1 / 15

GNEWS, PREVIOUSLY

GNEWS, PREVIOUSLY. Patch Tuesday. Aug - 6 Patches – 3 Critical - 33 CVEs MS15-106 - Cumulative Security Update for Internet Explorer MS15-107 - Cumulative Security Update for Microsoft Edge MS15-108 - JScript and VBScript, Remote Code

vfrancis
Download Presentation

GNEWS, PREVIOUSLY

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. GNEWS, PREVIOUSLY

  2. Patch Tuesday • Aug - 6 Patches – 3 Critical - 33 CVEs • MS15-106 - Cumulative Security Update for Internet Explorer • MS15-107 - Cumulative Security Update for Microsoft Edge • MS15-108 - JScript and VBScript, Remote Code • MS15-109 - Windows Shell, Remote Code • MS15-110 - Microsoft Office, Remote Code • MS15-111 - Windows Kernel, Privilege Escalation

  3. Holes / Patches • Cisco • SSH Bypass ( 1 CVE) • AnyConnect Bypass ( 1 CVE) • VMWare • VMSA-2015-0006.1 vCenter LDAP Validation ( 1 CVE) • VMSA-2015-0007.1 vCenterESXi ( 3 CVE) • Oracle • Due on 20 Oct • Adobe • APSB15-23 Flash Player ( 23 CVE) • APSB15-24 Acrobat and Reader (56 CVE) • APSB15-25 Flash Player ( 13 CVE) • Apple • iOS 9 ( 104 CVE) • xCode 7.0 ( 10 CVE) • iTunes 12.3 ( 67 CVE) • OSX Server 5.0.3 ( 20 CVE) • WatchOS 2 ( 39 CVE) • iOS 9.0.2 ( 1 CVE) • Safari 9 ( 46 CVE) • OS X El Captain 10.11 ( 99 CVE)

  4. MS CTL checking expiration • MS responds to privacy in 10 • MS in advertently publishes test patch • iOS xCodeGhost • iOS / OSX airdrop bug • iOS siriscreenlock bypass • iOS yispecter • Cisco Synful Knock

  5. Hacking • OnionView • cisco firmware moding • corebot now with banking • Android emergency lockscreen bypass (patched) • Schneider Struxure Ware Building Expert clear text creds issue (patched) • real anonymous surveys • dlink code signing keys • Drone Balloon • benign-ware router patching • wifi printer woes

  6. Android Pay is here • MIT launched on-line security course • Cyanogen drinks the kewlaide • .onion domain is official • EFF open call to engineers • intel funds auto review board • Are you ready for winux • SnapChat now with facial recognition • Google to disable ssl3 rc4 • Symantec issues rouge google ev cert Corp

  7. IPv4 officially depleted • Verisign launches open dns service • Excellus blue cross hacked • Scotttrade breach • Dow Jones popped • Palo Alto buys CirroSecure • Splunk buys Caspide user behaviour analytics • Flexera Software buys Secunia • Logmein buys lastpass • Dell buys EMC Corp

  8. DHS, no tor in libraries • FBI gets on the IoT bandwagon • FBI says you cannot hide • #IStandWithAhmed • FBI unifies fingerprint databases • NSL revocation • 2016 Intelligence Authorization Bill • Social media clause • VA lets university hack cop cars • Europe says no safe harbor for you • Europe to strictify rules • CALECPA Govt

  9. DarkNet Report http://www.batblue.com/bat-blue-special-report-the-darknet-download/ http://www.batblue.com/wp-content/uploads/2015/09/BatBlue-Darknet1.pdf http://www.batblue.com/wp-content/uploads/2014/09/download.jpg MTCP Security https://www.sans.org/reading-room/whitepapers/detection/practical-approaches-mtcp-security-36287 Papers

  10. So you want to CTF!? http://resources.infosecinstitute.com/tools-of-trade-and-resources-to-prepare-in-a-hacker-ctf-competition-or-challenge/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+infosecResources+%28InfoSec+Resources%29 Burpe videos - https://vimeo.com/album/3510171/sort:preset/format:detail Yahoo drops gryffin https://github.com/yahoo/gryffin qark https://n0where.net/quick-android-review-kit-qark/ - Tools

  11. Cons Past • DerbyCon 23-27 Sep MS Mem Protection Bypass Internet Enabled Medical Devices Infecting Auto Diagnostic Tools CTF Stats • GRR Con 9-10 Oct

  12. Cons Future • TooCon 21 – 25 Oct • Root-66 3 Nov • B-Sides DFW 7 Nov • CCC 27 – 30 Dec

  13. DHA ( 1st Wednesday / Family Karaoke, dallas) TX2600 ( 1st Fri / Wild Turkey 35&WalnutHill, dallas ) (1st Fri / 1418 Coffeehouse, plano) The Lab.MS ( 2ndMonday + random events / TheLab.ms, plano) Crypto Party ( 3rd Thursday / Improving Enterprises, addison) NAISG Oct is Last Meet ( 4th Thursday / CrossPointe Theatre, carrollton ) Dallas MakerSpace ( Random events / carrollton) LockPick DFW ( we want to think it exists ) Local

  14. All images scavenged without permission All images scavenged without permission

More Related