1 / 14

Recent Security Updates and Hacking News: Patch Tuesday, Preinstalled Android Malware, FB/Cambridge Analytica, GDPR Read

Stay informed about the latest security updates, hacking news, and important events in the cybersecurity world. This includes Patch Tuesday releases, preinstalled Android malware, the FB/Cambridge Analytica scandal, and GDPR readiness reports.

jfeliz
Télécharger la présentation

Recent Security Updates and Hacking News: Patch Tuesday, Preinstalled Android Malware, FB/Cambridge Analytica, GDPR Read

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Previous Gnews

  2. Patch Tuesday • Apr – 60 KB Articles with 68 CVE • Internet Explorer • Microsoft Edge • Microsoft Windows • Microsoft Office and Microsoft Office Services and Web Apps • ChakraCore • Adobe Flash Player • Microsoft Malware Protection Engine • Microsoft Visual Studio • Microsoft Azure IoT SDK

  3. Holes / Patches • VMWare • VMSA-2018-0008 ( 1 CVE ) • Workstation, Fusion(DoS) • CyberArk • Passwd Vault Web Access ( 1 CVE) • (Remote Code) • Passwd Vault ( 1 CVE) • (Memory Disclosure) • MS • Blocking unpatched client on RDP • Out-of-Band re-release of CVE-2018-1038 patch • Siri • Reads hidden Messages • WebRTC • 23% tested VPNs leaking real IP addresses • Oracle • Due out 17 Apr 2018 • Adobe • APSB18-08 Flash Player ( 6CVE) • APSB18-10 Experience Manager ( 3 CVE) • APSB18-11 Indesign( 2 CVE) • APSB18-13 Digital Editions ( 2 CVE) • APSB18-14 ColdFusion ( 5 CVE) • APSB18-15 Phone Gap ( 1 CVE) • Apple • iOS 11.3 ( 45 CVE) • watchOS 4.3 (22 CVE) • tvOS11.3 ( 28 CVE) • Xcode 9.3 ( 1 CVE) • iTunes 12.7.4 Win ( 20 CVE) • Security Update 2018-002 ( 36 CVE) • Safari 11.1 ( 23 CVE) • iCloud 7.4 Win ( 20 CVE)

  4. Hacking • preinstalled android malware nets 115K • FireFox master password • ATM malware now with chip cloners • text editor hacking • latest account value roundup • abusing apple qrcode reader • Monero mining can brick androids • macbook touch screen for $1 • Perth Porn in City Center • silent speech to text • all your emergency broadcast are belong to us

  5. FB / Cambridge Analytica • FTC opens probe • FB to selectively implement GDPR • oh fuckit everywhere • Zuck finally testifies to Congress • Musk #DeleteFacebook • How to delete profile permenently • Palo to buy evident.oi (cloud compliance) • foxconn buys belkin • Splunk buys Phantom (orchestration) • ToysRUs quits • Walmart s3 bucket popped (1.3mil) • orbitz popped (880K) • Boeing popped (wannacry) • myfitnesspal popped • Saks popped Corp

  6. panera popped • sears, delta, bestbuy popped via livechat msp • magneto sites infected • NY medical data leaked • CVS hiv email snafu (6K) • grindr shares HIV status • netflix bug bounty • FB data misuse bug bounty • Mozilla DNS over HTTPS • cloudflare dns over https • a little general info • uber told to halt autonomous cars • google kills goo.gl • More on Google / DOD AI Corp

  7. CLOUD Act Passes Senate / gaping 4th amendment backdoor • South Dakota breach law • AL finally gets a breach notification law • Canada Breach Notification • don't research in georgia • LA / MN anti-protest laws • CA bill 823 (credit freeze) • Atlanta city hit with ransomware • Baltimore ransomware • pci qir changes • dod bug bounty • fake cell towers confirmed in DC • Backpage siezed • china pushes malware to muslim phones Govt

  8. tls 1.3 approved? https://www.securityweek.com/ietf-approves-tls-13-protocol https://bitnewsbot.com/ietf-approves-tls-1-3-as-internet-standard/ GPDR readiness report https://www.huntonprivacyblog.com/2018/03/27/cipl-avepoint-release-second-global-gdpr-readiness-report/ https://www.huntonprivacyblog.com/wp-content/uploads/sites/18/2018/03/cipl_avepoint_-_organisational_readiness_for_the_eu_gdpr__2nd_edition_.pdf windows subsystem for linux http://resources.infosecinstitute.com/windows-subsystem-linux/ DBIR https://threatpost.com/ransomware-dominates-verizon-dbir/131102/ Papers

  9. masterbate for the camera uberdeathrace style kiddieporn in blockcahin youtube shooter China Black mirror social rating now has punishments WTF

  10. FB opt-out (config) FB on android settings (config) FB data checker (utility) portspoof 1.3 (port emulation) Tools

  11. Past Cons Pwn2Own 2018 HITB - knx / zigbee hacks HITB - hacking sleep mode in S3

  12. Future Cons InfoSec Southwest 11-13 Apr 2018  austin  $190 BSidesOK 13 Apr 2018 (training on 11-12)  tulsa  $FREE BSidesNash 14 Apr 2018  nashville$??? AtlSecCon26-27 Apr 2018 (passport) halifax  $160 ThotCon4-5 May 2018  chicago  $170  SOLDOUT HackMiami 18-20 May 2018  miami  $125+ CircleCity 1-3 Jun 2018  indy  $150 BSidesSATX 16 Jun 2018  san antonio  $???

  13. DHA @Dallas_Hackers ( 1st Wednesday / Family Karaoke, Dallas ) TX2600 @dallas2600 ( 1st Fri / Wild Turkey 35&WalnutHill, Dallas ) The Lab.MS @TheLab_ms ( 2nd Saturday + random events / TheLab.ms, Plano ) ISSA Fort Worth @ISSAFortWorth ( 2nd Tuesday / location varies ) Hack Ft Worth @Hack_FtW ( 3rd-ish Tuesday / Buffalo West, Fort Worth) OWASP Dallas @OWASPDallas ( 3rd Tuesday / location varies ) Crypto Party DFW @CryptoPartyDFW ( 3rd Thursday / TheLab.ms, Plano ) North Texas Cyber Security Group @ntxcsg ( Last Thursday, Jakes, Frisco ) Dallas MakerSpace @dallasmakers ( Random events / Carrollton ) Where

  14. All images scavenged without permission All images scavenged without permission

More Related