PREVIOUS GNEWS Patch Tuesday 6 Patches 4 Critical

PREVIOUS GNEWS

Patch • • Tuesday 6 Patches – 4 Critical – 19 CVEs Affected – Kernel, SQL, Kerberos, Word, HTML, Share. Point – – – MS 12 -071 - Cumulative Security Update for Internet Explorer MS 12 -072 - Windows Shell, Remote Code Execution MS 12 -073 - Microsoft Internet Information Services (IIS), Information Disclosure MS 12 -074 -. NET Framework, Remote Code Execution MS 12 -075 - Windows Kernel-Mode Drivers, Remote Code Execution MS 12 -076 - Microsoft Excel, Remote Code Execution Other updates, MSRT, Defender Definitions, Junk Mail Filter

Holes / Patches • Oracle, 109 fixes • Adobe – Sand. Box Evasion/Breakout – APSB 12 -23 – Adobe Shockwave Player – APSB 12 -24 – Adobe Flash Player • Apple, – – i. OS 6. 0. 1 Quick. Time 7. 7. 3 Safari 6. 0. 2 Java update • Cisco – – Iron. Port with Sophos Threat Detection Engine ASA TACACS Bypass SNMPv 3 Authentication Unified Meeting Place

Holes / Hacking • paypal data leak (card and personal data) • apache miconfig leaks data (passwords) • cisco taccs auth • Citadel Trojan – rain edition • Anonymous launches wikileaks clone • safai cookies, python reader • secure boot dev

Corp • rapid 7 buys mobilesafe • MS buys Phone. Factor • kaspersky OS • fb removes phone number search but only for two-factor? ? • i. OS 6 tracking • FB now partnering with panda • FTC announes bounty program • sprint buys clearwire • HSBC ddos • silent circle (secure mobile comms) • fillabong hacked • sony encryption keys relases

More Corp • tmobile metro. PCS • tmobile malware protection • Yahoo to ignore IE 10 do not track • arm server chips • FBI - ooops, sorry (phone companies blocking surveillance) • off the hook goes off the air

Legal • FBI issues smart phone security advice • SC court say go ahead read that web-based mail • no extradition for Mc. Kinnon • copyright ruling could block all grey market sales • California enforces mobile privacy policies • Aussies abandon internet filtering

Papers • aquisition tool testing http: //www. dfinews. com/news/test-results-digital-data-acquisition-tool-asr-data-smart-version-2010 -11 -03 http: //www. cftt. nist. gov/DA-ATP-pc-01. pdf • MS report SIRv 13 http: //go. microsoft. com/? linkid=9818567 https: //blogs. technet. com/b/mmpc/archive/2012/10/09/sirv 13 -be-careful-where-you-go-looking-for-software-andmedia-files. aspx? Redirected=true • Trend. Labs q 3 round up http: //www. trendmicro. com/cloud-content/us/pdfs/security-intelligence/reports/rpt-3 q-2012 -security-roundupandroid-under-siege-popularity-comes-at-a-price. pdf • FTC facial recognition report http: //news. hitb. org/content/google-microsoft-and-yahoo-fix-serious-email-weakness • Russian blackmarket http: //www. trendmicro. com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-russian-underground 101. pdf

tools • network simulator (good for cisco cert study) • nessus ntml 5 beta (bye flash) • VIRUS TOTAL ANDRIOD • Recover. RS browser history (formerly Rip. RS and Parse. RS) • recon tools collection (http: //lanmaster 53. com/tools/) • Pushpin (social media snarf by geolocation) • Tapeworm (malware forensics) • Sift (malware foremsics / password required) • google, yahoo, and MS fix DKIM • windows 8 released. • dsploit for android • AT&T 5 GB free cloud storage for ios users

tools • Windows PSR • Whonix

WTF • Bitcoin (analysis of how it is used) • pirate bay cloud • MC data selling • one step closer to singularity – Borderland worm kills whole towns • emp missile tested • mcafee accused of murder

CON Events HITB google patches hole 10 hours after competition Papers posted http: //it. toolbox. com/blogs/securitymonkey/hackinthebox-security-conference-2012 kuala-lumpur-materials-are-posted-53496? rss=1 skydogcon hacker halted nuke talks pulled at con

All images scavenged without permission