Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Dec/Jan News

advertisement

Patch Tuesday

• Oct - 8 Patches – 1 Critical - 8 CVEs

• MS15-001 - Windows Application Compatibility Cache, Privilege

Escalation

• MS15-002 - Windows Telnet Service, Remote Code

• MS15-003 - Windows User Profile Service, Privilege Escalation

• MS15-004 - Windows Components, Privilege Escalation

• MS15-005 - Network Location Awareness Service, Security Bypass

• MS15-006 - Windows Error Reporting, Security Bypass

• MS15-007 - Network Policy Server RADIUS Implementation, DoS

• MS15-008 - Windows Kernel-Mode Driver, Privilege Escalation

Other updates, MSRT, Defender Definitions, Junk Mail Filter

Holes / Patches

• Oracle

– Due out 20 Jan 2015

• Adobe

– APSB15-01 – Flash Player

• Cisco

– ISB8320-E High-Definition IP-Only

DVR, Remote Auth

– Mearki, multi vuln

– ASA – syslog leak

– Jabber Guest Server – multi vuln

• Apple,

– iOS 8.1.2

– Safari 8.0.2

– Xcode 6.2 beta 3

– OS X NTP

• VMWare

– VMSA-2014-0014 - AirWatch

• VPN bypass for NetFlix Regions

• NetFlix Denies proxy crack down

• UEFI, ByPass Secure Boot and more

• Google Drops 8.1/Word 0-day

• MS drops call for better disclosure

• Google shreds Aviator broswer

• White Hat Security responds

– “Advising users to not use Aviator misses the bigger picture.”

• Google to stop patching Webview

– Use alternate browser or full ROM

• UDP Braodcast = Root Execution on Asus Routers

• Multiple 0-days for Corel titles

• Schneider patches Wonderware SCADA server

Hacking

• 8 patches for OpenSSL

• 2,4Ghz Wireless Keyboard Sniffer

• New ATM hack “black-box”

– Requirs physical access

• New variant of CryptoWall

• SilkRoad Reloaded

– It’s not just for Tor anymore

• Skeletonkey - ByPass AD

• Inception Framework

– RAM only, polymorphic

• RedStar OS

• PenToo RC3.7

Hacking

• BitStamp Off-line Post breach

• Box Inc IPO

• Cyber is Physical – German steel mill damaged

• XBox One SDK Leaked

• mini board roundup

– 86Duino

– A10-OLinuXino-Lime

– Arduino TRE

– Banana Pi

– BPi D1

– HummingBoard-i1

– Odroid-C1

– Orange P

– pcDuino3 Nano

Corp

• New DoJ ‘Cyber Security Unit’

• Feds Hate Security, esp. encryption

• North Korean Sanctions

• CentCom twitter hacked

• New Jersey requires insurance providers to encrypt

• G Chill

• UK Draft Communications Data Bill “Snoopers Charter”

• National Standard for Breach Notifications?

– EFF and Krebs have good comments against proposal

• All the Patriots Are Dead

• or how some pieces of the patriot act expire in 2015

• NK ‘Glorious Leader’ game developer hacked

Govt

data collection via twitter http://resources.infosecinstitute.com/intelligence-information-gathering-collecting-twitterfollowers-25-lines-python

AIX for Pentesters https://www.sans.org/reading-room/whitepapers/unix/aix-penetration-testers-35672

McCain's security bill https://www.congress.gov/bill/112th-congress/senate-bill/3342

Global Chilling http://pen.org/global-chill

Hacking Point of Sale - Slava Gomzine http://www.amazon.co.uk/Hacking-Point-Sale-Application-Solutions/dp/1118810112

MS14-068 to Full Compromise – Step by Step https://www.trustedsec.com/december-2014/ms14-068-full-compromise-step-step/

Improve mac scanning for ssh http://www.securityorb.com/delayed-slow-ssh-connection-mac-os-x-systems-fix

project artillery

Threat Intell

Apple brute forcer

Openwall 3.1

wifiwhisperer

Automate phishing powersploit script collection

GitRob automated git search

EFF Mobil App

News feed (not on iPhone)

• CCC – Copy finger prints from a photo

• CCC – Mac BootKit

Encryption

Tor

Privacy / Rights

• Automobiles

• But wait there’s more…..

• CCC – 2014 Videos http://media.ccc.de/browse/congress/2014/

• CCC – PodCast chaosradio.ccc.de

• Shmoo 16-18 Jan

• Dallas Tech-Security Conference 22 Jan

• Darknet and the primordial soup of Cyber Crime

B-Sides Austin 12

– 13 Mar

12 Feb

CanSecWest 18 - 20 Mar

InfoSec Southwest 10

– 12 Apr

• B-Sides Nashville

• B-Sides San Antonio

11 Apr

? May

• ThotCon 0x6 14 – 15 May

• PenTest Austin (SANS) 18 – 23 May

DefCon 23 6

– 9 Aug

DHA

( 1 st Wednesday / looking for new spot , plano )

TX2600

( 1 st Fri / Wild Turkey 35&WalnutHill, dallas )

(1 st Fri / 1418 Coffeehouse, plano)

The Lab.MS

( 2 nd Monday / varies , plano )

Crypto Party

( 3 rd Thursday / Improving Enterprises, addison )

NAISG

( 4 th Thursday / CrossPointe Theatre, carrollton )

LockPick DFW

( Last Monday / looking for new spot , dallas )

Dallas MakerSpace

Random / carrollton

Local

All images scavenged without permission

All images scavenged without permission

Related documents
International Education Committee – Annual Report
International Education Committee – Annual Report
Review, Grammar and Test
Review, Grammar and Test
Working Memory How it works
Working Memory How it works
Group 1 Professional Dev Plan - ocde
Group 1 Professional Dev Plan - ocde
Jake Berube
Jake Berube
Curriculum Leadership Institute (CLI)
Curriculum Leadership Institute (CLI)
Privilege and Power in the Classroom
Privilege and Power in the Classroom
CALIFORNIA CONSERVATION CORPS
CALIFORNIA CONSERVATION CORPS
Marion Butts - Dallas Public Library
Marion Butts - Dallas Public Library
Sacraments CCC Review Part 1
Sacraments CCC Review Part 1
Case Management Presentation
Case Management Presentation
Postgraduate Student Projects Applicatio[...]
Postgraduate Student Projects Applicatio[...]
Baldock Bypass : One year on - Hertfordshire County Council
Baldock Bypass : One year on - Hertfordshire County Council
Conduct of Senior Medical Officers in treating and billing private
Conduct of Senior Medical Officers in treating and billing private
Western Plano
Western Plano
The systemic inflammatory response to cardiopulmonary bypass
The systemic inflammatory response to cardiopulmonary bypass
Word Version - United States Conference of Catholic Bishops
Word Version - United States Conference of Catholic Bishops
Download
advertisement