1 / 19

Previous Gnews

Stay informed about the latest Patch Tuesday updates, vulnerabilities, and security news. This comprehensive list includes critical CVEs, software patches, and reported exploits. Language is in English.

moors
Download Presentation

Previous Gnews

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Previous Gnews

  2. Do Not Poke It If It Is Not Yours Do Not Brag About Questionable Activity Do Not Hack The Venue Not Legal Advice Everything Is Theoretical Use At Your Own Risk Not Responsible For Damages Mileage May Vary Trust No One Verify Everything Do Your Own Research Create Your Own Opinion Communicate Share Learn Enjoy

  3. Patch Tuesday • May –79 CVE / 48 KB Articles • Reports of 23 Critical, 1 actively exploited • Adobe Flash Player • Microsoft Windows • Internet Explorer • Microsoft Edge • Microsoft Office and Microsoft Office Services and Web Apps • Team Foundation Server • Visual Studio • Azure DevOps Server • SQL Server • .NET Framework • .NET Core • ASP.NET Core • ChakraCore • Online Services • Azure • NuGet • Skype for Android

  4. Patch Tuesday • June –88 CVE / 33 KB Articles • Reports of 21 Critical, 0 actively exploited • Adobe Flash Player • Microsoft Windows • Internet Explorer • Microsoft Edge • Microsoft Office and Microsoft Office Services and Web Apps • ChakraCore • Skype for Business and Microsoft Lync • Microsoft Exchange Server • Azure • MS symcrypt bug (patch in Jul)

  5. Holes / Patches • VMWare • VMSA-2019-0009 ( 2CVE ) VM Tools & Workstation, out of bounds / use after free • Apple • iOS 12.3.1 ( 0 CVE ) • iCloud (win) 7.12 ( 25 CVE ) • iTunes (win) 12.9.5 ( 25 CVE ) • Airport Base Station 7.9.1 ( 8 CVE ) • iOS 12.3.2 ( 0 CVE ) • MacOS Synthetic Click 0-day • Mozilla • FireFox 67, 11 high impact • Microsoft • RDP (bluekeep) • RDP Lock Screen Bypass (feature) • Win 10 0-day (LPE) • Win 10 1903 Managed Update issues (sccm update) • Oracle • Due 16 Jul2019 • oracle weblogic 0-day • Adobe • APSB19-27 ColdFusion, ce( 3 CVE ) • APSB19-28 Adobe Campaign, ce( 7 CVE ) • APSB19-29 Adobe Media Encoder, ce( 2 CVE ) • APSB19-30 Adobe Flash Player, ce( 1 CVE ) • Cisco • Secure Boot Bypass • Linux • rds_tcp_kill_sock in net/rds/tcp.c • use after free

  6. Holes / Patches • WhatsApp vuln • Intel is dead, long live Intel • wacom update halper vuln • linksys data leak • Slack file hijacking • sqlite3 use after free • Docker FollowSymlinkInScope vuln allows access to Host • Nvidia GeForce Experinece vulns • exim bug • vim bug • Amcrest cam bugs

  7. Nefarious?! Plane landing system on $600 AI can animate static photos Researchers can ID manipulated images Tavis finds code execution in Notepad Mac GateKeeper bypass IA used to dox porn acctresses GrandCrab gang announces shutdown near sleath evasion of MFA with Muraena and NecroBrowesr Maritime hacking gets its own CTF at DefCon MageCart skimmers on Cloudfront CDN look someone left a passwd db online TapNGhost android NFC attack RamBleed

  8. HPE to buy Cray KnowBe4 buys CLTRe Global Payments to buy Total System Services FireEye buys Verodin Palo ALto Networks buys TwistLock and PureSec Insight Partners buys Recorded Future Infineon Technologies buys Cypress Semiconductor Imperva buys Distil Networks Sophos buys Rook Security Turtle Beach buys Roccat Accenture buys Bridge Energy Group Wipro to buy ITI Amazon considers Boost? Google buys Looker Salesforce buys tableau United Technologies buys Raytheon Apollo buys Shutterfly Elastic buys Endgame Cisco buys Sentryo Entrust Datacard buys nCipher Captec buys Aleutia Troy Hunt auctions HIBP Corp I (buy/sell)

  9. xbox 2 ? Elastic adds security to free version PCI updates Assessor Qualifications Trail of Bits offers reverse engineering training Windows Defender Application Guard extensions for Chrome and Firefox RedHat 3scale code now opensource GitHub new security features Uber to deactivate low rating users ILCoin C2P certified for quantum resistence Alexa gets delete function Consumer Blackberry Messenger shutsdown Powershell 7 preview Apple kills iTunes Apple makes zsh the default shell BlueStacks Inside brings mobile games to steam Boston Dynamics to Launch commercial bot Corp II (the good…)

