1 / 16

PREVIOUS

GNEWS. PREVIOUS. Patch Tuesday. Feb - 9 Patches – 3 Critical - 55 CVEs MS15-009 - Update for Internet Explorer MS15-010 - Windows Kernel-Mode Driver, Remote Code MS15-011 - Group Policy, Remote Code MS15-012 - Microsoft Office, Remote Code

bbeverly
Download Presentation

PREVIOUS

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. GNEWS PREVIOUS

  2. Patch Tuesday • Feb - 9 Patches – 3 Critical - 55 CVEs • MS15-009 - Update for Internet Explorer • MS15-010 - Windows Kernel-Mode Driver, Remote Code • MS15-011 - Group Policy, Remote Code • MS15-012 - Microsoft Office, Remote Code • MS15-013 - Microsoft Office, Security Bypass • MS15-014 - Group Policy, Security Bypass • MS15-015 - Microsoft Windows, Privilege Escalation • MS15-016 - Microsoft Graphics Component, Info Disclosure • MS15-017 - Virtual Machine Manager, Privilege Escalation • Other updates, MSRT, Defender Definitions, Junk Mail Filter

  3. Holes / Patches • Cisco • IOS Kernel Timer • Unified IP Phone 9900 multi-vuln • WebEx Meetings Server multi-vuln • AnyConnectxss • VMWare • VMSA-2015-001 – vSphere cert validation (1) • VMSA-2015-002 – ESXi, WorkStation, Player, Fusion (8, openssl) • VLC Player • XP Only, DEP violation / write access • Verizon MyFIOS app • Email account exposure • Oracle • 159 CVEs • 8 Virtual Box • 9 MySQL • 19 Java • Adobe • APSA15-02 – Flash Player (1) • APSA15-02 – Flash Player (1) • APSB15-03 – Flash Player (1) • APSB15-03 – Flash Player (2) • APSB15-04 – Flash Player (18) • Apple, • Apple TV 7.0.3 • iOS 8.1.3 • Safari 8.0.3, 7.1.3, 6.2.3 • OSX 10.10.2 • Security Update 2015-001

  4. Hacking • GE SCADA switches have hard coded SSL key • GmbH Harts multiple vulns • Schneider more patches • Schneider hardcoded passwds • Daktronics hardcoded passwds • Siemens Simatic PLC, patches • Gas Station Hacking • malware goes airborne • KL-Remote • AirPort Parking • Progressive SnapShot • McAfee ATD sandbox bypass • look ma, i rooted the microwave • router bricks • godaddy

  5. Hacking • istegsiri • lizardsquad dos stressor bugs • Mozilla meta referrer • tesla keyless start • Apple 0-days • fix for thunderbolt? • android wifi direct • GNU C Library • blackphone bug • adobe 0-day • outlook app launched and shot • BMW remote unlock • ie xss 0-day • Pirelli home routers vulnerable • angler exploit kit

  6. CORP • Verizon / Turn UIDH (perma cookie) • EFF Helpful App List • Cookie program to be disbanded • Google project zero drops two more bugs for MS • Blue Cross TN uses data without consent • Park N Fly (used at DFW) • plex streaming on PS3/4 • ThreatStream Optic and Maltego plugin • BitCoin comes to POS • Bitcoin now on wall street • windows 10 claims to be last upgrade ever • Ships • MasterCard, accepted everywhere, and now in cuba • WingStop GP hcaked • Facebook censorship

  7. Corp • MS backs cyanogen?? • cause what can go wrong with wireless? • reddit transparency report • Bye Bye RadioShack, thanks for all the signals • Anthem 80 million breach • GPG gets cash infusion • Cheezburger transparency report • turbo tax freezes state filing

  8. Govt • CFAA amendment • Rise Up https://help.riseup.net/en/about-us • Google and PWC to host .mil HIE • ENISA EU Threat Report • How does payment assistance really work? • brits label journalists as threats • barret brown - 63 months • cops don't like trackers • death of opt-in GPS?? • ToR 80% pedo • rebirth of bad SAVE Act • more on patriot expiration • Canarywatch.org • FCC Title ii • DARPA Memex

