previous gnews
DESCRIPTION
PREVIOUS GNEWS. Patch Tuesday. 6 Patches – 1 Critical – 7 CVEs Affected – Kernel, SQL, Kerberos, Word, HTML, SharePoint Other updates, MSRT, Defender Definitions, Junk Mail Filter. MS12-064Microsoft Word,Remote Code Execution - PowerPoint PPT PresentationTRANSCRIPT
PR
EV
IOU
S G
NEW
S
• 6 Patches – 1 Critical – 7 CVEs
• Affected – Kernel, SQL, Kerberos, Word, HTML, SharePoint
Other updates, MSRT, Defender Definitions, Junk Mail Filter
– MS12-064 Microsoft Word,Remote Code Execution– MS12-066 HTML Sanitization Component, Elevation of Privilege– MS12-067 FAST Search Server 2010 for SharePoint Parsing, Remote
Code Execution– MS12-068 Windows Kernel, Elevation of Privilege– MS12-069 Kerberos, Denial of Service– MS12-070 SQL Server, Elevation of Privilege
Patch Tuesday
• Oracle due 16 Oct 2012
• Adobe– APSB12-16 Adobe Flash Player (25 cves)
• Apple,– iOS 6– OSX 10.8.2 and 10.7.5– Safar 6.0.1– OSX Server 2.1.1– Apple TV 5.1
• Cisco– ASA– WebEX– IOS
Holes / Patches
• Chrome gets DNT
• VMWare vCenter Operations, CapacityIQ, Movie Decoder
• C&C Servers using TOR
• Nitol Botnet preinstalled on windows
• Ie 0-day
• SPDY at ekoparty (tls compression protocol)
• Blackhole 2.0
• Hacking Banking Phone Systems
Holes / Hacking
• Malware written in google go
• Iran vs Banks???
• Apple does maps better
• NFC and Transit systems at EU Sec West
• More java foo
• Another Symantec code leak (norton utilities 2006)
• Adobe and code signing, oops
• Infected phpmyadmin distro on sourceforge
• Twitter hi-jaking
Holes / Hacking
• PCI rules for mobile released
• Oct is Cyber Security Awareness Month
• NIST grants grants to 5 security start-ups
• Android SIM Wipers, its not just for Samsung anymore
• White House Breached?
• SHA-3 protocol selected
Corp
• Twitter discloses protester tweets
• TX Schools ad tracker to IDs
• FIPS makes things less secure, yes?
• Phillipines bans cyber sex
• Phillipines cyber crime law on hold
• New Zealand requests inquiry on mega upload wiretapping
• License Plate Scanners
• Social snooping needs no warrant
• Warrants required for email / cell tracking
Legal
• PCI mobile payment guidelineshttps://www.pcisecuritystandards.org/documents/Mobile%20Payment%20Security%20Guidelines%20v1%200.pdf
• IBM reporthttp://public.dhe.ibm.com/common/ssi/ecm/en/wgl03014usen/WGL03014USEN.PDF
• imperva ddos reporthttp://www.imperva.com/docs/HII_Denial_of_Service_Attacks-Trends_Techniques_and_Technologies.pdfand morehttp://www.imperva.com/resources/overview.html
• Infosecinsitute.comhttp://resources.infosecinstitute.com/
• Security categorieshttp://resources.infosecinstitute.com/security-categories/
• place raiderhttp://arxiv.org/pdf/1209.5982v1.pdf
Papers
• RTFScan (rich text file scanner)
• Malwarehouse (malware collection)
• 3d printer
• secure messages
• Exploitshield (browser plugin)
• security onion 12.04
• cookie cadger
• porting droid tp the hp touch pad
tools
WTF
• eurpopean facebook face recon suspended
• ITIF rejects dnt settings
• FB and datalogix
• wow cities killed off
CON Events
bsides Dallas Nov 3
jailbreak con
derby con HDMoore internet scan
HITBKUL
e street at derby
All images scavenged without permission
All images scavenged without permission