PREVIOUS GNEWS All images scavenged without permission

Patch Tuesday May 2017 - 243 CVEs Advisories Malware Protection Engine Deprecating Sha-1 IE / Edge .NET Privilege Escalation Update Client Failure Windows 10 and Windows Server 2016 (including Microsoft Edge) / Remote Code Windows 8.1 and Windows Server 2012 R2 / Remote Code Windows Server 2012 / Remote Code Windows RT 8.1 / Remote Code Windows 7 and Windows Server 2008 R2 / Remote Code Windows Server 2008 / Remote Code Internet Explorer / Remote Code Adobe Flash Player / Remote Code Microsoft Office, Office Services, Office Web Apps, and other Office-related software / Remote Code .NET Framework / Security Bypass Sources: https://portal.msrc.microsoft.com/en-us/security-guidance https://technet.microsoft.com/en-us/security/advisories MS malware protection engine https://technet.microsoft.com/library/security/4022344 https://bugs.chromium.org/p/project-zero/issues/detail?id=1252&desc=5 MS kills SHA-1 in ie edge https://threatpost.com/microsoft-makes-it-official-cuts-off-sha-1-support-in-ie-edge/125579/ Last Update Mar 2017 https://technet.microsoft.com/en-us/security/bulletins No longer working http://technet.microsoft.com/en-us/security/bulletin/ms17-may

Holes / Patches Oracle Adobe Android VMWare Intel AMT MS WifiSense 300 security fixes 8 Java / 40 MySQL Patches vuln with struts Adobe APSB17-14 ColdFusion ( 2 CVE) APSB17-15 Flash Player ( 7 CVE) APSB17-16 Experienace Manager Forms ( 1 CVE) Android Coming soon VMWare VMSA-2017-0007 ( 1 CVE) vCenter Server VMSA-2017-0008.2 ( 7 CVE) Unified Access Gateway, Horizon View, Workstation Intel AMT ver 6.x – 11.6 MS WifiSense now disabled by default Sources: ## Oracle Patches http://www.oracle.com/technetwork/topics/security/alerts-086861.html ##Adobe Patches https://helpx.adobe.com/security.html https://helpx.adobe.com/security/products/coldfusion/apsb17-14.html https://helpx.adobe.com/security/products/flash-player/apsb17-15.html ##Apple patches http://support.apple.com/kb/HT1222 ##Cisco patches http://tools.cisco.com/security/center/home.x http://tools.cisco.com/security/center/viewAllSearch.x?currentPage=&sortType=d&recordsPerPage=100&searchkey=&filter=43&pageSize=100&pageNo=1 ## VMWare http://www.vmware.com/security/advisories/ https://www.vmware.com/security/advisories/VMSA-2017-0007.html https://www.vmware.com/security/advisories/VMSA-2017-0008.html ## Android https://source.android.com/security/bulletin/index.html https://source.android.com/security/bulletin/2017-05-01 AMT Vuln https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr https://www.eff.org/deeplinks/2017/05/intels-management-engine-security-hazard-and-users-need-way-disable-it oracle https://threatpost.com/record-oracle-patch-update-addresses-shadowbrokers-struts-2-vulnerabilities/125046/ MS finally disables wifisense by default http://www.healthcareinfosecurity.com/blogs/microsoft-turns-off-wi-fi-sense-after-risk-revealed-p-2462

Hacking bad fingerprint reader iot white-worm hajime domain fronting data pollution tools are they worth it SS7 EG PassFreely Oarcle Auth Bypass USAF Bug Bounty CIA tool ''scribbles' Apple revokes cert OSX/Dok keyless entry bypass Google Doc Phish True Health Patient Portal Hacking Sources: bad fingerprint reader https://www.nytimes.com/2017/04/10/technology/fingerprint-security-smartphones-apple-google-samsung.html iot whiteworm hajime https://news.hitb.org/content/vigilante-botnet-infects-iot-devices-blackhats-can-hijack-them domain fronting http://resources.infosecinstitute.com/domain-fronting/ data polution tools are they worth it https://www.eff.org/deeplinks/2017/05/limitations-isp-data-pollution-tools SS7 https://arstechnica.com/security/2017/05/thieves-drain-2fa-protected-bank-accounts-by-abusing-ss7-routing-protocol/ EG PassFreely Oarcle Auth Bypass http://www.healthcareinfosecurity.com/passfreely-attack-bypasses-oracle-database-authentication-a-9868 USAF Bug Bounty https://threatpost.com/air-force-hopes-to-attract-hackers-with-bug-bounty-program/125235/ CIA tool ''scribbles' https://threatpost.com/wikileaks-reveals-cia-tool-scribbles-for-document-tracking/125299/ Apple revokes cert OSX/Dok https://threatpost.com/apple-revokes-certificate-used-by-osxdok-malware/125322/ keyless entry bypass https://news.hitb.org/content/security-researchers-demonstrate-fast-and-cheap-relay-hack-keyless-entry-system-cars Google Doc Phish https://threatpost.com/google-shuts-down-docs-phishing-spree/125414/ True Health Patient Portal http://www.healthcareinfosecurity.com/patient-portal-flaw-exposes-lab-records-a-9904

