Apr - 8 Patches – 2 Critical - 45 CVEs MS15-056 - Cumulative Security Update for IE, Remote Code...

• Apr - 8 Patches – 2 Critical - 45 CVEs

• MS15-056 - Cumulative Security Update for IE, Remote Code

• MS15-057 - Windows Media Player, Remote Code

• MS15-059 - Office, Remote Code

• MS15-060 - Common Controls, Remote Code

• MS15-061 - Kernel-Mode Drivers, Privilege Escalation

• MS15-062 - ADFS, Privilege Escalation

• MS15-063 - Windows Kernel, Privilege Escalation

• MS15-064 - Exchange, Privilege Escalation

Other updates, MSRT, Defender Definitions, Junk Mail Filter

Patch Tuesday

• MS15-011 GPO still vulnerable?

• Just when you thought you could trust MS• Embedded C&C address on TechNet

• MS adds search protection to malware attributes

• Windows 10 and Edge features• MemGC (Memory Garbage Collection), use-after-free defense• CFG (Control Flow Guard), jump governer• EPM (Enhanced Protected Mode) – app container sandbox• "Thus Microsoft Edge provides no support for VML, VB Script, Toolbars, BHOs, or ActiveX."

--- points to html5

• win10 sec features• App Store vetting• ‘Windows Hello’, biometric auth• ‘Device Guard’, non signed application blocking• Passport, two-factor-ish??

• PFS comes to Windows via Update 3042058

• SSH comes to Powershell

Mo’ M

icro’

• Oracle– 14 Jul

• Adobe– APSB15-11 Flash Player (13 CVE)

• Apple– The Good

• Watch OS 1.01 (13 CVE)

– The Bad• Apple Watch, 1 second window• iPhone string DoS• apple suspend resume flaw

• Pidgin, multiple vulns

• Cisco– TelePresence– FireSSIGHT

• VMWare– VMSA-2015-0004 Fusion and Horizon

View (7 CVE)

• VirtualBox Patch for Venom

Holes / Patches

• Google App Engine• Android address bar spoof• Android reset exposes data

• Plane hacks not only in lab• CSFR in wind turbines• Mass car lock disruption• IM-ME hacks all the garages

• trojanized putty in wild

• Logjam - another ssl vuln

• GiftCard race conditions and eternal hate toward notification

• NetUSB on soho routers vuln• soho csrf via dns• dlink storage

• Linux.Moose• mumblehard - linux/freebsd

• NitlovePOS via spam campaigns

• ransomware auth, drops keys• tox SaaS ransomware

• stegpsploit

• keybase

• Drug pump update, can change dosage

Hacking

• Penn State disconnects after china attack

• AFF Hacked– Politicians called out

• IRS breach

• FF Smart TV

• Uber, plaintext passwd via email

• NYXBT - bitcoin index

• Dynamic CVV??

• Hyundai offers android in car

• Threat intel and the lie of sharing

• PaloAlto buys CirroCecure

• Hot Topic buys Thinkgeek

• Nokia to buy Alcatel/Lucent

• Google attempts to address excessive app permissions

• Intel joins FIDO alliance

• FB PGP

• FB forces sha2 after oct 1

• Ikea to sell "hacking kits"

• Tesla bug bounty

• Security as munitions redux - Wassenaar Agreement, bad mod to CFAA– "Specifically, the BIS proposal seeks to regulate and control the export of what it calls intrusion software..."

• bye-bye bug bounties, hello wassenaar

• Anti-SLAPP Bill

• VA state launches car hacking project

• CA County sheriff like the stingray

• 215 not reauthorized

• California bitcoin bill

• OPM breach, 4 mil feds

IEEE Medical Guidancehttps://threatpost.com/researchers-ieee-release-medical-device-security-guidelines/112885

Federal Regulations on Energy Gridhttp://www.securityorb.com/the-impact-of-federal-regulations-on-the-information-assurance-of-the-north-american-

electrical-energy-grid/

http://www.securityorb.com/the-impact-of-federal-regulations-on-the-information-assurance-of-the-north-american-electrical-energy-grid-part-2-of-2/

no more passwd crackinghttps://www.meshekah.com/research/publications_files/tr_ersatz_passwords.pdf

IC3 crime reporthttp://www.fbi.gov/news/news_blog/2014-ic3-annual-report

maturity modelhttps://www.sans.org/reading-room/whitepapers/modeling/improving-detection-prevention-response-security-maturity-

modeling-35985

ponemon breach cost studyhttp://public.dhe.ibm.com/common/ssi/ecm/se/en/sew03053wwen/SEW03053WWEN.PDF

