130 likes | 137 Views
GNEWS. PREVIOUS. Patch Tuesday. Mar – 16 Patches – 8 Critical – 33 CVEs MS16-051 - Cumulative Security Update for IE, Remote Code MS16-052 - Cumulative Security Update for Microsoft Edge , Remote Code
E N D
GNEWS PREVIOUS
Patch Tuesday • Mar – 16 Patches – 8 Critical – 33 CVEs • MS16-051 - Cumulative Security Update for IE, Remote Code • MS16-052- Cumulative Security Update for Microsoft Edge , Remote Code • MS16-053- Cumulative Security Update JScript and VBScript , Remote Code • MS16-054- Microsoft Office, Remote Code • MS16-055- Microsoft Graphics Component , Remote Code • MS16-056 - Windows Journal, Remote Code • MS16-057 - Windows Shell, Remote Code • MS16-058- Windows IIS, Remote Code • MS16-059 - Windows Media Center, Remote Code • MS16-060 - Windows Kernel, Privilege Escalation • MS16-061 - Microsoft RPC, Privilege Escalation • MS16-062 - Windows Kernel-Mode Drivers, Privilege Escalation • MS16-064- Adobe Flash Player, Remote Code • MS16-065- .Net Framework, Info Leak • MS16-066 - Virtual Secure Mode, Security Bypass • MS16-067 - Volume Manager Driver, Info Leak
Holes / Patches • VMWare • VMSA-2016-0004 ( 1 CVE) • Client Integration Plugin • Jboss • 3.2 mil web sites • Cisco Patch for DoS in WLC and ASA • Win10 App Whitelist Bypass in Regsvr32.exe & COM • Oracle • 136 fixes • Adobe • APSA16-02 Flash Player ( 1 CVE) • APSB16-13 Analytics ( 1 CVE) • APSB16-14 Acrobat and Reader ( 02 CVE) • APSB16-16 ColdFusion ( 3 CVE) • Apple • Xcode 7.3.1 ( 2 CVE)
Hacking • ARS Router • MIT hacking AI detects 85% • mousejack range increase • MIT bounty program • slack tokens in github
Intel on chip FPGA • Apple to rebrand OSX to MacOS • Apple Transparency report • 2016 DBIR • PCI 3.2 Released Corp
EU adopts GDPR • MS claims US abusing secret warrants • FTC Mobile Health App tool • all your searches are belong to US • Supreme Court change to Rule 41 of Federal Rule of Criminal Procedure Govt
DHS tech report https://www.dhs.gov/sites/default/files/publications/CSD%20TTP%20FY16%20Tech%20Guide.pdf threat intell planning https://www.sans.org/reading-room/whitepapers/threats/threat-intelligence-planning-direction-36857 log analysis https://www.sans.org/reading-room/whitepapers/logging/boiling-ocean-security-operations-log-analysis-36867 securing Jenkins https://www.sans.org/reading-room/whitepapers/bestprac/securing-jenkins-ci-systems-36872 Papers
BRAND IS IRRELEVENT Rand Corp survey shows 11% unlikely to patron post breach nightworkgames.com (creator of Doom returns)
x Tools
Future Cons • B-Sides - San Antonio 21 May • Circle City Con – Indianapolis 10-12 Jun • SANS DFIR Summit – Austin 23-30 Jun • SANS San Antonio – 18-23 Jul • Hope 11 – NYC 22-24 Jul • BlackHat – Vegas 30 Jul – 4 Aug • BSidesLV – Vegas 2-3 Aug • DefCon 24 – Vegas 4 – 7 Aug • SANS Dallas – 8 – 13 Aug • OWASP CFP Open – DC 11-14 Oct
DHA ( 1st Wednesday / Family Karaoke, dallas) TX2600 ( 1st Fri / Wild Turkey 35&WalnutHill, dallas ) The Lab.MS ( 2ndMonday + random events / TheLab.ms, plano) OWASP Dallas ( 3rdTuesday / location varies ) Crypto Party ( 3rd Thursday / Improving Enterprises, addison) National Information Security and Assurance Group ( 4th Thursday, Jakes, Frisco ) Dallas MakerSpace ( Random events / carrollton)
All images scavenged without permission All images scavenged without permission