1 / 14

Previous Gnews

Previous Gnews. Patch Tuesday. Aug – ? CVE / ? KB Articles Reports of ? Critical Next Week. Holes / Patches. VMWare VMSA-2018-0017 ( 1 CVE ) VMware Tools, out-of-bounds read VMSA-2018-0018 ( 2 CVE )

catheriner
Télécharger la présentation

Previous Gnews

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Previous Gnews

  2. Patch Tuesday • Aug – ? CVE / ? KB Articles • Reports of ? Critical • Next Week

  3. Holes / Patches • VMWare • VMSA-2018-0017 ( 1 CVE ) • VMware Tools, • out-of-bounds read • VMSA-2018-0018 ( 2 CVE ) • VMware Horizon View Agent, ESXi, Workstation, Fusion • Local info disclosure / DoS • Google • Android 42 Fixes • Chrome 68.x • All http labeled insecure • Apache OpenWhisk • Remote Code Execution • BlueTooth • Elliptic curve validation • Oracle • 334 fixes • Another record release • Solaris 10/11.3 Repatch cve-2018-2892 • 8 Java / 31 MySQL • Adobe • Expect some this week • Apple • We don’t need no stinking patches • Cisco • SD-WAN, authentication issues • Cve-2018-0374, bypass • Cve-2018-0375, default passwd • Cve-2018-0376/0377, no auth

  4. Hacking • and still more spectre • now with interwebs, netspectre variant • ATM hacking in VA • Swann camera bug • Bancor loses 23.5mil • Drone docs leaked (and others) • targeted phone campaign • GPS spoofing • gangwang • injecting adobe main leads DB • dirty google cdn • dns rebinding on IoT • Kronos updated • bad pinterest extension • samsung IoT hub • sms interception for reals (reddit)

  5. amazon prime day crash • lenovo 8.3 mil settlement for superfish • MS identiy bounty • TI, Crutcher is out, Templeton is in • Google Android EU antitrust (5 billion) • obisoft ddos • labcorp breach? • robocaller s3 leeak (2,600) • fly much (10 most insecure airports) • Car manufactures data (rsync) • FB exec speaks out • FB record market loss • life lock dump user emails Corp

  6. Apple to switch to intel modems? • hp printer bug bounty • kroger gives visa the bird • Cisco to acquire DUO • Altassian + Slack partnership Corp

  7. Govt • 12 indicted on election interference • China Draft • ban flash • India data privacy • dmarc compliance • PA does not like the ruling on 3d gun parts • 9 states sue administration

  8. Papers Distortions of Social Media https://theintercept.com/2018/07/15/how-twitter-degrades-discourse-and-encourages-distortions-illustrated-by-ex-pentagon-official-and-nyu-law-professor-ryan-goodman/ mile 2 certs https://www.securityorb.com/training/mile2-certification-updates team based passwdmgrs https://www.sans.org/reading-room/whitepapers/commerical/security-considerations-team-based-password-managers-38520 Threat hunting in ICS https://www.sans.org/reading-room/whitepapers/threathunting/hunting-rigor-quantifying-breadth-depth-threat-intelligence-coverage-threat-hunt-industrial-control-system-environments-38515 PCI pin update https://www.pcisecuritystandards.org/pdfs/PCI_SECURITY_STANDARDS_COUNCIL_UPDATES_PIN_SECURITY_STANDARD_Press_Release_Final.pdf

  9. WTF propagating the old paradigm 4 types of hackers uber driver twitches Twitches get stitches make hacker cons great again maga has hope Car App Disconect Issues if I can’t have you no one will

  10. Tools OWASP Mutilldae II https://www.securityorb.com/web-security/owasp-mutillidae-ii/ pirate bay alternatives https://www.hackread.com/the-pirate-bay-alternatives-2018-in-wake-of-cryptomining-scandal/ wireshark basics https://resources.infosecinstitute.com/pcap-analysis-basics-with-wireshark/

  11. Past Cons HOPE 20-22 Jul NYC

  12. Future Cons BlackHat 4-9 Aug Vegas BSidesLV 7-8 Aug Vegas DefCon 9-12 Aug Vegas CyberTexas 14-15 Aug – San Antonio Threat Hunting & IR Summit 6-13 Sep – New Orleans ToorCon 10-16 Sep – San Diego Hacker Halted 13-14 Sep – Atlanta BlueHat v18 25-27 Sep – Redmond CactusCon 28-29 Sep – Mesa AZ DerbyCon 5-7 Oct – Louisville Future of Blockchain 10-13 Oct – Dallas LASCON 25-26 Oct – Austin Thunder Plains 1 Nov – OKC Root66 1 Nov – OKC BSidesDFW 3 Nov – somewhere in the metro

  13. DHA @Dallas_Hackers ( 1st Wednesday / Family Karaoke, Dallas ) TX2600 @dallas2600 ( 1st Fri / Wild Turkey 35&WalnutHill, Dallas ) The Lab.MS @TheLab_ms ( 2nd Saturday + random events / TheLab.ms, Plano ) ISSA Fort Worth @ISSAFortWorth ( 2nd Tuesday / location varies ) Hack Ft Worth @Hack_FtW ( 3rd-ish Tuesday / Buffalo West, Fort Worth) OWASP Dallas @OWASPDallas ( 3rd Tuesday / location varies ) Crypto Party DFW @CryptoPartyDFW ( 3rd Thursday / TheLab.ms, Plano ) North Texas Cyber Security Group @ntxcsg ( Last Thursday, Jakes, Frisco ) Dallas MakerSpace @dallasmakers ( Random events / Carrollton ) Pwn School ( Thursday / Dallas) 0-day All Day @0Dayallday ( Quarterly / DFW) Where

  14. All images scavenged without permission All images scavenged without permission

More Related