9 Patches – 2 Critical – 12 CVEs Affected – IE, Kernel, SharePoint, Remote Desktop, AD….. Other updates, MSRT, Defender Definitions, Junk Mail Filter –MS – Cumulative Security Update for Internet Explorer, Remote Code –MS – Remote Desktop Client, Remote Code –MS – SharePoint, Info Disclosure –MS Windows Kernel, Privilege Escalation –MS – Active Directory, DoS –MS – Windows Client/Server Run-time Subsystem (CSRSS), Privilege Escalation –MS – Microsoft Antimalware Client, Privilege Escalation –MS – HTML Sanitation Component, Privilege Escalation –MS – Kernel-Mode Drivers, Privilege Escalation Patch Tuesday
Oracle, Due April 16 Adobe –APSB13-10 – ColdFusiont 2 CVEs –APSB13-11 – Adobe Flash Player 4 CVEs –APSB13-12 – Adobe Shockwave Player 4 CVEs Apple, –Security Update –Safari –iOS –Apple TV Cisco –Cisco Connected Grid Network Management System, multiple vulns –IOS, multiple vulns –VPN Client, DoS Holes / Patches
Postgres Apple credits evaders for exploits FB Events exposes data sKype / dropbox to FB redirection hole Holes
carna botnet scans world with nmap Yahoo accounts used to spread andriod malware Evernote as command and control holy mossad? Anonymous claims hack on agency website apple id and password modification, fixed and hacked again spamhaus DDoS american express DDoS Amazon S3 has holes, data leak exposes sales data, game source code, personal photos, etc. kerbs and emergency center attacks ATM malware Scribd passwords Holes / Hacking
Corp FIDO Stanadard claims an end to passwords (paypal, lenovo, ….) Windows Blue leaked on-line MS claims skype did not hand over data to law enforcement paypal / ebay 86 vmware, go openstack Energy companies reported to be attacked the most Bitcoin exchange ddos, elsewhare price tops $140 per bitcoin Genetic Alliance to Launch Reg4All, (do not call registry for medical data) Google to change patent policy, won’t pursue violations (10 patents with opensource software) cloud based scada really??? wordpress now with 2fa hulu looking for buyers FF tracking cookie foo
DoJ wants more access to data NSLs with gag-order ruled unconstitutional CA bill to require warrant for electronic communications CA Law to allow users knowledge of and access to data Apple to reject apps that access UUID FISMA passed (Federal Information Security Amendments Act) EFF calls for opposition of CFAA reform draft (Computer Fraud and Abuse Act ) two factor auth for apple ids IBM materials developers may have new chip based on ionic currents 3d printing not on ATF radar Credit Card net take down 40 arrested FBI stingray s korea to repeal 3 strike copyright law Legal
Can't patent Math Georgia censorship order, blogger responsible to 3 rd party comments Russia select blocking of internet Legal 2
malicious DNS airNIDS ips evasion mod_rewrite mem forensics IBM xforce threat report HP Risk Report boot processes intro to x64 assembly Hacking aircraft Papers
Java Snoop TAILS (anonymous live cd) RAM Capture snort community ruleset batman routing protocol (mesh network) tools
Political correctness Two people lose jobs cause chic mis-interpreted a personal conversation, albeit in a public locale death to hackers NATO Cyber Warfare report British intelligence agency called out for plain text passwords Mesh ipv6 lightbulb, zigbee protocol WTF
Symantec - Dallas Security and Compliance User Group InfoSec SouthWest 2013 April 19 – 21 CON Events
All images scavenged without permission