PREVIOUS GNEWS Patch Tuesday Nov 14 Patches 6

Patch Tuesday • Nov – 14 Patches – 6 Critical – 69 CVEs •

Holes / Patches • Oracle – 253 Fixes • VMWare – VMSA-2016 -0016 (

• OWA based phishing attack leveraging veil framework • malware now checks DBLs

• amazon quikie-marts? • fido alliance, new auth specification • Synopsys acquires Cigital

• Playpen exploit disclosure • Indian embassy websites • NIST workforce initiative •

Fu tur Co e ns Threat Intelligence Summit NOLA – 6 -7 Dec

DHA @Dallas_Hackers ( 1 st Wednesday / Family Karaoke, dallas ) TX 2600 @dallas

Slides: 13

Download presentation

PREVIOUS GNEWS

Patch Tuesday • Nov – 14 Patches – 6 Critical – 69 CVEs • • • • MS 16 -129 - Cumulative Security Update for Microsoft Edge, Remote Code MS 16 -130 - Microsoft Windows, Remote Code MS 16 -131 - Microsoft Video Control, Remote Code MS 16 -132 - Microsoft Graphics Component, Remote Code MS 16 -133 - Microsoft Office, Remote Code MS 16 -134 - Common Log File System Driver, Privilege Escalation MS 16 -135 - Windows Kernel-Mode Drivers, Privilege Escalation MS 16 -136 - SQL Server, Privilege Escalation MS 16 -137 - Windows Authentication Methods, Privilege Escalation MS 16 -138 - Microsoft Virtual Hard Disk Driver, Privilege Escalation MS 16 -139 - Windows Kernel, Privilege Escalation MS 16 -140 - Boot Manager, Security Bypass MS 16 -141 - Adobe Flash Player, Remote Code MS 16 -142 - Cumulative Security Update for Internet Explorer, Remote Code

Holes / Patches • Oracle – 253 Fixes • VMWare – VMSA-2016 -0016 ( 1 CVE) • • Adobe – VMSA-2016 -0017 ( 2 CVE) • – APSB 16 -35 Adobe Connect ( 1 CVE) – APSB 16 -36 Flash Player ( 1 CVE) – APSB 16 -37 Flash Player ( 9 CVE) • Apple – – – – – i. OS 10. 0. 3 i. OS 10. 1 ( 17 CVE) Security Update 2016 -002 ( 20 CVE) Safari 10. 0. 1 ( 4 CVE) tv. OS 10. 0. 1 ( 14 CVE) watch. OS 3. 1 ( 9 CVE) Xcode 8. 1 ( 10 CVE) i. Cloud for Win 6. 0. 1 ( 2 CVE) i. Tunes 12. 5. 2 for Win ( 2 CVE) i. OS 10. 1. 1 v. Realize Operations, privilege escalation Vmware, info disclosure • Android – Drammer patch – Partial Dirty Cow Patch • MS – EMET EOL extended to Jul 2018 – Azure Container Service goes open source – Server 2016 Security Features • • • Credential guard Device Guard Host Guardian

• OWA based phishing attack leveraging veil framework • malware now checks DBLs before generating spam • New Car rules, DMCA fair use exemptions • gmail vuln Hacking

• amazon quikie-marts? • fido alliance, new auth specification • Synopsys acquires Cigital and Codiscope Acquisitions • Tesco Breach • Aussie Red Cross Breach Corp

• Playpen exploit disclosure • Indian embassy websites • NIST workforce initiative • new scanners at airports? ! • FCC broadband rules Govt

x Papers

x WTF

x Tools

Fu tur Co e ns Threat Intelligence Summit NOLA – 6 -7 Dec

DHA @Dallas_Hackers ( 1 st Wednesday / Family Karaoke, dallas ) TX 2600 @dallas 2600 ( 1 st Fri / Wild Turkey 35&Walnut. Hill, dallas ) The Lab. MS @The. Lab_ms ( 2 nd Monday + random events / The. Lab. ms, plano ) OWASP Dallas @OWASPDallas ( 3 rd Tuesday / location varies ) Crypto Party DFW @Crypto. Party. DFW ( 3 rd Thursday / Improving Enterprises, addison ) North Texas Cyber Security Group @ntxcsg ( Last Thursday, Jakes, Frisco ) Dallas Maker. Space @dallasmakers ( Random events / carrollton ) Hack Ft Worth @Hack_Ft. W ( 3 rd Thursday / ? ? West 7 th ? ? Abby Pub) Lock Pick DFW @Lock. Pick. DFW ( Last Monday/ Sherlocks arlington )

All images scavenged without permission