Dec/Jan News
Download
Report
Transcript Dec/Jan News
PREVIOUS
GNEWS
Patch
•
•
•
•
•
•
•
•
•
•
Tuesday
Oct - 8 Patches – 1 Critical - 8 CVEs
MS15-001 - Windows Application Compatibility Cache, Privilege
Escalation
MS15-002 - Windows Telnet Service, Remote Code
MS15-003 - Windows User Profile Service, Privilege Escalation
MS15-004 - Windows Components, Privilege Escalation
MS15-005 - Network Location Awareness Service, Security Bypass
MS15-006 - Windows Error Reporting, Security Bypass
MS15-007 - Network Policy Server RADIUS Implementation, DoS
MS15-008 - Windows Kernel-Mode Driver, Privilege Escalation
Other updates, MSRT, Defender Definitions, Junk Mail Filter
Holes / Patches
• Oracle
– Due out 20 Jan 2015
• Adobe
– APSB15-01 – Flash Player
• Apple,
–
–
–
–
iOS 8.1.2
Safari 8.0.2
Xcode 6.2 beta 3
OS X NTP
• Cisco
– ISB8320-E High-Definition IP-Only
DVR, Remote Auth
– Mearki, multi vuln
– ASA – syslog leak
– Jabber Guest Server – multi vuln
• VMWare
– VMSA-2014-0014 - AirWatch
•
•
VPN bypass for NetFlix Regions
NetFlix Denies proxy crack down
•
UEFI, ByPass Secure Boot and more
•
•
Google Drops 8.1/Word 0-day
MS drops call for better disclosure
•
•
Google shreds Aviator broswer
White Hat Security responds
–
•
“Advising users to not use Aviator misses the bigger picture.”
Google to stop patching Webview
–
Use alternate browser or full ROM
•
UDP Braodcast = Root Execution on Asus Routers
•
Multiple 0-days for Corel titles
•
Schneider patches Wonderware SCADA server
Hacking
•
8 patches for OpenSSL
•
2,4Ghz Wireless Keyboard Sniffer
•
New ATM hack “black-box”
–
Requirs physical access
•
New variant of CryptoWall
•
SilkRoad Reloaded
–
It’s not just for Tor anymore
•
Skeletonkey - ByPass AD
•
Inception Framework
–
RAM only, polymorphic
•
RedStar OS
•
PenToo RC3.7
Hacking
•
BitStamp Off-line Post breach
•
Box Inc IPO
•
Cyber is Physical – German steel mill damaged
•
XBox One SDK Leaked
•
mini board roundup
–
–
–
–
–
–
–
–
–
86Duino
A10-OLinuXino-Lime
Arduino TRE
Banana Pi
BPi D1
HummingBoard-i1
Odroid-C1
Orange P
pcDuino3 Nano
Corp
•
New DoJ ‘Cyber Security Unit’
•
Feds Hate Security, esp. encryption
•
North Korean Sanctions
•
CentCom twitter hacked
•
New Jersey requires insurance providers to encrypt
•
G Chill
•
UK Draft Communications Data Bill “Snoopers Charter”
•
National Standard for Breach Notifications?
–
EFF and Krebs have good comments against proposal
•
•
All the Patriots Are Dead
or how some pieces of the patriot act expire in 2015
•
NK ‘Glorious Leader’ game developer hacked
Govt
data collection via twitter
http://resources.infosecinstitute.com/intelligence-information-gathering-collecting-twitterfollowers-25-lines-python
AIX for Pentesters
McCain's security bill
https://www.congress.gov/bill/112th-congress/senate-bill/3342
Global Chilling
http://pen.org/global-chill
Hacking Point of Sale - Slava Gomzine
Papers
https://www.sans.org/reading-room/whitepapers/unix/aix-penetration-testers-35672
http://www.amazon.co.uk/Hacking-Point-Sale-Application-Solutions/dp/1118810112
MS14-068 to Full Compromise – Step by Step
https://www.trustedsec.com/december-2014/ms14-068-full-compromise-step-step/
Improve mac scanning for ssh
http://www.securityorb.com/delayed-slow-ssh-connection-mac-os-x-systems-fix
project artillery
Threat Intell
Apple brute forcer
Tools
Openwall 3.1
wifiwhisperer
Automate phishing
powersploit
script collection
GitRob
automated git search
EFF Mobil App
News feed (not on iPhone)
•
CCC – Copy finger prints from a photo
•
CCC – Mac BootKit
•
Encryption
•
•
Privacy / Rights
•
•
•
Tor
Automobiles
But wait there’s more…..
CCC – 2014 Videos http://media.ccc.de/browse/congress/2014/
•
CCC – PodCast chaosradio.ccc.de
•
•
•
Shmoo
16-18 Jan
Dallas Tech-Security Conference
22 Jan
Darknet and the primordial soup of Cyber Crime
•
•
B-Sides Austin 12 – 13 Mar
•
CanSecWest
10 – 12 Apr
InfoSec Southwest
•
B-Sides Nashville
11 Apr
•
B-Sides San Antonio
? May
•
•
18 - 20 Mar
ThotCon 0x6
14 – 15 May
PenTest Austin (SANS)
•
DefCon 23
18 – 23 May
6 – 9 Aug
12 Feb
DHA
( 1st Wednesday / looking for new spot, plano )
TX2600
( 1st Fri / Wild Turkey 35&WalnutHill, dallas )
(1st Fri / 1418 Coffeehouse, plano)
The Lab.MS
( 2nd Monday / varies, plano )
Crypto Party
( 3rd Thursday / Improving Enterprises, addison )
NAISG
( 4th Thursday / CrossPointe Theatre, carrollton )
LockPick DFW
( Last Monday / looking for new spot, dallas )
Dallas MakerSpace
Random / carrollton
Local
All images scavenged without permission
All images scavenged without permission