1 / 15

PREVIOUSLY

PREVIOUSLY. GNEWS. Patch Tuesday. Jan – 10 (9) Patches – 6 Critical – 24ish CVEs MS16-001 - Cumulative Security Update for IE, Remote Code MS16-002 - Cumulative Security Update for Edge, Remote Code

chadwilson
Télécharger la présentation

PREVIOUSLY

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. PREVIOUSLY GNEWS

  2. Patch Tuesday • Jan – 10 (9) Patches – 6 Critical – 24ish CVEs • MS16-001 - Cumulative Security Update for IE, Remote Code • MS16-002 - Cumulative Security Update for Edge, Remote Code • MS16-003 - Cumulative Security Update for JScript and VBScript, Remote Code • MS16-004 - Microsoft Office, Remote Code • MS16-005 - Windows Kernel-Mode Drivers, Remote Code • MS16-006 - Silverlight, Remote Code, Remote Code • MS16-007 -Microsoft Windows, Remote Code • MS16-008 - Windows Kernel, Privilege Escalation • MS16-009 - ??, ?? • MS16-010 - Microsoft Exchange Server, Spoofing

  3. Holes / Patches • VMWare • VMSA-2015-0009 ( 1 CVE) • deserialization • VMSA-2016-0001 ( 1 CVE) • guest privilege escalation • Jabber MITM • FireEye Bug • Juniper Bug • Win8, IE 8/9/10 – lose support • Adobe • Due on 19 Jan • Adobe • APSB16-01 Flash Player ( 19 CVE) • APSB16-02 Acrobat/Reader ( 17 CVE) • Apple • QuickTime 7.7.9 ( 9 CVE) • Security Update 2015-006 ( 56 CVE) • iTunes 12.3.2( 12 CVE) • MS • MS15-122 Radius issue • Can bypass Bitlocker when pre-boot is diabled. • PUP detection coming to SCEP/FEP

  4. Hacking • port fail (vpn data leakage) • latentbot, super stealthy of the week • 13 mil mackeeper datas • Corolla controlled by cellphone • Unsecure Mongos • Dell pre-boot driver • Side Loading iOS apps • Comcast home security fail open • 3d print ceramics

  5. The tweets warn on state-sponsorship • MS to join the nation state advisory band wagon • FB open-sources hardware design • SEC allows blookchain for stocks • Linux foundation corrals IBM, Intel, Chase and more with Openledger (blockchain) • Java slap • Target mobile app data leak • Landry’s breach • Hello Kitty breach 3.3 million • Hyatt breach Corp

  6. TWC Hacked • Voter DB exposed • SpaceX makes a successful landing • MS acquires Metanautix • Toshiba to 86 TV, Laptops, and 7k people • Windows 10 + MS Account = encryption key upload • Tmobile throttling / CEO asks "who is EFF" • GM and Lyft partnership • GM "bounty" program • TOR Project bug bounty Corp

  7. CISA, because… budget • Spy catalouge leaked • Kim Dotcom to be extradited • DHS Drone Guidance • Dutch say yes to encryption • body scans one step closer to mandatory Govt

  8. Win10 STIG http://iase.disa.mil/stigs/os/windows/Pages/win10.aspx Kerberos http://dfir-blog.com/2015/12/13/protecting-windows-networks-kerberos-attacks National Security Implications of Virtual Currency https://www.rand.org/content/dam/rand/pubs/research_reports/RR1200/RR1231/RAND_RR1231.pdf powershell remoting https://www.sans.org/reading-room/whitepapers/incident/power-implications-enabling-powershell-remoting-enterprise-36542 Data Analytics on Vulnerability Data (using python pandas) https://www.sans.org/reading-room/whitepapers/metrics/applying-data-analytics-vulnerability-data-36532 Papers

  9. threat intel sharing/automation https://www.sans.org/reading-room/whitepapers/detection/automated-network-defense-threat-intelligence-knowledge-management-36572 TLS bicycle attack - Guido Vranken https://guidovranken.files.wordpress.com/2015/12/https-bicycle-attack.pdf SLOTH attacks on SHA-1 http://www.mitls.org/downloads/transcript-collisions.pdf https://threatpost.com/sloth-attacks-up-ante-on-sha-1-md5-deprecation/115807/ Freestart attacks on SHA-1 https://threatpost.com/microsoft-details-flame-hash-collision-attack-060612/76658/ https://eprint.iacr.org/2015/967.pdf Papers

  10. Frijoles LV commercial "first" power station hack WTF !!!

  11. Cheap course bundle stacksocial.com Firemon Immediate Insight Community edition Log Analytics ToolWath.org 2014 Top Tools SCADA Default Passwds https://github.com/scadastrangelove/SCADAPASS/blob/master/scadapass.csv PrivaTegrity new crypto tool to be released

  12. Cons • ShmooCon – DC 15-17 Jan • B-Sides Houston - ? Jan • CanSecWest – Vancouver 16-18 Mar • B-Sides Austin- 31-1 Mar-Apr • InfoSec Southwest– Austin 8-10 Apr • B-Sides OK – 09 Apr • B-Sides Nashville – 16 Apr • ThotCon 0x7 – Chicago 5-6 May • B-Sides San Antonio 21 May

  13. DHA ( 1st Wednesday / Family Karaoke, dallas) TX2600 ( 1st Fri / Wild Turkey 35&WalnutHill, dallas ) The Lab.MS ( 2ndMonday + random events / TheLab.ms, plano) OWASP Dallas ( 3rdTuesday / location varies ) Crypto Party ( 3rd Thursday / Improving Enterprises, addison) NAISG replacement is coming ( 4th Thursday, Jakes, Frisco ) Dallas MakerSpace ( Random events / carrollton)

  14. All images scavenged without permission All images scavenged without permission

More Related