1 / 16

Previous Gnews

Previous Gnews. Do Not Poke It If It Is Not Yours Do Not Brag About Questionable Activity Do Not Hack The Venue Not Legal Advice Everything Is Theoretical Use At Your Own Risk Not Responsible For Damages Mileage May Vary Trust No One Verify Everything Do Your Own Research

rpyle
Download Presentation

Previous Gnews

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Previous Gnews

  2. Do Not Poke It If It Is Not Yours Do Not Brag About Questionable Activity Do Not Hack The Venue Not Legal Advice Everything Is Theoretical Use At Your Own Risk Not Responsible For Damages Mileage May Vary Trust No One Verify Everything Do Your Own Research Create Your Own Opinion Communicate Share Learn Enjoy

  3. Patch Tuesday • Nov – 63 CVE / 21 KB Articles • Reports of 4 or 12 Critical • Internet Explorer • Microsoft Edge • Microsoft Windows • Microsoft Office and Microsoft Office Services and Web Apps • ChakraCore • .NET Core • Skype for Business • Azure App Service on Azure Stack • Team Foundation Server • Microsoft Dynamics 365 (on-premises) version 8 • PowerShell Core • Microsoft.PowerShell.Archive 1.2.2.0 • Morphus Labs Dashboard - https://patchtuesdaydashboard.com/

  4. Holes / Patches • VMWare • VMSA-2018-0028 ( 1 CVE ) • vRealize, authorization bypass • Apple • macOS Mojave 10.14.1 ( 71 CVE ) • tvOS12.1 ( 15 CVE ) • iOS 12.1 ( 32 CVE ) • watchOS5.1 ( 21 CVE ) • iTunes 12.9.1 (win) ( 14 CVE ) • iCloud 7.8 (win) ( 12 CVE ) • Safari 12.0.1 ( 12 CVE ) • watchOS5.1.1 ( 0CVE ) • Oracle • 301 fixes • 12 for Java • Adobe • APSB18-39 Flash Player, id ( 1 CVE ) • APSB18-40 Acrobat/Reader, id ( 1CVE ) • APSB18-43 PhotShop CC, id ( 1 CVE ) • Cisco • SIP 0-day, dos ( 1 CVE ) • Android • 36 fixes, 4 critical • 17 Qualcomm fixes

  5. Holes / Patches • Previous MS Jet patch incomplete • Win10 uac bypass • Bitlocker on SSD (is it really) • Win10 pro and enterprise licensing issue • libssh (not that libssh (MS Github)) • drupal bugs • jquery upload bug • no thunderbolt for lenovo • Signal now with sender data protection • virtual box 0-day • Hardcoded Passwd iin CradlePoint routers

  6. Hacking • milrotik white worm • ps4 txt bomb • RID hacking • nsa tools go nuclear • embedded video in word attack • onion 3g • mobile pos • Helium bricks iPhones • PortSmash side channel attack in SMT • Systemd vuln via ipv6

  7. Medtronic device recall • Yale smart lock fail • solarwinds goes public • Sears files bankruptcy • twilio to buy sendgrid • eSentire acquired Versive • bitdefender buys RedSocks • IBM to buy RedHat • symantec buys javelin networks and appthority • NCR buys StopLift • chekmarx buys custodela • Threat stack buys bluefyre • blackberry attempting to buy cylance??? • Apple privacy portal • https://privacy.apple.com/ Corp

  8. ISP leaves data and keys on s3 • wifelovers popped (1.2 mil) • chinese apple ids popped • TX ERS popped (1.25 mil) • Girl Scouts Orange County popped • FIFA popped again • Radisson loyalty popped • HSBC popped • Nordstrom’s popped • pay-per-phish • GM data collection • Google to force 2yrs of support • Google revamps recaptcha • "Dallas" on the final 3 for Amazon HQ2 (Goes to Crystal City VA / NYC NY) • cisco leaves test code on devices Corp

  9. Govt • AGs RoboCall letter to FCC • Darkweb Voter records • Pentagon popped • HHS updates SRA tool • FDA bill of materials • Centers for Medicare and Medicaid Services popped • pentagon bug bounty now with physical devices • Italy antiturst levy's fines for apple and samsung device slowdown • Trump should use huawei • small win on DMCA • TX Voting machines flipping straight ticket votes • Arlington launches self driving cars • Supreme Court declined net neutrality appeal

  10. Papers DTC "informational injuries" https://www.huntonprivacyblog.com/wp-content/uploads/sites/28/2018/10/informational_injury_workshop_staff_report_-_oct_2018.pdf Online Hate Guidelines https://www.eff.org/deeplinks/2018/10/corporate-speech-police-are-not-answer-online-hate FTC Small Business Guidance https://www.us-cert.gov/ncas/current-activity/2018/10/25/FTC-Releases-Cyber-Resources-Small-Businesses book - Pentesting Azure Applications https://www.securityorb.com/cloud-security/a-book-review-of-pentesting-azure-applications-by-matt-burrough/ George Finney (SMU CISO) in Security Magazine https://www.securitymagazine.com/articles/89556-george-finney-training-future-digital-security-leaders

  11. WTF DonalDaters

  12. Tools FB “Was I Affected?” page Illustrated TLS EFF Coder's' Rights Project SDR Avast Cleanup GrayKey GrandCrabderyptor FaceShield Windows Defender now with sandbox access

  13. Past Cons LASCON 25-26 Oct – Austin Thunder Plains 1 Nov – OKC Root66 1 Nov – OKC BSidesDFW 3 Nov – Richland College

  14. Future Cons ShmooCon 18-20 Jan - DC

  15. DHA @Dallas_Hackers ( 1st Wednesday / Family Karaoke, Dallas ) TX2600 @dallas2600 ( 1st Fri / Wild Turkey 35&WalnutHill, Dallas ) The Lab.MS @TheLab_ms ( 2nd Saturday + random events / TheLab.ms, Plano ) ISSA Fort Worth @ISSAFortWorth ( 2nd Tuesday / location varies ) Hack Ft Worth @Hack_FtW ( 3rd-ish Tuesday / Buffalo West, Fort Worth) OWASP Dallas @OWASPDallas ( 3rd Tuesday / location varies ) Crypto Party DFW @CryptoPartyDFW ( 3rd Thursday / TheLab.ms, Plano ) North Texas Cyber Security Group @ntxcsg ( Last Thursday, Jakes, Frisco ) Dallas MakerSpace @dallasmakers ( Random events / Carrollton ) Pwn School Project ( 3rd Wed / Dallas | 4th Mon Denton ) 0-day All Day @0Dayallday ( 29 Sep / Quarterly / DFW ) Where

  16. All images scavenged without permission All images scavenged without permission

More Related