Previous Gnews Patch Tuesday Aug 60 CVE 46

Previous Gnews

Patch Tuesday Aug – 60 CVE / 46 KB Articles • • • Reports of 21 Critical Internet Explorer Microsoft Edge Microsoft Windows Microsoft Office and Microsoft Office Services and Web Apps Chakra. Core Adobe Flash Player. NET Framework Microsoft Exchange Server Microsoft SQL Server Visual Studio

Patch Tuesday Sep – 62 CVE / 32 KB Articles • Reports of 18 Critical • • • Internet Explorer Microsoft Edge Microsoft Windows Microsoft Office and Microsoft Office Services and Web Apps Chakra. Core Adobe Flash Player. NET Framework Microsoft. Data. OData ASP. NET • Cortana Web Browsering • Tldr, lock screen links are bad, saved cached credential are bad • ADFS auth bypass • Privelege escalation in Task. Scheduler via ALPC • Price increases for Win 7 extended support

Holes / Patches • Oracle • – Aug: v. Sphere, Workstation, Fusion, Content Locker – VMSA-2018 -0023 ( 2 CVE ) – Due out in Oct • Adobe – Aug: Creative Cloud Desktop, Experience Manager, Flash Player – APSB 18 -28 Photoshop CC, rce ( 2 CVE ) – APSB 18 -31 Flash Player, pe ( 1 CVE ) – APSB 18 -32 Creative Cloud Desktop, pe( 1 CVE ) – APSB 18 -33 Cold. Fusion, rce/pe/id ( 9 CVE ) • • Airmail 3 – File disclosure via URLs Air. Watch Agent and Content Locker Chrome Blink Engine – Inject video and audio tags to collect information on FB users • RHEL Segment. Smack – Random offsets in IP fragments and TCP segments can cause Do. S Apple – mac. OS High Sierra 10. 13. 6 Suplemental Update 2 ( 0 CVE ) VMWare • Proton. VPN/Nord. VPN – Privilege escaltion

• bitcoin atm malware • IKEv 1 handshake bug (cisco/Huawei/Clavister) • Android side channel attack (openssl) • AT all the androids • CVE-2018 -5002 payload breakdown • open. git directories are bad • Wana. Cry linked to NK, for reals • Tesla keyfob in 2 seconds Hacking

• • • Sales force marketing api leaks data FB error tracker may have leaked data snapchat source code leaked • Go. Daddy S 3 bucket • • • The. Thruth. Spy popped Air Canada popped British Airways popped Family Orbit popped Cheddars popped TMobile popped • augusta university health breach 417 K • AT&T sim jacking • google location tracking • google MC deal Corp

• amazon theaters? ? • • Panera Bread buys Zoe’s Kitchen Pepsico buys Sodastream Equifax buys ID Watchdog KPMG buys Cyberinc • Kroger tests self driving delivery • Toyota 500 mil investment in Uber driverless • ES&S - trust the black box (voting machines) Corp

• MLP pedo • invisible institute relaunch police database (chicago) • School directory Opt-out • Smart meters covered by 4 th amendment (but we keep flip-flopping on phones? !) • Cell simulators disrupt emergency services • Trump starting to learn about network bubbles • CA bill A. B. 2192 - research access • CA bill S. B. 822 - net neutrality • NSA claims "technical irregularities" for lack of compliance Govt

Papers Army space operations manual https: //publicintelligence. net/us-army-space-operations/ microkernal all the things https: //threatpost. com/researchers-blame-monolithic-linux-code-base-for-criticalvulnerabilities/136785/

WT F Meltdown Spectre was Overreaction? https: //blog. vulcancyber. com/putting-meltdown-and-spectre-in-perspective-six-monthslater something wicked this way comes https: //risnews. com/amazon-alexa-and-microsoft-cortana-integration-debuts win 95 app https: //www. hackread. com/you-can-now-run-windows-95 -on-your-mac-linux-andwindows-10 -devices/

s l o o T back to school https: //www. privacyrights. org/blog/protecting-your-personal-information-you-start-new-school-year https: //www. eff. org/deeplinks/2018/08/back-school-essentials-security fbi ssfe surf challenge https: //www. fbi. gov/news/stories/safe-online-surfing-open-spanish-available-090718 Tor on android https: //threatpost. com/tor-brings-onion-browser-to-android-devices/137325/

t s a P ns o C BH/DC - IBM xforce ics vulns DC - RWHAT protocol (biomed) DC - Apple 0 day (synth mouse) DC - HP fax (officejet) DC - election machines (11 yr old) DC - Ceasers debacle BH / DC - wrapup

Fu tur Co e ns Threat Hunting & IR Summit 6 -13 Sep – New Orleans Toor. Con 10 -16 Sep – San Diego Hacker Halted 13 -14 Sep – Atlanta Blue. Hat v 18 25 -27 Sep – Redmond Cactus. Con 28 -29 Sep – Mesa AZ Derby. Con 5 -7 Oct – Louisville Future of Blockchain 10 -13 Oct – Dallas LASCON 25 -26 Oct – Austin Thunder Plains 1 Nov – OKC Root 66 1 Nov – OKC BSides. DFW 3 Nov – Richland College

DHA @Dallas_Hackers ( 1 st Wednesday / Family Karaoke, Dallas ) TX 2600 @dallas 2600 ( 1 st Fri / Wild Turkey 35&Walnut. Hill, Dallas ) The Lab. MS @The. Lab_ms ( 2 nd Saturday + random events / The. Lab. ms, Plano ) ISSA Fort Worth @ISSAFort. Worth ( 2 nd Tuesday / location varies ) Hack Ft Worth @Hack_Ft. W ( 3 rd-ish Tuesday / Buffalo West, Fort Worth) OWASP Dallas @OWASPDallas ( 3 rd Tuesday / location varies ) Crypto Party DFW @Crypto. Party. DFW ( 3 rd Thursday / The. Lab. ms, Plano ) North Texas Cyber Security Group @ntxcsg ( Last Thursday, Jakes, Frisco ) Dallas Maker. Space @dallasmakers ( Random events / Carrollton ) Where Pwn School Project ( 3 rd Wed / Dallas | 4 th Mon Denton ) 0 -day All Day @0 Dayallday ( 29 Sep / Quarterly / DFW )

All images scavenged without permission