GNEWS PREVIOUSLY Patch Tuesday Mar 13 Patches 5
- Slides: 13
GNEWS PREVIOUSLY
Patch Tuesday • Mar – 13 Patches – 5 Critical – 40 CVEs • • • • MS 16 -023 - Cumulative Security Update for IE, Remote Code MS 16 -024 - Cumulative Security Update for Edge, Remote Code MS 16 -025 - Windows Library Loading, Remote Code MS 16 -026 - Graphic Fonts, Remote Code MS 16 -027 - Windows Media, Remote Code MS 16 -028 - Windows PDF Library, Remote Code MS 16 -029 - Microsoft Office, Remote Code MS 16 -030 - Windows OLE, Remote Code MS 16 -031 - Microsoft Windows, Privilege Escalation MS 16 -032 - Secondary Logon, Privilege Escalation MS 16 -033 - Windows USB Mass Storage Class Driver, Privilege Escalation MS 16 -034 - Windows Kernel-Mode Drivers, Privilege Escalation MS 16 -035 -. Net Framework, Security Bypass
Holes / Patches • Oracle • Glibc – Due in April • Adobe – APSB 16 -06 Digital Editions ( 1 CVE) – APSB 16 -09 Acrobat and Reader ( 3 CVE) • Apple • Palo Alto API, remote code • Linux Mint ISO Backdoor • OSX fake Flash Malware – Apple TV 7. 2. 1 ( 62 CVE) • Cisco – Cisco, ASA Web. VPN, XSS • VMWare – VMSA-2016 -0002. 1, glibc – CVE-2015 -2342, re-release • MS Advanced Protection
• Magneto POS "shoplift bug" • E-File Pins exposed • green energy just got real • loop your i. OS like its 1970 • Nissan Leaf API • PS logging • emet eats emet • Libotr vulnerability • Hack fingerprints with Ink. Jet • Tesla Firmware Hacking
• Verizon to kill cloud services • Verizon settles with FTC on user consent for UIDH headers • Google kilss Picasa - boost GPhotos • Honeywell and Palo Alto join SCADA forces • Instagram 2 FA • ubuntu goes ZFS • IBM buys Resilient Systems (and Schneier) • Apple iphone backdoor foo • Dell says Security stifles innovation Corp
• Kyle tx backs out od license plate reader deal • NY called out for stingray use • CA Data Breach Report • Imperva explains the EU NIS Directive • EFF explains the Apple V FBI Case • govt funded tor decloaking (shocker) • IRS disables breached PIN tools Govt
Bitcoin and Cryptocurrency Technologies https: //d 28 rh 4 a 8 wq 0 iu 5. cloudfront. net/bitcointech/readings/princeton_bitcoin_book. pdf Zero Days https: //variety. com/2016/film/reviews/zero-days-film-review-alex-gibney-1201707597/ IEEE wearables security DHS shows us how to share data (cause govt is so good at that) Papers https: //www. computer. org/cms/CYBSI/docs/Wear. Fit. pdf http: //www. healthcareinfosecurity. com/dhs-issues-guidance-on-how-to-share-cyberthreat-data-a-8877 https: //www. huntonprivacyblog. com/2016/02/18/department-of-homeland-security-issues-proceduresregarding-sharing-cybersecurity-information/ Passive Wi-Fi http: //passivewifi. cs. washington. edu/files/passive_wifi. pdf Various 2016 security reports Cisco, Mandiant, Imperva, HP
Go. Fund. Me site for defense fund takedown request Do we really need this? Automotive based commerce Visa IOT Dark. Reading redefines “Start-Up" Malware. Bytes, Tenable, most on list over 5 yrs old
www. mrlooquer. com IPv 6 recon / mapping / more Top 10 Opensource Tools for Win 10 http: //www. datamation. com/open-source/best-opensource-software-for-windows-10. html - Tools
Co ns • Can. Sec. West – Vancouver 16 -18 Mar • • B-Sides Austin - 31 -1 Mar-Apr Info. Sec Southwest – Austin 8 -10 Apr • • B-Sides OK – 09 Apr B-Sides Nashville – 16 Apr Thot. Con 0 x 7 – Chicago 5 -6 May B-Sides San Antonio 21 May • Circle City Con – Indianapolis 10 -12 Jun • SANS DFIR Summit – Austin 23 -30 Jun
DHA ( 1 st Wednesday / Family Karaoke, dallas ) TX 2600 ( 1 st Fri / Wild Turkey 35&Walnut. Hill, dallas ) The Lab. MS ( 2 nd Monday + random events / The. Lab. ms, plano ) OWASP Dallas ( 3 rd Tuesday / location varies ) Crypto Party ( 3 rd Thursday / Improving Enterprises, addison ) NAISG replacement is coming ( 4 th Thursday, Jakes, Frisco ) Dallas Maker. Space ( Random events / carrollton )
All images scavenged without permission
