All images scavenged without permission

PREVIOUSLY GNEWS All images scavenged without permission

Patch Tuesday Mar – 13 Patches – 5 Critical – 40 CVEs MS16-023 - Cumulative Security Update for IE, Remote Code MS16-024 - Cumulative Security Update for Edge, Remote Code MS16-025 - Windows Library Loading, Remote Code MS16-026 - Graphic Fonts, Remote Code MS16-027 - Windows Media, Remote Code MS16-028 - Windows PDF Library, Remote Code MS16-029 - Microsoft Office, Remote Code MS16-030 - Windows OLE, Remote Code MS16-031 - Microsoft Windows, Privilege Escalation MS16-032 - Secondary Logon, Privilege Escalation MS16-033 - Windows USB Mass Storage Class Driver, Privilege Escalation MS16-034 - Windows Kernel-Mode Drivers, Privilege Escalation MS16-035 - .Net Framework, Security Bypass Sources: http://technet.microsoft.com/en-us/security/bulletin/ms16-Mar

Holes / Patches Oracle Adobe Apple Cisco VMWare Glibc Due in April Adobe APSB16-06 Digital Editions ( 1 CVE) APSB16-09 Acrobat and Reader ( 3 CVE) Apple Apple TV 7.2.1 ( 62 CVE) Cisco Cisco, ASA WebVPN, XSS VMWare VMSA-2016-0002.1, glibc CVE-2015-2342, re-release Glibc Palo Alto API, remote code Linux Mint ISO Backdoor OSX fake Flash Malware MS Advanced Protection Sources: ## Oracle Patches http://www.oracle.com/technetwork/topics/security/alerts-086861.html http://threatpost.com/oracle-releases-record-number-of-security-patches/115957/ ##Adobe Patches https://helpx.adobe.com/security.html https://helpx.adobe.com/security/products/Digital-Editions/apsb16-06.html https://helpx.adobe.com/security/products/acrobat/apsb16-09.html ##Apple patches http://support.apple.com/kb/HT1222 ##Cisco patches http://tools.cisco.com/security/center/home.x http://tools.cisco.com/security/center/viewAllSearch.x?currentPage=&sortType=d&recordsPerPage=100&searchkey=&filter=43&pageSize=100&pageNo=1 ## VMWare http://www.vmware.com/security/advisories/ VMWare re-releases patch https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2144428 glibc - https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html vmware 5.5 glibc https://isc.sans.edu/diary/VMware+VMSA-2016-0002/20759 OSX Scareware fake flash malware https://isc.sans.edu/forums/diary/Fake+Adobe+Flash+Update+OS+X+Malware/20693/ Palo ALto API unauth'ed code execution PAN-SA-2016-0003 linux mint breach and backdoor https://news.hitb.org/content/linux-mint-forum-database-compromised-least-month-announcement MS Advanced Threat Protection https://blogs.windows.com/windowsexperience/2016/03/01/announcing-windows-defender-advanced-threat-protection/

Hacking Magneto POS "shoplift bug" E-File Pins exposed green energy just got real loop your iOS like its 1970 Nissan Leaf API PS logging emet eats emet Libotr vulnerability Hack fingerprints with InkJet Tesla Firmware Hack Hacking Sources: Magneto POS "shoplift bug" https://magento.com/security/patches/supee-5344-%E2%80%93-shoplift-bug-patch# https://magento.com/customers/customer-showcase E-File Pins exposed http://www.darkreading.com/endpoint/over-100000-e-file-pins-fraudulently-accessed-in-automated-attack-on-irs-app/d/d-id/1324266 green energy just got real https://news.hitb.org/content/engineers-devise-way-harvest-wind-energy-trees loop your iOS like its 1970 https://news.hitb.org/content/64-bit-iphones-and-ipads-get-stuck-loop-when-set-january-1-1970 Nissan Leaf API http://www.troyhunt.com/2016/02/controlling-vehicle-features-of-nissan.html PS logging https://www.fireeye.com/blog/threat-research/2016/02/greater_visibilityt.html emet eats emet https://www.fireeye.com/blog/threat-research/2016/02/using_emet_to_disabl.html Libotr http://news.hitb.org/content/severe-remote-memory-corruption-vulnerability-libotr-record-messaging-otr-discovered Fingers http://news.hitb.org/content/boffins-bust-biometrics-inkjet-printer Tesla http://news.hitb.org/content/man-hacks-tesla-firmware-finds-new-model-has-car-remotely-downgraded

Corp Verizon to kill cloud services Verizon settles with FTC on user consent for UIDH headers Google kilss Picasa - boost GPhotos Honeywell and Palo Alto join SCADA forces Instagram 2FA ubuntu goes ZFS IBM buys Resilient Systems (and Schneier) Apple iphone backdoor foo Dell says Security stifles innovation Sources: Verizon to kill cloud services http://news.hitb.org/content/verizon-cloud-none-comms-giant-will-axe-two-public-services Verizon FTC Consent https://www.eff.org/deeplinks/2016/03/victory-verizon-will-stop-tagging-customers-tracking-without-consent Google kilss Picasa - boost GPhotos https://news.hitb.org/content/google-shutters-picasa-focus-google-photos Honeywell and Palo Alto join SCADA forces http://researchcenter.paloaltonetworks.com/2016/02/honeywell-and-palo-alto-networks-collaborate-on-industrial-cybersecurity-solutions/ Instagram 2FA http://news.hitb.org/content/instagram-rolls-out-two-factor-authentication-improve-security ubuntu goes ZFS https://news.hitb.org/content/zfs-will-be-baked-directly-ubuntu-1604-lts-and-supported-canonical IBM buys schneier http://www.theregister.co.uk/2016/02/29/confirmed_ibm_slurps_up_bruce_schneier_with_resilient_purchase/ Dell Sec and Innovation http://news.hitb.org/content/dell-report-security-concerns-stifling-innovation Corp

