PREVIOUS GNEWS. 8 Patches – 3 Critical – 19+ CVEs Affected – GDI, Hyper-V, Outlook, Office,...
-
Upload
leonard-riley -
Category
Documents
-
view
213 -
download
0
Transcript of PREVIOUS GNEWS. 8 Patches – 3 Critical – 19+ CVEs Affected – GDI, Hyper-V, Outlook, Office,...
PREVIOUS GNEWS
• 8 Patches – 3 Critical – 19+ CVEs
• Affected – GDI, Hyper-V, Outlook, Office, IE, Activex, and more
• MS13-088 - Cumulative Security Update for IE
• MS13-089 - Windows Graphics Device, Remote Code
• MS13-090 - Cumulative Security Update of ActiveX Kill Bits
• MS13-091 - Microsoft Office, Remote Code
• MS13-092 - Hyper-V, Privilege Elevation
• MS13-093 - Windows Ancillary Function Driver, Info Disclosure
• MS13-094 - Microsoft Outlook, Info Disclosure
• MS13-095 - Digital Signatures, DoS
• Windows 8.1
Other updates, MSRT, Defender Definitions, Junk Mail Filter
Patch Tuesday
• Oracle, – 127 total patches– 51 patches for Java
• Adobe– APSB13-26 – Adobe Flash Player– APSB13-27 – ColdFusion
• Apple,– OS X Server v 3.0– OS X Mavericks 10.9– iTune v 11.1.2– iOS v 7.0.3– Safari 6.1– Keynote 6.0– Apple Remote Desktop 3.5.4 and 3.7
• Cisco– Identity Services Engine, Multiple Vulns– Unified Computing System, Multiple Vulns– ASA VPN, DoS– IOS XE, Multiple Vulns– CX, Safe Search Bypass– Adaptive Security Appliance, Multiple Vulns
Holes / Patches
• D-Link Router Firmware backdoor– Agent string ‘xmlset_roodkcableoj28840ybtide.’
• Flash now sandboxed in Safari (Mac)
• Silverlight targeted by exploit kits
• Maritime tracking system hacked
• 25 Electrical Power Station vulns found by 2 researchers
• Piracy is a lie, http://piracydata.org/
• isohunt shuts down and pays mpaa :(
• FB just became myspace, again.....– Removed restrictions on minor accounts
Hacking
• NYC Comic Con RFID and Social Media, auto tweet badges
• Can NSA track burner phones?
• What is in a name? hackers lose 4th ammendment rights
WTF
• brainpan - vuln os
http://resources.infosecinstitute.com/brainpan/
Tools
Papers• Intro to OWASP Mutillidae
https://www.sans.org/reading-room/whitepapers/application/introduction-owasp-mutillidae-ii-web-pen-test-training-environment-34380
• CSA guide v3
https://downloads.cloudsecurityalliance.org/initiatives/guidance/csaguide.v3.0.pdf
• HITB Malaysia– iCloud and iMessage broken
• B-Sides DFW– Journaled FS Forensics
• ROOT-66– Anti-forensics
CONS
All images scavenged without permission
All images scavenged without permission