150 likes | 162 Views
Get the latest on April's patch release, critical vulnerabilities, MSRT and Defender updates. Stay informed on major security alerts from Cisco, VMWare, Oracle, Adobe, Apple, and more.
E N D
PREVIOUS GNEWS
Patch Tuesday • Apr - xx Patches – xx Critical - xx CVEs • Other updates, MSRT, Defender Definitions, Junk Mail Filter
Holes / Patches • Cisco • Semi-Annual IOS Security Advisory (13 CVE) • AnyConnect Mobility Client – Multi • Unity Connection SIP Trunk - Multi • VMWare • VMSA-2015-003 – JRE in Multiple Products (1+ CVE) • Oracle • Next Week • Adobe • APSB15-05 Flash Player (11 CVE) • Apple, • Safari 8.04 / 7.1.4 / 6.2.4 (17 CVE) • Security Update 2015-003 (2 CVE) • MS • MS15-025 causing infinite loop • Security Advisory 3033929
Hacking • badder usb • Android Mem Leak • Android install hijack • iOS Pin Abuse • Instagram API bug • tinder, it'll make you curious • NTLM Reflection • oh wait, sounds almost like full disclosure..... • how creative of google, wish we had thought of that... • new method for debugging overflow • Slack breach • British airways FF hacked • GnuTLS libtasn1 Tiny ASN.1 library • low low power arm chips • no more kinect sensors • Google vp9 codec
Hacking • Evolution market vanishes • PoSeidon • Twitch breached, password reset
Ditch the card, SmartPhone ATMs • Yahoo encryption • win10 p2p patching??? • FB Tranparency Report • Snapshat joins transparency fun • UBER "illegal" in the RoK • Pinterest now paying for bounties • android on-body detection • Apple buys FoundationDB • Is data part of the RadioShack sell? • Raketu server-less secure messaging • Google Safe Browsing API expanding detection • onlive sells patents to sony • DMCA killed the mechanic • my other car is a uav CORP
Govt • UK Bulk != surveillance • Bulk Phone snarf tied to Section 215 epiration • Fake FB acct used in Mall of Americas Sting • FTC launches Office of Technology Research and Investigation (OTRI) • Cyber Cyber Cyber, CTIIC the newest cyber agency • feds still pining and hammering for encryption bypass • how to spot a terrorist (or an undocumented immigrant) • Cybersecurity Information Sharing Act (CISA) • Protecting Cyber Networks Act (PCNA) • Data Security and Breach Notification Act of 2015 • F35 can‘t fly in formation and target (oops) • GunShot snooper hears all • NSA shooting • feds love the dark reddits • silk road feds dirty? • verizon UIDH cookie opt-out • 3d weapon printing
Govt • executive order – sanctions for (foreign) cyber-enabled activity
Evil WhiteLists https://www.sans.org/reading-room/whitepapers/Whitelists/finding-evil-whitelist-35832 Sysmon https://www.sans.org/reading-room/whitepapers/forensics/sysmon-enrich-security-onion-039-s-host-level-capabilities-35837 Forward Secrecy https://www.sans.org/reading-room/whitepapers/bestprac/correctly-implementing-secrecy-35842 PCI Tokenization Guidance https://www.pcisecuritystandards.org/pdfs/15_04_02%20PCI%20Tokenization%20Product%20Security%20Guidelines_Final%20Press%20Release.pdf PCI Pen-Testing Guidance https://www.pcisecuritystandards.org/pdfs/15_3_26_Pen_Testing_SIG_Press_Release_FINAL.pdf https://www.pcisecuritystandards.org/documents/Penetration_Testing_Guidance_March_2015.pdf HealthCare IoT http://www.atlanticcouncil.org/images/publications/ACUS_Intel_MedicalDevices.pdf phase 2 of trucrypt audit https://opencryptoaudit.org/reports/TrueCrypt_Phase_II_NCC_OCAP_final.pdf Papers
Apple Research Kit medical research data sharing FB Pay via debit card and fb messenger ITaughtTaylorSwiftHowToGiveHead.com WTF!?
IRMA (+paper) file analysis Mozilla Masche memory forensics Popcorn-Time.se torrent streaming PS BOFH powershell excuse generator Trend Micro Attack Game user awareness www.privacytools.io EvilAP_Defender offensive wifi protection El Jefe (+paper) process monitor Tools
Cons Past • CanSec West - Apple DyLibs (dll hijacking) • CanSec West - Bios Hacks • CanSec West - Pwn2Own • BSides LV - CFP Open • DefCon 23 Wall of Sheep - CFP Open • BlackHat Asia - CANtact (car hacking dongle) • BlackHat Asia - SSL BarMitzvah (RC4) • Syscan - BlueCoat gets talk pulled
Cons Future • InfoSec Southwest 10 – 12 Apr • B-Sides Nashville 11 Apr • InnoTech Dallas 16 Apr • B-Sides OK 18 Apr • B-Sides San Antonio 2 May • ThotCon 0x6 14 – 15 May • PenTest Austin (SANS) 18 – 23 May • DefCon 23 6 – 9 Aug
DHA ( 1st Wednesday / Tavern on Main, richardson) TX2600 ( 1st Fri / Wild Turkey 35&WalnutHill, dallas ) (1st Fri / 1418 Coffeehouse, plano) The Lab.MS ( 2nd Monday / varies, plano) Crypto Party ( 3rd Thursday / Improving Enterprises, addison) NAISG ( 4th Thursday / CrossPointe Theatre, carrollton ) LockPick DFW ( Last Monday / looking for new spot, dallas ) Dallas MakerSpace Random / carrollton Local
All images scavenged without permission All images scavenged without permission