1 / 13

Patch Tuesday: Critical Patches and Security Updates

The latest Patch Tuesday includes critical patches for various vulnerabilities, along with security updates for popular software and operating systems. Stay informed and secure your devices.

stokesd
Télécharger la présentation

Patch Tuesday: Critical Patches and Security Updates

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. PREVIOUSLY GNEWS

  2. Patch Tuesday • Nov - 12 Patches – 8 Critical – 60ish CVEs • MS15-124 - Cumulative Security Update for IE, Remote Code • MS15-125 - Cumulative Security Update for Edge, Remote Code • MS15-126 - Cumulative Security Update for JScript and VBScript, Remote Code • MS15-127 - Microsoft Windows DNS, Remote Code • MS15-128 - Microsoft Graphics Component, Remote Code • MS15-129 - Silverlight, Remote Code, Remote Code • MS15-130 - Microsoft Uniscribe, Remote Code • MS15-131 - Microsoft Office, Remote Code • MS15-132 - Microsoft Windows, Remote Code • MS15-133 - Windows PGM, Privilege Escalation • MS15-134 - Windows Media Center, Remote Code • MS15-135 - Windows Kernel-Mode Drivers, Privilege Escalation

  3. Holes / Patches • Cisco • NTP multiple vulns • VMWare • VMSA-2015-0008 ( 1 CVE) • Info disclosure • OpenSSL ( 4 CVE) • 1.0.2 / 1.0.1 • 1.0.0 / 0.9.8 • Adobe • APSB15-29 ColdFusion ( 3 CVE) • APSB15-30 LiveCycle ( 1 CVE) • APSB15-31 Premiere Clip ( 1 CVE) • APSB15-32 Flash Player ( 77 CVE) • Apple • Xcode 7.2 ( 4 CVE) • Safari 9.0.2 ( 12 CVE) • watchOS 2.1 ( 30 CVE) • OS X El Capitan ( 54 CVE) • tvOS 9.1 ( 48 CVE) • iOS 9.2 ( 50 CVE) • MS • MS15-122 Radius issue • Can bypass Bitlocker when pre-boot is diabled. • PUP detection coming to SCEP/FEP

  4. Hacking • BadBarCode • linux ransomeware (Linux.Encoder1) • New PoS malware (ModPoS / CherryPicker PoS) • Laserpointers not just for pointing at planes • li-wi • rootnik steals android data

  5. fidelity charitable now does the bitcoin • youtube now supporting fairuse • Onlinecensorship.org • FB reports govt requests on the rise • EFF spying on students campaign • MasterCard Hackathon dec 4-5 • walmart drones • Fossil Group buys Misfit Inc. (wearables) • Swatch, now with payments • eff luanched "bug bounty" • Flash now called Animate • MS to move to per core licensing? Corp

  6. spy firm pricelist • Dell ships root cert with private key, eDellRoot • metropcs breach 10mil user data • Starwood breach • Hilton Breach • Pearson VUE breach • Amazon breach? • VTech Breach • something about talktalk Corp

  7. Paris • cops love conficker • Germany Audit of Trucrypt • DD-WRT is safe (for now) • Dallas County leaks data • NSL • Europol sandbox Govt

  8. ISIS OPSEC Guide (cause we like being on lists) http://www.wired.com/wp-content/uploads/2015/11/ISIS-OPSEC-Guide.pdf SafeCode Secure Software Dev Framework http://www.safecode.org/publication/SAFECode_Principles_for_Software_Assurance_Assessment.pdf McAfee (Intel Security) DarkWeb Report Yup, there is shit for sale. http://www.mcafee.com/us/resources/reports/rp-hidden-data-economy.pdf Papers

  9. SANS RITA (Real Intelligence Threat Analysis) nmap7 wireshark 2.0 MagSpoof Bug Bounty Program List http://www.vulnerability-lab.com/list-of-bug-bounty-programs.php raspi 0 ($5 pc) Signal (now for the desktop) ethereum (iot blockchain) vthreat platform (Attack simulation) Tools

  10. Cons • 32C3 - Germany • ShmooCon – DC 15-17 Jan • B-Sides Houston - ? Jan • CanSecWest – Vancouver 16-18 Mar • B-Sides Austin- 31-1 Mar-Apr • InfoSec Southwest– Austin 8-10 Apr • B-Sides OK – 09 Apr • B-Sides Nashville – 16 Apr • ThotCon 0x7 – Chicago 5-6 May • B-Sides San Antonio ? May

  11. DHA ( 1st Wednesday / Family Karaoke, dallas) TX2600 ( 1st Fri / Wild Turkey 35&WalnutHill, dallas ) (1st Fri / 1418 Coffeehouse, plano) The Lab.MS ( 2ndMonday + random events / TheLab.ms, plano) Crypto Party ( 3rd Thursday / Improving Enterprises, addison) NAISG replacement is coming ( ??? ) Dallas MakerSpace ( Random events / carrollton) LockPick DFW ( we want to think it exists ) Local

  12. All images scavenged without permission All images scavenged without permission

More Related