Papers

Subway dye sprayer

http://www.wearealwayslistening.com/

Slow crime day? Soctland Yard frets xfiles

DataAppmobile data sniffer

PTFpentesters framework

openOCD 0.9.0debugger

Intercept launches firstlook.org open code repo

AutoCanary

PDF Redact Tools

HITB Amsterdam

PeopleSoft

Information Warfare Summit (IWS) 7 Oct 2015 OKC

shomecon

ThotCon 0x6

PenTest Austin (SANS)

Cons Past

• DefCon 23 6 – 9 Aug

• SCADA Nexus 2-3 Sep

• Hacker Halted 13 Sep

• DerbyCon23-27 Sep

• IT Security one2one Summit 4-6 Oct

• Root-66 3 Nov

• B-Sides DFW TBD

Cons Future

DHA( 1st Wednesday / Tavern on Main, richardson )

TX2600( 1st Fri / Wild Turkey 35&WalnutHill, dallas )

(1st Fri / 1418 Coffeehouse, plano)

The Lab.MS( 2nd Monday / varies, plano )

Crypto Party( 3rd Thursday / Improving Enterprises, addison )

NAISG( 4th Thursday / CrossPointe Theatre, carrollton )

LockPick DFW( Last Monday / looking for new spot, dallas )

Dallas MakerSpaceRandom / carrollton

All images scavenged without permission

Apr - 8 Patches – 2 Critical - 45 CVEs MS15-056 - Cumulative Security Update for IE, Remote Code...

Documents

Chartered Value Exchanges (CVEs) September 2008 CVEs may wish to tailor this slide deck for use with stakeholders in your community

MS10 - DDM · 2017. 2. 6. · 14:35 MS12: 1-4 MS13: 5-8 MS02: 5-7 MS15: 1-4 16:15 Coffee at Culture Centre and Radisson 16:45 MS03: 1-5 MS09: 1-5 CT02: 1-5 MS15: 5-8 18:50 End of

Keeping Up With The Joneses (CVEs) - Linux Foundation Events · Keeping Up With The Joneses (CVEs) David Reyna Wind River Systems david.reyna@windriver.com . Security Response Management

PREVIOUS GNEWS. Apr 4 Patches – 2 Critical – 11 CVEs MS14-017 - Microsoft Word and Office Web Apps, Remote Code MS14-018 - Cumulative Security Update

A Model of Interaction for CVEs Based on the Model of ...A Model of Interaction for CVEs Based on the Model of Human Communication Diego Martínez, Arturo S. García Jonatan Martínez,

Item # MS15-201, High Pressure Tubing High …...Item # MS15-201, High Pressure Tubing QUOTE High Pressure Tubing Autoclave Engineers offers a complete selection of austenitic, cold

PREVIOUS GNEWS. Aug - 4 Patches – 1 Critical - 42 CVEs MS14-052 – IE Cumulative Security Update, Remote Code MS14-053 –.NET Framework, DoS MS14-054 –

Top 10 critical CVEs that can lead to a data breach - Infographic

CVES-02 CVES Examination Spiritual Life Style …assets.vmou.ac.in/Question Papers/Exam DEC 2015/CVES-02.pdf · CVES-02 December - Examination 2015 CVES Examination Spiritual Life

Place Metaphors in Educational CVEs

MS15/1.1 Investment and corporate banking market study ... · MS15/1.1 Investment and corporate banking market study – Terms of reference Financial Conduct Authority If you wish

MS15/2.3: Asset Management Market Study: Final Report · PDF file2 MS15/2.3 Financial Conduct Authority Asset Management Market Study Final Report In this final report we set out our

MS15 STEAMSHIP EPHEMERA COLLECTION BOX LISTING...Folder 20: Siboney: Plans of Accommodation Folder 21: Constitution-Independence: Booklets Folder 22: Constitution-Independence: Booklets

Leadership The Key to College and Career Readiness August 24, 2012 CVES/FEH BOCES

PREVIOU S GNEWS. May 9 Patches – 3 Critical - 1 out of band – 14 CVEs MS14-021 - Security Update for Internet Explorer MS14-022 - SharePoint Server, Remote

Apr - 11 Patches – 4 Critical - 26 CVEs MS15-032 - Cumulative Security Update for IE MS15-033 - Office, Remote Code MS15-034 - HTTP.sys,

“Large Scale Collaborative Virtual Environments”pszcmg/cgreenhalgh-thesis-singlespaced.pdfCollaborative virtual environments (CVEs) are computer-based systems which actively support

Jul - 15 Patches – 5 Critical - 60 CVEs MS15-058 - SQL Server, Remote Code MS15-065 - Security Update for IE MS15-066 - VBScript Scripting

PREVIOUS GNEWS. Patches – ? Critical – ? CVEs Affected – ? Other updates, MSRT, Defender Definitions, Junk Mail Filter –MS12-052+ - NEXT WEEK FOOL Patch

Asset Management Market Study - Financial Conduct … · MS15/2.2: Annex 9 Market Study Asset Management Market Study Interim Report: Annex 9 – International Comparisons November