PREVIOUS GNEWS Patch Tuesday Jun 17 Patches 6

Patch Tuesday • Jun – 17 Patches – 6 Critical – 36 CVEs •

Patch Tuesday • Jul – 11 Patches – 6 Critical – 40 CVEs •

Holes / Patches • Oracle – Due 19 Jul • Adobe – – –

• powershell Malware. . . it is not just theoretical • Godless android

• MS to buy Linkedin • MS to launch block chain as a

• Wendys breach bigger than thought (shocker) • Acer customer CC# breach •

• Air force investigations deleted (crashed) • IRS hacked again • 154 mil

Simplifying Io. T: Connecting, Commissioning, and Controlling with Near Field Communication (NFC) http: //nfc-forum.

Light. Cyber report finds attackers use legitimate tools. 2 nd Bit. Coin Halving WTF

CANSPY (at Black. Hat) Automotive Vuln Scanner TLS fingerprinting v 1. 0 Secuity. Tips

Fu tur Co e ns • SANS San Antonio – 18 -23 Jul •

DHA ( 1 st Wednesday / Family Karaoke, dallas ) TX 2600 ( 1

Slides: 15

Download presentation

PREVIOUS GNEWS

Patch Tuesday • Jun – 17 Patches – 6 Critical – 36 CVEs • • • • • MS 16 -063 - Cumulative Security Update for Internet Explorer MS 16 -068 - Cumulative Security Update for Microsoft Edge MS 16 -069 - Cumulative Security Update for JScript and VBScript MS 16 -070 - Microsoft Office MS 16 -071 - Microsoft Windows DNS Server MS 16 -072 - Group Policy MS 16 -073 - Windows Kernel-Mode Drivers MS 16 -074 - Microsoft Graphics Component MS 16 -075 - Windows SMB Server MS 16 -076 - Netlogon MS 16 -077 - WPAD MS 16 -078 - Windows Diagnostic Hub MS 16 -079 - Microsoft Exchange Server MS 16 -080 - Microsoft Windows PDF MS 16 -081 - Active Directory MS 16 -082 - Microsoft Windows Search Component MS 16 -083 - Adobe Flash Player

Patch Tuesday • Jul – 11 Patches – 6 Critical – 40 CVEs • • • MS 16 -084 - Cumulative Security Update for Internet Explorer MS 16 -085 - Cumulative Security Update for Microsoft Edge MS 16 -086 - Cumulative Security Update for JScript and VBScript MS 16 -087 - Security Update for Windows Print Spooler Components MS 16 -088 - Security Update for Microsoft Office MS 16 -089 - Security Update for Windows Secure Kernel Mode MS 16 -090 - Security Update for Windows Kernel-Mode Drivers MS 16 -091 - Security Update for. NET Framework MS 16 -092 - Security Update for Windows Kernel MS 16 -093 - Security Update for Adobe Flash Player MS 16 -094 - Security Update for Secure Boot • MS 16 -072 breaks AD GPO

Holes / Patches • Oracle – Due 19 Jul • Adobe – – – – – APSB 16 -18 Flash ( 36 CVE) APSB 16 -19 DNG SDK ( 1 CVE) APSB 16 -20 Brackets ( 2 CVE) APSB 16 -21 Creative Cloud Desktop Application ( 2 CVE) APSB 16 -22 Cloud. Fusion ( 1 CVE) APSB 16 -23 Air( 1 CVE) APSB 16 -24 XMP Toolkit for Java ( 1 CVE) APSB 16 -25 Flash ( 52 CVE) APSB 16 -26 Acrobat and Reader( 30 CVE) • Apple – Air. Port Base Station Firmware 7. 7. 6 / 7. 7. 7 ( 1 CVE) – IOS 10 App removal • VMWare – VMSA-2016 -0007 ( 1 CVE) – VMware NSX and v. CNS info disclosure – VMSA-2016 -0008 ( 2 CVE) – v. Realize Log Insight, XSS – VMSA-2016 -0009 ( 1 CVE) – v. Center Server, reflected XSS • Symantec – Packers and more • Lenovo Think. Pwn (+ gigabyte) – EUFI firmware vuln • PDF vulns Chrome and Foxit • Putty DLL hi-jacking

• powershell Malware. . . it is not just theoretical • Godless android malware • Malware via BITS • googleplay auto-rooting malware • IOT Camera botnet • Ransomware on o 365 • conficker is dead, long live conficker • Opensource 21 Bitcoin for machine payable web services • MS Free. BSD • Silent use by apps Hacking

• MS to buy Linkedin • MS to launch block chain as a service • Symantec to buy Blue. Coat • Symantec expands car system protection offerings • Ron Gula steps down (tenable CEO) • CASB - Cisco to buy Cloud. Lock • avast buys avg (now with twice the nag windows) • Fiat/Chrysler bug bounty program • Siemens says don't use their stuff. . (on soft networks) Corp

• Wendys breach bigger than thought (shocker) • Acer customer CC# breach • undisclosed hospital DB breached • Omni hotels breached • BMW vulnerable • Hard Rock Vegas breached • registrars are hard. . . tp-link losses update domain Corp

• Air force investigations deleted (crashed) • IRS hacked again • 154 mil voter data on unsecured couchdb • ERAD money seizures • Europe wants to pay per link • One step closer to FOIA reform • VA says computers don’t get the 4 th • NSA hacker talks • everyone uses 3 rd party email, Nato Gen. gmail hacked • silk road agent under glass for more theft • HIPAA bares its teeth • we're all going to jail… password sharing falls under CFAA • WEllness badness • NC bill for blockchain currencies • Fed Judge throws out Stingray evidence Govt

Simplifying Io. T: Connecting, Commissioning, and Controlling with Near Field Communication (NFC) http: //nfc-forum. org/wp-content/uploads/2016/06/NFC_Forum_Io. T_White_Paper_-v 05. pdf Sin Report – Legitimate Bitcoin gaining ground Papers http: //papers. ssrn. com/sol 3/papers. cfm? abstract_id=2808762

Light. Cyber report finds attackers use legitimate tools. 2 nd Bit. Coin Halving WTF

CANSPY (at Black. Hat) Automotive Vuln Scanner TLS fingerprinting v 1. 0 Secuity. Tips for Signal Vera. Crypt Trucrypt fork New anonymity scheme MIT onion network better than Tor Shard Leaked password checker Mr-Robot Mr. Robot themed "CTF" Tools

Fu tur Co e ns • SANS San Antonio – 18 -23 Jul • • Black. Hat – Vegas 30 Jul – 4 Aug • • BSides. LV – Vegas 2 -3 Aug Def. Con 24 – Vegas 4 – 7 Aug • • Hope 11 – NYC 22 -24 Jul SANS Dallas – 8 – 13 Aug OWASP CFP Open – DC 11 -14 Oct

DHA ( 1 st Wednesday / Family Karaoke, dallas ) TX 2600 ( 1 st Fri / Wild Turkey 35&Walnut. Hill, dallas ) The Lab. MS ( 2 nd Monday + random events / The. Lab. ms, plano ) OWASP Dallas ( 3 rd Tuesday / location varies ) Crypto Party ( 3 rd Thursday / Improving Enterprises, addison ) National Information Security and Assurance Group ( 4 th Thursday, Jakes, Frisco ) Dallas Maker. Space ( Random events / carrollton )

All images scavenged without permission