1 / 15

PREVIOUS GNEWS

PREVIOUS GNEWS. Patch Tuesday. Jun – 17 Patches – 6 Critical – 36 CVEs MS16-063 - Cumulative Security Update for Internet Explorer MS16-068 - Cumulative Security Update for Microsoft Edge MS16-069 - Cumulative Security Update for JScript and VBScript

rkern
Télécharger la présentation

PREVIOUS GNEWS

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. PREVIOUS GNEWS

  2. Patch Tuesday • Jun – 17 Patches – 6 Critical – 36 CVEs • MS16-063 - Cumulative Security Update for Internet Explorer • MS16-068 - Cumulative Security Update for Microsoft Edge • MS16-069 - Cumulative Security Update for JScript and VBScript • MS16-070 - Microsoft Office • MS16-071 - Microsoft Windows DNS Server • MS16-072 - Group Policy • MS16-073 - Windows Kernel-Mode Drivers • MS16-074 - Microsoft Graphics Component • MS16-075 - Windows SMB Server • MS16-076 - Netlogon • MS16-077 - WPAD • MS16-078 - Windows Diagnostic Hub • MS16-079 - Microsoft Exchange Server • MS16-080 - Microsoft Windows PDF • MS16-081 - Active Directory • MS16-082 - Microsoft Windows Search Component • MS16-083 - Adobe Flash Player

  3. Patch Tuesday • Jul – 11 Patches – 6 Critical – 40 CVEs • MS16-084 - Cumulative Security Update for Internet Explorer • MS16-085 - Cumulative Security Update for Microsoft Edge • MS16-086 - Cumulative Security Update for JScript and VBScript • MS16-087 - Security Update for Windows Print Spooler Components • MS16-088 - Security Update for Microsoft Office • MS16-089 - Security Update for Windows Secure Kernel Mode • MS16-090 - Security Update for Windows Kernel-Mode Drivers • MS16-091 - Security Update for .NET Framework • MS16-092 - Security Update for Windows Kernel • MS16-093 - Security Update for Adobe Flash Player • MS16-094 - Security Update for Secure Boot • MS16-072 breaks AD GPO

  4. Holes / Patches • VMWare • VMSA-2016-0007 ( 1 CVE) • VMware NSX and vCNS info disclosure • VMSA-2016-0008 ( 2 CVE) • vRealize Log Insight, XSS • VMSA-2016-0009 ( 1 CVE) • vCenter Server, reflected XSS • Symantec • Packers and more • Lenovo ThinkPwn (+ gigabyte) • EUFI firmware vuln • PDF vulns Chrome and Foxit • Putty DLL hi-jacking • Oracle • Due 19 Jul • Adobe • APSB16-18 Flash ( 36 CVE) • APSB16-19 DNG SDK ( 1 CVE) • APSB16-20 Brackets ( 2 CVE) • APSB16-21 Creative Cloud Desktop Application ( 2 CVE) • APSB16-22 CloudFusion ( 1 CVE) • APSB16-23 Air( 1 CVE) • APSB16-24 XMP Toolkit for Java ( 1 CVE) • APSB16-25 Flash ( 52 CVE) • APSB16-26 Acrobat and Reader( 30 CVE) • Apple • AirPort Base Station Firmware 7.7.6 / 7.7.7 ( 1 CVE) • IOS 10 App removal

  5. Hacking • powershell Malware... it is not just theoretical • Godless android malware • Malware via BITS • googleplay auto-rooting malware • IOT Camera botnet • Ransomware on o365 • conficker is dead, long live conficker • Opensource 21 Bitcoin for machine payable web services • MS FreeBSD • Silent use by apps

  6. MS to buy Linkedin • MS to launch block chain as a service • Symantec to buy BlueCoat • Symantec expands car system protection offerings • Ron Gula steps down (tenable CEO) • CASB - Cisco to buy CloudLock • avast buys avg (now with twice the nag windows) • Fiat/Chrysler bug bounty program • Siemens says don't use their stuff.... (on soft networks) Corp

  7. Wendys breach bigger than thought (shocker) • Acer customer CC# breach • undisclosed hospital DB breached • Omni hotels breached • BMW vulnerable • Hard Rock Vegas breached • registrars are hard... tp-link losses update domain Corp

  8. Air force investigations deleted (crashed) • IRS hacked again • 154 mil voter data on unsecured couchdb • ERAD money seizures • Europe wants to pay per link • One step closer to FOIA reform • VA says computers don’t get the 4th • NSA hacker talks • everyone uses 3rd party email, Nato Gen. gmail hacked • silk road agent under glass for more theft • HIPAA bares its teeth • we're all going to jail… password sharing falls under CFAA • WEllness badness • NC bill for blockchain currencies • Fed Judge throws out Stingray evidence Govt

  9. Simplifying IoT: Connecting, Commissioning, and Controlling with Near Field Communication (NFC) http://nfc-forum.org/wp-content/uploads/2016/06/NFC_Forum_IoT_White_Paper_-v05.pdf Sin Report – Legitimate Bitcoin gaining ground http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2808762 Papers

  10. LightCyber report finds attackers use legitimate tools. 2ndBitCoinHalving WTF

  11. CANSPY (at BlackHat) Automotive Vuln Scanner TLS fingerprinting v1.0 SecuityTipsfor Signal VeraCrypt Trucrypt fork New anonymity scheme MIT onion network better than Tor Shard Leaked password checker Mr-Robot Mr. Robot themed "CTF" Tools

  12. Future Cons • SANS San Antonio – 18-23 Jul • Hope 11 – NYC 22-24 Jul • BlackHat – Vegas 30 Jul – 4 Aug • BSidesLV – Vegas 2-3 Aug • DefCon 24 – Vegas 4 – 7 Aug • SANS Dallas – 8 – 13 Aug • OWASP CFP Open – DC 11-14 Oct

  13. DHA ( 1st Wednesday / Family Karaoke, dallas) TX2600 ( 1st Fri / Wild Turkey 35&WalnutHill, dallas ) The Lab.MS ( 2ndMonday + random events / TheLab.ms, plano) OWASP Dallas ( 3rdTuesday / location varies ) Crypto Party ( 3rd Thursday / Improving Enterprises, addison) National Information Security and Assurance Group ( 4th Thursday, Jakes, Frisco ) Dallas MakerSpace ( Random events / carrollton)

  14. All images scavenged without permission All images scavenged without permission

More Related