PREVIOUS GNEWS

• 3 Patches – 4 Critical – 53+ CVEs

• Affected – Kernel, AD, SharePoint, Office, and more

• MS13-067 - Microsoft SharePoint Server, Remote Code

• MS13-068 - Microsoft Outlook, Remote Code

• MS13-069 - Cumulative Security Update for IE, Remote Code

• MS13-070 - OLE, Remote Code

• MS13-071 - Windows Theme File, Remote Code

• MS13-072 - Microsoft Office, Remote Code

• MS13-073 - Microsoft Excel, Remote Code

• MS13-074 - Microsoft Access, Remote Code

• MS13-075 - Microsoft Office IME (Chinese), Privilege Escalation

• MS13-076 – Kernel Mode Driver, Privilege Escalation

• MS13-077 - Windows Service Control Manager, Privilege Escalation

• MS13-078 - FrontPage, Information Disclosure

• MS13-079 - Active Directory, DoS

Other updates, MSRT, Defender Definitions, Junk Mail Filter

Patch Tuesday

• Oracle, due out Oct 15th

• Adobe– APSB13-21 – Adobe Flash Player– APSB13-22 – Adobe Reader and Acrobat– APSB13-23 – Adobe Shockwave Player

• Apple,– AirPort Base Station Firmeware 7.6.4

• Cisco– WebEx, – ASA, Multiple– Unified Communications, Multiple– Prime Central, Multiple– SocialMiner, Multiple– Jabber for Windows Cert Validation

Holes / Patches

• Crypto / NSA backdoor?

• Johns Hopkins prof forced to remove NSA related Blog

• HootSuite accounts hacked

Hacking

• Tahoe File System

• Pulled Pork 0.7.0– Includes ip reputation

• Microdunio

•

Tools

Papers• XKeyscore• http://resources.infosecinstitute.com/xkeyscore-nsas-surveillance-program/

• Malware Packers and Comms• http://resources.infosecinstitute.com/from-unpacking-to-communication-analysis

• HELIX• http://resources.infosecinstitute.com/incident-response-and-forensic-martial-arts-with-helix

• Windows Communications Foundation• http://resources.infosecinstitute.com/windows-communication-foundation

• email• http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-email-

correlation-and-phishing.pdf

CON Events• DFW BSides

All images scavenged without permission

All images scavenged without permission