1 / 17

Latest Holes and Patches in Tech | August 2019

Stay updated on the latest vulnerabilities and patches in tech. This article covers Microsoft, Apple, Oracle, Adobe, Cisco, and more. Patch Tuesday releases and important security updates included. Stay informed, stay secure.

chaug
Download Presentation

Latest Holes and Patches in Tech | August 2019

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Previous Gnews

  2. Do Not Poke It If It Is Not Yours Do Not Brag About Questionable Activity Do Not Hack The Venue Not Legal Advice Everything Is Theoretical Use At Your Own Risk Not Responsible For Damages Mileage May Vary Trust No One Verify Everything Do Your Own Research Create Your Own Opinion Communicate Share Learn Enjoy

  3. Patch Tuesday • August –95 CVE / 52 KB Articles • Microsoft Windows • Internet Explorer • Microsoft Edge • ChakraCore • Microsoft Office and Microsoft Office Services and Web Apps • Visual Studio • Online Services • Active Directory • Microsoft Dynamics

  4. Holes / Patches • VMWare • VMSA-2019-0012 ( 2CVE ) ESXi, Workstation, Fusion • Apple • watchOS 5.3 ( 24 CVE ) • Security Update 2019-004 ( 45 CVE ) • Safari 12.1.2 ( 23 CVE ) • Apple TV 7.3.1 ( 0 CVE ) • tvOS 12.4 ( 33 CVE ) • iOS 9.3.6 / 10.3.4 ( 0 CVE ) • iOS 12.4 ( 38 CVE ) • iTunes 12.9.6 (win) ( 24 CVE ) • iCloud 7.13 ( 22 CVE ) • iCloud 10.6 / 10.6.1 ( 23 CVE ) • SwiftNIO HTTP/2 1.5.0 ( 5 CVE ) • Oracle • 319 Fixes • 9 DB • 10 Java SE (9 re) • 45 MySQL (4 re) • Adobe • APSB19-31 After Effects, ce( 1 CVE ) • APSB19-32 Character Animator, ce( 1 CVE ) • APSB19-33 Premiere Pro CC, ce( 1 CVE ) • APSB19-35 Prelude CC, ce( 1 CVE ) • APSB19-39 Creative Cloud DA, ce( 4 CVE ) • APSB19-41 Acrobat Reader, ce( 76 CVE ) • APSB19-42 Experience Manager, re ( 1 CVE ) • APSB19-44 Photshop CC, ce( 34 CVE ) • Cisco • Cicso ASA MgtInterface, pe ( 1 CVE ) • OpenLDAProotDN, sb ( 1 CVE )

  5. Holes / Patches • Powershell file name sanitization • Webkit XSS via XSLT • 0-day in Steam Client Service (windows) • Canon Photo Transfer Protocol vuln

  6. Nefarious?! • Russian Vault 7 • Gindr and other dating apps give up location data

  7. Visa buys PayWorks MasterCard buys Nets Apple buys Intel Modem DoorDash Buys Caviar Fox Corp buys Credible Labs Orange buys SecureLink Activ4eOps buys OpenConnect Salesforce buys ClickSoftware Broadcom buys Symantec Enterprise Security Aramcon buys Reliance Industries Ltd Nike buys Celect McAfee buys NonoSec Project Management Institute buys Disciplined Agile Automattic Inc buys Tumbler CBS / Viacom merger Intel invests 6.5 mil in Capsule8 Corp I (buy/sell)

  8. POS Ready win 7 end of life OCt 2021 FB to stop using 2FA number for Ads Apple revives the Claris name Apple expands bug bounty payout Google Fuzzer updates MakerBot launches MethodX VW / GM reportedly shifting to electric Corp II (the good…)

  9. Equifax settlement claim Train Manufacturer, Engineer steals data flees to china Corp III (the bad…)

  10. Govt "Ending Support for Internet Censorship Act" POTUS cannot block tweets (and other social media) FDA: Unique Device Identification System .org URS and Trademark Wyden sends open letter to big four carriers US weakens endangered species act

  11. Windows DNS tracking https://www.trustedsec.com/2019/07/tracing-dns-queries-on-your-windows-dns-server/ On-Line Skimming https://www.perimeterx.com/blog/all-about-online-skimming-or-digital-skimming-attacks/ certs New HealthCare Cert / Certified Healthcare Information Security Leader - or CHISL https://www.databreachtoday.com/interviews/new-credential-for-healthcare-security-leaders-i-4415 HackerNews Cisco Bundle $49. https://deals.thehackernews.com/sales/ultimate-cisco-certification-super-bundle-lifetime Papers

  12. WTF DC27 - NULL License Plate Navy to revert to mechanical controls hydrulic tail

  13. Nipe (TOR default network) https://github.com/GouveaHeitor/nipe Moca (static analysis) https://github.com/CoolerVoid/Mosca NMAP 7.80 https://seclists.org/nmap-announce/2019/0 eyeballer (pentestingai) https://know.bishopfox.com/research/eyeballer Tools

  14. BH - iPhone hacks Look, No Hands! -- The Remote, Interaction-less Attack Surface of the iPhone -- Natalie Silvanovich BSidesLV - Mass Transit Apps DC27 - Windows Drivers Get Off the Kernel if You Canít Drive -- Jesse Michael, Mickey Shkatov DC27 - Abusing SQLite SELECT code_execution FROM * USING SQLite;—Gaining code execution using a malicious SQLite database -- Omer Gull DC27 - violent noise Sound Effects: Exploring Acoustic Cyber-weapons -- Matt Wixey DC27 - voting village DC27 - A lesson in con traffic I Know What You Did Last Summer: 3 Years of Wireless Monitoring at DEF CON -- d4rkm4tter (Mike Spicer) DC27 - poppin 4g Reverse-Engineering 4g Hotspots for Fun, Bugs and Net Financial Loss -- g richter Past Cons

  15. Future Cons DerbyCon 6-8 Sep – Louisville Bsides Houston 7 Sep - Houston RH-ISAC 24-25 Sep – Denver ISSA in Dallas 1-2 Oct CFP - https://app.jiffyevents.com/s/f1kd1d161b8 GrrCon 24-25 Oct – Grand Rapids BSidesDFW 2 Nov - Fort Worth CISO recommendations https://www.csoonline.com/article/3155500/the-cso-guide-to-top-security-conferences.html#tk.rss_all

  16. ISSA Fort Worth @ISSAFortWorth ( 2nd Tuesday / location varies ) Hack Ft Worth @Hack_FtW ( 3rd Tuesday / Barrel & Bones, Fort Worth) WOSEC Dallas @WoSECtweets (Varies / Saturday 10ish) DHA @Dallas_Hackers ( 1st Wednesday / Family Karaoke, Dallas ) TX2600 @dallas2600 ( 1st Fri / Wild Turkey 35&WalnutHill, Dallas ) The Lab.MS @TheLab_ms ( 2nd Saturday + random events / TheLab.ms, Plano ) OWASP Dallas @OWASPDallas ( 3rd Tuesday / location varies ) Pwn School Project ( 3rd Wed / Dallas | 4th Mon Denton ) Crypto Party DFW @CryptoPartyDFW ( 3rd Thursday / TheLab.ms, Plano ) North Texas ISSA @ntxissa ( 3rd Thursday / Maggiano’s, Plano ) North Texas Cyber Security Group @ntxcsg ( Last Thursday, Jakes, Frisco ) Dallas MakerSpace @dallasmakers ( Random events / Carrollton ) 0-day All Day @0Dayallday ( Quarterly / GeniusDen, Dallas ) Where

  17. All images scavenged without permission All images scavenged without permission

More Related