Upload
mervyn-ray
View
218
Download
0
Tags:
Embed Size (px)
Citation preview
• 6 Patches – 4 Critical – 19 CVEs
• Affected – Kernel, SQL, Kerberos, Word, HTML, SharePoint
Other updates, MSRT, Defender Definitions, Junk Mail Filter
– MS12-071 - Cumulative Security Update for Internet Explorer– MS12-072 - Windows Shell,Remote Code Execution– MS12-073 - Microsoft Internet Information Services (IIS), Information Disclosure– MS12-074 - .NET Framework, Remote Code Execution – MS12-075 - Windows Kernel-Mode Drivers, Remote Code Execution– MS12-076 - Microsoft Excel, Remote Code Execution
Patch Tuesday
• Oracle, 109 fixes
• Adobe– SandBox Evasion/Breakout– APSB12-23 – Adobe Shockwave Player– APSB12-24 – Adobe Flash Player
• Apple,– iOS 6.0.1– QuickTime 7.7.3– Safari 6.0.2– Java update
• Cisco– IronPort with Sophos Threat Detection Engine– ASA TACACS Bypass– SNMPv3 Authentication– Unified Meeting Place
Holes / Patches
• paypal data leak (card and personal data)
• apache miconfig leaks data (passwords)
• cisco taccs auth
• Citadel Trojan – rain edition
• Anonymous launches wikileaks clone
• safai cookies, python reader
• secure boot dev
Holes / Hacking
• rapid 7 buys mobilesafe
• MS buys PhoneFactor
• kaspersky OS
• fb removes phone number searchbut only for two-factor??
• iOS 6 tracking
• FB now partnering with panda
• FTC announes bounty program
• sprint buys clearwire
• HSBC ddos
• silent circle (secure mobile comms)
• fillabong hacked
• sony encryption keys relases
Corp
• tmobile metroPCS
• tmobile malware protection
• Yahoo to ignore IE10 do not track
• arm server chips
• FBI - ooops, sorry (phone companies blocking surveillance)
• off the hook goes off the air
More Corp
• FBI issues smart phone security advice
• SC court say go ahead read that web-based mail
• no extradition for McKinnon
• copyright ruling could block all grey market sales
• California enforces mobile privacy policies
• Aussies abandon internet filtering
Legal
• aquisition tool testinghttp://www.dfinews.com/news/test-results-digital-data-acquisition-tool-asr-data-smart-version-2010-11-03http://www.cftt.nist.gov/DA-ATP-pc-01.pdf
• MS report SIRv13http://go.microsoft.com/?linkid=9818567https://blogs.technet.com/b/mmpc/archive/2012/10/09/sirv13-be-careful-where-you-go-looking-for-software-and-media-files.aspx?Redirected=true
• TrendLabs q3 round uphttp://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/reports/rpt-3q-2012-security-roundup-android-under-siege-popularity-comes-at-a-price.pdf
• FTC facial recognition reporthttp://news.hitb.org/content/google-microsoft-and-yahoo-fix-serious-email-weakness
• Russian blackmarkethttp://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-russian-underground-101.pdf
Papers
• network simulator (good for cisco cert study)
• nessus ntml5 beta (bye bye flash)
• VIRUS TOTAL ANDRIOD
• RecoverRS browser history (formerly RipRS and ParseRS)
• recon tools collection (http://lanmaster53.com/tools/)
• Pushpin (social media snarf by geolocation)
• Tapeworm (malware forensics)
• Sift (malware foremsics / password required)
• google, yahoo, and MS fix DKIM
• windows 8 released.
• dsploit for android
• AT&T 5GB free cloud storage for ios users
tools
WTF
• Bitcoin (analysis of how it is used)
• pirate bay cloud
• MC data selling
• one step closer to singularity– Borderland worm kills whole towns
• emp missile tested
• mcafee accused of murder
CON Events
HITBgoogle patches hole 10 hours after competition
Papers postedhttp://it.toolbox.com/blogs/securitymonkey/hackinthebox-security-conference-2012-kuala-lumpur-materials-are-posted-53496?rss=1
skydogcon
hacker halted
nuke talks pulled at con