140 likes | 144 Views
This article provides an overview of the vulnerabilities and patches released during the June 2017 Patch Tuesday, covering Internet Explorer/Microsoft Edge, Microsoft Windows, Microsoft Office, Adobe Flash Player, and more.
E N D
Patch Tuesday • Jun 2017 – 96 vulnerabilities with 331 unique dowloads • Internet Explorer / Microsoft Edge • Microsoft Windows • Microsoft Office and Microsoft Office Services and Web Apps • Silverlight • Skype for Business and Lync • Adobe Flash Player • Windows 10 and Windows Server 2016 (including Microsoft Edge) / Remote Code • Windows 8.1 and Windows Server 2012 R2 / Remote Code • Windows Server 2012 / Remote Code • Windows RT 8.1 / Remote Code • Windows 7 and Windows Server 2008 R2 / Remote Code • Windows Server 2008 / Remote Code • Microsoft Office, Office Services, Office Web Apps, and other Office-related software/ Remote Code • Microsoft Silverlight/ Remote Code • Microsoft Lync and Skype for Business/ Remote Code • Adobe Flash Player / Remote Code
Holes / Patches • VMWare • VMSA-2017-0009 ( 2 CVE) • workstation • VMSA-2017-0010 ( 2 CVE) • vSphere Data Protection • VMSA-2017-0011 ( 1 CVE) • Horizon View Client • Apple • iOS 10.3.2 ( 55 CVE) • Security Update 2017-002 ( 44 CVE) • watchOS 3.2.2 ( 21 CVE) • iTunes 12.6.1 for Windows ( 1 CVE) • Safari 10.1.1 ( 27 CVE) • iCloud for Windows 6.2.1 ( 1 CVE) • tvOS 10.2.1 ( 33 CVE) • Oracle • Due 18 Jul 2017 • Adobe • APSB17-17 Flash Player ( 9 CVE) • APSB17-18 Shockwave Player ( 1 CVE) • APSB17-19 Captivate ( 1 CVE) • APSB17-20 Digital Editions( 9 CVE) • Android • 2017-05-01 ( 20 CVE) • 2017-05-05 ( 98 CVE)
Holes / Patches • HP audio driver with KeyLogger • MS bulletin site • Sudo 1.86p7 – 1.8.20 w/ SELinux • Samba prior to 4.4.x • cisco anyconnect prior to 4.4.02034 (windows) • 30 fixes in chrome 59
Hacking • WCry / WanaCry • evil subtitles • indexing azure • Jeep thefts • Raberry Pis vuln to lunix bug • More leaks, cia frameworks • shadow brokers going monthly? • keybase extension • rig EK shutdown • ATM now getting abused
Chase payment outage. • Need for Cobol • InterContinental hack bigger than originally reported. • da font popped • chipotle popped (FW stores affected) • kmart popped • one login popped • hotels.com suspicous activity • twitter dropping donottrack? • square to replace DC taxi meters • OpenVPN audits Corp
Cashless Sweden • Cyber Security Executive Order • Govt Pay averages 7K less • Protecting our Ability To Counter Hacking (PATCH) Act • FL Dept of Agreculture and Consumer Services popped - CHL data • patent suit must be local • NV bans blockchain tax • Modernizing Government Technology Act, passes House • Apple NSL • OCR IR Checklist Govt
Understanding Pacemaker Systems Cybersecurity http://blog.whitescope.io/2017/05/understanding-pacemaker-systems.html Papers
google auto photo sharing? shrooms are safest take off eh! WTF
KeychainCracker SITCH stingray detector maltrail Traffic analysis Labryneth ctf nix auditor forensics roll-up 22 tools Tools
Past Cons HackMiami 19-21 May NolaCon 19-21 May Circle City Con Indy 9-11 Jun
Future Cons ANYCon Albany 16-18 Jun BlackHat 22-27 Jul BSidesLV 25-26 Jul DefCon 27-30 Jul
DHA @Dallas_Hackers ( 1st Wednesday / Family Karaoke, Dallas ) TX2600 @dallas2600 ( 1st Fri / Wild Turkey 35&WalnutHill, Dallas ) The Lab.MS @TheLab_ms ( 2ndSaturday + random events / TheLab.ms, Plano ) ISSA Fort Worth @ISSAFortWorth ( 2nd Tuesday / location varies ) Fort Worth Crypto Party ( 2nd Tuesday ? / The Maker Spot, N. Richland Hills ) Hack Ft Worth @Hack_FtW ( 3rd-ish Tuesday / Buffalo West, Fort Worth) OWASP Dallas @OWASPDallas ( 3rdTuesday / location varies ) Crypto Party DFW @CryptoPartyDFW ( 3rd Thursday / TheLab.ms, Plano ) North Texas Cyber Security Group @ntxcsg ( Last Thursday, Jakes, Frisco ) Dallas MakerSpace @dallasmakers ( Random events / Carrollton ) Lock Pick DFW @LockPickDFW ( Last Monday/ SherlocksArlington ) Where
All images scavenged without permission All images scavenged without permission