1 / 8

PREVIOUS GNEWS

On Tuesday, a significant round of security patches was released, including 8 critical updates addressing over 19 CVEs. Key products affected include Microsoft GDI, Hyper-V, Outlook, and Internet Explorer. Notable updates include MS13-088 for Internet Explorer, MS13-089 for Windows Graphics Device, and MS13-090 for ActiveX Kill Bits. Additionally, patches from Oracle, Adobe, and Apple, covering vulnerabilities in systems and applications like Java, Flash Player, and iOS, were made available. Cybersecurity professionals must prioritize these updates to ensure system security.

akiko
Télécharger la présentation

PREVIOUS GNEWS

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. PREVIOUS GNEWS

  2. Patch Tuesday • 8 Patches – 3 Critical – 19+ CVEs • Affected – GDI, Hyper-V, Outlook, Office, IE, Activex, and more • MS13-088 - Cumulative Security Update for IE • MS13-089 - Windows Graphics Device, Remote Code • MS13-090 - Cumulative Security Update of ActiveX Kill Bits • MS13-091 - Microsoft Office, Remote Code • MS13-092 - Hyper-V, Privilege Elevation • MS13-093 - Windows Ancillary Function Driver, Info Disclosure • MS13-094 - Microsoft Outlook, Info Disclosure • MS13-095 - Digital Signatures, DoS • Windows 8.1 • Other updates, MSRT, Defender Definitions, Junk Mail Filter

  3. Holes / Patches • Oracle, • 127 total patches • 51 patches for Java • Adobe • APSB13-26 – Adobe Flash Player • APSB13-27 – ColdFusion • Apple, • OS X Server v 3.0 • OS X Mavericks 10.9 • iTune v 11.1.2 • iOS v 7.0.3 • Safari 6.1 • Keynote 6.0 • Apple Remote Desktop 3.5.4 and 3.7 • Cisco • Identity Services Engine, Multiple Vulns • Unified Computing System, Multiple Vulns • ASA VPN, DoS • IOS XE, Multiple Vulns • CX, Safe Search Bypass • Adaptive Security Appliance, Multiple Vulns

  4. Hacking • D-Link Router Firmware backdoor • Agent string ‘xmlset_roodkcableoj28840ybtide.’ • Flash now sandboxed in Safari (Mac) • Silverlight targeted by exploit kits • Maritime tracking system hacked • 25 Electrical Power Station vulns found by 2 researchers • Piracy is a lie, http://piracydata.org/ • isohunt shuts down and pays mpaa  :( • FB just became myspace, again..... • Removed restrictions on minor accounts

  5. WTF • NYC Comic Con RFID and Social Media, auto tweet badges • Can NSA track burner phones? • What is in a name? hackers lose 4th ammendment rights

  6. Tools • brainpan - vulnos http://resources.infosecinstitute.com/brainpan/ Papers • Intro to OWASP Mutillidae https://www.sans.org/reading-room/whitepapers/application/introduction-owasp-mutillidae-ii-web-pen-test-training-environment-34380 • CSA guide v3 https://downloads.cloudsecurityalliance.org/initiatives/guidance/csaguide.v3.0.pdf

  7. CONS • HITB Malaysia • iCloud and iMessage broken • B-Sides DFW • Journaled FS Forensics • ROOT-66 • Anti-forensics

  8. All images scavenged without permission All images scavenged without permission

More Related