1 / 15

February Patch Tuesday and Security Vulnerabilities Updates

Stay updated with the latest security vulnerabilities and patches, including Adobe Flash Player, Microsoft products, Apple iOS and macOS, Chrome, Oracle, Adobe Experience Manager, and more.

cpatty
Download Presentation

February Patch Tuesday and Security Vulnerabilities Updates

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Previous Gnews

  2. Do Not Poke It If It Is Not Yours Do Not Brag About Questionable Activity Do Not Hack The Venue Not Legal Advice Everything Is Theoretical Use At Your Own Risk Not Responsible For Damages Mileage May Vary Trust No One Verify Everything Do Your Own Research Create Your Own Opinion Communicate Share Learn Enjoy

  3. Patch Tuesday • Feb – 77 CVE / 61 KB Articles • Reports of 6 Critical • Adobe Flash Player • Internet Explorer, *active exploit • Microsoft Edge • Microsoft Windows • Microsoft Office and Microsoft Office Services and Web Apps • ChakraCore • .NET Framework • Microsoft Exchange Server • Microsoft Visual Studio • Azure IoT SDK • Microsoft Dynamics • Team Foundation Server • Visual Studio Code • 3 out-of-band patches, Team Foundation Server / Skype for Business 2015 • Exchange 0-day, api and WriteDacl • Cortana / Search separation? • Vulnerable RDP Clients

  4. Holes / Patches • systemd • 2 root access, 1 BO ( 3 CVE ) • Apple • iOS 12.1.3 ( 31 CVE ) • macOS ( 23 CVE ) • tvOS 12.1.2 ( 24 CVE ) • watchOS5.1.3 ( 17 CVE ) • Safari 12.0.3 ( 10 CVE ) • iCloud for Win 7.10 ( 12 CVE ) • iTunes for Win 12.9.3 ( 14 CVE ) • iOS 12.1.4 ( 4 CVE ) • macOS Supplemental ( 3 CVE ) • Shortcuts for iOS 2.1.3 ( 2 CVE ) • FaceTime bug • Mac KeyChain • Chrome • 58 patches • fireOS • Content Injection • Oracle • 284 fixes • 3 DB / 5 Java / 30 MySQL • Adobe • APSB19-03 Experience Mgr Forms, xss ( 1 CVE ) • APSB19-06 Flash Player, id ( 1 CVE ) • APSB19-07 Acrobat & Reader, ce( 71 CVE ) • APSB19-09 Experience Mgr, xss( 2 CVE ) • APSB19-10 ColdFusion, ce( 2 CVE ) • APSB19-11 Creative Cloud Destop, pe( 1 CVE ) • Cisco • Small Business Switched, ab ( 1 CVE ) • SD-WAN vContainer, ce ( 1 CVE ) • Juniper • Multiple vulns, ce • Identicard • 4 0-days, hardcoded creds • Kubernetes, runc

  5. Hacking • DNS Flag Day • Data Privacy Day • Public Domain Day – “new” works from 1923 • Firefox, drops flash support • Bing now with child porn • Play-with-Docker escape • airline e-ticketing flaws/ • 202m users on chinese job mongodb • Collection #1 Massive creds cache found (new? / old?) • Collections 2-5 drop • is the 10 year challange an AI trainer? • Google URL inspection tool • FRR & BGP • SMS intercepter, Modlishka • mac malvertizing stego • SpeakUp linux malware • Nintendo Switch firmware cracked in 4 hrs • 5G aka vulns • Poodle redux, now for TLS1.2

  6. Fierv buys First Data • digiCert buys QuoVodis • Dropbox buys Hellosign • Ultimate Software going private • HelpSystems buys Core Security • Carbonite buys webroot • BBT buys SunTrust • Symantec buys Luminate • OXO popped • El Al website popped • Airbus popped • Houzz popped • VFEmail servers destroyed • Dunkin Donuts cred stuffing round 2 • OKCupid cred Stuffing • Avast exposes local creds • D&Q loose elastic • Signaporian HIV database exposed Corp

  7. SBI leaks user creds • DC Exchange User keys leaked, 600K • VIOPo.com DB • ?? popped, Discover replaces cards • Cal Poly leaks student information • Ok Dept of Securities DB • reddit password resets • twitter protected tweets bug on android • Google GDPR fine, 57mil • Jack'd app leaks photos • Tmobile caller verification • Google now with DNS over TLS • Netflix to tighten noose on cred sharing • ATT Google data selling • not petya act of war, no insurance payouts ? • Azure DevOps BugBounty • YouTube/Google updates dangerous content policy • HITRUST expanding in to GDPR and PDPA • FB app mashup • MS0365 Security Command Center • QuardigaCX CEO dies with password, 145mil poof Corp

  8. Govt • Cert expirations • Mass updates data breach law • Jeep hack going to supreme court • Feds can't force fingerprint unlocking • illinois biometric privacy • Mean while in Indiana • US charges Huawei • on-line voting in VA? • FamilyTreeDNA admits to sharing data with FBI • House calls ajit on the carpet • Fed VPN Ban? • European court says right to be forgotten should only apply to EU • EDPB 2nd Privacy Shield Report • Hungary 8 yrs for reporting flaw? • xDedic market shutdown

  9. Papers Please Forget Where I Was Last Summer: The Privacy Risks of Public Location (Meta)Data https://arxiv.org/pdf/1901.00897.pdf New PCI-DSS standards https://www.pcisecuritystandards.org/pdfs/New_Software_Security_Standards_Press_Release.pdf bitlocker how to https://www.zdnet.com/google-amp/article/windows-10-experts-guide-everything-you-need-to-know-about-bitlocker/ Decent write up on secure password and credential cache https://isc.sans.edu/diary/rss/24612

  10. WTF Scooter take downs Creeper sites Maps shit blogging Apple sued for forcing 2fa

  11. Covenant .Net C&C Framework metasploit5 dnsdumpster.com aztarna a “shodan” for robots wireshark tutorials Google adiantum Iot encryption PWDCOMPARE() sqlpasswd comparison Google ClusterFuzz fuzzer Tools

  12. Past Cons Enigma CyberFirst Girls Competition 2019

  13. Future Cons BDYHAX - 23-24 Feb – Austin HouSecCon 9 - 9-10 Apr – Houston BSidesOK – 10-12 Apr - Tulsa ThotCon 3-4 May – Chicago ISC2 Congress CFP

  14. ISSA Fort Worth @ISSAFortWorth ( 2nd Tuesday / location varies ) Hack Ft Worth @Hack_FtW ( 3rd Tuesday / Barrel & Bones, Fort Worth) DHA @Dallas_Hackers ( 1st Wednesday / Family Karaoke, Dallas ) TX2600 @dallas2600 ( 1st Fri / Wild Turkey 35&WalnutHill, Dallas ) The Lab.MS @TheLab_ms ( 2nd Saturday + random events / TheLab.ms, Plano ) OWASP Dallas @OWASPDallas ( 3rd Tuesday / location varies ) Pwn School Project ( 3rd Wed / Dallas | 4th Mon Denton ) Crypto Party DFW @CryptoPartyDFW ( 3rd Thursday / TheLab.ms, Plano ) North Texas ISSA @ntxissa ( 3rd Thursday / Maggiano’s, Plano ) North Texas Cyber Security Group @ntxcsg ( Last Thursday, Jakes, Frisco ) Dallas MakerSpace @dallasmakers ( Random events / Carrollton ) 0-day All Day @0Dayallday ( Quarterly / GeniusDen, Dallas ) Where

  15. All images scavenged without permission All images scavenged without permission

More Related