1 / 15

Previous Gnews

Previous Gnews. Do Not Poke It If It Is Not Yours Do Not Brag About Questionable Activity Do Not Hack The Venue Not Legal Advice Everything Is Theoretical Use At Your Own Risk Not Responsible For Damages Mileage May Vary Trust No One Verify Everything Do Your Own Research

kristinunez
Download Presentation

Previous Gnews

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Previous Gnews

  2. Do Not Poke It If It Is Not Yours Do Not Brag About Questionable Activity Do Not Hack The Venue Not Legal Advice Everything Is Theoretical Use At Your Own Risk Not Responsible For Damages Mileage May Vary Trust No One Verify Everything Do Your Own Research Create Your Own Opinion Communicate Share Learn Enjoy

  3. Patch Tuesday • Nov – 50 CVE / 22 KB Articles • Reports of 8 Critical • Adobe Flash Player • Internet Explorer • Microsoft Edge • Microsoft Windows • Microsoft Office and Microsoft Office Services and Web Apps • ChakraCore • .NET Framework • ASP.NET • Microsoft Exchange Server • Microsoft Visual Studio • Active exploitation - CVE-2018-8653 Scripting Engine Memory Corruption Vulnerability • IE 0-day out of band patch • DNS 0-day (no patch for 2008)

  4. Holes / Patches • VMWare • VMSA-2018-0031 ( 1 CVE ) • vRealize Operations, pe • Permissions with support scripts • Apple • iOS 12.1.2 ( 0 CVE ) • Intel • Multiple patches • PROset/Wireless Wi-Fi, pe ( 1 CVE ) • System Support Utility, pe ( 1 CVE ) • Software Guard Extensions, pe ( 2 CVE ) • SSD Data Center Tool • Oracle • Next release 15 Jan 2019 • Adobe • APSB19-01 Flash Player ( 0 CVE ) • APSB19-02 Acrobat/Reader, ce ( 2 CVE ) • APSB19-04 Digital Editions, id ( 1 CVE ) • APSB19-05 Connect, id ( 1 CVE ) • Cisco • Email Security Appliance, dos ( 1 CVE ) • s/mime decryption

  5. Hacking • Another UAC bypass module • Twitter phone number issue, DM access • SQLite vuln? • Shneider car charging stations • SMS 2FA bypassing, Amnesty International • Google Cloud for payload storage • yet another camera, Guardzilla • fake hand defeats biometrics • electrum wallets • usb-c now with authentication (digicert) • MacPaws CleanMyMac allows root • Skype android auth bypass

  6. Artic Wolf buys RootSecure • Tmobile to buy Sprint, antitrust pending • Cisco to buy Luxtera • Corel to buy Parrells • Boston Scientific buys Millipede • Thoma Bravo buys Veracode • Akamai buys Janrain • Sophos buys Avid Secure • San Diego Unified School District popped, 500K • Caribou coffee popped, 411 stores • BevMo! Popped, 14K • FB private photo flaw, 1500apps, 6.8mil • Brazilian Tax Data exposed, 120m Corp

  7. Nokia leaks creds (more elastic caches) • Abine Blur passwd mgr s3 bucket leaks 2.4m • BlankMediaGames leak 7.6m • LA Times gets malware • Grammerly bug bounty program • tumblr nudity filter flags its own examples of acceptable images • FB allowed megacorps to see private data • MS introduces sandboxes in win10 • MS Bali Corp

  8. Govt • Nintendo sues console modder • NASA server popped • click2gov still vulnerable, 2017 • Google gets dismissal in facial recognition suit • EU launches bug bounty • New Security rules for insurance companies in SC • HHS drops best practice guide • German politician data leaked

  9. Papers x

  10. WTF who says criminals have no morals

  11. Bitcoin Abuse Database https://www.bitcoinabuse.com/ FB account sec reminders https://nakedsecurity.sophos.com/2018/12/28/how-to-protect-your-facebook-account-a-walkthrough/ Twitter account sec reminders https://nakedsecurity.sophos.com/2018/12/29/how-to-secure-your-twitter-account/ Instagram account sec reminders https://nakedsecurity.sophos.com/2018/12/31/how-to-secure-your-instagram-account-using-2fa/ WhiteSource Bolt / SnykDeepshield https://bolt.whitesourcesoftware.com/github/ https://github.com/marketplace/sonatype-depshield uncaptcha2 https://github.com/ecthros/uncaptcha2/blob/master/queryAPI.py NSA GHIDRA (reversing) Yubi Key for Apple Tools

  12. Past Cons 35c3 35c3 - UEFI rootkits 35c3 FB tracking via android apps Kids Camps https://resources.infosecinstitute.com/the-best-cybersecurity-camps-for-kids/ KubeCon

  13. Future Cons North American Bitcoin Conference 16 Jan – Miami ShmooCon 18-20 Jan - DC BDYHAX 23-24 Feb – Austin HouSecCon 9019 Apr – Houston ThotCon 3-4 May - Chicago

  14. ISSA Fort Worth @ISSAFortWorth ( 2nd Tuesday / location varies ) Hack Ft Worth @Hack_FtW ( 3rd Tuesday / Bar Louie, Fort Worth) DHA @Dallas_Hackers ( 1st Wednesday / Family Karaoke, Dallas ) TX2600 @dallas2600 ( 1st Fri / Wild Turkey 35&WalnutHill, Dallas ) The Lab.MS @TheLab_ms ( 2nd Saturday + random events / TheLab.ms, Plano ) OWASP Dallas @OWASPDallas ( 3rd Tuesday / location varies ) Pwn School Project ( 3rd Wed / Dallas | 4th Mon Denton ) Crypto Party DFW @CryptoPartyDFW ( 3rd Thursday / TheLab.ms, Plano ) North Texas ISSA @ntxissa ( 3rd Thursday / Maggiano’s, Plano ) North Texas Cyber Security Group @ntxcsg ( Last Thursday, Jakes, Frisco ) Dallas MakerSpace @dallasmakers ( Random events / Carrollton ) 0-day All Day @0Dayallday ( Quarterly / GeniusDen, Dallas ) Where

  15. All images scavenged without permission All images scavenged without permission

More Related