Dec/Jan News

advertisement

Patch Tuesday

• Oct - 8 Patches – 1 Critical - 8 CVEs

• MS15-001 - Windows Application Compatibility Cache, Privilege

Escalation

• MS15-002 - Windows Telnet Service, Remote Code

• MS15-003 - Windows User Profile Service, Privilege Escalation

• MS15-004 - Windows Components, Privilege Escalation

• MS15-005 - Network Location Awareness Service, Security Bypass

• MS15-006 - Windows Error Reporting, Security Bypass

• MS15-007 - Network Policy Server RADIUS Implementation, DoS

• MS15-008 - Windows Kernel-Mode Driver, Privilege Escalation

Other updates, MSRT, Defender Definitions, Junk Mail Filter

Holes / Patches

• Oracle

– Due out 20 Jan 2015

• Adobe

– APSB15-01 – Flash Player

• Cisco

– ISB8320-E High-Definition IP-Only

DVR, Remote Auth

– Mearki, multi vuln

– ASA – syslog leak

– Jabber Guest Server – multi vuln

• Apple,

– iOS 8.1.2

– Safari 8.0.2

– Xcode 6.2 beta 3

– OS X NTP

• VMWare

– VMSA-2014-0014 - AirWatch

• VPN bypass for NetFlix Regions

• NetFlix Denies proxy crack down

• UEFI, ByPass Secure Boot and more

• Google Drops 8.1/Word 0-day

• MS drops call for better disclosure

• Google shreds Aviator broswer

• White Hat Security responds

– “Advising users to not use Aviator misses the bigger picture.”

• Google to stop patching Webview

– Use alternate browser or full ROM

• UDP Braodcast = Root Execution on Asus Routers

• Multiple 0-days for Corel titles

• Schneider patches Wonderware SCADA server

Hacking

• 8 patches for OpenSSL

• 2,4Ghz Wireless Keyboard Sniffer

• New ATM hack “black-box”

– Requirs physical access

• New variant of CryptoWall

• SilkRoad Reloaded

– It’s not just for Tor anymore

• Skeletonkey - ByPass AD

• Inception Framework

– RAM only, polymorphic

• RedStar OS

• PenToo RC3.7

Hacking

• BitStamp Off-line Post breach

• Box Inc IPO

• Cyber is Physical – German steel mill damaged

• XBox One SDK Leaked

• mini board roundup

– 86Duino

– A10-OLinuXino-Lime

– Arduino TRE

– Banana Pi

– BPi D1

– HummingBoard-i1

– Odroid-C1

– Orange P

– pcDuino3 Nano

Corp

• New DoJ ‘Cyber Security Unit’

• Feds Hate Security, esp. encryption

• North Korean Sanctions

• CentCom twitter hacked

• New Jersey requires insurance providers to encrypt

• G Chill

• UK Draft Communications Data Bill “Snoopers Charter”

• National Standard for Breach Notifications?

– EFF and Krebs have good comments against proposal

• All the Patriots Are Dead

• or how some pieces of the patriot act expire in 2015

• NK ‘Glorious Leader’ game developer hacked

Govt

data collection via twitter http://resources.infosecinstitute.com/intelligence-information-gathering-collecting-twitterfollowers-25-lines-python

AIX for Pentesters https://www.sans.org/reading-room/whitepapers/unix/aix-penetration-testers-35672

McCain's security bill https://www.congress.gov/bill/112th-congress/senate-bill/3342

Global Chilling http://pen.org/global-chill

Hacking Point of Sale - Slava Gomzine http://www.amazon.co.uk/Hacking-Point-Sale-Application-Solutions/dp/1118810112

MS14-068 to Full Compromise – Step by Step https://www.trustedsec.com/december-2014/ms14-068-full-compromise-step-step/

Improve mac scanning for ssh http://www.securityorb.com/delayed-slow-ssh-connection-mac-os-x-systems-fix

project artillery

Threat Intell

Apple brute forcer

Openwall 3.1

wifiwhisperer

Automate phishing powersploit script collection

GitRob automated git search

EFF Mobil App

News feed (not on iPhone)

• CCC – Copy finger prints from a photo

• CCC – Mac BootKit

Encryption

Tor

Privacy / Rights

• Automobiles

• But wait there’s more…..

• CCC – 2014 Videos http://media.ccc.de/browse/congress/2014/

• CCC – PodCast chaosradio.ccc.de

• Shmoo 16-18 Jan

• Dallas Tech-Security Conference 22 Jan

• Darknet and the primordial soup of Cyber Crime

B-Sides Austin 12

– 13 Mar

12 Feb

CanSecWest 18 - 20 Mar

InfoSec Southwest 10

– 12 Apr

• B-Sides Nashville

• B-Sides San Antonio

11 Apr

? May

• ThotCon 0x6 14 – 15 May

• PenTest Austin (SANS) 18 – 23 May

DefCon 23 6

– 9 Aug

DHA

( 1 st Wednesday / looking for new spot , plano )

TX2600

( 1 st Fri / Wild Turkey 35&WalnutHill, dallas )

(1 st Fri / 1418 Coffeehouse, plano)

The Lab.MS

( 2 nd Monday / varies , plano )

Crypto Party

( 3 rd Thursday / Improving Enterprises, addison )

NAISG

( 4 th Thursday / CrossPointe Theatre, carrollton )

LockPick DFW

( Last Monday / looking for new spot , dallas )

Dallas MakerSpace

Random / carrollton

Local

All images scavenged without permission

All images scavenged without permission

Download