1 / 15

Cybersecurity Update: April Patch Release and Major Security Alerts

Get the latest on April's patch release, critical vulnerabilities, MSRT and Defender updates. Stay informed on major security alerts from Cisco, VMWare, Oracle, Adobe, Apple, and more.

cdrury
Download Presentation

Cybersecurity Update: April Patch Release and Major Security Alerts

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. PREVIOUS GNEWS

  2. Patch Tuesday • Apr - xx Patches – xx Critical - xx CVEs • Other updates, MSRT, Defender Definitions, Junk Mail Filter

  3. Holes / Patches • Cisco • Semi-Annual IOS Security Advisory (13 CVE) • AnyConnect Mobility Client – Multi • Unity Connection SIP Trunk - Multi • VMWare • VMSA-2015-003 – JRE in Multiple Products (1+ CVE) • Oracle • Next Week • Adobe • APSB15-05 Flash Player (11 CVE) • Apple, • Safari 8.04 / 7.1.4 / 6.2.4 (17 CVE) • Security Update 2015-003 (2 CVE) • MS • MS15-025 causing infinite loop • Security Advisory 3033929

  4. Hacking • badder usb • Android Mem Leak • Android install hijack • iOS Pin Abuse • Instagram API bug • tinder, it'll make you curious • NTLM Reflection • oh wait, sounds almost like full disclosure..... • how creative of google, wish we had thought of that... • new method for debugging overflow • Slack breach • British airways FF hacked • GnuTLS libtasn1 Tiny ASN.1 library • low low power arm chips • no more kinect sensors • Google vp9 codec

  5. Hacking • Evolution market vanishes • PoSeidon • Twitch breached, password reset

  6. Ditch the card, SmartPhone ATMs • Yahoo encryption • win10 p2p patching??? • FB Tranparency Report • Snapshat joins transparency fun • UBER "illegal" in the RoK • Pinterest now paying for bounties • android on-body detection • Apple buys FoundationDB • Is data part of the RadioShack sell? • Raketu server-less secure messaging • Google Safe Browsing API expanding detection • onlive sells patents to sony • DMCA killed the mechanic • my other car is a uav CORP

  7. Govt • UK Bulk != surveillance • Bulk Phone snarf tied to Section 215 epiration • Fake FB acct used in Mall of Americas Sting • FTC launches Office of Technology Research and Investigation (OTRI) • Cyber Cyber Cyber, CTIIC the newest cyber agency • feds still pining and hammering for encryption bypass • how to spot a terrorist (or an undocumented immigrant) • Cybersecurity Information Sharing Act (CISA) • Protecting Cyber Networks Act (PCNA) • Data Security and Breach Notification Act of 2015 • F35 can‘t fly in formation and target (oops) • GunShot snooper hears all • NSA shooting • feds love the dark reddits • silk road feds dirty? • verizon UIDH cookie opt-out • 3d weapon printing

  8. Govt • executive order – sanctions for (foreign) cyber-enabled activity

  9. Evil WhiteLists https://www.sans.org/reading-room/whitepapers/Whitelists/finding-evil-whitelist-35832 Sysmon https://www.sans.org/reading-room/whitepapers/forensics/sysmon-enrich-security-onion-039-s-host-level-capabilities-35837 Forward Secrecy https://www.sans.org/reading-room/whitepapers/bestprac/correctly-implementing-secrecy-35842 PCI Tokenization Guidance https://www.pcisecuritystandards.org/pdfs/15_04_02%20PCI%20Tokenization%20Product%20Security%20Guidelines_Final%20Press%20Release.pdf PCI Pen-Testing Guidance https://www.pcisecuritystandards.org/pdfs/15_3_26_Pen_Testing_SIG_Press_Release_FINAL.pdf https://www.pcisecuritystandards.org/documents/Penetration_Testing_Guidance_March_2015.pdf HealthCare IoT http://www.atlanticcouncil.org/images/publications/ACUS_Intel_MedicalDevices.pdf phase 2 of trucrypt audit https://opencryptoaudit.org/reports/TrueCrypt_Phase_II_NCC_OCAP_final.pdf Papers

  10. Apple Research Kit medical research data sharing FB Pay via debit card and fb messenger ITaughtTaylorSwiftHowToGiveHead.com WTF!?

  11. IRMA (+paper) file analysis Mozilla Masche memory forensics Popcorn-Time.se torrent streaming PS BOFH powershell excuse generator Trend Micro Attack Game user awareness www.privacytools.io EvilAP_Defender offensive wifi protection El Jefe (+paper) process monitor Tools

  12. Cons Past • CanSec West - Apple DyLibs (dll hijacking) • CanSec West - Bios Hacks • CanSec West - Pwn2Own • BSides LV - CFP Open • DefCon 23 Wall of Sheep - CFP Open • BlackHat Asia - CANtact (car hacking dongle) • BlackHat Asia - SSL BarMitzvah (RC4) • Syscan - BlueCoat gets talk pulled

  13. Cons Future • InfoSec Southwest 10 – 12 Apr • B-Sides Nashville 11 Apr • InnoTech Dallas 16 Apr • B-Sides OK 18 Apr • B-Sides San Antonio 2 May • ThotCon 0x6 14 – 15 May • PenTest Austin (SANS) 18 – 23 May • DefCon 23 6 – 9 Aug

  14. DHA ( 1st Wednesday / Tavern on Main, richardson) TX2600 ( 1st Fri / Wild Turkey 35&WalnutHill, dallas ) (1st Fri / 1418 Coffeehouse, plano) The Lab.MS ( 2nd Monday / varies, plano) Crypto Party ( 3rd Thursday / Improving Enterprises, addison) NAISG ( 4th Thursday / CrossPointe Theatre, carrollton ) LockPick DFW ( Last Monday / looking for new spot, dallas ) Dallas MakerSpace Random / carrollton Local

  15. All images scavenged without permission All images scavenged without permission

More Related