PREVIOUS GNEWS Patch Feb 1 Patches 1 Critical
PREVIOUS GNEWS
Patch • Feb – 1 Patches – 1 Critical – 13 CVEs • MS 17 -005 - Adobe Flash Player, Remote Code • Mar – ? Patches – ? Critical – ? CVEs Tuesday
Holes / Patches • Oracle • – Due in April VMWare – VMSA-2017 -0002 ( 1 CVE) • • Adobe – APSB 17 -04 Flash Player( 13 CVE) – APSB 17 -05 Digital Editions ( 9 CVE) – APSB 17 -06 Campaign ( 2 CVE) • • MS GDI Library (multi-vuln, gdi 32. dll) Nexpose Console (hardcoded java passphrase) Android – – Apple – Logic Proc X 10. 3. 1 ( 1 CVE) – Garage. Bande 10. 1. 6 ( 1 CVE) • • Horizon Daa. S, data validation 2017 -02 -01 ( 23 CVE) 2017 -02 -05 ( 35 CVE) 2017 -03 -01 ( 34 CVE) 2017 -03 -05 ( 71 CVE) Bind (DNS 64 & RPZ) Cisco Net. Flow (SCTP packet validation) • F 5 “Ticket. Bleed” • Cloudflare “Cloud. Bleed”
• Macs now with macro malware • Malicious iframes in Google Play • Dharma keys exposed • Io. T bug bounty • SHA 1 collision Hacking
• Linux 4. 10 • Uber CA • Cyber Threat Alliance • Bitcoin sets another all time high $1, 172. 09 • sophos buys invincea (anti-malware) • mozilla buys Pocket (to make open source) • Walmart buys moosejaw (outdoor outfitters) • palo buys lightcyber (behavioral) • square buys orderahead (online call-ahead) • okta acquires stormpath (identity api) • ca acquires veracode (app sec) Corp
• arbys popped • coachella popped • cloudpets, Bad Teddy • boeing employee breach • aptos popped Corp
• FCC zero rating investigation halted • FCC suspends ISPs data security rules • AZ/TN to enact CRA against privacy protection? • H. R 387 Email Privacy Act passed, now to the senate • OR to push for warrants for border searches • FBI guide on “spot the terrorist” • DHS drops new NCIRP (response plan) • MS transparency case (gags violates 1 st amendment) • MD to make ransomeware illegal • Let's legislate NIST metrics? • hack back? • DOJ dismisses Play. Pen case Govt
Random
PCI council MFA guidance https: //www. pcisecuritystandards. org/pdfs/PCI_SSC_Issues_Multi-Factor_Authentication_Guidance. pdf Expose all the things https: //www. trendmicro. com/vinfo/us/security/news/internet-of-things/us-cities-exposed-in-shodan https: //www. sans. org/reading-room/whitepapers/forensics/os-forensic-platform-37637 TOR Browser artifacts in win 10 https: //www. sans. org/reading-room/whitepapers/forensics/tor-browser-artifacts-windows-10 -37642 Papers OSX forensics
Dominos Wedding Registry Phone as ATM WTF
IMF ctf Netflix Stethoscope user device information Best of 2016 top 10 list E 2 EMail chrome extension for pgp Re. Break. Captcha bypass Hacker. One CE bug bounty platform Vault 7 leaked cia tool Tools
Fu tur Co e ns Can. Sec. West 15 -17 Mar Hou. Sec. Con 7. 0 23 Mar BSides OK 23 -24 Mar SANS Pen. Test Austin 27 Mar-01 Apr Women in Cybersecurity 31 Mar-01 Apr Info. Sec Southwest 07 -08 Apr BSides Nashville 22 Apr BSides Austin 4 -5 May Circle City Con Indy 9 -11 Jun
DHA @Dallas_Hackers ( 1 st Wednesday / Family Karaoke, Dallas ) TX 2600 @dallas 2600 ( 1 st Fri / Wild Turkey 35&Walnut. Hill, Dallas ) The Lab. MS @The. Lab_ms ( 2 nd Saturday + random events / The. Lab. ms, Plano ) ISSA Fort Worth @ISSAFort. Worth ( 2 nd Tuesday / location varies ) Fort Worth Crypto Party ( 2 nd Tuesday ? / The Maker Spot, N. Richland Hills ) Hack Ft Worth @Hack_Ft. W ( 3 rd-ish Tuesday / Buffalo West, Fort Worth) OWASP Dallas @OWASPDallas ( 3 rd Tuesday / location varies ) Crypto Party DFW @Crypto. Party. DFW ( 3 rd Thursday / The. Lab. ms, Plano ) North Texas Cyber Security Group @ntxcsg ( Last Thursday, Jakes, Frisco ) Dallas Maker. Space @dallasmakers ( Random events / Carrollton ) Lock Pick DFW @Lock. Pick. DFW ( Last Monday/ Sherlocks Arlington )
All images scavenged without permission
- Slides: 14