1 / 14

PREVIOUS GNEWS

PREVIOUS GNEWS. Patch Tuesday. Jun – 14 Patches – 7 Critical – 47 CVEs MS16-104 - Cumulative Security Update for Internet Explorer, Remote Code MS16-105 - Cumulative Security Update for Microsoft Edge, Remote Code

jamiee
Download Presentation

PREVIOUS GNEWS

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. PREVIOUS GNEWS

  2. Patch Tuesday • Jun – 14 Patches – 7 Critical – 47 CVEs • MS16-104 - Cumulative Security Update for Internet Explorer, Remote Code • MS16-105 - Cumulative Security Update for Microsoft Edge, Remote Code • MS16-106 - Microsoft Graphics Component, Remote Code • MS16-107 - Microsoft Office, Remote Code • MS16-108 - Microsoft Exchange Server, Remote Code • MS16-109 - Silverlight, Remote Code • MS16-110 - Windows, Remote Code • MS16-111 - Windows Kernel, Privilege Escalation • MS16-112 - Windows Lock Screen, Privilege Escalation • MS16-113 - Windows Secure Kernel Mode, Info Disclosure • MS16-114 - SMBv1 Server, Remote Code • MS16-115 - Microsoft Windows PDF Library, Info Disclosure • MS16-116 - OLE Automation for VBScript Scripting Engine, Remote Code • MS16-117 - Adobe Flash Player, Remote Code

  3. Holes / Patches • VMWare • VMSA-2016-0011 ( 1 CVE) • vRealize Log Insight (dir traverse) • VMSA-2016-0012 ( 1 CVE) • Photon OS OVA (default ssh key) • VMSA-2016-0013 ( 2 CVE) • Identity Manager & vRealize Automation • VMSA-2016-0014 ( 8 CVE) • ESXi, Workstation, Fusion, & Tools • libgcrypt and gnupg1.4 • Random number generator • Cisco • Patch for equation group 0-day • Android, CVE-2016-5696 • Pre 4.7 tcp “challenge ACK” • Oracle • Due out 18 Oct • Adobe • APSB16-28 Digital Editions ( 8 CVE) • APSB16-29 Flash Player ( 26 CVE) • APSB16-31 Air SDK/Compiler ( 1 CVE) • Apple • watchOS 3 ( 1 CVE) • Xcode 8 ( 2 CVE) • iOS 10.0.1 ( 1 CVE) • iOS 10 ( 7 CVE) • El Capitan 2016-001 and Yosemite 2016-005 ( 2 CVE) • Safari 9.1.3 ( 1 CVE) • iOS 9.3.5 ( 3 CVE) • MS New patch deployments

  4. Hacking • darpasolves crackaddrproblem • car keyfobhack (vw / ford / chevy) • rockwell undocumented snmp string, remote access • signal forensics tool, Retroscope, extract signal/whatsapp/more… • How-to disable wpad • Burleson, now with skimmers • NSA zero day tools • Transmission Torrent ungood for macs (ransomeware) • PowerShell web.configscripts, steal creds • OpenSLL pulls 3des/blowfish • Mirrorlink, car infotainment (paper) • new evasion via macros

  5. Hacking • hotels popped (marriot/sheraton/westin) • eddiebauer hacked • steam hacked • epic forums hacked • GTA forum breach • Drop Box popped • opera server breach • Rambler.ru cred dump 98mil • brazzers.com popped

  6. MS 2FA now on ios/android • Powershell now opensource • Veracrypt Audit emails vanish • EFF open call to action on windows 10 privacy • New Google OS?? “Fuchsia” • WhatsApp Facebook data sharing • sophos bad signature • yelp bug bounty • OWASP bugbounty • GE buys 3dprinters Arcam AB and SLM Solutions Group Corp

  7. illinios limits cell site simulators • NSA tool leak? • Elections and Security • Politics as Critical Infrstruture • Seti (I want to believe) • EU passes infringement by linking • first fed CISO • malware is a valid search • And Rule 41 expands hacking power Govt

  8. x Papers

  9. AdBlockPlus now sells ads WTF

  10. hellraiser vuln scanner https://github.com/m0nad/HellRaiser Tools

  11. Future Cons • OWASP CFP Open – DC 11-14 Oct • IANS Chicago Information Security Forum –13-14 Sep • CornCon – Davenport Iowa 17 Sep • SaintCon – Provo Utah 11-14 Oct • Root 66 / InnoTech OKC - 1 Nov • LASCON Austin – 1-2 Nov • BSidesDFW 2016 – 5 Nov Threat Intelligence Summit NOLA – 6-7 Dec

  12. DHA @Dallas_Hackers ( 1st Wednesday / Family Karaoke, dallas) TX2600 @dallas2600 ( 1st Fri / Wild Turkey 35&WalnutHill, dallas ) The Lab.MS @TheLab_ms ( 2ndMonday + random events / TheLab.ms, plano) OWASP Dallas @OWASPDallas ( 3rdTuesday / location varies ) Crypto Party DFW @CryptoPartyDFW ( 3rd Thursday / Improving Enterprises, addison) North Texas Cyber Security Group @ntxcsg ( Last Thursday, Jakes, Frisco ) Dallas MakerSpace@dallasmakers ( Random events / carrollton) Hack Ft Worth @Hack_FtW ( 3rd Thursday / ?? West 7th ?? Abby Pub) Lock Pick DFW @LockPickDFW ( Last Monday/ Sherlocksarlington)

  13. All images scavenged without permission All images scavenged without permission

More Related