. Apr - 8 Patches – 2 Critical - 45 CVEs MS15-056 - Cumulative Security Update for IE, Remote Code...
-
Upload
jasper-lawrence -
Category
Documents
-
view
221 -
download
0
Transcript of . Apr - 8 Patches – 2 Critical - 45 CVEs MS15-056 - Cumulative Security Update for IE, Remote Code...
![Page 1: . Apr - 8 Patches – 2 Critical - 45 CVEs MS15-056 - Cumulative Security Update for IE, Remote Code MS15-057 - Windows Media Player, Remote.](https://reader036.fdocuments.in/reader036/viewer/2022062304/56649d9c5503460f94a843cd/html5/thumbnails/1.jpg)
![Page 2: . Apr - 8 Patches – 2 Critical - 45 CVEs MS15-056 - Cumulative Security Update for IE, Remote Code MS15-057 - Windows Media Player, Remote.](https://reader036.fdocuments.in/reader036/viewer/2022062304/56649d9c5503460f94a843cd/html5/thumbnails/2.jpg)
• Apr - 8 Patches – 2 Critical - 45 CVEs
• MS15-056 - Cumulative Security Update for IE, Remote Code
• MS15-057 - Windows Media Player, Remote Code
• MS15-059 - Office, Remote Code
• MS15-060 - Common Controls, Remote Code
• MS15-061 - Kernel-Mode Drivers, Privilege Escalation
• MS15-062 - ADFS, Privilege Escalation
• MS15-063 - Windows Kernel, Privilege Escalation
• MS15-064 - Exchange, Privilege Escalation
Other updates, MSRT, Defender Definitions, Junk Mail Filter
Patch Tuesday
![Page 3: . Apr - 8 Patches – 2 Critical - 45 CVEs MS15-056 - Cumulative Security Update for IE, Remote Code MS15-057 - Windows Media Player, Remote.](https://reader036.fdocuments.in/reader036/viewer/2022062304/56649d9c5503460f94a843cd/html5/thumbnails/3.jpg)
• MS15-011 GPO still vulnerable?
• Just when you thought you could trust MS• Embedded C&C address on TechNet
• MS adds search protection to malware attributes
• Windows 10 and Edge features• MemGC (Memory Garbage Collection), use-after-free defense• CFG (Control Flow Guard), jump governer• EPM (Enhanced Protected Mode) – app container sandbox• "Thus Microsoft Edge provides no support for VML, VB Script, Toolbars, BHOs, or ActiveX."
--- points to html5
• win10 sec features• App Store vetting• ‘Windows Hello’, biometric auth• ‘Device Guard’, non signed application blocking• Passport, two-factor-ish??
• PFS comes to Windows via Update 3042058
• SSH comes to Powershell
Mo’ M
icro’
![Page 4: . Apr - 8 Patches – 2 Critical - 45 CVEs MS15-056 - Cumulative Security Update for IE, Remote Code MS15-057 - Windows Media Player, Remote.](https://reader036.fdocuments.in/reader036/viewer/2022062304/56649d9c5503460f94a843cd/html5/thumbnails/4.jpg)
• Oracle– 14 Jul
• Adobe– APSB15-11 Flash Player (13 CVE)
• Apple– The Good
• Watch OS 1.01 (13 CVE)
– The Bad• Apple Watch, 1 second window• iPhone string DoS• apple suspend resume flaw
• Pidgin, multiple vulns
• Cisco– TelePresence– FireSSIGHT
• VMWare– VMSA-2015-0004 Fusion and Horizon
View (7 CVE)
• VirtualBox Patch for Venom
Holes / Patches
![Page 5: . Apr - 8 Patches – 2 Critical - 45 CVEs MS15-056 - Cumulative Security Update for IE, Remote Code MS15-057 - Windows Media Player, Remote.](https://reader036.fdocuments.in/reader036/viewer/2022062304/56649d9c5503460f94a843cd/html5/thumbnails/5.jpg)
• Google App Engine• Android address bar spoof• Android reset exposes data
• Plane hacks not only in lab• CSFR in wind turbines• Mass car lock disruption• IM-ME hacks all the garages
• trojanized putty in wild
• Logjam - another ssl vuln
• GiftCard race conditions and eternal hate toward notification
• NetUSB on soho routers vuln• soho csrf via dns• dlink storage
• Linux.Moose• mumblehard - linux/freebsd
• NitlovePOS via spam campaigns
• ransomware auth, drops keys• tox SaaS ransomware
• stegpsploit
• keybase
• Drug pump update, can change dosage
Hacking
![Page 6: . Apr - 8 Patches – 2 Critical - 45 CVEs MS15-056 - Cumulative Security Update for IE, Remote Code MS15-057 - Windows Media Player, Remote.](https://reader036.fdocuments.in/reader036/viewer/2022062304/56649d9c5503460f94a843cd/html5/thumbnails/6.jpg)
• Penn State disconnects after china attack
• AFF Hacked– Politicians called out
• IRS breach
• FF Smart TV
• Uber, plaintext passwd via email
• NYXBT - bitcoin index
• Dynamic CVV??
