Post on 03-Feb-2016
description
PR
EV
IOU
S G
NEW
S
• 7 Patches – 2 Critical – 11 CVEs
• Affected – SCOM, Print Spooler, XML, .NET,
Other updates, MSRT, Defender Definitions, Junk Mail Filter
– MS13-001 - Windows Print Spooler Components, Remote Code Execution– MS13-002 - Microsoft XML Core Services, Remote Code Execution– MS13-003 - System Center Operations Manager, Elevation of Privilege– MS13-004 -.NET Framework, Elevation of Privilege– MS13-005 - Windows Kernel-Mode Driver, Elevation of Privilege– MS13-006 - Microsoft Windows, Security Feature Bypass– MS13-007 - Open Data Protocol, Denial of Service
Patch Tuesday
• Oracle, Due out 15 Jan
• Adobe– APSA13-01 – ColdFusion 3 CVEs– APSB13-01 – Adobe Flash Player 1 CVEs– APSB13-02 – Adobe Reader and Acrobat 27 CVEs
• Apple,– Nothing to see here
• Cisco– Wireless LAN Controller XSS, DoS– Unified IP Phones Local Kernel System Call Input
Validation
• Java– 7-10 introduces new security controls
Holes / Patches
• Mysql – multiple zero day (remote root, BO, priv escalation)• CVE-2012-5611, CVE-2012-5612, CVE-2012-5613, CVE-2012-5614, and CVE-2012-5615
• wii U network – secret debug menu in japenses (mod passwords,/ view forum posts / etc)
• MS congratulated hacker for JailBreak• “Microsoft issued a statement saying that it does not consider the results of the jailbreak to be
part of a security vulnerability,”…..” Microsoft also said it applauded clockr for his “ingenuity” to document these security gaps.”
• Yahoo mail XSS• Yahoo finally adds “always use HTTPS” function to mail options
• ruby on rails• CVE-2013-0156 Auth bypass
Holes / Hacking
• FB hacker cup registration open
• GPS • $2500 in gear could bring down 30% of CORS with 45 second message
• 25 GPU cluster
• pirate bay uk proxy shuts down• New proxies rush to fill gap
• skype silence tunnel• Like Kaminsky DNS only quieter
• Hacker hides in Cat Collar
• Concealed malware storage ala MIB
Holes / Hacking
• freebsd servers breached– no evidence of modifications
• google to scan and block silent chrome extensions, no auto-install
• ubuntu for smartphones
• Google to disband 3LM??
• Dell to buy credent.
• bluecoat to buy crossbeam
• apple stumbles in patent foo
• Quantum Spin Liquid (QSL), new communications in the future?
• Google removed 50 mil links
• Stallman "apple is your enemy"
• FB actually protects data for once
Corp
• google fined for ignoring safari privacy
• Singapore updates computer law
• digital search and 4th amendment• FTK KFF (known file filter) feature pulling data not related to the warrent
• Mckinson not charged in britian
• TX teen fights and loses battle against rfid enabled school badge
Legal
• SANS Reading Room– anonymous browsing
– PDF obsfucation
– exploiting embeeded devices
– analyzing pcaps
– using bro ids
• Dutch disclousre guide• http://news.hitb.org/content/dutch-government-publishes-security-flaw-disclosure-guide
• Forensics in win8• http://resources.infosecinstitute.com/forensic-analysis-windows-8/
• Malware Analysis in Windows CLI• http://resources.infosecinstitute.com/command-line-for-windows-malware-analysis-forensics-part-i/
• nmap NSE• http://resources.infosecinstitute.com/nmap-scripting-engine-categories
Papers
• Gggooglescan – autmated google scraper
• PCI risk assessment guidancehttps://www.pcisecuritystandards.org/documents/PCI_DSS_Risk_Assmt_Guidelines_v1.pdf
• NIST final crpyto draft SP 800-38F• NIST secure cloud for comments Draft IR 7904
• SNORT mirror traffic on home routers• https://s3.amazonaws.com/snort-org/www/assets/217/Mirror_Traffic_With_Home_Router.pdf
• SNORT DAQs• https://www.sans.org/reading_room/whitepapers/detection/analysis-snort-data-acquisition-modules_34027
• FCC smart phone security checklist• http://news.hitb.org/content/fcc-unveils-smartphone-security-checklist
Papers
• Hashcat
• elcomsoft pgp / trucrypt cracker
• Yara – rule based malware detection
• Cuckoo update 0.5
• NIST software reference library
• http://www.nsrl.nist.gov/
• http://soldierx.com/•
tools
CON Eventszero nights in russiahttp://2012.zeronights.org/
CCChttps://isc.sans.edu/diary.html?storyid=14803&rss
ccc - dementia anti-forensicshttp://events.ccc.de/congress/2012/Fahrplan/events/5301.en.html
general CCChttps://www.securelist.com/en/blog/208194065/29c3_Hamburg_DE
forensics challangehttps://www.honeynet.org/challenges/2012_13_message_picture