1 / 8

PREVIOUS GNEWS

PREVIOUS GNEWS. Patch Tuesday. 8 Patches – 3 Critical – 19+ CVEs Affected – GDI, Hyper-V, Outlook, Office, IE, Activex , and more MS13-088 - Cumulative Security Update for IE MS13-089 - Windows Graphics Device, Remote Code

jheilman
Download Presentation

PREVIOUS GNEWS

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. PREVIOUS GNEWS

  2. Patch Tuesday • 8 Patches – 3 Critical – 19+ CVEs • Affected – GDI, Hyper-V, Outlook, Office, IE, Activex, and more • MS13-088 - Cumulative Security Update for IE • MS13-089 - Windows Graphics Device, Remote Code • MS13-090 - Cumulative Security Update of ActiveX Kill Bits • MS13-091 - Microsoft Office, Remote Code • MS13-092 - Hyper-V, Privilege Elevation • MS13-093 - Windows Ancillary Function Driver, Info Disclosure • MS13-094 - Microsoft Outlook, Info Disclosure • MS13-095 - Digital Signatures, DoS • Windows 8.1 • Other updates, MSRT, Defender Definitions, Junk Mail Filter

  3. Holes / Patches • Oracle, • 127 total patches • 51 patches for Java • Adobe • APSB13-26 – Adobe Flash Player • APSB13-27 – ColdFusion • Apple, • OS X Server v 3.0 • OS X Mavericks 10.9 • iTune v 11.1.2 • iOS v 7.0.3 • Safari 6.1 • Keynote 6.0 • Apple Remote Desktop 3.5.4 and 3.7 • Cisco • Identity Services Engine, Multiple Vulns • Unified Computing System, Multiple Vulns • ASA VPN, DoS • IOS XE, Multiple Vulns • CX, Safe Search Bypass • Adaptive Security Appliance, Multiple Vulns

  4. Hacking • D-Link Router Firmware backdoor • Agent string ‘xmlset_roodkcableoj28840ybtide.’ • Flash now sandboxed in Safari (Mac) • Silverlight targeted by exploit kits • Maritime tracking system hacked • 25 Electrical Power Station vulns found by 2 researchers • Piracy is a lie, http://piracydata.org/ • isohunt shuts down and pays mpaa  :( • FB just became myspace, again..... • Removed restrictions on minor accounts

  5. WTF • NYC Comic Con RFID and Social Media, auto tweet badges • Can NSA track burner phones? • What is in a name? hackers lose 4th ammendment rights

  6. Tools • brainpan - vulnos http://resources.infosecinstitute.com/brainpan/ Papers • Intro to OWASP Mutillidae https://www.sans.org/reading-room/whitepapers/application/introduction-owasp-mutillidae-ii-web-pen-test-training-environment-34380 • CSA guide v3 https://downloads.cloudsecurityalliance.org/initiatives/guidance/csaguide.v3.0.pdf

  7. CONS • HITB Malaysia • iCloud and iMessage broken • B-Sides DFW • Journaled FS Forensics • ROOT-66 • Anti-forensics

  8. All images scavenged without permission All images scavenged without permission

More Related