PREVIOUS GNEWS Patch Tuesday Mar 18 Patches 9

PREVIOUS GNEWS

Patch Tuesday • Mar – 18 Patches – 9 Critical – 134 CVEs • • • • • MS 17 -006 - Cumulative Security Update for Internet Explorer, Remote Code MS 17 -007 - Cumulative Security Update for Microsoft Edge, Remote Code MS 17 -008 - Windows Hyper-V, Remote Code MS 17 -009 - Microsoft Windows PDF Library, Remote Code MS 17 -010 - Microsoft Windows SMB Server, Remote Code MS 17 -011 - Microsoft Uniscribe, Remote Code MS 17 -012 - Microsoft Windows, Remote Code MS 17 -013 - Microsoft Graphics Component, Remote Code MS 17 -014 - Microsoft Office, Remote Code MS 17 -015 - Microsoft Exchange Server, Remote Code MS 17 -016 - Windows IIS, Remote Code MS 17 -017 - Windows Kernel, Privilege Escalation MS 17 -018 - Windows Kernel-Mode Drivers, Privilege Escalation MS 17 -019 - Active Directory Federation Services, Info Disclosure MS 17 -020 - Windows DVD Maker, Info Disclosure MS 17 -021 - Windows Direct. Show, Info Disclosure MS 17 -022 - Microsoft XML Core Services, Info Disclosure MS 17 -023 - Adobe Flash Player, Remote Code

Patch • Apr – x Patches – x Critical – 11 CVEs • • • Remote Code – Windows 10, Server 2016 Remote Code – IE, Edge Remote Code –. NET Framework Remote Code – Office Info Disclosure – Silverlight Info Disclosure – Visual Studio for Mac Tuesday

Holes / Patches • Oracle • – Due 18 Apr 2017 VMWare – VMSA-2017 -0003 ( 3 CVE) • • Adobe – – – – • APSB 17 -07 Flash Player ( 7 CVE) APSB 17 -08 Shockwave Player ( 1 CVE) APSB 17 -09 Campaign ( 1 CVE) APSB 17 -10 Flash Player ( 7 CVE) APSB 17 -11 Acrobat and Reader ( 47 CVE) • APSB 17 -12 Photoshop CC ( 2 CVE) APSB 17 -13 Creative Cloud Desktop ( 2 CVE) Android – 2017 -04 -01 ( 23 CVE) – 2017 -02 -05 ( 77 CVE) workstation – VMSA-2017 -0004. 6 ( 1 CVE) • Apache struts – VMSA-2017 -0005 ( 1 CVE) • Workstation/fusion memory access – VMSA-2017 -0006 ( 4 CVE) • Esxi, workstation, fusion Apple – – – – – i. Tunes 12. 6 ( 22 CVE) Pages, Numbers, Keynote ( 1 CVE) Safari 10. 1 ( 44 CVE) Security Update 2017 -001 ( 129 CVE) i. OS 10. 3/10. 3. 1 ( 89/1 CVE) Watch. OS 3. 2 ( 36 CVE) tv. OS 10. 2 ( 61 CVE) Mac. OS Server 5. 3 ( 3 CVE) i. Cloud for Windows 6. 2 ( 5 CVE) Music for Android 2. 0 ( 1 CVE)

Holes / Patches • Last. Pass Vulns • Cisco ios telnet • Another UAC bypass • iis 0 -day • EMET is not dead yet

• Win. Mac malware • extorting apple, pay hackers or wipe iphones? • Switch hack • bigger better faster usbkill • hijacking with local admin • Ubiquiti Networks • domain fronting via tor • Twitter Counter bug • dimnie targets github users Hacking

• hangouts wihtout sms? • Intell Security (mcafee) vault 7 scanner • payment processors playing role of censor • godaddy buys sucuri • IBM launches commercial blockchain • Intel Optane SSD / Micron to compete • PCI assessor certification • instagram goes mfa • Lowes augmented reality • apple gpu Corp

• Galaxy S 8 face for payments • Magneto still having issues • Home Depot settles for 25 million • We-Vibe settles for 3. 7 million • wishbone popped • Gamestop popped Corp

• Damn millennials • Air Force drive exposed to net • GDPR • No device larger than a cell phone • • Senate votes in favor of content providers Verizon for the win Porn goes end to end encrypted EFF guidance • Twitter not cooperating with border searches • Dallas Emergency system Govt

Rand 0 -day report http: //www. rand. org/pubs/research_reports/RR 1751. html poor demarc adoption https: //www. huntonprivacyblog. com/2017/03/14/ftc-study-recommends-wider-implementation-dmarc-combat-phishingattacks/ Part 1 https: //access. redhat. com/blogs/766093/posts/2975791 Part 2 https: //access. redhat. com/blogs/766093/posts/2978671 Papers Changes in TLS 1. 3

bad dad = 1 G fine MS to tie OS to chip Kaby/Ryzen + 7/8 x = null Got SME? S. 536 = disclosure and justification of security experience DRM as web standard Apple app rejects Metadata 12 x lick it – O-Cast record and share cunning moves dildo cam hacked WTF

Raytheon competition CCDC Tools

st a P ons C Can. Sec. West 15 -17 Mar Hou. Sec. Con 7. 0 23 Mar BSides OK 23 -24 Mar SANS Pen. Test Austin 27 Mar-01 Apr Women in Cybersecurity 31 Mar-01 Apr Info. Sec Southwest 07 -08 Apr

Fu tur Co e ns BSides Nashville 22 Apr BSides Austin 4 -5 May Thotcon Chicago 4 -5 May Hack. Miami 19 -21 May Nola. Con 19 -21 May Circle City Con Indy 9 -11 Jun ANYCon Albany 16 -18 Jun Black. Hat 22 -27 Jul BSides. LV 25 -26 Jul Def. Con 27 -30 Jul

DHA @Dallas_Hackers ( 1 st Wednesday / Family Karaoke, Dallas ) TX 2600 @dallas 2600 ( 1 st Fri / Wild Turkey 35&Walnut. Hill, Dallas ) The Lab. MS @The. Lab_ms ( 2 nd Saturday + random events / The. Lab. ms, Plano ) ISSA Fort Worth @ISSAFort. Worth ( 2 nd Tuesday / location varies ) Fort Worth Crypto Party ( 2 nd Tuesday ? / The Maker Spot, N. Richland Hills ) Hack Ft Worth @Hack_Ft. W ( 3 rd-ish Tuesday / Buffalo West, Fort Worth) OWASP Dallas @OWASPDallas ( 3 rd Tuesday / location varies ) Crypto Party DFW @Crypto. Party. DFW ( 3 rd Thursday / The. Lab. ms, Plano ) North Texas Cyber Security Group @ntxcsg ( Last Thursday, Jakes, Frisco ) Where Dallas Maker. Space @dallasmakers ( Random events / Carrollton ) Lock Pick DFW @Lock. Pick. DFW ( Last Monday/ Sherlocks Arlington )

All images scavenged without permission