1 / 13

PREVIOUSLY

PREVIOUSLY. GNEWS. Patch Tuesday. Mar – 13 Patches – 5 Critical – 40 CVEs MS16-023 - Cumulative Security Update for IE, Remote Code MS16-024 - Cumulative Security Update for Edge, Remote Code MS16-025 - Windows Library Loading, Remote Code

shelby
Télécharger la présentation

PREVIOUSLY

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. PREVIOUSLY GNEWS

  2. Patch Tuesday • Mar – 13 Patches – 5 Critical – 40 CVEs • MS16-023 - Cumulative Security Update for IE, Remote Code • MS16-024 - Cumulative Security Update for Edge, Remote Code • MS16-025 - Windows Library Loading, Remote Code • MS16-026 - Graphic Fonts, Remote Code • MS16-027 - Windows Media, Remote Code • MS16-028 - Windows PDF Library, Remote Code • MS16-029 -Microsoft Office, Remote Code • MS16-030 - Windows OLE, Remote Code • MS16-031 - Microsoft Windows, Privilege Escalation • MS16-032 - Secondary Logon, Privilege Escalation • MS16-033 - Windows USB Mass Storage Class Driver, Privilege Escalation • MS16-034 - Windows Kernel-Mode Drivers, Privilege Escalation • MS16-035 -.Net Framework, Security Bypass

  3. Holes / Patches • Glibc • Palo Alto API, remote code • Linux Mint ISO Backdoor • OSX fake Flash Malware • MS Advanced Protection • Oracle • Due in April • Adobe • APSB16-06 Digital Editions ( 1 CVE) • APSB16-09 Acrobat and Reader ( 3 CVE) • Apple • Apple TV 7.2.1 ( 62 CVE) • Cisco • Cisco, ASA WebVPN, XSS • VMWare • VMSA-2016-0002.1, glibc • CVE-2015-2342, re-release

  4. Hacking • Magneto POS "shoplift bug" • E-File Pins exposed • green energy just got real • loop your iOS like its 1970 • Nissan Leaf API • PS logging • emet eats emet • Libotr vulnerability • Hack fingerprints with InkJet • Tesla Firmware Hack

  5. Verizon to kill cloud services • Verizon settles with FTC on user consent for UIDH headers • Google kilss Picasa - boost GPhotos • Honeywell and Palo Alto join SCADA forces • Instagram 2FA • ubuntu goes ZFS • IBM buys Resilient Systems (and Schneier) • Apple iphone backdoor foo • Dell says Security stifles innovation Corp

  6. Kyle tx backs out od license plate reader deal • NY called out for stingray use • CA Data Breach Report • Imperva explains the EU NIS Directive • EFF explains the Apple V FBI Case • govt funded tor decloaking (shocker) • IRS disables breached PIN tools Govt

  7. Bitcoin and Cryptocurrency Technologies https://d28rh4a8wq0iu5.cloudfront.net/bitcointech/readings/princeton_bitcoin_book.pdf Zero Days https://variety.com/2016/film/reviews/zero-days-film-review-alex-gibney-1201707597/ IEEE wearables security https://www.computer.org/cms/CYBSI/docs/WearFit.pdf DHS shows us how to share data (cause govt is so good at that) http://www.healthcareinfosecurity.com/dhs-issues-guidance-on-how-to-share-cyberthreat-data-a-8877 https://www.huntonprivacyblog.com/2016/02/18/department-of-homeland-security-issues-procedures-regarding-sharing-cybersecurity-information/ Passive Wi-Fi http://passivewifi.cs.washington.edu/files/passive_wifi.pdf Various 2016 security reports Cisco, Mandiant, Imperva, HP Papers

  8. GoFundMe site for defense fund takedown request Do we really need this? Automotive based commerce Visa IOT DarkReading redefines “Start-Up" MalwareBytes, Tenable, most on list over 5yrs old

  9. www.mrlooquer.com IPv6 recon / mapping / more Top 10 Opensource Tools for Win10 http://www.datamation.com/open-source/best-open-source-software-for-windows-10.html - Tools

  10. Cons • CanSecWest – Vancouver 16-18 Mar • B-Sides Austin- 31-1 Mar-Apr • InfoSec Southwest– Austin 8-10 Apr • B-Sides OK – 09 Apr • B-Sides Nashville – 16 Apr • ThotCon 0x7 – Chicago 5-6 May • B-Sides San Antonio 21 May • Circle City Con – Indianapolis 10-12 Jun • SANS DFIR Summit – Austin 23-30 Jun

  11. DHA ( 1st Wednesday / Family Karaoke, dallas) TX2600 ( 1st Fri / Wild Turkey 35&WalnutHill, dallas ) The Lab.MS ( 2ndMonday + random events / TheLab.ms, plano) OWASP Dallas ( 3rdTuesday / location varies ) Crypto Party ( 3rd Thursday / Improving Enterprises, addison) NAISG replacement is coming ( 4th Thursday, Jakes, Frisco ) Dallas MakerSpace ( Random events / carrollton)

  12. All images scavenged without permission All images scavenged without permission

More Related