1 / 12

PREVIOUS GNEWS

PREVIOUS GNEWS. Patch Tuesday. 6 Patches – 1 Critical – 7 CVEs Affected – Kernel, SQL, Kerberos, Word, HTML, SharePoint Other updates, MSRT, Defender Definitions, Junk Mail Filter. MS12-064 Microsoft Word,Remote Code Execution

weston
Télécharger la présentation

PREVIOUS GNEWS

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. PREVIOUS GNEWS

  2. Patch Tuesday • 6 Patches – 1 Critical – 7 CVEs • Affected – Kernel, SQL, Kerberos, Word, HTML, SharePoint • Other updates, MSRT, Defender Definitions, Junk Mail Filter • MS12-064 Microsoft Word,Remote Code Execution • MS12-066 HTML Sanitization Component, Elevation of Privilege • MS12-067 FAST Search Server 2010 for SharePoint Parsing, Remote Code Execution • MS12-068 Windows Kernel, Elevation of Privilege • MS12-069 Kerberos, Denial of Service • MS12-070 SQL Server, Elevation of Privilege

  3. Holes / Patches • Oracle due 16 Oct 2012 • Adobe • APSB12-16 Adobe Flash Player (25 cves) • Apple, • iOS 6 • OSX 10.8.2 and 10.7.5 • Safar 6.0.1 • OSX Server 2.1.1 • Apple TV 5.1 • Cisco • ASA • WebEX • IOS

  4. Holes / Hacking • Chrome gets DNT • VMWare vCenter Operations, CapacityIQ, Movie Decoder • C&C Servers using TOR • Nitol Botnet preinstalled on windows • Ie 0-day • SPDY at ekoparty (tls compression protocol) • Blackhole 2.0 • Hacking Banking Phone Systems

  5. Holes / Hacking • Malware written in google go • Iran vs Banks??? • Apple does maps better • NFC and Transit systems at EU Sec West • More java foo • Another Symantec code leak (norton utilities 2006) • Adobe and code signing, oops • Infected phpmyadmindistro on sourceforge • Twitter hi-jaking

  6. Corp • PCI rules for mobile released • Oct is Cyber Security Awareness Month • NIST grants grants to 5 security start-ups • Android SIM Wipers, its not just for Samsung anymore • White House Breached? • SHA-3 protocol selected

  7. Legal • Twitter discloses protester tweets • TX Schools ad tracker to IDs • FIPS makes things less secure, yes? • Phillipines bans cyber sex • Phillipines cyber crime law on hold • New Zealand requests inquiry on mega upload wiretapping • License Plate Scanners • Social snooping needs no warrant • Warrants required for email / cell tracking

  8. Papers • PCI mobile payment guidelineshttps://www.pcisecuritystandards.org/documents/Mobile%20Payment%20Security%20Guidelines%20v1%200.pdf • IBM reporthttp://public.dhe.ibm.com/common/ssi/ecm/en/wgl03014usen/WGL03014USEN.PDF • imperva ddos reporthttp://www.imperva.com/docs/HII_Denial_of_Service_Attacks-Trends_Techniques_and_Technologies.pdfand morehttp://www.imperva.com/resources/overview.html • Infosecinsitute.comhttp://resources.infosecinstitute.com/ • Security categorieshttp://resources.infosecinstitute.com/security-categories/ • place raiderhttp://arxiv.org/pdf/1209.5982v1.pdf

  9. tools • RTFScan (rich text file scanner) • Malwarehouse (malware collection) • 3d printer • secure messages • Exploitshield (browser plugin) • security onion 12.04 • cookie cadger • porting droid tp the hp touch pad

  10. WTF • eurpopean facebook face recon suspended • ITIF rejects dnt settings • FB and datalogix • wow cities killed off

  11. CON Events bsides Dallas Nov 3jailbreak conderby con HDMoore internet scanHITBKULe street at derby

  12. All images scavenged without permission All images scavenged without permission

More Related