• Hyundai offers android in car
• Threat intel and the lie of sharing
• PaloAlto buys CirroCecure
• Hot Topic buys Thinkgeek
• Nokia to buy Alcatel/Lucent
• Google attempts to address excessive app permissions
• Intel joins FIDO alliance
• FB PGP
• FB forces sha2 after oct 1
• Ikea to sell "hacking kits"
• Tesla bug bounty
Corp
![Page 7: . Apr - 8 Patches – 2 Critical - 45 CVEs MS15-056 - Cumulative Security Update for IE, Remote Code MS15-057 - Windows Media Player, Remote.](https://reader036.fdocuments.in/reader036/viewer/2022062304/56649d9c5503460f94a843cd/html5/thumbnails/7.jpg)
• Security as munitions redux - Wassenaar Agreement, bad mod to CFAA– "Specifically, the BIS proposal seeks to regulate and control the export of what it calls intrusion software..."
• bye-bye bug bounties, hello wassenaar
• Anti-SLAPP Bill
• VA state launches car hacking project
• CA County sheriff like the stingray
• 215 not reauthorized
• California bitcoin bill
• OPM breach, 4 mil feds
Govt
![Page 8: . Apr - 8 Patches – 2 Critical - 45 CVEs MS15-056 - Cumulative Security Update for IE, Remote Code MS15-057 - Windows Media Player, Remote.](https://reader036.fdocuments.in/reader036/viewer/2022062304/56649d9c5503460f94a843cd/html5/thumbnails/8.jpg)
IEEE Medical Guidancehttps://threatpost.com/researchers-ieee-release-medical-device-security-guidelines/112885
Federal Regulations on Energy Gridhttp://www.securityorb.com/the-impact-of-federal-regulations-on-the-information-assurance-of-the-north-american-
electrical-energy-grid/
http://www.securityorb.com/the-impact-of-federal-regulations-on-the-information-assurance-of-the-north-american-electrical-energy-grid-part-2-of-2/
no more passwd crackinghttps://www.meshekah.com/research/publications_files/tr_ersatz_passwords.pdf
IC3 crime reporthttp://www.fbi.gov/news/news_blog/2014-ic3-annual-report
maturity modelhttps://www.sans.org/reading-room/whitepapers/modeling/improving-detection-prevention-response-security-maturity-
modeling-35985
ponemon breach cost studyhttp://public.dhe.ibm.com/common/ssi/ecm/se/en/sew03053wwen/SEW03053WWEN.PDF
Papers
![Page 9: . Apr - 8 Patches – 2 Critical - 45 CVEs MS15-056 - Cumulative Security Update for IE, Remote Code MS15-057 - Windows Media Player, Remote.](https://reader036.fdocuments.in/reader036/viewer/2022062304/56649d9c5503460f94a843cd/html5/thumbnails/9.jpg)
Subway dye sprayer
http://www.wearealwayslistening.com/
Slow crime day? Soctland Yard frets xfiles
WT
F!?
![Page 10: . Apr - 8 Patches – 2 Critical - 45 CVEs MS15-056 - Cumulative Security Update for IE, Remote Code MS15-057 - Windows Media Player, Remote.](https://reader036.fdocuments.in/reader036/viewer/2022062304/56649d9c5503460f94a843cd/html5/thumbnails/10.jpg)
Tools
DataAppmobile data sniffer
PTFpentesters framework
openOCD 0.9.0debugger
Intercept launches firstlook.org open code repo
AutoCanary
PDF Redact Tools
![Page 11: . Apr - 8 Patches – 2 Critical - 45 CVEs MS15-056 - Cumulative Security Update for IE, Remote Code MS15-057 - Windows Media Player, Remote.](https://reader036.fdocuments.in/reader036/viewer/2022062304/56649d9c5503460f94a843cd/html5/thumbnails/11.jpg)
HITB Amsterdam
PeopleSoft
Information Warfare Summit (IWS) 7 Oct 2015 OKC
shomecon
ThotCon 0x6
PenTest Austin (SANS)
Cons Past
![Page 12: . Apr - 8 Patches – 2 Critical - 45 CVEs MS15-056 - Cumulative Security Update for IE, Remote Code MS15-057 - Windows Media Player, Remote.](https://reader036.fdocuments.in/reader036/viewer/2022062304/56649d9c5503460f94a843cd/html5/thumbnails/12.jpg)
• DefCon 23 6 – 9 Aug
• SCADA Nexus 2-3 Sep
• Hacker Halted 13 Sep
• DerbyCon23-27 Sep
• IT Security one2one Summit 4-6 Oct
• Root-66 3 Nov
• B-Sides DFW TBD
Cons Future
![Page 13: . Apr - 8 Patches – 2 Critical - 45 CVEs MS15-056 - Cumulative Security Update for IE, Remote Code MS15-057 - Windows Media Player, Remote.](https://reader036.fdocuments.in/reader036/viewer/2022062304/56649d9c5503460f94a843cd/html5/thumbnails/13.jpg)
DHA( 1st Wednesday / Tavern on Main, richardson )
TX2600( 1st Fri / Wild Turkey 35&WalnutHill, dallas )
(1st Fri / 1418 Coffeehouse, plano)
The Lab.MS( 2nd Monday / varies, plano )
Crypto Party( 3rd Thursday / Improving Enterprises, addison )
NAISG( 4th Thursday / CrossPointe Theatre, carrollton )
LockPick DFW( Last Monday / looking for new spot, dallas )
Dallas MakerSpaceRandom / carrollton
Local
![Page 14: . Apr - 8 Patches – 2 Critical - 45 CVEs MS15-056 - Cumulative Security Update for IE, Remote Code MS15-057 - Windows Media Player, Remote.](https://reader036.fdocuments.in/reader036/viewer/2022062304/56649d9c5503460f94a843cd/html5/thumbnails/14.jpg)
All images scavenged without permission
All images scavenged without permission