finger your card MS phone sign-on, cause compromise never happens due to a stolen phone cylance samples?? FB password SDK intercontinental popped again how not to startup chipotle popped holiday inn (IHG) popped tinder popped Albertsons too buy wholefoods? petsmart buys chewy sabre popped hipchat popped ALliance direct lending popped IBM pops Storwize cusomters Reconyc on usbdrives Sources: finger your card http://www.bbc.co.uk/news/technology-39643453 MS phone sign-on, cause compromise never happens due to a stolen phone https://www.engadget.com/2017/04/18/microsoft-replaces-the-password-with-a-phone-based-log-in/ cylance samples?? https://arstechnica.com/information-technology/2017/04/the-mystery-of-the-malware-that-wasnt/ FB password SDK http://threatpost.com/facebook-delegated-account-recovery-sdks-published-for-java-ruby-apps/125028/ intercontinental popped again https://threatpost.com/ihg-confirms-second-credit-card-breach-impacting-1000-plus-hotels/125033/ how not to startup http://www.healthcareinfosecurity.com/cybersecurity-startup-exposed-hospital-network-data-in-demos-a-9853 chipotle popped https://www.theregister.co.uk/AMP/2017/04/26/chipotle_malware_infection/ holiday inn (IHG) popped https://www.theregister.co.uk/2017/04/19/intercontinental_hotels_group_malware/ tinder popped http://www.bbc.com/news/technology-39778568 Albertsons too buy wholefoods? https://risnews.com/albertsons-may-bid-whole-foods-appoints-evp-retail-operations petsmart buys chewy https://risnews.com/petsmart-acquires-e-commerce-upstart-chewy sabre popped https://krebsonsecurity.com/2017/05/breach-at-sabre-corp-s-hospitality-unit/ hipchat popped https://threatpost.com/atlassian-resets-hipchat-passwords-following-breach/125210/ ALliance direct lending popped https://threatpost.com/auto-lender-exposes-loan-data-for-up-to-1-million-applicants/125216/ http://www.esecurityplanet.com/hackers/chipotle-hit-by-credit-card-breach.html IBM pops Storwize cusomters Reconyc on usbdrives Corp

Govt guns end of net neutrality? new copyright censors qwith china Social Security luanches 2FA Sources: guns https://theintercept.com/2017/04/24/greg-gianforte-oracle/ end of net neutrality? https://www.eff.org/deeplinks/2017/04/fcc-wants-eliminate-net-neutrality-protections-we-cant-let-happen https://www.eff.org/deeplinks/2017/04/fcc-announces-plan-abandon-net-neutrality-and-isp-privacy new copyright censors qwith china https://www.eff.org/deeplinks/2017/04/chinese-snooping-foreshadows-future-copyright-enforcement Social Security luanches 2FA Govt

Papers Car hacking archive Verizon DBIR ultrasonic beacons https://www.theregister.co.uk/2017/04/25/car_hacking_research/?mt=1493124610430 http://illmatics.com/carhacking.html Verizon DBIR http://www.verizonenterprise.com/verizon-insights-lab/dbir/ https://community.rapid7.com/community/infosec/blog/2017/05/05/2017-verizon-data-breach-report-dbir-key-takeaways ultrasonic beacons https://www.sec.cs.tu-bs.de/pubs/2017a-eurosp.pdf Papers Sources: Car hacking archive https://www.theregister.co.uk/2017/04/25/car_hacking_research/?mt=1493124610430 http://illmatics.com/carhacking.html Verizon DBIR http://www.verizonenterprise.com/verizon-insights-lab/dbir/ https://community.rapid7.com/community/infosec/blog/2017/05/05/2017-verizon-data-breach-report-dbir-key-takeaways ultrasonic beacons https://www.sec.cs.tu-bs.de/pubs/2017a-eurosp.pdf Privacy Threats through Ultrasonic Side Channels on Mobile Devices