Govt Kyle tx backs out od license plate reader deal NY called out for stingray use CA Data Breach Report Imperva explains the EU NIS Directive EFF explains the Apple V FBI Case govt funded tor decloaking (shocker) IRS disables breached PIN tools Sources: Kyle tx backs out od license plate reader deal https://www.eff.org/deeplinks/2016/02/texas-city-rescinds-license-plate-reader-contract-being-big-brotherish NY called out for stingray use https://theintercept.com/2016/02/11/new-york-police-have-used-stingrays-widely-new-documents-show/ CA Data Breach Report https://oag.ca.gov/breachreport2016 Imperva explains the EU NIS Directive http://blog.imperva.com/2016/02/eu-nis-directive-what-should-enterprises-look-for.html EFF explains the Apple V FBI Case https://www.eff.org/deeplinks/2016/02/technical-perspective-apple-iphone-case https://www.eff.org/deeplinks/2016/02/apple-americans-and-security-vs-fbi govt funded tor decloaking (shocker) https://threatpost.com/judge-confirms-dod-funded-research-to-decloak-tor-users/116464/ IRS http://www.healthcareinfosecurity.com/irs-disables-hacked-pin-tool-a-8954 Govt

Papers Bitcoin and Cryptocurrency Technologies Zero Days https://d28rh4a8wq0iu5.cloudfront.net/bitcointech/readings/princeton_bitcoin_book.pdf Zero Days https://variety.com/2016/film/reviews/zero-days-film-review-alex-gibney-1201707597/ IEEE wearables security https://www.computer.org/cms/CYBSI/docs/WearFit.pdf DHS shows us how to share data (cause govt is so good at that) http://www.healthcareinfosecurity.com/dhs-issues-guidance-on-how-to-share-cyberthreat-data-a-8877 https://www.huntonprivacyblog.com/2016/02/18/department-of-homeland-security-issues-procedures-regarding-sharing-cybersecurity-information/ Passive Wi-Fi http://passivewifi.cs.washington.edu/files/passive_wifi.pdf Various 2016 security reports Cisco, Mandiant, Imperva, HP Papers Sources: Bitcoin and Cryptocurrency Technologies https://d28rh4a8wq0iu5.cloudfront.net/bitcointech/readings/princeton_bitcoin_book.pdf Zero Days https://variety.com/2016/film/reviews/zero-days-film-review-alex-gibney-1201707597/ IEEE wearables security https://www.computer.org/cms/CYBSI/docs/WearFit.pdf DHS shows us how to share data (cause govt is so good at that) http://www.healthcareinfosecurity.com/dhs-issues-guidance-on-how-to-share-cyberthreat-data-a-8877 https://www.huntonprivacyblog.com/2016/02/18/department-of-homeland-security-issues-procedures-regarding-sharing-cybersecurity-information/ Passive Wi-Fi http://passivewifi.cs.washington.edu/files/passive_wifi.pdf Various 2016 security reports Cisco, Mandiant, Imperva, HP

GoFundMe site for defense fund takedown request Do we really need this? Automotive based commerce Visa IOT DarkReading redefines “Start-Up" MalwareBytes, Tenable, most on list over 5yrs old Sources: GoFundMe site for defense fund takedown request https://www.eff.org/deeplinks/2016/02/eff-defends-live-action-role-players-right-criticize-patent-suit Do we really need this? Automotive based comerce http://www.businesswire.com/news/home/20160221005114/en/Visa-Extends-Secure-Payments-Automotive-Industry IOT http://www.businesswire.com/news/home/20160220005021/en/Visa-Brings-Secure-Payments-Internet DarkReading redefines "start-Up" MalwareBytes, Tenable, most on list over 5yrs old www.darkreading.com/careers-and-people/20-cybersecurity-startups-to-watch-in-2016/d/d-id/1324338

Tools www.mrlooquer.com Top 10 Opensource Tools for Win10 - IPv6 recon / mapping / more Top 10 Opensource Tools for Win10 http://www.datamation.com/open-source/best-open-source-software-for-windows-10.html - Tools Sources: www.mrlooquer.com

Cons CanSecWest – Vancouver 16-18 Mar B-Sides Austin - 31-1 Mar-Apr InfoSec Southwest – Austin 8-10 Apr B-Sides OK – 09 Apr B-Sides Nashville – 16 Apr ThotCon 0x7 – Chicago 5-6 May B-Sides San Antonio 21 May Circle City Con – Indianapolis 10-12 Jun SANS DFIR Summit – Austin 23-30 Jun Cons Sources: https://www.concise-courses.com/security/conferences-of-2016/ http://www.securitybsides.com/w/page/12194156/FrontPage

NAISG replacement is coming DHA ( 1st Wednesday / Family Karaoke, dallas ) TX2600 ( 1st Fri / Wild Turkey 35&WalnutHill, dallas ) The Lab.MS ( 2nd Monday + random events / TheLab.ms, plano ) OWASP Dallas ( 3rd Tuesday / location varies ) Crypto Party ( 3rd Thursday / Improving Enterprises, addison ) NAISG replacement is coming ( 4th Thursday, Jakes, Frisco ) Dallas MakerSpace ( Random events / carrollton ) Sources:

Sources: All images scavenged without permission