1 / 15

Patch Tuesday Highlights: Critical Vulnerabilities in Adobe Flash Player and Microsoft Products, Active Exploitation Rep

Stay updated on the latest Patch Tuesday releases, including 39 CVEs and 69 KB articles, with reports of critical vulnerabilities in Adobe Flash Player, Internet Explorer, Microsoft Edge, and other Microsoft products. Find out about active exploitations and important security updates across various platforms and services.

chadwicka
Download Presentation

Patch Tuesday Highlights: Critical Vulnerabilities in Adobe Flash Player and Microsoft Products, Active Exploitation Rep

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Previous Gnews

  2. Do Not Poke It If It Is Not Yours Do Not Brag About Questionable Activity Do Not Hack The Venue Not Legal Advice Everything Is Theoretical Use At Your Own Risk Not Responsible For Damages Mileage May Vary Trust No One Verify Everything Do Your Own Research Create Your Own Opinion Communicate Share Learn Enjoy

  3. Patch Tuesday • Nov – 39 CVE / 69 KB Articles • Reports of 7 Critical • Adobe Flash Player • Internet Explorer • Microsoft Edge • Microsoft Windows • Microsoft Office and Microsoft Office Services and Web Apps • ChakraCore • .NET Framework • Microsoft Dynamics NAV • Microsoft Exchange Server • Microsoft Visual Studio • Windows Azure Pack (WAP) • Active exploitation - CVE-2018-8611 (win kernel) and CVE-2018-15982 (adobe) • WebAuthn in Win10 1809 Edge (passwordless) • Edge to be replaced by Chrome • B,C,D updates explained

  4. Holes / Patches • VMWare • VMSA-2018-0029 ( 4 CVE ) • vSphere Data Protection, cmd injection • VMSA-2018-0030 ( 1 CVE ) • Workstation/Fusion, int overflow • Apple • iCloud 7.8.1 (win) ( 0 CVE ) • iOS 12.1.1 ( 20 CVE ) • tvOS 12.1.1 ( 14 CVE ) • Shortcuts 2.1.2 (ios) ( 0 CVE ) • macOS / Sec Update 2018-003 ( 13 CVE ) • iTunes 12.9.2 (win) ( 8 CVE ) • Safari 12.0.2 ( 9 CVE ) • iCloud 7.9 (win) ( 8 CVE ) • watchOS 5.1.2 ( 15 CVE ) • Kuberbetes “privilege escalation” • v1.0.x-1.9.x ( 1 CVE ) • Oracle • Next release 15 Jan 2019 • Adobe • APSB18-41 Acrobat/Reader, ce ( 87 CVE ) • APSB18-42 Flash Player, ce ( 2 CVE ) • APSB18-44 Flash Player, ce ( 1 CVE ) • Cisco • Webexrepatch, pe ( 1 CVE ) • License Mgr, rce ( 1 CVE ) • Android • 53 fixes, 11 critical • 6 Remote Code Execution • Linux Kernel 4.19.2 • Null Pointer Dos ( 2 CVE ) • Zoom meeting hijack (1 CVE ) • Mac / win 4.1.33.259.0925 • Ubunti 2.4.129780.0915

  5. Hacking • Skype for Business “kitten of doom” (dos by emoji) • IMSI catcher on the cheap ($20) • CarBlues (bluetooth infotainment vuln) • Kids smart watches • Spectre / Meldown, now for GPUs • abusing google maps for phishing (contact hijacking) • PewDiePie printer hack • CAT (cache attacks on tls) • Vtech laptop hacks • Powersnitch (powerbank malware)

  6. Altus Baytown hospital gets ransomware (houston) • Vision Direct popped • Amazon popped • High Tail Hall popped • Dell popped • Marriott popped, 500m • Quora popped, 100m • 1800-Flowers popped • USPS API leak, 60m • Jared/Kay Jewlers data leak • Instagram download data tool exposes password • Humble Bundle subscriber scrapping • Dunkin gets stuffed • MS data collection redux • MS MFA SNAFU (twice) • llast pass down for 5 hours • German dating site gets GDPR fine Corp

  7. NBA embraces gaming • mitre launches eval site • Skills gap reaches 2.9 million • FB new sex rules • Google to kill + early Corp

  8. Govt • CISA bill passed, new DHS cyber agency • FFC vs Robocalls • DMCA , now with video game archiving • Guidelines on Extraterritorial Application of the GDPR • data recovery service snubs LEO • Germany drops guidelines for router security • Canada arrests Huawei exec • Travel biometrics • Aussie anti-encryption law

  9. Papers Guidelines on Extraterritorial Application of the GDPR https://edpb.europa.eu/sites/edpb/files/files/file1/edpb_guidelines_3_2018_territorial_scope_en.pdf elastic instances are the new hotness https://blog.hackenproof.com/industry-news/new-data-breach-exposes-57-million-records DDG says G-Incognito is bad https://spreadprivacy.com/google-filter-bubble-study/

  10. WTF x

  11. Fastly Labs Multiple integrations for fastly CDN services Lordix new blackmarketmalkit Cylance SmartAntivurs Consumer Antimalware miniNodes Raspberry Pi 3 CoM Carrier Board 5 pi cluster Google Cloud Security Command Center GCP sec dashboard Pasta-auto Toyota Open-Source car hacking tool HackEDU and HackerOne Free training Tools

  12. Past Cons

  13. Future Cons North American Bitcoin Conference 16 Jan – Miami ShmooCon 18-20 Jan - DC BDYHAX 23-24 Feb – Austin HouSecCon 9019 Apr – Houston ThotCon 3-4 May - Chicago

  14. DHA @Dallas_Hackers ( 1st Wednesday / Family Karaoke, Dallas ) TX2600 @dallas2600 ( 1st Fri / Wild Turkey 35&WalnutHill, Dallas ) The Lab.MS @TheLab_ms ( 2nd Saturday + random events / TheLab.ms, Plano ) ISSA Fort Worth @ISSAFortWorth ( 2nd Tuesday / location varies ) Hack Ft Worth @Hack_FtW ( 3rd Tuesday / Bar Louie, Fort Worth) OWASP Dallas @OWASPDallas ( 3rd Tuesday / location varies ) Crypto Party DFW @CryptoPartyDFW ( 3rd Thursday / TheLab.ms, Plano ) North Texas Cyber Security Group @ntxcsg ( Last Thursday, Jakes, Frisco ) Dallas MakerSpace @dallasmakers ( Random events / Carrollton ) Pwn School Project ( 3rd Wed / Dallas | 4th Mon Denton ) 0-day All Day @0Dayallday ( Quarterly / DFW ) Where

  15. All images scavenged without permission All images scavenged without permission

More Related