All images scavenged without permission PREVIOUS GNEWS
Patch Tuesday ?? Patches – ? Critical – ?+ CVEs Affected – ? Next Tuesday Other updates, MSRT, Defender Definitions, Junk Mail Filter Sources: - http://www.microsoft.com/technet/security/bulletin/advance.mspx http://technet.microsoft.com/en-us/security/bulletin/ms14-dec
Holes / Patches Oracle, Adobe Apple, Cisco Due next week nothing Safari 6.1.1 Safari 7.0.1 OSX 10.9.1 Motion 5.1 Cisco ASA, Multiple Vulns Unified Communications Manager, Multiple Vulns NX-OS, Multiple Vulns IOS XE, Multiple Vulns WebEx. Multiple Vulns Sources: ## Oracle Patches http://www.oracle.com/technetwork/topics/security/alerts-086861.html http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html ##Adobe Patches http://www.adobe.com/support/security/ https://www.adobe.com/support/security/advisories/apsa14-01.html https://www.adobe.com/support/security/bulletins/apsb14-01.html ##Apple patches http://support.apple.com/kb/HT1222 ##Cisco patches http://tools.cisco.com/security/center/home.x
Random US backdoors UAE satellites? FireEye buys Mandiant Free tools? Intel to phase out McAfee name Facebook Lawsuit – Scanning private meesages EFF RFC for EU Copyright Sources: http://news.hitb.org/content/us-backdoored-our-satellites-claim-uae http://news.hitb.org/content/fireeyes-1b-mandiant-buyout-price-too-high-or-too-low http://www.digitaltrends.com/computing/john-mcafee-elated-that-intel-is-dropping-his-name-from-security-software/ news.hitb.org/content/facebooks-scanning-user-messages-results-lawsuit https://www.eff.org/deeplinks/2014/01/what-do-you-want-copyright-tell-eu-now
HTTP Header Heuristics for Malware Detection Papers HTTP Header Heuristics for Malware Detection https://www.sans.org/reading-room/whitepapers/detection/http-header-heuristics-malware-detection-34460 o Sources: brainpan - vuln os http://resources.infosecinstitute.com/brainpan/
Tools vFeed SNORT rule to vuln data Prey Android Anti-Theft wifite Wireless Auditor Sources: http://www.toolswatch.org/2013/09/vfeed-open-source-aggregated-vulnerability-database-v0-4-5-released-support-of-cwe-2-5-and-snort-rules/ http://preyproject.com/blog/tag/android http://code.google.com/p/wifite/
InfoSec SouthWest – Apr Cons Shmoocon – Jan CanSecWest – Mar B-Sides Austin – Mar Source Boston - Apr InfoSec SouthWest – Apr ThotCon – Apr Hope X - Jul Defcon – Aug ToorCon - Oct B-Sides DFW – Nov CCC - Dec Sources: http://www.concise-courses.com/security/conferences-of-2014/
Sources: All images scavenged without permission