100 likes | 192 Vues
Stay informed with the latest cybersecurity patches and vulnerabilities. Discover recent critical updates from Microsoft, Oracle, Adobe, Apple, and Cisco. Learn about security threats like POS malware, ATM vulnerabilities, and more.
E N D
Patch Tuesday • Jan 4 Patches – 0 Critical – 6 CVEs • 9Patches – 4 Critical – 31+ CVEs • MS14-005 - Microsoft XML Core Services, Info Disclosure • MS14-006 - IPv6 Could Allow, DoS • MS14-007 - Direct2D, Remote Code • MS14-008 - Microsoft Forefront Protection for Exchange, Remote Code • MS14-009 - .NET Framework, Privilege Escalation • MS14-010 - Cumulative Security Update for Internet Explorer • MS14-011 - VBScript Scripting Engine, Remote Code • Other updates, MSRT, Defender Definitions, Junk Mail Filter
Holes / Patches • Oracle, • Jan - 144 fixes • Adobe • APSB14-04 – Flash Player • APSB14-06 – Shockwave Player • Apple, • iTunes 11.1.5 • Pages 5.1 and 2.1 • Boot Camp 5.1 • Cisco • Secure Access Control System, Multiple Vulns • Unified Communications Manager, Multiple Vulns / SQL Injects • NX-OS, Multiple Vulns • TelePresense, Multiple Vulns • MediaSense. Multiple Vulns
Random • POS Malware?? • Something about ATMs • Windows XP end of support (oh you didn’t know?!) MSRT supported for one year • Windows 8 on usb – “enterprise license and certified device required” • Windows 9 “threshold” rumors hitting the streets • Japenese Nuke Reactor, now with malware • Starbuck iPhone app stores creds in plaintext • OpenBSD gets bitcoin donation, keeps lights on • ThrustVPS gets owned, sends spam • VPN bypass in JellyBean and KitKat • Mask
Corp • Vmware buys AirWatch • AMD 8 core ARM • Lenovo buys Motorola Mobility • EU to back door cars by 2020 • CCC sues German Govt • Tumblr drops transparency report
Papers Detect Malware Phone Home https://www.sans.org/reading-room/whitepapers/detection/approach-detect-malware-call-home-activities-34480 Google + Integration Opt-Out https://www.eff.org/deeplinks/2014/01/how-opt-out-gmails-google-plus-integration NIST Cyber Security Framework http://www.nist.gov/cyberframework/upload/cybersecurity-framework-021214.pdf
Tools Discuss
Cons • CanSecWest – Mar • B-Sides Austin – Mar • Source Boston - Apr • InfoSec SouthWest – Apr • ThotCon – Apr • Hope X - Jul • Defcon – Aug • ToorCon - Oct • B-Sides DFW – Nov • CCC - Dec
Local DC214 TX2600 NAISG DHA Crypto Party LockPick DFW The Lab.MS Dallas MakerSpace ISSA North Texas ISSA Cowtown
All images scavenged without permission All images scavenged without permission