100 likes | 191 Views
PREVIOUS GNEWS. Patch Tuesday. Jan 4 Patches – 0 Critical – 6 CVEs 9 Patches – 4 Critical – 31+ CVEs MS14-005 - Microsoft XML Core Services, Info Disclosure MS14-006 - IPv6 Could Allow, DoS MS14-007 - Direct2D, Remote Code
E N D
Patch Tuesday • Jan 4 Patches – 0 Critical – 6 CVEs • 9Patches – 4 Critical – 31+ CVEs • MS14-005 - Microsoft XML Core Services, Info Disclosure • MS14-006 - IPv6 Could Allow, DoS • MS14-007 - Direct2D, Remote Code • MS14-008 - Microsoft Forefront Protection for Exchange, Remote Code • MS14-009 - .NET Framework, Privilege Escalation • MS14-010 - Cumulative Security Update for Internet Explorer • MS14-011 - VBScript Scripting Engine, Remote Code • Other updates, MSRT, Defender Definitions, Junk Mail Filter
Holes / Patches • Oracle, • Jan - 144 fixes • Adobe • APSB14-04 – Flash Player • APSB14-06 – Shockwave Player • Apple, • iTunes 11.1.5 • Pages 5.1 and 2.1 • Boot Camp 5.1 • Cisco • Secure Access Control System, Multiple Vulns • Unified Communications Manager, Multiple Vulns / SQL Injects • NX-OS, Multiple Vulns • TelePresense, Multiple Vulns • MediaSense. Multiple Vulns
Random • POS Malware?? • Something about ATMs • Windows XP end of support (oh you didn’t know?!) MSRT supported for one year • Windows 8 on usb – “enterprise license and certified device required” • Windows 9 “threshold” rumors hitting the streets • Japenese Nuke Reactor, now with malware • Starbuck iPhone app stores creds in plaintext • OpenBSD gets bitcoin donation, keeps lights on • ThrustVPS gets owned, sends spam • VPN bypass in JellyBean and KitKat • Mask
Corp • Vmware buys AirWatch • AMD 8 core ARM • Lenovo buys Motorola Mobility • EU to back door cars by 2020 • CCC sues German Govt • Tumblr drops transparency report
Papers Detect Malware Phone Home https://www.sans.org/reading-room/whitepapers/detection/approach-detect-malware-call-home-activities-34480 Google + Integration Opt-Out https://www.eff.org/deeplinks/2014/01/how-opt-out-gmails-google-plus-integration NIST Cyber Security Framework http://www.nist.gov/cyberframework/upload/cybersecurity-framework-021214.pdf
Tools Discuss
Cons • CanSecWest – Mar • B-Sides Austin – Mar • Source Boston - Apr • InfoSec SouthWest – Apr • ThotCon – Apr • Hope X - Jul • Defcon – Aug • ToorCon - Oct • B-Sides DFW – Nov • CCC - Dec
Local DC214 TX2600 NAISG DHA Crypto Party LockPick DFW The Lab.MS Dallas MakerSpace ISSA North Texas ISSA Cowtown
All images scavenged without permission All images scavenged without permission