160 likes | 174 Views
Stay informed on the latest cybersecurity patches and vulnerabilities for major software and systems including Microsoft, Oracle, Apple, and more. Explore recent hacking incidents, company acquisitions, data breaches, and industry news.
E N D
Do Not Poke It If It Is Not Yours Do Not Brag About Questionable Activity Do Not Hack The Venue Not Legal Advice Everything Is Theoretical Use At Your Own Risk Not Responsible For Damages Mileage May Vary Trust No One Verify Everything Do Your Own Research Create Your Own Opinion Communicate Share Learn Enjoy
Patch Tuesday • Nov – 63 CVE / 21 KB Articles • Reports of 4 or 12 Critical • Internet Explorer • Microsoft Edge • Microsoft Windows • Microsoft Office and Microsoft Office Services and Web Apps • ChakraCore • .NET Core • Skype for Business • Azure App Service on Azure Stack • Team Foundation Server • Microsoft Dynamics 365 (on-premises) version 8 • PowerShell Core • Microsoft.PowerShell.Archive 1.2.2.0 • Morphus Labs Dashboard - https://patchtuesdaydashboard.com/
Holes / Patches • VMWare • VMSA-2018-0028 ( 1 CVE ) • vRealize, authorization bypass • Apple • macOS Mojave 10.14.1 ( 71 CVE ) • tvOS12.1 ( 15 CVE ) • iOS 12.1 ( 32 CVE ) • watchOS5.1 ( 21 CVE ) • iTunes 12.9.1 (win) ( 14 CVE ) • iCloud 7.8 (win) ( 12 CVE ) • Safari 12.0.1 ( 12 CVE ) • watchOS5.1.1 ( 0CVE ) • Oracle • 301 fixes • 12 for Java • Adobe • APSB18-39 Flash Player, id ( 1 CVE ) • APSB18-40 Acrobat/Reader, id ( 1CVE ) • APSB18-43 PhotShop CC, id ( 1 CVE ) • Cisco • SIP 0-day, dos ( 1 CVE ) • Android • 36 fixes, 4 critical • 17 Qualcomm fixes
Holes / Patches • Previous MS Jet patch incomplete • Win10 uac bypass • Bitlocker on SSD (is it really) • Win10 pro and enterprise licensing issue • libssh (not that libssh (MS Github)) • drupal bugs • jquery upload bug • no thunderbolt for lenovo • Signal now with sender data protection • virtual box 0-day • Hardcoded Passwd iin CradlePoint routers
Hacking • milrotik white worm • ps4 txt bomb • RID hacking • nsa tools go nuclear • embedded video in word attack • onion 3g • mobile pos • Helium bricks iPhones • PortSmash side channel attack in SMT • Systemd vuln via ipv6
Medtronic device recall • Yale smart lock fail • solarwinds goes public • Sears files bankruptcy • twilio to buy sendgrid • eSentire acquired Versive • bitdefender buys RedSocks • IBM to buy RedHat • symantec buys javelin networks and appthority • NCR buys StopLift • chekmarx buys custodela • Threat stack buys bluefyre • blackberry attempting to buy cylance??? • Apple privacy portal • https://privacy.apple.com/ Corp
ISP leaves data and keys on s3 • wifelovers popped (1.2 mil) • chinese apple ids popped • TX ERS popped (1.25 mil) • Girl Scouts Orange County popped • FIFA popped again • Radisson loyalty popped • HSBC popped • Nordstrom’s popped • pay-per-phish • GM data collection • Google to force 2yrs of support • Google revamps recaptcha • "Dallas" on the final 3 for Amazon HQ2 (Goes to Crystal City VA / NYC NY) • cisco leaves test code on devices Corp
Govt • AGs RoboCall letter to FCC • Darkweb Voter records • Pentagon popped • HHS updates SRA tool • FDA bill of materials • Centers for Medicare and Medicaid Services popped • pentagon bug bounty now with physical devices • Italy antiturst levy's fines for apple and samsung device slowdown • Trump should use huawei • small win on DMCA • TX Voting machines flipping straight ticket votes • Arlington launches self driving cars • Supreme Court declined net neutrality appeal
Papers DTC "informational injuries" https://www.huntonprivacyblog.com/wp-content/uploads/sites/28/2018/10/informational_injury_workshop_staff_report_-_oct_2018.pdf Online Hate Guidelines https://www.eff.org/deeplinks/2018/10/corporate-speech-police-are-not-answer-online-hate FTC Small Business Guidance https://www.us-cert.gov/ncas/current-activity/2018/10/25/FTC-Releases-Cyber-Resources-Small-Businesses book - Pentesting Azure Applications https://www.securityorb.com/cloud-security/a-book-review-of-pentesting-azure-applications-by-matt-burrough/ George Finney (SMU CISO) in Security Magazine https://www.securitymagazine.com/articles/89556-george-finney-training-future-digital-security-leaders
WTF DonalDaters
Tools FB “Was I Affected?” page Illustrated TLS EFF Coder's' Rights Project SDR Avast Cleanup GrayKey GrandCrabderyptor FaceShield Windows Defender now with sandbox access
Past Cons LASCON 25-26 Oct – Austin Thunder Plains 1 Nov – OKC Root66 1 Nov – OKC BSidesDFW 3 Nov – Richland College
Future Cons ShmooCon 18-20 Jan - DC
DHA @Dallas_Hackers ( 1st Wednesday / Family Karaoke, Dallas ) TX2600 @dallas2600 ( 1st Fri / Wild Turkey 35&WalnutHill, Dallas ) The Lab.MS @TheLab_ms ( 2nd Saturday + random events / TheLab.ms, Plano ) ISSA Fort Worth @ISSAFortWorth ( 2nd Tuesday / location varies ) Hack Ft Worth @Hack_FtW ( 3rd-ish Tuesday / Buffalo West, Fort Worth) OWASP Dallas @OWASPDallas ( 3rd Tuesday / location varies ) Crypto Party DFW @CryptoPartyDFW ( 3rd Thursday / TheLab.ms, Plano ) North Texas Cyber Security Group @ntxcsg ( Last Thursday, Jakes, Frisco ) Dallas MakerSpace @dallasmakers ( Random events / Carrollton ) Pwn School Project ( 3rd Wed / Dallas | 4th Mon Denton ) 0-day All Day @0Dayallday ( 29 Sep / Quarterly / DFW ) Where
All images scavenged without permission All images scavenged without permission