  9. Crypto Currrency block chain http://radar.oreilly.com/2015/01/understanding-the-blockchain.html more blockchain talk http://radar.oreilly.com/2015/01/the-3ps-of-the-blockchain-platforms-programs-and-protocols.html http://coincenter.org/2015/01/reporting-back-blockchain-workshops-mit-harvard/ Automated Defense - Using Threat Intelligence to Augment https://www.sans.org/reading-room/whitepapers/threats/automated-defense-threat-intelligence-augment-35692 State of The Union Transcript http://www.securityorb.com/transcript-president-barack-obamas-state-union-speech Regin analysis http://securelist.com/blog/research/68438/an-analysis-of-regins-hopscotch-and-legspin/ NSA best practices https://www.nsa.gov/ia/_files/factsheets/Defending_Against_Destructive_Malware.pdf NIST Crypto Guide http://www.healthcareinfosecurity.com/nist-revises-crypto-standards-guide-a-7831 http://csrc.nist.gov/publications/drafts/nistir-7977/nistir_7977_second_draft.pdf NIST Mobile Applications http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-163.pdf Papers

  10. Scada history? https://www.sans.org/reading-room/whitepapers/physical/abbreviated-history-automation-industrial-controls-system-cybersecurity-35697 Cisco 2015 security report http://www.cisco.com/web/offers/pdfs/cisco-asr-2015.pdf MS info sharing guidlines http://blogs.microsoft.com/cybertrust/2015/01/27/putting-information-sharing-into-context/ RSA Report http://www.emc.com/collateral/fraud-report/h13929-rsa-fraud-report-jan-2015.pdf?M=125EAA47-0C46-43EA-8607-9FACA6B1C627 Detecting coin miners https://www.sans.org/reading-room/whitepapers/threats/detecting-crypto-currency-mining-corporate-environments-35722 • The Integration of Information Security to FDA and GAMP 5 Validation Processes • https://www.sans.org/reading-room/whitepapers/policyissues/integration-information-security-fda-gamp-5-validation-processes-35732 • Ed Markey Senate report • http://www.markey.senate.gov/imo/media/doc/2015-02-06_MarkeyReport-Tracking_Hacking_CarSecurity%202.pdf Papers

  11. CASL "It is now illegal to install programs, such as malware, on someone's computer without consent." http://www.fightspam.gc.ca/eic/site/030.nsf/eng/home WTF!?

  12. Flink (hadoop like analysis engine) https://flink.apache.org/ PHP 5.6.5 http://php.net/ R shinydashboard http://rstudio.github.io/shinydashboard/ Hound (source code search) https://github.com/etsy/Hound GParted http://gparted.sourceforge.net/ Army Dshell (forensics) https://github.com/USArmyResearchLab/Dshell capstone 3.0.1 (disassembly) http://capstone-engine.org/Version-3.0.1.html NST 20-6535 / Kali 1.1.0 Tools

  13. Cons Past • Guide • http://securityintelligence.com/guide-to-2015-conferences-and-events-for-security-professionals • Hack In Paris 2015 CFP • Shmoo • cottonmouth-1 vs turnipschool (usb cable) • IE Heap protection bypass • Shmoo vidieos • https://archive.org/details/shmoocon-2015-videos-playlist • HITB • white-paper-using-intel-txt-attack-bioses • white-paper-extreme-privilege-escalation-windows-8uefi-systems

  14. Cons Future • B-Sides Austin 12 – 13 Mar • CanSecWest 18 - 20 Mar • InfoSec Southwest 10 – 12 Apr • B-Sides Nashville 11 Apr • B-Sides San Antonio ? May • ThotCon 0x6 14 – 15 May • PenTest Austin (SANS) 18 – 23 May • DefCon 23 6 – 9 Aug

  15. DHA ( 1st Wednesday / Tavern on Main, richardson) TX2600 ( 1st Fri / Wild Turkey 35&WalnutHill, dallas ) (1st Fri / 1418 Coffeehouse, plano) The Lab.MS ( 2nd Monday / varies, plano) Crypto Party ( 3rd Thursday / Improving Enterprises, addison) NAISG ( 4th Thursday / CrossPointe Theatre, carrollton ) LockPick DFW ( Last Monday / looking for new spot, dallas ) Dallas MakerSpace Random / carrollton Local

  16. All images scavenged without permission All images scavenged without permission

More Related