PREVIOUS GNEWS Patch Tuesday Jun 9 Patches 5
- Slides: 14
PREVIOUS GNEWS
Patch Tuesday • Jun – 9 Patches – 5 Critical – 27 CVEs • • • MS 16 -095 - Cumulative Security Update for Internet Explorer, Remote Code MS 16 -096 - Cumulative Security Update for Microsoft Edge, Remote Code MS 16 -097 - Microsoft Graphics Component, Remote Code MS 16 -098 - Windows Kernel-Mode Drivers, Privilege Escalation MS 16 -099 - Microsoft Office, Remote Code MS 16 -100 - Secure Boot, Security Bypass MS 16 -101 - Windows Authentication Methods, Privilege Escalation MS 16 -102 - Windows PDF Library, Remote Code MS 16 -103 – Active. Sync. Provider, Info Disclosure
Holes / Patches • Oracle • VMWare – 276 fixes (new all time high) – VMSA-2016 -0010 ( 2 CVE) – DLL hijack in Windows VM Tools – HTTP Header Injection in v. Center and ESXi • Adobe – APSB 16 -27 Experience Manager ( 4 CVE) • Last. Pass 0 -Day • Apple – El Capitan 10. 11. 6 and Security update 2016 -004 ( 62 CVE) • – i. OS 9. 3. 3 ( 43 CVE) – watch. OS 2. 2. 2 ( 26 CVE) – tv. OS 9. 2. 2 ( 37 CVE) • – Safari 9. 1. 2 ( 12 CVE) – i. Tunes 12. 4. 2 for Win ( 15 CVE) • – i. Cloud for Win ( 15 CVE) • – i. OS 9. 3. 4 ( 1 CVE) – Thanks Tavis, 1 Password on-deck Ubuntu Forum – Password dump Bypass UAC with disckcleanup “New” Win 10 settings Free MS ebooks
• reg key for office based persistence • flaw in asn 1 protocol for mobile • NEW GSMA SMS auth method (based on phone number? !) • detecting hidden services • New ransomware decryption protal • more wireless input device sniffing • hacking OSRAM • paypal love • google drive love • malware and stego • spynote leaked • Unholy PAC https exploit • HEIST https semi side channel (blackhat) • Disable chip flag on mag stripe (blackhat) • Canbus on 18 wheelers (Usnix) Hacking
• bit 9 buys confer • unilever buys dollar shave club • Verizon buys Yahoo • oracle buys Net. Suite • wallmart courts jetblue • cici's pizza breach • shapeways hacked • well fargo mobile wallet • oculus backlog cleared • google drops oculus competitor • MS overseas data access Corp
• automotive best practices doc • google to opensource omnitone • yahoo forced to explain deletion • Google HSTS • Palo Mind. Meld threat intel sharing vm • kaspersky bug bounty • Apple bug bounty Corp
• password sharing NOT cfaa worthy • pelosi backs tpp opposition • more tsa master keys (hope) • NIST says no to sms 2 FA • obama response directive Govt
x Papers
Dell Quad Screen 43” Monitor China to lift ban on QR for payments WTF
Palo Alto CTF http: //www. labyrenth. com/ mudge to rate all software Bit. Cluster (hope) https: //www. bit-cluster. com/ Car Hacking Tools (hope) CANtact can-utils Chip. Whisper CANiverse (new) can definitions (think googledorks kinda) ICsim - github/zombiecraig github/linklayer github/opengarages Tools
Fu tur Co e ns • • • SANS Dallas – 8 – 13 Aug OWASP CFP Open – DC 11 -14 Oct IANS Chicago Information Security Forum – 13 -14 Sep • Corn. Con – Davenport Iowa 17 Sep • Saint. Con – Provo Utah 11 -14 Oct • Root 66 / Inno. Tech OKC - 1 Nov • BSides. DFW 2016 – 5 Nov
DHA ( 1 st Wednesday / Family Karaoke, dallas ) TX 2600 ( 1 st Fri / Wild Turkey 35&Walnut. Hill, dallas ) The Lab. MS ( 2 nd Monday + random events / The. Lab. ms, plano ) OWASP Dallas ( 3 rd Tuesday / location varies ) Crypto Party ( 3 rd Thursday / Improving Enterprises, addison ) North Texas Cyber Security Group ( 4 th Thursday, Jakes, Frisco ) Dallas Maker. Space ( Random events / carrollton ) Hack Ft. W ( 3 rd Thursday / ? ? West 7 th ? ? )
All images scavenged without permission