Embed Size (px)
Citation preview
PREVIOUS GNEWS
– MS12-043 - Microsoft XML Core Services, Remote Execution– MS12-044 - Cumulative Security Update for Internet Explorer– MS12-045 - Microsoft Data Access Components, Remote Execution– MS12-046 - Visual Basic for Applications, Remote Execution– MS12-047 - Windows Kernel-Mode Drivers, Privilege Elevation– MS12-048 - Windows Shell, Remote Execution – MS12-049 - TLS, Information Disclosure – MS12-050 - SharePoint, Privilege Elevation – MS12-051 - Microsoft Office for Mac, Privilege Elevation
• 9 Patches – 3 Critical – 14 CVEs
• Affected – SharePoint, TLS, VB, Mac, Windows
Other updates, MSRT, Defender Definitions, Junk Mail Filter
Patch Tuesday
• Oracle, due out 17 July
• Adobe– none
• Apple,– none
• Cisco– Multiple vulns ASA– Multiple vulns AnyConnect– Multiple vulns WebEx– Multiple vulns TelePresense
Holes / Patches
• Metsploit, plugin for cve-2012-1889 (MS xml core services)
• Intel CPU hardware vulnerable to privilege escalation
• UGNazi claims responsibility for twitter outage
• VUOpen claims serious 0-day, not sharing
• BMW keyless hacked in sub 3 min, theft rises in EU
• Hackerrank.com
Hacking
• Global Payments, it’s bigger then first thought
• NSA– can’t fulfill information requests, it would violate your privacy to tell you
• Exodus Intelligence bug bounty start up– Former tippingpoint kids
• MegaUpload Data, Feds say users must pay to recover
• PayPal to start bug bounty
• Sophos details FaceBook abuse reporting porcess
• UN not taking over internets, just wants to help isp
• Apple to start doing daily updates for Mac
Corp
• Apple data dejavue, siri creates voice prints, unknown retentions
• eEye bought by BeyondTrust
• Google transparency reports.– https://www.google.com/transparencyreport/
• Twitter creates transparency report– US Govt #1 requestor
Corp
• US Senate proposes national breach notification law
• Cable modem hacker, Ryan Harris, gets 3 yrs
• EU wants all cars to hone home in emergency by 2015
• DNS Change replacement server takedown– Nothing happened, now be quiet
• EU rejects anti-counterfeiting trade agreement
• US backs limitations on copyright law
• Kim Dotcom offers to come to US, if govt releases money– “Hey DOJ, we will go to the US,” Dotcom declared on Twitter on Wednesday. “No
need for extradition. We want bail, funds unfrozen for lawyers & living expenses.”
Legal
jsdetoxhttp://www.relentless-coding.com/projects/jsdetox
volatilityhttps://www.volatilesystems.com/default/volatility/
duqu scannerhttps://github.com/halsten/Duqu-detectors
collusion chrome and safari update 1.6.0firefox 0.16.3
https://blog.disconnect.me/new-versions-of-collusion
random collectionhttp://bestprivacytools.com/
tools
Papers• fix protocol
https://www.sans.org/reading_room/whitepapers/testing/exploiting-financial-information-exchange-fix-protocol_33964
• scapyhttps://www.sans.org/reading_room/whitepapers/detection/ip-fragment-reassembly-scapy_33969
CON EventsDefCon 20
https://www.defcon.org/
All images scavenged without permission
All images scavenged without permission
