140 likes | 145 Vues
Previous Gnews. Patch Tuesday. Aug – ? CVE / ? KB Articles Reports of ? Critical Next Week. Holes / Patches. VMWare VMSA-2018-0017 ( 1 CVE ) VMware Tools, out-of-bounds read VMSA-2018-0018 ( 2 CVE )
E N D
Patch Tuesday • Aug – ? CVE / ? KB Articles • Reports of ? Critical • Next Week
Holes / Patches • VMWare • VMSA-2018-0017 ( 1 CVE ) • VMware Tools, • out-of-bounds read • VMSA-2018-0018 ( 2 CVE ) • VMware Horizon View Agent, ESXi, Workstation, Fusion • Local info disclosure / DoS • Google • Android 42 Fixes • Chrome 68.x • All http labeled insecure • Apache OpenWhisk • Remote Code Execution • BlueTooth • Elliptic curve validation • Oracle • 334 fixes • Another record release • Solaris 10/11.3 Repatch cve-2018-2892 • 8 Java / 31 MySQL • Adobe • Expect some this week • Apple • We don’t need no stinking patches • Cisco • SD-WAN, authentication issues • Cve-2018-0374, bypass • Cve-2018-0375, default passwd • Cve-2018-0376/0377, no auth
Hacking • and still more spectre • now with interwebs, netspectre variant • ATM hacking in VA • Swann camera bug • Bancor loses 23.5mil • Drone docs leaked (and others) • targeted phone campaign • GPS spoofing • gangwang • injecting adobe main leads DB • dirty google cdn • dns rebinding on IoT • Kronos updated • bad pinterest extension • samsung IoT hub • sms interception for reals (reddit)
amazon prime day crash • lenovo 8.3 mil settlement for superfish • MS identiy bounty • TI, Crutcher is out, Templeton is in • Google Android EU antitrust (5 billion) • obisoft ddos • labcorp breach? • robocaller s3 leeak (2,600) • fly much (10 most insecure airports) • Car manufactures data (rsync) • FB exec speaks out • FB record market loss • life lock dump user emails Corp
Apple to switch to intel modems? • hp printer bug bounty • kroger gives visa the bird • Cisco to acquire DUO • Altassian + Slack partnership Corp
Govt • 12 indicted on election interference • China Draft • ban flash • India data privacy • dmarc compliance • PA does not like the ruling on 3d gun parts • 9 states sue administration
Papers Distortions of Social Media https://theintercept.com/2018/07/15/how-twitter-degrades-discourse-and-encourages-distortions-illustrated-by-ex-pentagon-official-and-nyu-law-professor-ryan-goodman/ mile 2 certs https://www.securityorb.com/training/mile2-certification-updates team based passwdmgrs https://www.sans.org/reading-room/whitepapers/commerical/security-considerations-team-based-password-managers-38520 Threat hunting in ICS https://www.sans.org/reading-room/whitepapers/threathunting/hunting-rigor-quantifying-breadth-depth-threat-intelligence-coverage-threat-hunt-industrial-control-system-environments-38515 PCI pin update https://www.pcisecuritystandards.org/pdfs/PCI_SECURITY_STANDARDS_COUNCIL_UPDATES_PIN_SECURITY_STANDARD_Press_Release_Final.pdf
WTF propagating the old paradigm 4 types of hackers uber driver twitches Twitches get stitches make hacker cons great again maga has hope Car App Disconect Issues if I can’t have you no one will
Tools OWASP Mutilldae II https://www.securityorb.com/web-security/owasp-mutillidae-ii/ pirate bay alternatives https://www.hackread.com/the-pirate-bay-alternatives-2018-in-wake-of-cryptomining-scandal/ wireshark basics https://resources.infosecinstitute.com/pcap-analysis-basics-with-wireshark/
Past Cons HOPE 20-22 Jul NYC
Future Cons BlackHat 4-9 Aug Vegas BSidesLV 7-8 Aug Vegas DefCon 9-12 Aug Vegas CyberTexas 14-15 Aug – San Antonio Threat Hunting & IR Summit 6-13 Sep – New Orleans ToorCon 10-16 Sep – San Diego Hacker Halted 13-14 Sep – Atlanta BlueHat v18 25-27 Sep – Redmond CactusCon 28-29 Sep – Mesa AZ DerbyCon 5-7 Oct – Louisville Future of Blockchain 10-13 Oct – Dallas LASCON 25-26 Oct – Austin Thunder Plains 1 Nov – OKC Root66 1 Nov – OKC BSidesDFW 3 Nov – somewhere in the metro
DHA @Dallas_Hackers ( 1st Wednesday / Family Karaoke, Dallas ) TX2600 @dallas2600 ( 1st Fri / Wild Turkey 35&WalnutHill, Dallas ) The Lab.MS @TheLab_ms ( 2nd Saturday + random events / TheLab.ms, Plano ) ISSA Fort Worth @ISSAFortWorth ( 2nd Tuesday / location varies ) Hack Ft Worth @Hack_FtW ( 3rd-ish Tuesday / Buffalo West, Fort Worth) OWASP Dallas @OWASPDallas ( 3rd Tuesday / location varies ) Crypto Party DFW @CryptoPartyDFW ( 3rd Thursday / TheLab.ms, Plano ) North Texas Cyber Security Group @ntxcsg ( Last Thursday, Jakes, Frisco ) Dallas MakerSpace @dallasmakers ( Random events / Carrollton ) Pwn School ( Thursday / Dallas) 0-day All Day @0Dayallday ( Quarterly / DFW) Where
All images scavenged without permission All images scavenged without permission