Embed Size (px)
Citation preview
• Apr - 8 Patches – 2 Critical - 45 CVEs
• MS15-056 - Cumulative Security Update for IE, Remote Code
• MS15-057 - Windows Media Player, Remote Code
• MS15-059 - Office, Remote Code
• MS15-060 - Common Controls, Remote Code
• MS15-061 - Kernel-Mode Drivers, Privilege Escalation
• MS15-062 - ADFS, Privilege Escalation
• MS15-063 - Windows Kernel, Privilege Escalation
• MS15-064 - Exchange, Privilege Escalation
Other updates, MSRT, Defender Definitions, Junk Mail Filter
Patch Tuesday
• MS15-011 GPO still vulnerable?
• Just when you thought you could trust MS• Embedded C&C address on TechNet
• MS adds search protection to malware attributes
• Windows 10 and Edge features• MemGC (Memory Garbage Collection), use-after-free defense• CFG (Control Flow Guard), jump governer• EPM (Enhanced Protected Mode) – app container sandbox• "Thus Microsoft Edge provides no support for VML, VB Script, Toolbars, BHOs, or ActiveX."
--- points to html5
• win10 sec features• App Store vetting• ‘Windows Hello’, biometric auth• ‘Device Guard’, non signed application blocking• Passport, two-factor-ish??
• PFS comes to Windows via Update 3042058
• SSH comes to Powershell
Mo’ M
icro’
• Oracle– 14 Jul
• Adobe– APSB15-11 Flash Player (13 CVE)
• Apple– The Good
• Watch OS 1.01 (13 CVE)
– The Bad• Apple Watch, 1 second window• iPhone string DoS• apple suspend resume flaw
• Pidgin, multiple vulns
• Cisco– TelePresence– FireSSIGHT
• VMWare– VMSA-2015-0004 Fusion and Horizon
View (7 CVE)
• VirtualBox Patch for Venom
Holes / Patches
• Google App Engine• Android address bar spoof• Android reset exposes data
• Plane hacks not only in lab• CSFR in wind turbines• Mass car lock disruption• IM-ME hacks all the garages
• trojanized putty in wild
• Logjam - another ssl vuln
• GiftCard race conditions and eternal hate toward notification
• NetUSB on soho routers vuln• soho csrf via dns• dlink storage
• Linux.Moose• mumblehard - linux/freebsd
• NitlovePOS via spam campaigns
• ransomware auth, drops keys• tox SaaS ransomware
• stegpsploit
• keybase
• Drug pump update, can change dosage
Hacking
• Penn State disconnects after china attack
• AFF Hacked– Politicians called out
• IRS breach
• FF Smart TV
• Uber, plaintext passwd via email
• NYXBT - bitcoin index
• Dynamic CVV??
• Hyundai offers android in car
• Threat intel and the lie of sharing
• PaloAlto buys CirroCecure
• Hot Topic buys Thinkgeek
• Nokia to buy Alcatel/Lucent
• Google attempts to address excessive app permissions
• Intel joins FIDO alliance
• FB PGP
• FB forces sha2 after oct 1
• Ikea to sell "hacking kits"
• Tesla bug bounty
Corp
• Security as munitions redux - Wassenaar Agreement, bad mod to CFAA– "Specifically, the BIS proposal seeks to regulate and control the export of what it calls intrusion software..."
• bye-bye bug bounties, hello wassenaar
• Anti-SLAPP Bill
• VA state launches car hacking project
• CA County sheriff like the stingray
• 215 not reauthorized
• California bitcoin bill
• OPM breach, 4 mil feds
Govt
IEEE Medical Guidancehttps://threatpost.com/researchers-ieee-release-medical-device-security-guidelines/112885
Federal Regulations on Energy Gridhttp://www.securityorb.com/the-impact-of-federal-regulations-on-the-information-assurance-of-the-north-american-
electrical-energy-grid/
http://www.securityorb.com/the-impact-of-federal-regulations-on-the-information-assurance-of-the-north-american-electrical-energy-grid-part-2-of-2/
no more passwd crackinghttps://www.meshekah.com/research/publications_files/tr_ersatz_passwords.pdf
IC3 crime reporthttp://www.fbi.gov/news/news_blog/2014-ic3-annual-report
maturity modelhttps://www.sans.org/reading-room/whitepapers/modeling/improving-detection-prevention-response-security-maturity-
modeling-35985
ponemon breach cost studyhttp://public.dhe.ibm.com/common/ssi/ecm/se/en/sew03053wwen/SEW03053WWEN.PDF
Papers
Subway dye sprayer
http://www.wearealwayslistening.com/
Slow crime day? Soctland Yard frets xfiles
WT
F!?
Tools
DataAppmobile data sniffer
PTFpentesters framework
openOCD 0.9.0debugger
Intercept launches firstlook.org open code repo
AutoCanary
PDF Redact Tools
HITB Amsterdam
PeopleSoft
Information Warfare Summit (IWS) 7 Oct 2015 OKC
shomecon
ThotCon 0x6
PenTest Austin (SANS)
Cons Past
• DefCon 23 6 – 9 Aug
• SCADA Nexus 2-3 Sep
• Hacker Halted 13 Sep
• DerbyCon23-27 Sep
• IT Security one2one Summit 4-6 Oct
• Root-66 3 Nov
• B-Sides DFW TBD
Cons Future
DHA( 1st Wednesday / Tavern on Main, richardson )
TX2600( 1st Fri / Wild Turkey 35&WalnutHill, dallas )
(1st Fri / 1418 Coffeehouse, plano)
The Lab.MS( 2nd Monday / varies, plano )
Crypto Party( 3rd Thursday / Improving Enterprises, addison )
NAISG( 4th Thursday / CrossPointe Theatre, carrollton )
LockPick DFW( Last Monday / looking for new spot, dallas )
Dallas MakerSpaceRandom / carrollton
Local
All images scavenged without permission
All images scavenged without permission
