 2 Critical - 45 CVEs MS15-056 - Cumulative Security Update for IE, Remote Code MS15-057 - Windows Media Player, Remote Code MS15-059 - Office, Remote Code MS15-060 - Common Controls, Remote Code

katinal
Download Presentation

GNEWS PREVIOUS

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. GNEWS PREVIOUS

  2. Patch Tuesday • Apr - 8Patches – 2 Critical - 45 CVEs • MS15-056 - Cumulative Security Update for IE, Remote Code • MS15-057 - Windows Media Player, Remote Code • MS15-059 -Office, Remote Code • MS15-060 -Common Controls, Remote Code • MS15-061 -Kernel-Mode Drivers, Privilege Escalation • MS15-062 -ADFS, Privilege Escalation • MS15-063 -Windows Kernel, Privilege Escalation • MS15-064 -Exchange, Privilege Escalation • Other updates, MSRT, Defender Definitions, Junk Mail Filter

  3. MS15-011 GPO still vulnerable? • Just when you thought you could trust MS • Embedded C&C address on TechNet • MS adds search protection to malware attributes • Windows 10 and Edge features • MemGC (Memory Garbage Collection), use-after-free defense • CFG (Control Flow Guard), jump governer • EPM (Enhanced Protected Mode) – app container sandbox • "Thus Microsoft Edge provides no support for VML, VB Script, Toolbars, BHOs, or ActiveX." --- points to html5 • win10 sec features • App Store vetting • ‘Windows Hello’, biometric auth • ‘Device Guard’, non signed application blocking • Passport, two-factor-ish?? • PFS comes to Windows via Update 3042058 • SSH comes to Powershell Mo’ Micro’

  4. Holes / Patches • Cisco • TelePresence • FireSSIGHT • VMWare • VMSA-2015-0004 Fusion and Horizon View (7 CVE) • VirtualBox Patch for Venom • Oracle • 14 Jul • Adobe • APSB15-11 Flash Player (13 CVE) • Apple • The Good • Watch OS 1.01 (13 CVE) • The Bad • Apple Watch, 1 second window • iPhone string DoS • apple suspend resume flaw • Pidgin, multiple vulns

  5. Hacking • Google App Engine • Android address bar spoof • Android reset exposes data • Plane hacks not only in lab • CSFR in wind turbines • Mass car lock disruption • IM-ME hacks all the garages • trojanized putty in wild • Logjam - another sslvuln • GiftCard race conditions and eternal hate toward notification • NetUSB on soho routers vuln • sohocsrf via dns • dlink storage • Linux.Moose • mumblehard - linux/freebsd • NitlovePOS via spam campaigns • ransomware auth, drops keys • tox SaaS ransomware • stegpsploit • keybase • Drug pump update, can change dosage

  6. Penn State disconnects after china attack • AFF Hacked • Politicians called out • IRS breach • FF Smart TV • Uber, plaintext passwd via email • NYXBT - bitcoin index • Dynamic CVV?? • Hyundai offers android in car • Threat intel and the lie of sharing • PaloAlto buys CirroCecure • Hot Topic buys Thinkgeek • Nokia to buy Alcatel/Lucent • Google attempts to address excessive app permissions • Intel joins FIDO alliance • FB PGP • FB forces sha2 after oct 1 • Ikea to sell "hacking kits" • Tesla bug bounty Corp

  7. Govt • Security as munitions redux - Wassenaar Agreement, bad mod to CFAA • "Specifically, the BIS proposal seeks to regulate and control the export of what it calls intrusion software..." • bye-bye bug bounties, hello wassenaar • Anti-SLAPP Bill • VA state launches car hacking project • CA County sheriff like the stingray • 215 not reauthorized • California bitcoin bill • OPM breach, 4 mil feds

  8. IEEE Medical Guidance https://threatpost.com/researchers-ieee-release-medical-device-security-guidelines/112885 Federal Regulations on Energy Grid http://www.securityorb.com/the-impact-of-federal-regulations-on-the-information-assurance-of-the-north-american-electrical-energy-grid/ http://www.securityorb.com/the-impact-of-federal-regulations-on-the-information-assurance-of-the-north-american-electrical-energy-grid-part-2-of-2/ no more passwd cracking https://www.meshekah.com/research/publications_files/tr_ersatz_passwords.pdf IC3 crime report http://www.fbi.gov/news/news_blog/2014-ic3-annual-report maturity model https://www.sans.org/reading-room/whitepapers/modeling/improving-detection-prevention-response-security-maturity-modeling-35985 ponemon breach cost study http://public.dhe.ibm.com/common/ssi/ecm/se/en/sew03053wwen/SEW03053WWEN.PDF Papers

  9. Subway dye sprayer http://www.wearealwayslistening.com/ Slow crime day? Soctland Yard frets xfiles WTF!?

  10. DataApp mobile data sniffer PTF pentesters framework openOCD 0.9.0 debugger Intercept launches firstlook.org open code repo AutoCanary PDF Redact Tools Tools

  11. Cons Past HITB Amsterdam PeopleSoft Information Warfare Summit (IWS) 7 Oct 2015 OKC shomecon ThotCon0x6 PenTest Austin (SANS)

  12. Cons Future • DefCon 23 6 – 9 Aug • SCADA Nexus 2-3 Sep • Hacker Halted 13 Sep • DerbyCon 23-27 Sep • IT Security one2one Summit 4-6 Oct • Root-66 3 Nov • B-Sides DFW TBD

  13. DHA ( 1st Wednesday / Tavern on Main, richardson) TX2600 ( 1st Fri / Wild Turkey 35&WalnutHill, dallas ) (1st Fri / 1418 Coffeehouse, plano) The Lab.MS ( 2nd Monday / varies, plano) Crypto Party ( 3rd Thursday / Improving Enterprises, addison) NAISG ( 4th Thursday / CrossPointe Theatre, carrollton ) LockPick DFW ( Last Monday / looking for new spot, dallas ) Dallas MakerSpace Random / carrollton Local

  14. All images scavenged without permission All images scavenged without permission

More Related