WTF Bill would require hardware mods and porrn tax internet archives, apps in browser USA today FBI Facebook Canadian parking app WTF Sources: Bill would require hardware mods and porrn tax https://www.eff.org/deeplinks/2017/04/states-introduce-dubious-legislation-ransom-internet internet archives, apps in browser https://news.hitb.org/content/classic-mac-os-and-dozens-apps-can-now-be-run-browser-window USA today FBI Facebook https://www.usatoday.com/story/tech/news/2017/05/05/usa-today-asks-fbi-probe-rise-fake-facebook-followers/101303300/ Canadian parking app https://www.nfcworld.com/2017/05/09/352201/canadian-city-rolls-mobile-app-links-payments-parking-drivers-licence-plate/

https://github.com/olacabs/jackhammer Shodan malware hunter https://malware-hunter.shodan.io PA LabyREnth CTF 2017 http://researchcenter.paloaltonetworks.com/2017/04/unit42-labyrenth-ctf-2017/ donkeydocker ctf http://resources.infosecinstitute.com/donkeydocker1-ctf-walkthrough/ billu box vulnwebapp http://resources.infosecinstitute.com/billu-b0x-walkthrough/ jackhammer https://github.com/olacabs/jackhammer Tools Sources: Shodan malware hunter https://malware-hunter.shodan.io PA LabyREnth CTF 2017 http://researchcenter.paloaltonetworks.com/2017/04/unit42-labyrenth-ctf-2017/ donkeydocker ctf http://resources.infosecinstitute.com/donkeydocker1-ctf-walkthrough/ billu box vulnwebapp http://resources.infosecinstitute.com/billu-b0x-walkthrough/ jackhammer https://github.com/olacabs/jackhammer http://www.darknet.org.uk/ http://www.toolswatch.org/ Raytheon competition http://www.nationalccdc.org/index.php/competition/about-ccdc/mission

Past Cons BSides Nashville 22 Apr BSides Austin 4-5 May Thotcon Chicago 4-5 May Past Cons Sources: https://www.concise-courses.com/security/conferences-of-2017/ http://www.securitybsides.com/w/page/12194156/FrontPage cansecwest pwn2own https://news.hitb.org/content/adobe-reader-edge-safari-and-ubuntu-fall-during-first-day-https://threatpost.com/vmware-patches-pwn2own-vm-escape-vulnerabilities/124629/ https://threatpost.com/vm-escape-earns-hackers-105k-at-pwn2own/124397/

Circle City Con Indy 9-11 Jun HackMiami 19-21 May NolaCon 19-21 May Circle City Con Indy 9-11 Jun ANYCon Albany 16-18 Jun BlackHat 22-27 Jul BSidesLV 25-26 Jul DefCon 27-30 Jul Future Cons Sources: https://www.concise-courses.com/security/conferences-of-2017/ http://www.securitybsides.com/w/page/12194156/FrontPage

Where DHA @Dallas_Hackers TX2600 @dallas2600 The Lab.MS @TheLab_ms ( 1st Wednesday / Family Karaoke, Dallas ) TX2600 @dallas2600 ( 1st Fri / Wild Turkey 35&WalnutHill, Dallas ) The Lab.MS @TheLab_ms ( 2nd Saturday + random events / TheLab.ms, Plano ) ISSA Fort Worth @ISSAFortWorth ( 2nd Tuesday / location varies ) Fort Worth Crypto Party ( 2nd Tuesday ? / The Maker Spot, N. Richland Hills ) Hack Ft Worth @Hack_FtW ( 3rd-ish Tuesday / Buffalo West, Fort Worth) OWASP Dallas @OWASPDallas ( 3rd Tuesday / location varies ) Crypto Party DFW @CryptoPartyDFW ( 3rd Thursday / TheLab.ms, Plano ) North Texas Cyber Security Group @ntxcsg ( Last Thursday, Jakes, Frisco ) Dallas MakerSpace @dallasmakers ( Random events / Carrollton ) Lock Pick DFW @LockPickDFW ( Last Monday/ Sherlocks Arlington ) Sources: https://www.google.com/calendar/embed?src=c4ervam9s3ep79dtdjd1k9kgbk%40group.calendar.google.com&ctz=America/Chicago Where

Sources: All images scavenged without permission