1 / 14

Patch Tuesday: Oct. – ? vulnerabilities, updates, and breaches

This update covers the latest vulnerabilities, patches, and breaches including Microsoft, Apple, Adobe, Linux, IoT hacking, corporate breaches, and upcoming cybersecurity events.

msprings
Download Presentation

Patch Tuesday: Oct. – ? vulnerabilities, updates, and breaches

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Patch Tuesday • Oct – ? vulnerabilities with 183 unique downloads • Internet Explorer • Microsoft Edge • Microsoft Windows • Microsoft Office and Microsoft Office Services and Web Apps • Skype for Business and Lync • Chakra Core • Creators update due Oct 17th

  2. Holes / Patches • VMWare • VMSA-2017-0015.2 ( 3 CVE) • ESXi, Vcenter, Fusion, Workstation • Apple • iOS 11 / 11.0.1 / 11.0.2 • Safari 11 • watchOS 4 / 4.0.1 • tvOS 11 • Xcodes 9 • macOS 10.13 / Suplemental • iCloud for Win 7.0 • macOS server 5.4 • Adobe • APSB17-25 RoboHelp ( 2 CVE) • APSB17-28 Flash Player ( 2 CVE) • APSB17-30 ColdFusion ( 4 CVE) • x • x

  3. Holes / Patches • CCleaner • vmware guest execution • Mac Keychain dump • Broadcom wifi bug, ios11/iphone7 • Linux elf handling • Windows defender bypass • Mac EFI updates? • netgear foo • netscaler auth bypass

  4. Hacking • Southpark games IoT • office bug bounty extended • Struts confirmed in equifax breach • apache optionsbleed • IR and camera covert channel • mobile trading apps bad • ATM hacks on the increase • Home automation still sucks • Wink and Insteon clear text creds • Gun printing • no macros here

  5. HP patches ink again • Uber to fix location sharing • ubers iphone • Azure SGX support • Childrens colorado popped • Verizon S# bucket • SVR Tracking S3 ooopps • sonic breach • wholefoods popped • adobe drops pgp key • Equifax sued for cost recovery • walgreens approved for rite-aid purchase Corp

  6. MS gives groove to spotify • Cloudflare removed cap and additional charges • privacy rights clearing house project • Yahoo open sources Vespa • aetna, getting rid of passwords • Twitter doubles max character length • IKEA buys TaskRabbit • Google to force HSTS on TLDs • Apple code on github • Windows phone dead Corp

  7. .cat / Spain split? • patent troll smackdown • cell surveillance • SEC breach • Activist, Credentials, possible jail • SEC Cyber Unit • Shocker mass monitoring is bad • leaked anti-leak training • corporations file suite in Dallas • DOJ and Encryption (round 2) Govt

  8. AI applied to password guessing https://arxiv.org/pdf/1709.00440.pdf EV charging stations https://publicintelligence.net/ocia-electric-vehicle-charging-stations/ smart bulb hacking writeup http://resources.infosecinstitute.com/iot-hacking-hacking-smart-bulb-part-2/ Papers

  9. Bro renaming Russian review of ArcSight Dyson electric car Ghostface bitcoin WTF

  10. AWSBucketDump S3 scanner skimmer scanner forensics Opensource Roundup spypi Risk Management Tools Yuki Chan automated pentest Tools

  11. Future Cons BSidesDFW – 4 Nov NTXISSACSC5 – 10-11 Nov

  12. DHA @Dallas_Hackers ( 1st Wednesday / Family Karaoke, Dallas ) TX2600 @dallas2600 ( 1st Fri / Wild Turkey 35&WalnutHill, Dallas ) The Lab.MS @TheLab_ms ( 2nd Saturday + random events / TheLab.ms, Plano ) ISSA Fort Worth @ISSAFortWorth ( 2nd Tuesday / location varies ) ?? Fort Worth Crypto Party ?? ( 2nd Tuesday ? / The Maker Spot, N. Richland Hills ) Hack Ft Worth @Hack_FtW ( 3rd-ish Tuesday / Buffalo West, Fort Worth) OWASP Dallas @OWASPDallas ( 3rd Tuesday / location varies ) Crypto Party DFW @CryptoPartyDFW ( 3rd Thursday / TheLab.ms, Plano ) North Texas Cyber Security Group @ntxcsg ( Last Thursday, Jakes, Frisco ) Dallas MakerSpace @dallasmakers ( Random events / Carrollton ) Where

  13. All images scavenged without permission All images scavenged without permission

More Related