Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Cracking of wireless networks wikipedia , lookup
Next-Generation Secure Computing Base wikipedia , lookup
Cyberattack wikipedia , lookup
Microsoft Security Essentials wikipedia , lookup
Cyberwarfare wikipedia , lookup
Cyber-security regulation wikipedia , lookup
Computer security wikipedia , lookup
PREVIOUS GNEWS Patch • • • • • • • • • • Tuesday Oct - 8 Patches – 1 Critical - 8 CVEs MS15-001 - Windows Application Compatibility Cache, Privilege Escalation MS15-002 - Windows Telnet Service, Remote Code MS15-003 - Windows User Profile Service, Privilege Escalation MS15-004 - Windows Components, Privilege Escalation MS15-005 - Network Location Awareness Service, Security Bypass MS15-006 - Windows Error Reporting, Security Bypass MS15-007 - Network Policy Server RADIUS Implementation, DoS MS15-008 - Windows Kernel-Mode Driver, Privilege Escalation Other updates, MSRT, Defender Definitions, Junk Mail Filter Holes / Patches • Oracle – Due out 20 Jan 2015 • Adobe – APSB15-01 – Flash Player • Apple, – – – – iOS 8.1.2 Safari 8.0.2 Xcode 6.2 beta 3 OS X NTP • Cisco – ISB8320-E High-Definition IP-Only DVR, Remote Auth – Mearki, multi vuln – ASA – syslog leak – Jabber Guest Server – multi vuln • VMWare – VMSA-2014-0014 - AirWatch • • VPN bypass for NetFlix Regions NetFlix Denies proxy crack down • UEFI, ByPass Secure Boot and more • • Google Drops 8.1/Word 0-day MS drops call for better disclosure • • Google shreds Aviator broswer White Hat Security responds – • “Advising users to not use Aviator misses the bigger picture.” Google to stop patching Webview – Use alternate browser or full ROM • UDP Braodcast = Root Execution on Asus Routers • Multiple 0-days for Corel titles • Schneider patches Wonderware SCADA server Hacking • 8 patches for OpenSSL • 2,4Ghz Wireless Keyboard Sniffer • New ATM hack “black-box” – Requirs physical access • New variant of CryptoWall • SilkRoad Reloaded – It’s not just for Tor anymore • Skeletonkey - ByPass AD • Inception Framework – RAM only, polymorphic • RedStar OS • PenToo RC3.7 Hacking • BitStamp Off-line Post breach • Box Inc IPO • Cyber is Physical – German steel mill damaged • XBox One SDK Leaked • mini board roundup – – – – – – – – – 86Duino A10-OLinuXino-Lime Arduino TRE Banana Pi BPi D1 HummingBoard-i1 Odroid-C1 Orange P pcDuino3 Nano Corp • New DoJ ‘Cyber Security Unit’ • Feds Hate Security, esp. encryption • North Korean Sanctions • CentCom twitter hacked • New Jersey requires insurance providers to encrypt • G Chill • UK Draft Communications Data Bill “Snoopers Charter” • National Standard for Breach Notifications? – EFF and Krebs have good comments against proposal • • All the Patriots Are Dead or how some pieces of the patriot act expire in 2015 • NK ‘Glorious Leader’ game developer hacked Govt data collection via twitter http://resources.infosecinstitute.com/intelligence-information-gathering-collecting-twitterfollowers-25-lines-python AIX for Pentesters McCain's security bill https://www.congress.gov/bill/112th-congress/senate-bill/3342 Global Chilling http://pen.org/global-chill Hacking Point of Sale - Slava Gomzine Papers https://www.sans.org/reading-room/whitepapers/unix/aix-penetration-testers-35672 http://www.amazon.co.uk/Hacking-Point-Sale-Application-Solutions/dp/1118810112 MS14-068 to Full Compromise – Step by Step https://www.trustedsec.com/december-2014/ms14-068-full-compromise-step-step/ Improve mac scanning for ssh http://www.securityorb.com/delayed-slow-ssh-connection-mac-os-x-systems-fix project artillery Threat Intell Apple brute forcer Tools Openwall 3.1 wifiwhisperer Automate phishing powersploit script collection GitRob automated git search EFF Mobil App News feed (not on iPhone) • CCC – Copy finger prints from a photo • CCC – Mac BootKit • Encryption • • Privacy / Rights • • • Tor Automobiles But wait there’s more….. CCC – 2014 Videos http://media.ccc.de/browse/congress/2014/ • CCC – PodCast chaosradio.ccc.de • • • Shmoo 16-18 Jan Dallas Tech-Security Conference 22 Jan Darknet and the primordial soup of Cyber Crime • • B-Sides Austin 12 – 13 Mar • CanSecWest 10 – 12 Apr InfoSec Southwest • B-Sides Nashville 11 Apr • B-Sides San Antonio ? May • • 18 - 20 Mar ThotCon 0x6 14 – 15 May PenTest Austin (SANS) • DefCon 23 18 – 23 May 6 – 9 Aug 12 Feb DHA ( 1st Wednesday / looking for new spot, plano ) TX2600 ( 1st Fri / Wild Turkey 35&WalnutHill, dallas ) (1st Fri / 1418 Coffeehouse, plano) The Lab.MS ( 2nd Monday / varies, plano ) Crypto Party ( 3rd Thursday / Improving Enterprises, addison ) NAISG ( 4th Thursday / CrossPointe Theatre, carrollton ) LockPick DFW ( Last Monday / looking for new spot, dallas ) Dallas MakerSpace Random / carrollton Local All images scavenged without permission All images scavenged without permission