1 / 10

Security Updates and Vulnerabilities: Patch Tuesday and Beyond

Stay updated on the latest security patches, vulnerabilities, and cyber threats. Learn about the recent Patch Tuesday releases, critical CVEs, and important updates from Microsoft, Oracle, Adobe, Apple, Cisco, and more. Also, explore topics like DNS RPZ for malware defense, Symantec's Internet Security Threat Report, malware sandboxing, and upcoming cybersecurity events.

rhard
Télécharger la présentation

Security Updates and Vulnerabilities: Patch Tuesday and Beyond

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. PREVIOUS GNEWS

  2. Patch Tuesday • Apr 4 Patches – 2 Critical – 11 CVEs • MS14-017 - Microsoft Word and Office Web Apps, Remote Code • MS14-018 - Cumulative Security Update for IE, Remote Code • MS14-019 – Windows File Handling Component, Remote Code • MS14-020 - Microsoft Publisher, Remote Code • Bye-Bye XP • Other updates, MSRT, Defender Definitions, Junk Mail Filter

  3. Holes / Patches • Oracle, Due out 15 Apr • Adobe • APSB14-09 – Flash Player • Apple, • Safar 6.1.3 / 7.0 • Cisco • ASA, Multiple Vulns • Cisco ONS 15454 Controller Card, Multiple DoS • Emergency Responder, Multiple Vulns • IOS, Multiple Vulns

  4. Random • HeartBleed • Openssl 1.0.1 – 1.0.1f and 1.0.2-beta • Android 4.1.0 – 4.1.1 • Tesla S • 6 character passwd via phone • MS Word 0-day

  5. Corp • TrustWave sued in Target Breach • US to give up ICANN oversight • California under fire (again) for StingRay femtocells

  6. Papers DNS RPZ for Malware Defense https://www.sans.org/reading-room/whitepapers/dns/implementation-dns-rpz-malware-phishing-defence-34535 Symantec Internet Security Threat Report http://www.symantec.com/connect/blogs/2013-internet-security-threat-report-year-mega-data-breach Malware Sandboxing http://blogs.technet.com/b/mmpc/archive/2014/03/31/creating-an-intelligent-sandbox-for-coordinated-malware-eradication.aspx

  7. Tools Persisent Mint on USB Arduino Projects

  8. Cons • SanSecWest Pwn2Own • 35 vulns • B-Sides Austin – Mar • Windows Logging Workshop • Veil Framework • Lots of SCADA • InfoSec SouthWest – Apr • B-Sides San Antonio – May • B-Sides New Orleans - May • Hope X - Jul • Defcon – Aug • ToorCon - Oct • B-Sides DFW – Nov

  9. Local TX2600 ( 1st Fri / Wild Turkey 35&WalnutHill ) ( ? Plano) NAISG ( 4th Thursday / CrossPointe ) DHA ( 1st Wednesday / Allen Wicker Pub ) Crypto Party ( 3rd Thursday / Improvin Enterprises ) LockPick DFW ( 1st Monday / Trinity Hall ) The Lab.MS ( 2nd Monday / Allen Wicker Pub ) Dallas MakerSpace

  10. All images scavenged without permission All images scavenged without permission

More Related