GNEWS%20PREVIOUS - PowerPoint PPT Presentation

About This Presentation
Title:

GNEWS%20PREVIOUS

Description:

PFS comes to Windows via Update 3042058 SSH comes to Powershell Mo Micro Oracle 14 Jul Adobe ... not reauthorized California bitcoin bill OPM ... – PowerPoint PPT presentation

Number of Views:156
Avg rating:3.0/5.0
Slides: 15
Provided by: dc2125
Learn more at: https://www.dc214.org
Category:

less

Transcript and Presenter's Notes

Title: GNEWS%20PREVIOUS


1
GNEWS PREVIOUS
2
Patch Tuesday
  • Apr - 8 Patches 2 Critical - 45 CVEs
  • MS15-056 - Cumulative Security Update for IE,
    Remote Code
  • MS15-057 - Windows Media Player, Remote Code
  • MS15-059 - Office, Remote Code
  • MS15-060 - Common Controls, Remote Code
  • MS15-061 - Kernel-Mode Drivers, Privilege
    Escalation
  • MS15-062 - ADFS, Privilege Escalation
  • MS15-063 - Windows Kernel, Privilege Escalation
  • MS15-064 - Exchange, Privilege Escalation
  • Other updates, MSRT, Defender Definitions, Junk
    Mail Filter

3
  • MS15-011 GPO still vulnerable?
  • Just when you thought you could trust MS
  • Embedded CC address on TechNet
  • MS adds search protection to malware attributes
  • Windows 10 and Edge features
  • MemGC (Memory Garbage Collection), use-after-free
    defense
  • CFG (Control Flow Guard), jump governer
  • EPM (Enhanced Protected Mode) app container
    sandbox
  • "Thus Microsoft Edge provides no support for VML,
    VB Script, Toolbars, BHOs, or ActiveX." ---
    points to html5
  • win10 sec features
  • App Store vetting
  • Windows Hello, biometric auth
  • Device Guard, non signed application blocking
  • Passport, two-factor-ish??
  • PFS comes to Windows via Update 3042058

Mo Micro
4
Holes / Patches
  • Oracle
  • 14 Jul
  • Adobe
  • APSB15-11 Flash Player (13 CVE)
  • Apple
  • The Good
  • Watch OS 1.01 (13 CVE)
  • The Bad
  • Apple Watch, 1 second window
  • iPhone string DoS
  • apple suspend resume flaw
  • Pidgin, multiple vulns
  • Cisco
  • TelePresence
  • FireSSIGHT
  • VMWare
  • VMSA-2015-0004 Fusion and Horizon View (7 CVE)
  • VirtualBox Patch for Venom

5
  • Google App Engine
  • Android address bar spoof
  • Android reset exposes data
  • Plane hacks not only in lab
  • CSFR in wind turbines
  • Mass car lock disruption
  • IM-ME hacks all the garages
  • trojanized putty in wild
  • Logjam - another ssl vuln
  • GiftCard race conditions and eternal hate toward
    notification
  • NetUSB on soho routers vuln
  • soho csrf via dns
  • dlink storage

Hacking
6
  • Penn State disconnects after china attack
  • AFF Hacked
  • Politicians called out
  • IRS breach
  • FF Smart TV
  • Uber, plaintext passwd via email
  • NYXBT - bitcoin index
  • Dynamic CVV??
  • Hyundai offers android in car
  • Threat intel and the lie of sharing
  • PaloAlto buys CirroCecure

Corp
7
Govt
  • Security as munitions redux - Wassenaar
    Agreement, bad mod to CFAA
  • "Specifically, the BIS proposal seeks to regulate
    and control the export of what it calls intrusion
    software..."
  • bye-bye bug bounties, hello wassenaar
  • Anti-SLAPP Bill
  • VA state launches car hacking project
  • CA County sheriff like the stingray
  • 215 not reauthorized
  • California bitcoin bill
  • OPM breach, 4 mil feds

8
  • IEEE Medical Guidance
  • https//threatpost.com/researchers-ieee-release-me
    dical-device-security-guidelines/112885
  • Federal Regulations on Energy Grid
  • http//www.securityorb.com/the-impact-of-federal-r
    egulations-on-the-information-assurance-of-the-nor
    th-american-electrical-energy-grid/
  • http//www.securityorb.com/the-impact-of-federal-r
    egulations-on-the-information-assurance-of-the-nor
    th-american-electrical-energy-grid-part-2-of-2/
  • no more passwd cracking
  • https//www.meshekah.com/research/publications_fil
    es/tr_ersatz_passwords.pdf
  • IC3 crime report
  • http//www.fbi.gov/news/news_blog/2014-ic3-annual-
    report
  • maturity model
  • https//www.sans.org/reading-room/whitepapers/mode
    ling/improving-detection-prevention-response-secur
    ity-maturity-modeling-35985
  • ponemon breach cost study
  • http//public.dhe.ibm.com/common/ssi/ecm/se/en/sew
    03053wwen/SEW03053WWEN.PDF

Papers
9
  • Subway dye sprayer
  • http//www.wearealwayslistening.com/
  • Slow crime day? Soctland Yard frets xfiles

WTF!?
10

DataApp mobile data sniffer PTF pentesters
framework openOCD 0.9.0 debugger Intercept
launches firstlook.org open code
repo AutoCanary PDF Redact Tools
Tools
11
  • HITB Amsterdam
  • PeopleSoft
  • Information Warfare Summit (IWS) 7 Oct 2015 OKC
  • shomecon
  • ThotCon 0x6
  • PenTest Austin (SANS)

Cons Past
12
  • DefCon 23 6 9 Aug
  • SCADA Nexus 2-3 Sep
  • Hacker Halted 13 Sep
  • DerbyCon 23-27 Sep
  • IT Security one2one Summit 4-6 Oct
  • Root-66 3 Nov
  • B-Sides DFW TBD

Cons Future
13
  • DHA
  • ( 1st Wednesday / Tavern on Main, richardson )
  • TX2600
  • ( 1st Fri / Wild Turkey 35WalnutHill, dallas )
  • (1st Fri / 1418 Coffeehouse, plano)
  • The Lab.MS
  • ( 2nd Monday / varies, plano )
  • Crypto Party
  • ( 3rd Thursday / Improving Enterprises, addison )
  • NAISG
  • ( 4th Thursday / CrossPointe Theatre, carrollton
    )
  • LockPick DFW
  • ( Last Monday / looking for new spot, dallas )

Local
14
All images scavenged without permission
All images scavenged without permission
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2025 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "GNEWS%20PREVIOUS" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!