previous gnews. 7 patches – 3 critical – 23 cves affected – rdp, ie, lync, windows other...
TRANSCRIPT
![Page 1: PREVIOUS GNEWS. 7 Patches – 3 Critical – 23 CVEs Affected – RDP, IE, Lync, Windows Other updates, MSRT, Defender Definitions, Junk Mail Filter –MS12-036](https://reader036.vdocuments.site/reader036/viewer/2022071806/56649d155503460f949eac23/html5/thumbnails/1.jpg)
PREVIOUS GNEWS
![Page 2: PREVIOUS GNEWS. 7 Patches – 3 Critical – 23 CVEs Affected – RDP, IE, Lync, Windows Other updates, MSRT, Defender Definitions, Junk Mail Filter –MS12-036](https://reader036.vdocuments.site/reader036/viewer/2022071806/56649d155503460f949eac23/html5/thumbnails/2.jpg)
• 7 Patches – 3 Critical – 23 CVEs
• Affected – RDP, IE, Lync, Windows
Other updates, MSRT, Defender Definitions, Junk Mail Filter
– MS12-036 Remote Desktop, Remote Code Execution– MS12-037 Cumulative Security Update for Internet Explorer– MS12-038 .NET Framework, Remote Code Execution– MS12-039 Lync, Remote Code Execution– MS12-040 Microsoft Dynamics AX Enterprise Portal, Remote Code Execution– MS12-041 Windows Kernel-Mode Drivers, Elevation of Privilege– MS12-042 Windows Kernel, Elevation of Privilege
Patch Tuesday
![Page 3: PREVIOUS GNEWS. 7 Patches – 3 Critical – 23 CVEs Affected – RDP, IE, Lync, Windows Other updates, MSRT, Defender Definitions, Junk Mail Filter –MS12-036](https://reader036.vdocuments.site/reader036/viewer/2022071806/56649d155503460f949eac23/html5/thumbnails/3.jpg)
• Oracle, due out 17 July
• Adobe– APSB12-14 Hotfix for ColdFusion 9.01 and older– APSB12-15 Adobe Flash Player
• Apple,– FlashBack Removal Update– Leopard Security Update 2012-003– QuickTime 7.7.2– iTunes 10.6.3– Java Update
• Cisco– ASA 5500 information disclousure– Small Business Devices XSS / Meeting Place Login XSS– IOS XR DoS
Holes / Patches
![Page 4: PREVIOUS GNEWS. 7 Patches – 3 Critical – 23 CVEs Affected – RDP, IE, Lync, Windows Other updates, MSRT, Defender Definitions, Junk Mail Filter –MS12-036](https://reader036.vdocuments.site/reader036/viewer/2022071806/56649d155503460f949eac23/html5/thumbnails/4.jpg)
• mobile maleware genome project
• MS out of band path certs/flame
• flame and stuxnet link?– Kaspersky confirms
• mysql auth bypass
Hacking
![Page 5: PREVIOUS GNEWS. 7 Patches – 3 Critical – 23 CVEs Affected – RDP, IE, Lync, Windows Other updates, MSRT, Defender Definitions, Junk Mail Filter –MS12-036](https://reader036.vdocuments.site/reader036/viewer/2022071806/56649d155503460f949eac23/html5/thumbnails/5.jpg)
• disa to pilot DoD mobile network– unclass and class nets
• Nytimes claims stuxnet was us based
• Linkedin iOS app siphons data
• Linkedin password breach
• google to notify dnschanger victims
• apple filters word jailbreak
Corp
![Page 6: PREVIOUS GNEWS. 7 Patches – 3 Critical – 23 CVEs Affected – RDP, IE, Lync, Windows Other updates, MSRT, Defender Definitions, Junk Mail Filter –MS12-036](https://reader036.vdocuments.site/reader036/viewer/2022071806/56649d155503460f949eac23/html5/thumbnails/6.jpg)
Papers• secure aws• http://www.infosecwriters.com/texts.php?op=display&id=662
• max benefit from pentest• http://www.infosecwriters.com/texts.php?op=display&id=661
• fbi bitcoin• http://www.wired.com/images_blogs/threatlevel/2012/05/Bitcoin-FBI.pdf
• Common vuln reporting framework• http://www.icasi.org/cvrf-1.1
• bitcoin• http://news.hitb.org/content/bitcoins-worth-87000-plundered-brazen-server-breach
