1 / 13

September 2017 Patch Tuesday: Critical Vulnerabilities and Security Updates

Stay updated on the latest security patches and vulnerabilities from Patch Tuesday in September 2017. Includes Windows, Adobe, Android, Apple, and more.

johngonzales
Download Presentation

September 2017 Patch Tuesday: Critical Vulnerabilities and Security Updates

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. PREVIOUS GNEWS

  2. Patch Tuesday • Sep 2017 – 79 vulnerabilities with 256 unique downloads • Windows 10 and Windows Server 2016 (including Microsoft Edge) / Remote Code • Windows 8.1 and Windows Server 2012 R2 / Remote Code • Windows Server 2012 / Remote Code • Windows RT 8.1 / Remote Code • Windows 7 and Windows Server 2008 R2 / Remote Code • Windows Server 2008 / Remote Code • Microsoft Office-related software / Remote Code • Internet Explorer / Remote Code • Microsoft SharePoint Server, SharePoint Enterprise Server, and SharePoint Foundation / Remote Code • Skype for Business, Microsoft Lync, and Microsoft Live Meeting / Remote Code • Microsoft Exchange Server / Info Disclosure • .NET Framework / Remote Code • Adobe Flash Player / Remote Code • .Net bug • Kernel bug

  3. Holes / Patches • VMWare • VMSA-2017-0014 ( 1 CVE) NSX-V Edge OSPF DoS • Apple • iTunes 12.7 ( ? CVE) • Enclave Firmware Decryption • Juniper • Routers / Switches • Libgd, heap overflow via compressed gd2 data. • AT&T U-verse (Arris Modems) • Multiple Vulns, SSH creds • ARM Chip Sets • Multiple Vulns, BootStomp • Nvidia (Nexus 9), • Oracle • Due 17 Oct 2017 • Adobe • APSB17-25 RoboHelp ( 2 CVE) • APSB17-28 Flash Player ( 2 CVE) • APSB17-30 ColdFusion ( 4 CVE) • Android • 2017-09-01 ( ? CVE) • 2017-09-05 ( ? CVE) • Aerohive • Hive Manager, Privilege Escalation • Siri / Alexa • Dolphin attack

  4. Hacking • Weaponized DNA • 4K apps that record audio and log • row hammer for NAND • Secret chips in repair parts • Ropemaker, Email manipulation vis CSS • 4d quantum encryption tested • S3 buckets host malware • PoC Code for iOS vuln (patched in May) • IME killswitch • wireX takedown • Traffic shaping to "secure" iot data

  5. PayPal acquires Swift • Walmart Scan&Go • Verizon location data • cloudflare daily stormer • Docker for Main Frames • LG, Late WannaCry infection • Philips DoseWise hardcoded Creds • Miami Heat launches mobile only tickets • Uber settles • FB pays out 100K to sec researcher • DJI bug bounty (drones) Corp

  6. PayPal launches CC • bitcoin.com stops european support • Sun is dead • Mil Contractor S3 bucket • TWC S3 • Zombie Cookie, Sue Verizon • equifax breach • Google to distrust "old" Symantec certs Corp

  7. Vancouver dispensary DB leak • TX Drmedicad fraud • Linkedin doesn't like scraping • CIA torture settlement • Delaware Data Breach Law revised • PA bill to invoice activists if arrested • DC judge allows search of activist website • MalwareTechBlog case exempted from "Speedy Trail Act" • Shotspotter goes to the whitehouse/ dumped by SATX • Russia data privacy law revised • First FDA security recall • Govt site hosting malware • SESTA Govt

  8. Nice SOC summary https://www.linkedin.com/pulse/soc-architecture-how-build-run-security-operations-center-harris powershell for vulnerability verification https://www.sans.org/reading-room/whitepapers/leadership/complement-vulnerability-management-program-powershell-37900 NSS Labs Evasion testing https://www.nsslabs.com/index.cfm/blog/analyst-insights/ngfwv7-http-evasion-test-cases-revealed EFF tips for students https://www.eff.org/deeplinks/2017/08/student-privacy-tips-students NIAC Critical Infrastructure Report https://www.dhs.gov/sites/default/files/publications/niac-cyber-study-draft-report-08-15-17-508.pdf https://securityintelligence.com/news/niac-cybersecurity-report-regarding-critical-infrastructure-issued/ FDA Guidance https://www.federalregister.gov/documents/2017/09/06/2017-18815/design-considerations-and-premarket-submission-recommendations-for-interoperable-medical-devices Papers

  9. Thia activist jailed for posting to FB Crotch Charms “SIM swap” -- why is this a thing in the media BK BitCoin FCC redefine broadband Killer sex robots PI Earrings WTF

  10. babadook powershell backdoor UACMe UAC evasion (as root) Apple password cracker SEMU Malware analysis tool FireEye Flare-On Challange reverse engineering competition FIR - IR ticketing GitMiner Tools

  11. Future Cons DerbyCon, Louisville 20-24 Sep Rock Stars of Cybersecurity Technologies, Denver 26 Sep CactusCon, Phoenix 29-30 Sep Root 66, OKC 5 oct Hacker Halted, Atlanta 5-10 Oct Secure World Dallas 18-19 Oct LASCON 2017, Austin 24-27 Oct BSidesDFW, Plano 4 Nov NTXISSACSC5, Plano 10 Nov

  12. DHA @Dallas_Hackers ( 1st Wednesday / Family Karaoke, Dallas ) TX2600 @dallas2600 ( 1st Fri / Wild Turkey 35&WalnutHill, Dallas ) The Lab.MS @TheLab_ms ( 2ndSaturday + random events / TheLab.ms, Plano ) ISSA Fort Worth @ISSAFortWorth ( 2nd Tuesday / location varies ) Hack Ft Worth @Hack_FtW ( 3rd-ish Tuesday / Buffalo West, Fort Worth) OWASP Dallas @OWASPDallas ( 3rdTuesday / location varies ) Crypto Party DFW @CryptoPartyDFW ( 3rd Thursday / TheLab.ms, Plano ) North Texas Cyber Security Group @ntxcsg ( Last Thursday, Jakes, Frisco ) Dallas MakerSpace @dallasmakers ( Random events / Carrollton ) Where

  13. All images scavenged without permission All images scavenged without permission

More Related