1 / 15

Previous Gnews

Previous Gnews. Patch Tuesday. Aug – 60 CVE / 46 KB Articles Reports of 21 Critical Internet Explorer Microsoft Edge Microsoft Windows Microsoft Office and Microsoft Office Services and Web Apps ChakraCore Adobe Flash Player

beugene
Download Presentation

Previous Gnews

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Previous Gnews

  2. Patch Tuesday • Aug – 60 CVE / 46 KB Articles • Reports of 21 Critical • Internet Explorer • Microsoft Edge • Microsoft Windows • Microsoft Office and Microsoft Office Services and Web Apps • ChakraCore • Adobe Flash Player • .NET Framework • Microsoft Exchange Server • Microsoft SQL Server • Visual Studio

  3. Patch Tuesday • Sep – 62 CVE / 32 KB Articles • Reports of 18 Critical • Internet Explorer • Microsoft Edge • Microsoft Windows • Microsoft Office and Microsoft Office Services and Web Apps • ChakraCore • Adobe Flash Player • .NET Framework • Microsoft.Data.OData • ASP.NET • Cortana Web Browsering • Tldr, lock screen links are bad, saved cached credential are bad • ADFS auth bypass • Privelege escalation in TaskScheduler via ALPC • Price increases for Win 7 extended support

  4. Holes / Patches • VMWare • Aug: vSphere, Workstation, Fusion, Content Locker • VMSA-2018-0023 ( 2 CVE ) • AirWatch Agent and Content Locker • Chrome Blink Engine • Inject video and audio tags to collect information on FB users • RHEL SegmentSmack • Random offsets in IP fragments and TCP segments can cause DoS • ProtonVPN/NordVPN • Privilege escaltion • Oracle • Due out in Oct • Adobe • Aug: Creative Cloud Desktop, Experience Manager, Flash Player • APSB18-28 Photoshop CC, rce( 2 CVE ) • APSB18-31 Flash Player, pe( 1CVE ) • APSB18-32 Creative Cloud Desktop, pe( 1 CVE ) • APSB18-33 ColdFusion, rce/pe/id ( 9CVE ) • Apple • macOS High Sierra 10.13.6 Suplemental Update 2 ( 0 CVE ) • Airmail3 • File disclosure via URLs

  5. Hacking • bitcoin atm malware • IKEv1 handshake bug (cisco/Huawei/Clavister) • Android side channel attack (openssl) • AT all the androids • CVE-2018-5002 payload breakdown • open .git directories are bad • WanaCry linked to NK, for reals • Tesla keyfob in 2 seconds

  6. Sales force marketing api leaks data • FB error tracker may have leaked data • snapchat source code leaked • GoDaddy S3 bucket • TheThruthSpy popped • Air Canada popped • British Airways popped • Family Orbit popped • Cheddars popped • TMobile popped • augusta university health breach 417K • AT&T sim jacking • google location tracking • google MC deal Corp

  7. amazon theaters?? • Panera Bread buys Zoe’s Kitchen • Pepsico buys Sodastream • Equifax buys ID Watchdog • KPMG buys Cyberinc • Kroger tests self driving delivery • Toyota 500mil investment in Uber driverless • ES&S - trust the black box (voting machines) Corp

  8. Govt • MLP pedo • invisible institute relaunch police database (chicago) • School directory Opt-out • Smart meters covered by 4th amendment (but we keep flip-flopping on phones?!) • Cell simulators disrupt emergency services • Trump starting to learn about network bubbles • CA bill A.B.2192 - research access • CA bill S.B. 822 - net neutrality • NSA claims "technical irregularities" for lack of compliance

  9. Papers Army space operations manual https://publicintelligence.net/us-army-space-operations/ microkernal all the things https://threatpost.com/researchers-blame-monolithic-linux-code-base-for-critical-vulnerabilities/136785/

  10. WTF Meltdown Spectre was Overreaction? https://blog.vulcancyber.com/putting-meltdown-and-spectre-in-perspective-six-months-later something wicked this way comes https://risnews.com/amazon-alexa-and-microsoft-cortana-integration-debuts win 95 app https://www.hackread.com/you-can-now-run-windows-95-on-your-mac-linux-and-windows-10-devices/

  11. Tools back to school https://www.privacyrights.org/blog/protecting-your-personal-information-you-start-new-school-year https://www.eff.org/deeplinks/2018/08/back-school-essentials-security fbissfe surf challenge https://www.fbi.gov/news/stories/safe-online-surfing-open-spanish-available-090718 Tor on android https://threatpost.com/tor-brings-onion-browser-to-android-devices/137325/

  12. Past Cons BH/DC - IBM xforceicsvulns DC - RWHAT protocol (biomed) DC - Apple 0day (synth mouse) DC - HP fax (officejet) DC - election machines (11yr old) DC - Ceasers debacle BH / DC - wrapup

  13. Future Cons Threat Hunting & IR Summit 6-13 Sep – New Orleans ToorCon 10-16 Sep – San Diego Hacker Halted 13-14 Sep – Atlanta BlueHat v18 25-27 Sep – Redmond CactusCon 28-29 Sep – Mesa AZ DerbyCon 5-7 Oct – Louisville Future of Blockchain 10-13 Oct – Dallas LASCON 25-26 Oct – Austin Thunder Plains 1 Nov – OKC Root66 1 Nov – OKC BSidesDFW 3 Nov – Richland College

  14. DHA @Dallas_Hackers ( 1st Wednesday / Family Karaoke, Dallas ) TX2600 @dallas2600 ( 1st Fri / Wild Turkey 35&WalnutHill, Dallas ) The Lab.MS @TheLab_ms ( 2nd Saturday + random events / TheLab.ms, Plano ) ISSA Fort Worth @ISSAFortWorth ( 2nd Tuesday / location varies ) Hack Ft Worth @Hack_FtW ( 3rd-ish Tuesday / Buffalo West, Fort Worth) OWASP Dallas @OWASPDallas ( 3rd Tuesday / location varies ) Crypto Party DFW @CryptoPartyDFW ( 3rd Thursday / TheLab.ms, Plano ) North Texas Cyber Security Group @ntxcsg ( Last Thursday, Jakes, Frisco ) Dallas MakerSpace @dallasmakers ( Random events / Carrollton ) Pwn School Project ( 3rd Wed / Dallas | 4th Mon Denton ) 0-day All Day @0Dayallday ( 29 Sep / Quarterly / DFW ) Where

  15. All images scavenged without permission All images scavenged without permission

More Related