PREVIOUS GNEWS Patch Tuesday Jun 2017 21 vulnerabilities
PREVIOUS GNEWS
Patch Tuesday Jun 2017 – 21 vulnerabilities with 248 unique downloads • • • Internet Explorer / Microsoft Edge / Remote Code Microsoft Windows / Remote Code Microsoft Office and Microsoft Office Services and Web Apps / Remote Code. NET Framework / Do. S Adobe Flash Player / Remote Code Microsoft Exchange Server / Privilege Escalation
Holes / Patches • Oracle • – Due 18 Jul 2017 • Adobe – APSB 17 -21 Flash Player ( 3 CVE) – APSB 17 -22 Connect ( 3 CVE) • Android – 2017 -06 -01 ( 21 CVE) – 2017 -06 -05 ( 80 CVE) VMWare – None (as of 11 Jul) • Apple – None (as of 11 Jul)
Holes / Patches • *nix stackclash (mem corruption) • Avaya Aura (HTTP header injection) • TP-Link fixes EOL devices • openvpn patch (double-free memleak / proxy NTLMv 2) • skylake chip update (hyper threading enabled) • azure AD privilege escalation • Siemans patches AMT • Gnu. PG libgcrypt Side-Channel attack
Hacking • 2 new ransomware decrypters (Jaff / Encryp. Tile) • Not. Petya ransomeware/wiper • Ghosthook, Win 10 patchguard evasion • windfarm turbines • OG petya ransomware key dropped
• amazon to buy whole foods • apple acquires Senso. Motoric • Staples merges with Sycamore Partners • MS extends edge bug bounty • gemalto patent for secure blockchain • google anti-trust fine • battery settlement • cisco emcrypted malware identification • New mastercard apis • virgin media super hub 2 routers • Honda japan plant halts, wanacry Corp
• buckle popped • cashcrate popped • ethereum popped • bithumb popped • sabre popped • WWE popped • Avanti Markets kiosk popped Corp
• Wikileaks CIA cherryblossom • republican data • German report on automated cars • German Doma? • pakistan FB deathpenalty • mandatory IOT labeling? ? ? • NZ airport passwords • • Kaspersky Source Code review granted • recordong popo is 1 st amendment Govt
canbus hacking https: //www. sans. org/reading-room/whitepapers/awareness/hacking-bus-basic-manipulation-modern-automobile%20 through-bus-reverse-engineering-37825 NIST digital ID guidelines http: //nvlpubs. nist. gov/nistpubs/Special. Publications/NIST. SP. 800 -63 -3. pdf https: //www. copyright. gov/policy/1201/section-1201 -full-report. pdf intelligence best practice guide https: //info. publicintelligence. net/NCSC-Countering. Foreign. Intelligence. pdf Cisco Detecting Encrypted Malware Traffic https: //blogs. cisco. com/security/detecting-encrypted-malware-traffic-without-decryption Papers Copyright office study of DMCA Sec 1201
Banksy is lead singer of massive attack Strawberrynet optional password security self destruct pc W 3 C DRM Standard WTF
Trend Micro OSINT Challange let's encrypt gets wildcard ZEUS AWS hardening tool Tools
Fu tur Co e ns Black. Hat 22 -27 Jul BSides. LV 25 -26 Jul Def. Con 27 -30 Jul SANS San Antonio 6 -11 Aug Toor. Con San Diego 28 Aug – 3 Sep Derby. Con 20 -24 Sep Rock Stars of Cybersecurity Technologies 26 Sep Cactus. Con 29 -30 Sep
DHA @Dallas_Hackers ( 1 st Wednesday / Family Karaoke, Dallas ) TX 2600 @dallas 2600 ( 1 st Fri / Wild Turkey 35&Walnut. Hill, Dallas ) The Lab. MS @The. Lab_ms ( 2 nd Saturday + random events / The. Lab. ms, Plano ) ISSA Fort Worth @ISSAFort. Worth ( 2 nd Tuesday / location varies ) ? ? Fort Worth Crypto Party ? ? ( 2 nd Tuesday ? / The Maker Spot, N. Richland Hills ) Hack Ft Worth @Hack_Ft. W ( 3 rd-ish Tuesday / Buffalo West, Fort Worth) OWASP Dallas @OWASPDallas ( 3 rd Tuesday / location varies ) Crypto Party DFW @Crypto. Party. DFW ( 3 rd Thursday / The. Lab. ms, Plano ) North Texas Cyber Security Group @ntxcsg ( Last Thursday, Jakes, Frisco ) Where Dallas Maker. Space @dallasmakers ( Random events / Carrollton )
All images scavenged without permission
- Slides: 14