• Robots• https://www.sans.org/reading_room/whitepapers/awareness/robotstxt_33955
• dangerous http methods• https://www.sans.org/reading_room/whitepapers/testing/penetration-testing-web-application-dangerous-http-methods_33945
• risk assessment for social media• https://www.sans.org/reading_room/whitepapers/privacy/risk-assessment-social-media_33940
• NIST Cloud Guidance• http://csrc.nist.gov/publications/PubsSPs.html#800-146• http://www.nist.gov/manuscript-publication-search.cfm?pub_id=911075
ios5 security[1] http://images.apple.com/ipad/business/docs/iOS_Security_May12.pdf[2] http://www.nsa.gov/ia/mitigation_guidance/security_configuration_guides/operating_systems.shtml
biomed deviceshttp://www.secure-medicine.org/icd-study/icd-study.pdf
covert channels on social nethttps://www.sans.org/reading_room/whitepapers/engineering/covert-channels-social-networks_33960
imperva anonymoushttp://www.imperva.com/docs/HII_The_Anatomy_of_an_Anonymous_Attack.pdf
![Page 7: PREVIOUS GNEWS. 7 Patches – 3 Critical – 23 CVEs Affected – RDP, IE, Lync, Windows Other updates, MSRT, Defender Definitions, Junk Mail Filter –MS12-036](https://reader036.vdocuments.site/reader036/viewer/2022071806/56649d155503460f949eac23/html5/thumbnails/7.jpg)
Papers• risk assessment for social media• https://www.sans.org/reading_room/whitepapers/privacy/risk-assessment-social-media_33940
• NIST Cloud Guidance• http://csrc.nist.gov/publications/PubsSPs.html#800-146• http://www.nist.gov/manuscript-publication-search.cfm?pub_id=911075
• ios5 security• http://images.apple.com/ipad/business/docs/iOS_Security_May12.pdf• http://www.nsa.gov/ia/mitigation_guidance/security_configuration_guides/
operating_systems.shtml
• biomed devices• http://www.secure-medicine.org/icd-study/icd-study.pdf
• covert channels on social net• https://www.sans.org/reading_room/whitepapers/engineering/covert-channels-social-
networks_33960
• imperva on anonymous• http://www.imperva.com/docs/HII_The_Anatomy_of_an_Anonymous_Attack.pdf
![Page 8: PREVIOUS GNEWS. 7 Patches – 3 Critical – 23 CVEs Affected – RDP, IE, Lync, Windows Other updates, MSRT, Defender Definitions, Junk Mail Filter –MS12-036](https://reader036.vdocuments.site/reader036/viewer/2022071806/56649d155503460f949eac23/html5/thumbnails/8.jpg)
elcomsofthttp://www.dfinews.com/article/elcomsoft-provides-forensic-access-icloud-backups
evidence finderhttp://www.dfinews.com/article/jad-software-releases-ief-54
emet v3https://blogs.technet.com/b/srd/archive/2012/05/15/introducing-emet-v3.aspx?Redirected=true
SEThttp://www.social-engineer.org/framework/
Computer_Based_Social_Engineering_Tools:_Social_Engineer_Toolkit_%28SET%29
truecrackhttps://code.google.com/p/truecrack/
passfaulthttp://passfault.com/
tools
![Page 9: PREVIOUS GNEWS. 7 Patches – 3 Critical – 23 CVEs Affected – RDP, IE, Lync, Windows Other updates, MSRT, Defender Definitions, Junk Mail Filter –MS12-036](https://reader036.vdocuments.site/reader036/viewer/2022071806/56649d155503460f949eac23/html5/thumbnails/9.jpg)
CON EventsDefCon 20
https://www.defcon.org/
![Page 10: PREVIOUS GNEWS. 7 Patches – 3 Critical – 23 CVEs Affected – RDP, IE, Lync, Windows Other updates, MSRT, Defender Definitions, Junk Mail Filter –MS12-036](https://reader036.vdocuments.site/reader036/viewer/2022071806/56649d155503460f949eac23/html5/thumbnails/10.jpg)
All images scavenged without permission
All images scavenged without permission