1 / 15

December Patch Tuesday: Critical Patches and Security Updates

Get the latest updates on December Patch Tuesday, including critical patches and security updates for various software and operating systems. Stay informed on the latest vulnerabilities and fixes to protect your systems.

hhoagland
Télécharger la présentation

December Patch Tuesday: Critical Patches and Security Updates

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. PREVIOUS GNEWS

  2. Patch Tuesday • Dec – 12 Patches – 6 Critical – 42 CVEs • MS16-144 - Cumulative Security Update for Internet Explorer, Remote Code • MS16-145 - Cumulative Security Update for Microsoft Edge, Remote Code • MS16-146 - Microsoft Graphics Component, Remote Code • MS16-147 - Microsoft Uniscribe, Remote Code • MS16-148 - Microsoft Office, Remote Code • MS16-149 - Microsoft Windows, Privilege Escalation • MS16-150 - Secure Kernel Mode, Privilege Escalation • MS16-151 - Windows Kernel-Mode Drivers, Privilege Escalation • MS16-152 - Windows Kernel, Info Disclosure • MS16-153 - Common Log File System Driver, Info Disclosure • MS16-154 - Adobe Flash Player, Remote Code • MS16-155 - .NET Framework, Info Disclosure

  3. Holes / Patches • VMWare • VMSA-2016-0018.3 ( 1 CVE) • Linux Kernel, Privilege Escalation • VMSA-2016-0019 ( 1 CVE) • Workstation and Fusion, Mem Access • ** VM Escape • VMSA-2016-0020 ( 1 CVE) • vRealize, API deserialization • VMSA-2016-0021 ( 1 CVE) • Info disclosure • VMSA-2016-0022 ( 3 CVE) • Info disclosure • SHA-1 • IE, Edge, Chrome dump SHA-1 support • Sony Camera Backdoor • IPELA Engine IP Camera firmware • Default psswords/ Telnet / SSH • Adobe • APSB16-38 Animate ( 1 CVE) • APSB16-39 Flash Player ( 17 CVE) • APSB16-40 Experience Manager Forms ( 2 CVE) • APSB16-41 DNG Converter ( 1 CVE) • APSB16-42 Experience Manager ( 4 CVE) • APSB16-43 InDesign ( 1 CVE) • APSB16-44 ColdFusion Builder ( 1 CVE) • APSB16-45 Digital Editions ( 2 CVE) • APSB16-45 RoboHelp ( 1 CVE) • Apple • Transporter 1.9.2 ( 1 CVE) • iOS 10.2 ( 64 CVE) • tvOS 101.1 ( 49 CVE) • macOS Sierra 10.12.2 ( 72 CVE) • iTunes for Windows 12.5.4 ( 23 CVE) • Safari 10.0.2 ( 24 CVE) • iCloud for Windows 6.1 ( 24 CVE)

  4. Holes / Patches • Bye-Bye MS bulletins • Bye-Bye DOS • Powershell default CLI • 0365 spoofing • MS chrome sandbox bypass • Win10 Telemetry • iPhone photos and contact • iCloud syncs call history without consent • unicorn 0-day • tor 0-day

  5. Hacking • Fort Worth kids loot fifa • Blackknurse, DoS attack • PoC Hue IoT worm • shazam always on mic (Mac) • poison tap • NTP exploit code • exfil creds via ssid • droidpluginabuse • avalanche botnet sinkholed • new malware uses referrals for keys

  6. oracle buys dyn • symantec buys lifelock • Vantiv acquires Moneris • KKR buys optiv • Amex buys InAuth • NC4 picks up soltra edge • citi pay digital wallet • apple pay now allows use for non-profits • amazon hits counterfeiters • MS cloud FPGAs • FB black password market • cloud security alliance iot guidance • SpaceX satelite internet Corp

  7. qualcomm bugbounty • firmware updates in android • openvpn audit • tor phone? • seimens priv escalation • seimens camera creds • tesco update, NFC was used • uber data leak • AFF breached • Russian central bank hacked, $31Mil • daily motion password dump, 87 mil Corp

  8. new zealand reforms spy laws? • UK surveillance bill • brits petition to re-evaluate snooper bill • Army bug bounty • fs-isac dumps SOLTRA • Ukraine torrent servers seized • IRS wants coinbase to cough up identities • DoD vuln disclosure policy • CREDO confirms NSLs • Internet Archive NSL • SF transit infection • rule 41 in effect • don't communicate via email Govt

  9. e-flavor is bad http://phys.org/news/2016-11-hazardous-chemicals-flavored-e-cigarette-vapor.html sec metrics http://www.darkreading.com/operations/security-metrics-checklist/d/d-id/1327467 NIST engineering guidance http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-160.pdf NIST SMB guidance http://nvlpubs.nist.gov/nistpubs/ir/2016/NIST.IR.7621r1.pdf NIST osx guide http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-179.pdf coindesk state of blockchain q3 http://www.coindesk.com/research/state-of-blockchain-q3-2016/ 6 seconds to any card # http://eprint.ncl.ac.uk/file_store/production/230123/19180242-D02E-47AC-BDB3-73C22D6E1FDB.pdf fed reserve distributed ledger research http://www.coindesk.com/federal-reserve-central-bank-distributed-ledger-research-paper/ Papers

  10. #pizzagate minecraftatari 2600 emulator Blonde SuperFreak Steals the Magic Brain WTF

  11. EFF 12 days of 2FA how to on gmail / google / Yahoo Tools

  12. Future Cons ShmooCon 13-15 Jan 3 rounds sold out 4.19 / 2.73 / 2.28 seconds SANS Dallas 27 Feb-04 Mar CanSecWest 15-17 Mar Hou.Sec.Con 7.0 23 Mar BSides Austin SANS PenTest Austin 27 Mar-01 Apr Women in Cybersecurity 31 Mar-01 Apr InfoSec Southwest 07-08 Apr BSides Nashville 22 Apr

  13. DHA @Dallas_Hackers ( 1st Wednesday / Family Karaoke, dallas) TX2600 @dallas2600 ( 1st Fri / Wild Turkey 35&WalnutHill, dallas ) The Lab.MS @TheLab_ms ( 2ndMonday + random events / TheLab.ms, plano) OWASP Dallas @OWASPDallas ( 3rdTuesday / location varies ) Crypto Party DFW @CryptoPartyDFW ( 3rd Thursday / Improving Enterprises, addison) North Texas Cyber Security Group @ntxcsg ( Last Thursday, Jakes, Frisco ) Dallas MakerSpace@dallasmakers ( Random events / carrollton) Hack Ft Worth @Hack_FtW ( 3rd Thursday / ?? West 7th ?? Abby Pub) Lock Pick DFW @LockPickDFW ( Last Monday/ Sherlocksarlington)

  14. All images scavenged without permission All images scavenged without permission

More Related