Previous Gnews Patch Tuesday May 69 CVE 67
- Slides: 11
Previous Gnews
Patch Tuesday May – 69 CVE / 67 KB Articles with 1276 unique downloads • • • Reports of 16 Critical / 56 fixes Internet Explorer Microsoft Edge Microsoft Windows Microsoft Office and Microsoft Office Services and Web Apps Chakra. Core Adobe Flash Player. NET Framework Microsoft Exchange Server Windows Host Compute Service Shim • Double. Kill IE 0 -day? ? • Force Win 10 April Update • Win 10 GPO Trickery
Holes / Patches • Oracle – – – • 254 fixes Meltdown/Spectre (3 CVE ) Java (14 CVE ) My. SQL (33 CVE ) Sun (14 CVE ) • – VMSA-2018 -0009 ( 2 CVE ) • – – – APSB 18 -08 Flash Player ( 6 CVE ) APSB 18 -10 Experience Mgr ( 3 CVE ) APSB 18 -11 In. Design ( 2 CVE ) APSB 18 -12 Creative Cloud Desktop Application ( 3 CVE ) APSB 18 -13 Digital Editions ( 2 CVE ) APSB 18 -14 Clod Fusion ( 5 CVE ) APSB 18 -15 Phone. Gap Plugin ( 1 CVE ) APSB 18 -16 Flash Player ( 1 CVE ) APSB 18 -18 Connect ( 1 CVE ) v. Realize Automation – VMSA-2018 -0010 ( 1 CVE ) • • Horizon Daa. S Apple – i. OS 11. 3. 1 ( 4 CVE) – Security Update 2018 -001 mac. OS High Sierra ( 3 CVE ) – Safari 11. 1 ( 2 CVE) – Security Update 2018 -001 Swift 4. 1. 1 ( 1 CVE) – Trustjacking via i. OS Wi. Fi-Sync (RSA) Adobe – – VMWare • Cisco – Webex ( 7 CVE ) • Remote execution via flash and others – SAML ( 1 CVE ) • Anny. Connect, ASA, Firepower Threat Detect
• total meltdown exploit • abbott pace makers • outlook ole rtf oh my • BSOD USB (requires autoplay) • coinsecure loses 3 mil • crypto mining now on closed browsers • airgapped cyrpto theft • big fish, little thermometer • Minecraft infection • "upatchable" switch hack • WD nas leaks files • hotel master key • evil maid detection (macbook) • Apple home wifi • VW car hacking • lojack backdoor? ? ? Hacking
• • • nike buys zodiac inc (analytics) and invertex ltd (imaging) square buys weebly (365 mil) Tmobile buys Sprint (26. 5 bil) • • Global Telco Security Alliance (singapore, japan, span, uae) Cybersecurity Tech Accord (MS and 33 other corp) • Bad Mongo exposes cryptocurrency users • redbull popped • Github exposes passwords • twitter dumps creds to internal log • Sa. MD • • Cambridge redux Cambridge shuts down • NSA reports non-use of 0 -days • Blu settles • FB history option • developer COCs Corp
• internetting is not a crime – accessing public data • PCI cloud guidelines • PCI change looms • webstresser. org takedown • NIST Updates Critical Infrastructure framework (supplychain) • Apple talks to CA autonomous cars • GA now looking at hackback bill • Thai. CERT seizes hidden cobra server • China standard on Personal Info Security • More ICE manuals leaked Govt
cyber bully oem patching? HITB - how andriod hides updates gondala control To. S hell WTF
t s a P ns o C Info. Sec Southwest BSides OK RSA - MS Security Graph API RSA - hacking med devices RSA Attendee DB exposed
Fu tur Co e ns Hack. Miami 18 -20 May 2018 miami $125+ Circle. City 1 -3 Jun 2018 indy $150 Show. Me. Con 7 -8 Jun St. Charles MO 614 Con 14 -15 Jun Colombus OH BSides. SATX 16 Jun 2018 san antonio $? ? ? Shakacon 11 -12 Jul Honolulu HOPE 20 -22 Jul NYC Black. Hat 4 -9 Aug Vegas BSides. LV 7 -8 Aug Vegas Def. Con 9 -12 Aug Vegas
DHA @Dallas_Hackers ( 1 st Wednesday / Family Karaoke, Dallas ) TX 2600 @dallas 2600 ( 1 st Fri / Wild Turkey 35&Walnut. Hill, Dallas ) The Lab. MS @The. Lab_ms ( 2 nd Saturday + random events / The. Lab. ms, Plano ) ISSA Fort Worth @ISSAFort. Worth ( 2 nd Tuesday / location varies ) Hack Ft Worth @Hack_Ft. W ( 3 rd-ish Tuesday / Buffalo West, Fort Worth) OWASP Dallas @OWASPDallas ( 3 rd Tuesday / location varies ) Crypto Party DFW @Crypto. Party. DFW ( 3 rd Thursday / The. Lab. ms, Plano ) North Texas Cyber Security Group @ntxcsg Where ( Last Thursday, Jakes, Frisco ) Dallas Maker. Space @dallasmakers ( Random events / Carrollton )
All images scavenged without permission
