150 likes | 154 Vues
PREVIOUSLY. GNEWS. Patch Tuesday. Jan – 10 (9) Patches – 6 Critical – 24ish CVEs MS16-001 - Cumulative Security Update for IE, Remote Code MS16-002 - Cumulative Security Update for Edge, Remote Code
E N D
PREVIOUSLY GNEWS
Patch Tuesday • Jan – 10 (9) Patches – 6 Critical – 24ish CVEs • MS16-001 - Cumulative Security Update for IE, Remote Code • MS16-002 - Cumulative Security Update for Edge, Remote Code • MS16-003 - Cumulative Security Update for JScript and VBScript, Remote Code • MS16-004 - Microsoft Office, Remote Code • MS16-005 - Windows Kernel-Mode Drivers, Remote Code • MS16-006 - Silverlight, Remote Code, Remote Code • MS16-007 -Microsoft Windows, Remote Code • MS16-008 - Windows Kernel, Privilege Escalation • MS16-009 - ??, ?? • MS16-010 - Microsoft Exchange Server, Spoofing
Holes / Patches • VMWare • VMSA-2015-0009 ( 1 CVE) • deserialization • VMSA-2016-0001 ( 1 CVE) • guest privilege escalation • Jabber MITM • FireEye Bug • Juniper Bug • Win8, IE 8/9/10 – lose support • Adobe • Due on 19 Jan • Adobe • APSB16-01 Flash Player ( 19 CVE) • APSB16-02 Acrobat/Reader ( 17 CVE) • Apple • QuickTime 7.7.9 ( 9 CVE) • Security Update 2015-006 ( 56 CVE) • iTunes 12.3.2( 12 CVE) • MS • MS15-122 Radius issue • Can bypass Bitlocker when pre-boot is diabled. • PUP detection coming to SCEP/FEP
Hacking • port fail (vpn data leakage) • latentbot, super stealthy of the week • 13 mil mackeeper datas • Corolla controlled by cellphone • Unsecure Mongos • Dell pre-boot driver • Side Loading iOS apps • Comcast home security fail open • 3d print ceramics
The tweets warn on state-sponsorship • MS to join the nation state advisory band wagon • FB open-sources hardware design • SEC allows blookchain for stocks • Linux foundation corrals IBM, Intel, Chase and more with Openledger (blockchain) • Java slap • Target mobile app data leak • Landry’s breach • Hello Kitty breach 3.3 million • Hyatt breach Corp
TWC Hacked • Voter DB exposed • SpaceX makes a successful landing • MS acquires Metanautix • Toshiba to 86 TV, Laptops, and 7k people • Windows 10 + MS Account = encryption key upload • Tmobile throttling / CEO asks "who is EFF" • GM and Lyft partnership • GM "bounty" program • TOR Project bug bounty Corp
CISA, because… budget • Spy catalouge leaked • Kim Dotcom to be extradited • DHS Drone Guidance • Dutch say yes to encryption • body scans one step closer to mandatory Govt
Win10 STIG http://iase.disa.mil/stigs/os/windows/Pages/win10.aspx Kerberos http://dfir-blog.com/2015/12/13/protecting-windows-networks-kerberos-attacks National Security Implications of Virtual Currency https://www.rand.org/content/dam/rand/pubs/research_reports/RR1200/RR1231/RAND_RR1231.pdf powershell remoting https://www.sans.org/reading-room/whitepapers/incident/power-implications-enabling-powershell-remoting-enterprise-36542 Data Analytics on Vulnerability Data (using python pandas) https://www.sans.org/reading-room/whitepapers/metrics/applying-data-analytics-vulnerability-data-36532 Papers
threat intel sharing/automation https://www.sans.org/reading-room/whitepapers/detection/automated-network-defense-threat-intelligence-knowledge-management-36572 TLS bicycle attack - Guido Vranken https://guidovranken.files.wordpress.com/2015/12/https-bicycle-attack.pdf SLOTH attacks on SHA-1 http://www.mitls.org/downloads/transcript-collisions.pdf https://threatpost.com/sloth-attacks-up-ante-on-sha-1-md5-deprecation/115807/ Freestart attacks on SHA-1 https://threatpost.com/microsoft-details-flame-hash-collision-attack-060612/76658/ https://eprint.iacr.org/2015/967.pdf Papers
Frijoles LV commercial "first" power station hack WTF !!!
Cheap course bundle stacksocial.com Firemon Immediate Insight Community edition Log Analytics ToolWath.org 2014 Top Tools SCADA Default Passwds https://github.com/scadastrangelove/SCADAPASS/blob/master/scadapass.csv PrivaTegrity new crypto tool to be released
Cons • ShmooCon – DC 15-17 Jan • B-Sides Houston - ? Jan • CanSecWest – Vancouver 16-18 Mar • B-Sides Austin- 31-1 Mar-Apr • InfoSec Southwest– Austin 8-10 Apr • B-Sides OK – 09 Apr • B-Sides Nashville – 16 Apr • ThotCon 0x7 – Chicago 5-6 May • B-Sides San Antonio 21 May
DHA ( 1st Wednesday / Family Karaoke, dallas) TX2600 ( 1st Fri / Wild Turkey 35&WalnutHill, dallas ) The Lab.MS ( 2ndMonday + random events / TheLab.ms, plano) OWASP Dallas ( 3rdTuesday / location varies ) Crypto Party ( 3rd Thursday / Improving Enterprises, addison) NAISG replacement is coming ( 4th Thursday, Jakes, Frisco ) Dallas MakerSpace ( Random events / carrollton)
All images scavenged without permission All images scavenged without permission