PR

EV

IOU

S G

NEW

S

• 6 Patches – 1 Critical – 7 CVEs

• Affected – Kernel, SQL, Kerberos, Word, HTML, SharePoint

Other updates, MSRT, Defender Definitions, Junk Mail Filter

– MS12-064 Microsoft Word,Remote Code Execution– MS12-066 HTML Sanitization Component, Elevation of Privilege– MS12-067 FAST Search Server 2010 for SharePoint Parsing, Remote

Code Execution– MS12-068 Windows Kernel, Elevation of Privilege– MS12-069 Kerberos, Denial of Service– MS12-070 SQL Server, Elevation of Privilege

Patch Tuesday

• Oracle due 16 Oct 2012

• Adobe– APSB12-16 Adobe Flash Player (25 cves)

• Apple,– iOS 6– OSX 10.8.2 and 10.7.5– Safar 6.0.1– OSX Server 2.1.1– Apple TV 5.1

• Cisco– ASA– WebEX– IOS

Holes / Patches

• Chrome gets DNT

• VMWare vCenter Operations, CapacityIQ, Movie Decoder

• C&C Servers using TOR

• Nitol Botnet preinstalled on windows

• Ie 0-day

• SPDY at ekoparty (tls compression protocol)

• Blackhole 2.0

• Hacking Banking Phone Systems

Holes / Hacking

• Malware written in google go

• Iran vs Banks???

• Apple does maps better

• NFC and Transit systems at EU Sec West

• More java foo

• Another Symantec code leak (norton utilities 2006)

• Adobe and code signing, oops

• Infected phpmyadmin distro on sourceforge

• Twitter hi-jaking

Holes / Hacking

• PCI rules for mobile released

• Oct is Cyber Security Awareness Month

• NIST grants grants to 5 security start-ups

• Android SIM Wipers, its not just for Samsung anymore

• White House Breached?

• SHA-3 protocol selected

Corp

• Twitter discloses protester tweets

• TX Schools ad tracker to IDs

• FIPS makes things less secure, yes?

• Phillipines bans cyber sex

• Phillipines cyber crime law on hold

• New Zealand requests inquiry on mega upload wiretapping

• License Plate Scanners

• Social snooping needs no warrant

• Warrants required for email / cell tracking

Legal

• PCI mobile payment guidelineshttps://www.pcisecuritystandards.org/documents/Mobile%20Payment%20Security%20Guidelines%20v1%200.pdf

• IBM reporthttp://public.dhe.ibm.com/common/ssi/ecm/en/wgl03014usen/WGL03014USEN.PDF

• imperva ddos reporthttp://www.imperva.com/docs/HII_Denial_of_Service_Attacks-Trends_Techniques_and_Technologies.pdfand morehttp://www.imperva.com/resources/overview.html

• Infosecinsitute.comhttp://resources.infosecinstitute.com/

• Security categorieshttp://resources.infosecinstitute.com/security-categories/

• place raiderhttp://arxiv.org/pdf/1209.5982v1.pdf

Papers

• RTFScan (rich text file scanner)

• Malwarehouse (malware collection)

• 3d printer

• secure messages

• Exploitshield (browser plugin)

• security onion 12.04

• cookie cadger

• porting droid tp the hp touch pad

tools

WTF

• eurpopean facebook face recon suspended

• ITIF rejects dnt settings

• FB and datalogix

• wow cities killed off

CON Events

bsides Dallas Nov 3

jailbreak con

derby con HDMoore internet scan

HITBKUL

e street at derby

All images scavenged without permission

All images scavenged without permission