130 likes | 132 Views
This article provides an overview of the Patch Tuesday updates for August 2017, including vulnerabilities and updates for various software and systems such as Internet Explorer, Microsoft Edge, Adobe Flash Player, and Apple devices. It also includes information on recent security conferences and events.
E N D
Patch Tuesday • Aug 2017 – 51 vulnerabilities with 130 unique downloads • Internet Explorer / Microsoft Edge / Remote Code • Microsoft Windows / Remote Code • Microsoft SharePoint / Spoofing • Adobe Flash Player / Remote Code • Microsoft SQL Server / Info Disclosure • Out of Band Outlook Patch • EternalSynergy Exploit (SMB again)
Holes / Patches • VMWare • VMSA-2017-0012 ( 1 CVE) • VCenter • VMSA-2017-0013 ( 4 CVE) • VIX API • Apple • Wifi / Boot Camp 6.1 ( 1 CVE) • tvOS 10.2.2 ( 38 CVE) • iTunes 12.6.2 Windows ( 23 CVE) • iCloud 6.2.2 Windows ( 22 CVE) • Safari 10.1.2( 25 CVE) • Security Update 2017-003 ( 37 CVE) • iOS 10.3.3 ( 47 CVE) • watchOS 3.2.3( 16 CVE) • Oracle • 308 Fixes • Adobe • APSB17-23 Flash Player ( 2 CVE) • APSB17-24 Acrobat / Reader ( 67 CVE) • APSB17-26 Experience Manager ( 3 CVE) • APSB17-27 Digital Editions ( 9 CVE) • Cisco • WebEx Extension • FreeRadius • 15 Vulns Identified • gSOAP • cameras
Hacking • Half-baked WP takeovers • tor bounty open to all • Windows bounty announced • safe cracking robot • DEFCON - gun magnets • BLACKHAT - cache attack • DEFCON SMB 0-day • docker as malware • netflix api ddos
ARM buys Simulity • Rapid7 buys Komand (orchestration) • Micheal Kors buys Jimmy Choo • intel shutsdown wearables • Adobe draws 2020 EOL line in sand • intel discontinues arduino 101 • foxxconn in wisconsin • bitcoin split • Mandiant analyst popped • HotSpot Shield data Corp
Dutch surveillence • no cloud searches at the border • alphabay takedown (and Hansa) • 5yrs for citadel coder • civil asset forfieture • EFF Guide on Birde crossing and device wipe • jersy privacy • OCR reporting tool • Nevada privacy notice • malwaretechblog arrested • IOT Cybersecurity Improvement act of 2017 • Texas SB4 Govt
MS ebooks https://blogs.msdn.microsoft.com/mssmallbiz/2017/07/11/largest-free-microsoft-ebook-giveaway-im-giving-away-millions-of-free-microsoft-ebooks-again-including-windows-10-office-365-office-2016-power-bi-azure-windows-8-1-office-2013-sharepo/ http://ligman.me/2sZVmcG Car hacking workbench pt2 https://community.rapid7.com/community/transpo-security/blog/2017/07/17/building-a-car-hacking-development-workbench-part-2 Car hacking workbench pt3 https://community.rapid7.com/community/transpo-security/blog/2017/07/20/building-a-car-hacking-development-workbench-part-3 Papers
Metal is Terror employees OK with bio implants WTF
siemonster pyREBox yython sandbox Blackhat arsenal Luckystrike 2.0 evil macro generator fireEye FlareVM malware analysis anti-drone DefPloreX machine learning Tools
Past Cons BH - priveiw BH - top 20 BH - best of BH - Palo Alto IOT honeypot BH - Carwash smash DC - Queercon Badge DC - mr Robot Badge DC - badges DC - Tor
Future Cons SANS San Antonio 6-11 Aug ToorCon San Diego 28Aug – 3 Sep DerbyCon 20-24 Sep Rock Stars of Cybersecurity Technologies 26 Sep CactusCon 29-30 Sep
DHA @Dallas_Hackers ( 1st Wednesday / Family Karaoke, Dallas ) TX2600 @dallas2600 ( 1st Fri / Wild Turkey 35&WalnutHill, Dallas ) The Lab.MS @TheLab_ms ( 2ndSaturday + random events / TheLab.ms, Plano ) ISSA Fort Worth @ISSAFortWorth ( 2nd Tuesday / location varies ) ?? Fort Worth Crypto Party ?? ( 2nd Tuesday ? / The Maker Spot, N. Richland Hills ) Hack Ft Worth @Hack_FtW ( 3rd-ish Tuesday / Buffalo West, Fort Worth) OWASP Dallas @OWASPDallas ( 3rdTuesday / location varies ) Crypto Party DFW @CryptoPartyDFW ( 3rd Thursday / TheLab.ms, Plano ) North Texas Cyber Security Group @ntxcsg ( Last Thursday, Jakes, Frisco ) Dallas MakerSpace @dallasmakers ( Random events / Carrollton ) Where
All images scavenged without permission All images scavenged without permission