  10. Google recalls Titan BlueTooth Stackoverflow popped flipboard popped People Inc. popped Emuparadise popped HCL HR portal leaks data xsmsp breaches TrendMicro / Symantec / McAfee ?? Boost mobile popped Perceptics popped TalkTalk popped, no notice sent Quest Diagnostics popped Pizza Hut hut rewards popped RadioHead popped, gives away tracks Checkers and Rallys get PoS malware First American Financial Corp. leaks pretty much everything Chtrbox leaves AWS db open, exposes influencers Freedom Mobile (candian) bad eslastic "chinese" elastic server leaks data from multiple dating apps Prymid Hotel Group IDS leaks data JCrush leaky unencrypted DB GA Tech Prof sues uber/lyft for patent infringement Corp III (the bad…)

  11. Govt TX Senate pass HB1387 (School Marshalls) TX grid protection bill Northrup Grumman, Biometrics, and DHS CA congressman suggests banning cryptocurrency EFF NSL Transparency lawsuit win Senator Wyden PAVE Act calls for return to paper ballots Congressman Thomson Election Security Act calls for return to paper ballots Washington Updates breach law New Jersey Updates breach law NY to pass new data breach law (SHIELD) Wisconsin called out for weak breach laws Maine bill to prevent sale of data Georgia says no obligation to protect personal data FCC plan for Robocallers ?? Carriers, now with Robo blocking power executive order bans foriegn tech Google bans huawei Senators request drone "tail numbers"

  12. Govt II Riskiest states Trump's golf cred hacked (hope he doesn't share passwds) DHS claims china made drones are siphoning your datas Google blocks Baltimore US visa wants your social media FTC targets mega tech in antirust dragnet Bucks County PA fine 68m for not caring about privacy Otherside: China reported had NSA tools prior to leak Germany to ban encryption?? Thailand gets data protection law Proton Mail denies helping Swiss LEO Russia forces tinder to share data India proposes their own crypto currency ban

  13. Coin Center Report https://coincenter.org/entry/e-cash-dex-constitution Shocker, add trackers bring little revenue to publishers https://weis2019.econinfosec.org/wp-content/uploads/sites/6/2019/05/WEIS_2019_paper_38.pdf Papers

  14. WTF IBM adjusts mainframe pricelist Google tracking DIY airpods HitRecord https://hitrecord.org/ Shocker, tiwtter makes you dumber pogo sticks to replace escooters

  15. DSSuite, A Docker Dider tools compilation https://isc.sans.edu/diary/rss/24926 2019 blackhat arsenal http://www.toolswatch.org/2019/05/amazing-black-hat-arsenal-usa-2019-lineup-announced/ NodeJsScan https://securityboulevard.com/2019/05/how-to-use-nodejsscan-for-sast-step-by-step-guide/ AWS secrets manager in .NET https://aws.amazon.com/blogs/security/how-to-use-aws-secrets-manager-client-side-caching-in-dotnet/ best adware remover? https://gbhackers.com/best-adware-removal-tool/amp/ best vpns for android? https://www.hackread.com/best-vpn-apps-for-android-2019/ Tools

  16. “bug bounties are the dumbest thing ever!” Pwning Web Apps – An Intro to Web App Pen Testing Phillip Wylie Convergence: An Analytical Deep Dive into Foreign Intelligence Activity in US Based Critical Infrastructure David Evenden Starting A Cybersecurity Career: Which role should you pursue? Roxy Dee Game Theory For Hackers Lindsay Von Tish #1LinuxThingADay: Everyday Linux Use Cases Roxy Dee Confessions of a Recovering Linux Admin Ell Marquez & Allie Barnes Breaking and Entering with SDR: Hacking Physical Access Control Systems and Garage Door Openers, or How I Beat Up Wiegand Over VHF/UHF Time Shelton Past Cons

  17. Future Cons BSidesLV 6 Aug – Las Vegas DefCon 8 Aug – Las Vegas DerbyCon 6 Sep – Louisville RH-ISAC 24-25 Sep – Denver ISSA in Dallas 1-2 Oct CFP - https://app.jiffyevents.com/s/f1kd1d161b8 GrrCon 24-25 Oct – Grand Rapids CISO recommendations https://www.csoonline.com/article/3155500/the-cso-guide-to-top-security-conferences.html#tk.rss_all

  18. ISSA Fort Worth @ISSAFortWorth ( 2nd Tuesday / location varies ) Hack Ft Worth @Hack_FtW ( 3rd Tuesday / Barrel & Bones, Fort Worth) DHA @Dallas_Hackers ( 1st Wednesday / Family Karaoke, Dallas ) TX2600 @dallas2600 ( 1st Fri / Wild Turkey 35&WalnutHill, Dallas ) The Lab.MS @TheLab_ms ( 2nd Saturday + random events / TheLab.ms, Plano ) OWASP Dallas @OWASPDallas ( 3rd Tuesday / location varies ) Pwn School Project ( 3rd Wed / Dallas | 4th Mon Denton ) Crypto Party DFW @CryptoPartyDFW ( 3rd Thursday / TheLab.ms, Plano ) North Texas ISSA @ntxissa ( 3rd Thursday / Maggiano’s, Plano ) North Texas Cyber Security Group @ntxcsg ( Last Thursday, Jakes, Frisco ) Dallas MakerSpace @dallasmakers ( Random events / Carrollton ) 0-day All Day @0Dayallday ( Quarterly / GeniusDen, Dallas ) Where

  19. All images scavenged without permission All images scavenged without permission

More Related