PREVIOUS GNEWS

• 7 Patches – 3 Critical – 23 CVEs

• Affected – RDP, IE, Lync, Windows

Other updates, MSRT, Defender Definitions, Junk Mail Filter

– MS12-036 Remote Desktop, Remote Code Execution– MS12-037 Cumulative Security Update for Internet Explorer– MS12-038 .NET Framework, Remote Code Execution– MS12-039 Lync, Remote Code Execution– MS12-040 Microsoft Dynamics AX Enterprise Portal, Remote Code Execution– MS12-041 Windows Kernel-Mode Drivers, Elevation of Privilege– MS12-042 Windows Kernel, Elevation of Privilege

Patch Tuesday

• Oracle, due out 17 July

• Adobe– APSB12-14 Hotfix for ColdFusion 9.01 and older– APSB12-15 Adobe Flash Player

• Apple,– FlashBack Removal Update– Leopard Security Update 2012-003– QuickTime 7.7.2– iTunes 10.6.3– Java Update

• Cisco– ASA 5500 information disclousure– Small Business Devices XSS / Meeting Place Login XSS– IOS XR DoS

Holes / Patches

• mobile maleware genome project

• MS out of band path certs/flame

• flame and stuxnet link?– Kaspersky confirms

• mysql auth bypass

Hacking

• disa to pilot DoD mobile network– unclass and class nets

• Nytimes claims stuxnet was us based

• Linkedin iOS app siphons data

• Linkedin password breach

• google to notify dnschanger victims

• apple filters word jailbreak

Corp

Papers• secure aws• http://www.infosecwriters.com/texts.php?op=display&id=662

• max benefit from pentest• http://www.infosecwriters.com/texts.php?op=display&id=661

• fbi bitcoin• http://www.wired.com/images_blogs/threatlevel/2012/05/Bitcoin-FBI.pdf

• Common vuln reporting framework• http://www.icasi.org/cvrf-1.1

• bitcoin• http://news.hitb.org/content/bitcoins-worth-87000-plundered-brazen-server-breach

• Robots• https://www.sans.org/reading_room/whitepapers/awareness/robotstxt_33955

• dangerous http methods• https://www.sans.org/reading_room/whitepapers/testing/penetration-testing-web-application-dangerous-http-methods_33945

• risk assessment for social media• https://www.sans.org/reading_room/whitepapers/privacy/risk-assessment-social-media_33940

• NIST Cloud Guidance• http://csrc.nist.gov/publications/PubsSPs.html#800-146• http://www.nist.gov/manuscript-publication-search.cfm?pub_id=911075

ios5 security[1] http://images.apple.com/ipad/business/docs/iOS_Security_May12.pdf[2] http://www.nsa.gov/ia/mitigation_guidance/security_configuration_guides/operating_systems.shtml

biomed deviceshttp://www.secure-medicine.org/icd-study/icd-study.pdf

covert channels on social nethttps://www.sans.org/reading_room/whitepapers/engineering/covert-channels-social-networks_33960

imperva anonymoushttp://www.imperva.com/docs/HII_The_Anatomy_of_an_Anonymous_Attack.pdf

Papers• risk assessment for social media• https://www.sans.org/reading_room/whitepapers/privacy/risk-assessment-social-media_33940

• NIST Cloud Guidance• http://csrc.nist.gov/publications/PubsSPs.html#800-146• http://www.nist.gov/manuscript-publication-search.cfm?pub_id=911075

• ios5 security• http://images.apple.com/ipad/business/docs/iOS_Security_May12.pdf• http://www.nsa.gov/ia/mitigation_guidance/security_configuration_guides/

operating_systems.shtml

• biomed devices• http://www.secure-medicine.org/icd-study/icd-study.pdf

• covert channels on social net• https://www.sans.org/reading_room/whitepapers/engineering/covert-channels-social-

networks_33960

• imperva on anonymous• http://www.imperva.com/docs/HII_The_Anatomy_of_an_Anonymous_Attack.pdf

elcomsofthttp://www.dfinews.com/article/elcomsoft-provides-forensic-access-icloud-backups

evidence finderhttp://www.dfinews.com/article/jad-software-releases-ief-54

emet v3https://blogs.technet.com/b/srd/archive/2012/05/15/introducing-emet-v3.aspx?Redirected=true

SEThttp://www.social-engineer.org/framework/

Computer_Based_Social_Engineering_Tools:_Social_Engineer_Toolkit_%28SET%29

truecrackhttps://code.google.com/p/truecrack/

passfaulthttp://passfault.com/

tools

CON EventsDefCon 20

https://www.defcon.org/

All images scavenged without permission

All images scavenged without permission