1 / 10

PREVIOUS GNEWS

PREVIOUS GNEWS. Patch Tuesday. 7 Patches – 3 Critical – 23 CVEs Affected – RDP, IE, Lync , Windows Other updates, MSRT, Defender Definitions, Junk Mail Filter. MS12-036 Remote Desktop, Remote Code Execution MS12-037 Cumulative Security Update for Internet Explorer

vachel
Télécharger la présentation

PREVIOUS GNEWS

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. PREVIOUS GNEWS

  2. Patch Tuesday • 7 Patches – 3 Critical – 23 CVEs • Affected – RDP, IE, Lync, Windows • Other updates, MSRT, Defender Definitions, Junk Mail Filter • MS12-036 Remote Desktop, Remote Code Execution • MS12-037 Cumulative Security Update for Internet Explorer • MS12-038 .NET Framework, Remote Code Execution • MS12-039 Lync, Remote Code Execution • MS12-040 Microsoft Dynamics AX Enterprise Portal, Remote Code Execution • MS12-041 Windows Kernel-Mode Drivers, Elevation of Privilege • MS12-042 Windows Kernel, Elevation of Privilege

  3. Holes / Patches • Oracle, due out 17 July • Adobe • APSB12-14 Hotfix for ColdFusion 9.01 and older • APSB12-15 Adobe Flash Player • Apple, • FlashBack Removal Update • Leopard Security Update 2012-003 • QuickTime 7.7.2 • iTunes 10.6.3 • Java Update • Cisco • ASA 5500 information disclousure • Small Business Devices XSS / Meeting Place Login XSS • IOS XR DoS

  4. Hacking • mobile maleware genome project • MS out of band path certs/flame • flame and stuxnet link? • Kaspersky confirms • mysql auth bypass

  5. Corp • disa to pilot DoD mobile network • unclass and class nets • Nytimes claims stuxnet was us based • Linkedin iOS app siphons data • Linkedin password breach • google to notify dnschanger victims • apple filters word jailbreak

  6. Papers • secure aws • http://www.infosecwriters.com/texts.php?op=display&id=662 • max benefit from pentest • http://www.infosecwriters.com/texts.php?op=display&id=661 • fbibitcoin • http://www.wired.com/images_blogs/threatlevel/2012/05/Bitcoin-FBI.pdf • Common vuln reporting framework • http://www.icasi.org/cvrf-1.1 • bitcoin • http://news.hitb.org/content/bitcoins-worth-87000-plundered-brazen-server-breach • Robots • https://www.sans.org/reading_room/whitepapers/awareness/robotstxt_33955 • dangerous http methods • https://www.sans.org/reading_room/whitepapers/testing/penetration-testing-web-application-dangerous-http-methods_33945 • risk assessment for social media • https://www.sans.org/reading_room/whitepapers/privacy/risk-assessment-social-media_33940 • NIST Cloud Guidance • http://csrc.nist.gov/publications/PubsSPs.html#800-146 • http://www.nist.gov/manuscript-publication-search.cfm?pub_id=911075ios5 security[1] http://images.apple.com/ipad/business/docs/iOS_Security_May12.pdf[2] http://www.nsa.gov/ia/mitigation_guidance/security_configuration_guides/operating_systems.shtmlbiomed deviceshttp://www.secure-medicine.org/icd-study/icd-study.pdfcovert channels on social nethttps://www.sans.org/reading_room/whitepapers/engineering/covert-channels-social-networks_33960imperva anonymoushttp://www.imperva.com/docs/HII_The_Anatomy_of_an_Anonymous_Attack.pdf

  7. Papers • risk assessment for social media • https://www.sans.org/reading_room/whitepapers/privacy/risk-assessment-social-media_33940 • NIST Cloud Guidance • http://csrc.nist.gov/publications/PubsSPs.html#800-146 • http://www.nist.gov/manuscript-publication-search.cfm?pub_id=911075 • ios5 security • http://images.apple.com/ipad/business/docs/iOS_Security_May12.pdf • http://www.nsa.gov/ia/mitigation_guidance/security_configuration_guides/operating_systems.shtml • biomed devices • http://www.secure-medicine.org/icd-study/icd-study.pdf • covert channels on social net • https://www.sans.org/reading_room/whitepapers/engineering/covert-channels-social-networks_33960 • imperva on anonymous • http://www.imperva.com/docs/HII_The_Anatomy_of_an_Anonymous_Attack.pdf

  8. tools elcomsofthttp://www.dfinews.com/article/elcomsoft-provides-forensic-access-icloud-backupsevidence finderhttp://www.dfinews.com/article/jad-software-releases-ief-54emet v3https://blogs.technet.com/b/srd/archive/2012/05/15/introducing-emet-v3.aspx?Redirected=trueSEThttp://www.social-engineer.org/framework/Computer_Based_Social_Engineering_Tools:_Social_Engineer_Toolkit_%28SET%29truecrackhttps://code.google.com/p/truecrack/ passfaulthttp://passfault.com/

  9. CON Events DefCon 20 https://www.defcon.org/

  10. All images scavenged without permission All images scavenged without permission

More Related