All images scavenged without permission

All images scavenged without permission PREVIOUS GNEWS

Patch Tuesday Oct – 10 Patches – 5 Critical – 36 CVEs MS16-118 - CSU for Internet Explorer, Remote Code MS16-119 - CSU for Microsoft Edge, Remote Code MS16-120 - Microsoft Graphics Component, Remote Code MS16-121 - Microsoft Office, Remote Code MS16-122 - Microsoft Video Control, Remote Code MS16-123 - Windows Kernel-Mode Drivers, Privilege Escalation MS16-124 - Windows Registry, Privilege Escalation MS16-125 - Diagnostics Hub, Privilege Escalation MS16-126 - Microsoft Internet Messaging API, Info Disclosure MS16-127 - Adobe Flash Player, Remote Code Sources: http://technet.microsoft.com/en-us/security/bulletin/ms16-oct

Holes / Patches Oracle Adobe ApplemacOS Sierra 10.12 ( 65 CVE) VMWare Due out 18 Oct Adobe APSB16-32 Flash Player ( 12 CVE) APSB16-33 Acrobat / Reader ( 71 CVE) APSB16-34 Creative Cloud Desktop App ( 1 CVE) ApplemacOS Sierra 10.12 ( 65 CVE) Safari 10 ( 21 CVE) macOS Server 5.2 ( 2 CVE) iCloud for Windows 6.0 ( 1 CVE) iOS 10.0.2 ( 0 CVE) VMWare VMSA-2016-0015 ( 1 CVE) Horizon View (dir traverse) Cisco Iron Port CVE-2016-6406, root access via testing / debug interface Nexus 7000/7700 CVE-2016-1453, buffer overflow Sources: ## Oracle Patches http://www.oracle.com/technetwork/topics/security/alerts-086861.html ##Adobe Patches https://helpx.adobe.com/security.html https://helpx.adobe.com/security/products/flash-player/apsb16-32.html https://helpx.adobe.com/security/products/acrobat/apsb16-33.html ##Apple patches http://support.apple.com/kb/HT1222 ##Cisco patches http://tools.cisco.com/security/center/home.x http://tools.cisco.com/security/center/viewAllSearch.x?currentPage=&sortType=d&recordsPerPage=100&searchkey=&filter=43&pageSize=100&pageNo=1 ## VMWare http://www.vmware.com/security/advisories/ https://www.vmware.com/security/advisories/VMSA-2016-0015.html ironport https://threatpost.com/cisco-warns-of-critical-flaw-in-email-security-appliances/120968/ nexus swtich https://threatpost.com/cisco-warns-of-critical-flaws-in-nexus-switches/121164/

Hacking tesla S remote take over PLC rootkit NAND mirroring attack ios10 bounty at 1.5mil tor de-anon, DefecTor 48 char cmd crashes linux NOTIFY_SOCKET=/run/systemd/notify systemd-notify “” JPEG 2000 Codec Mirai source code leaked Hacking Sources: tesla S in drive take over https://www.washingtonpost.com/news/the-switch/wp/2016/09/20/researchers-remotely-hack-tesla-model-s/ http://keenlab.tencent.com/en/2016/09/19/Keen-Security-Lab-of-Tencent-Car-Hacking-Research-Remote-Attack-to-Tesla-Cars/ PLC rootkit http://www.darkreading.com/attacks-breaches/plcs-possessed-researchers-create-undetectable-rootkit/d/d-id/1326917 NAND mirroring attack https://threatpost.com/researcher-proves-viability-of-nand-mirroring-to-bypass-iphone-passcode-restrictions/120648/ ios10 bounty at 1.5mil https://threatpost.com/zerodium-triples-its-ios-10-bounty-to-1-5-million/120980/ tor de-anon https://news.hitb.org/content/if-it-wanted-google-could-deanonymize-large-number-tor-connections 48 char crash linux https://threatpost.com/hack-crashes-linux-distros-with-48-characters-of-code/121052/ jpeg codec https://news.hitb.org/content/jpeg-2000-–-researchers-find-security-hole-image-codec Mirai source code leaked http://www.darknet.org.uk/2016/10/mirai-ddos-malware-source-code-leaked/

Corp Yahoo breach MS cloud fuzzing Project Springfield Cable speeds 802.3bz - 2.5Gbps Cat 5e, 5Gbps Cat 6 HP self destructing printers PCI turns 10 verizon hates copper Sources: Yahoo breach https://www.wired.com/2016/09/hack-brief-yahoo-looks-set-confirm-big-old-data-breach/ MS cloud fuzzing http://www.darkreading.com/cloud/microsoft-launches-cloud-based-fuzzing-/d/d-id/1327052 Cable speeds https://news.hitb.org/content/here-comes-5gbps-networking-over-standard-cables HP self destructing printers https://www.eff.org/deeplinks/2016/09/what-hp-must-do-make-amends-its-self-destructing-printers PCI turns 10 https://www.pcisecuritystandards.org/pdfs/16_09_22_NA_CM_Recap_Press_Release.pdf verizon hates copper https://news.hitb.org/content/verizon-workers-can-now-be-fired-if-they-fix-copper-phone-lines Corp

Govt NJ customer data bill VA guvnor hanging with willie NK drops all on github legal playpen DMCA vs 1st Amendment? Germany says no to FB/WhatsApp openwhisper gag order Sources: NJ customer data bill https://www.huntonprivacyblog.com/2016/09/19/new-jersey-moves-forward-shopper-privacy-bill/ VA govner hanging with willie https://theintercept.com/2016/09/20/virginia-governor-photographed-with-willie-nelsons-pot-but-arrests-thousands-for-possession/ NK drops all on github https://www.cnet.com/news/north-korea-accidentally-allows-international-access-to-its-28-websites/#ftag=CAD590a51e legal playpen https://www.eff.org/deeplinks/2016/09/why-warrant-hack-playpen-case-was-unconstitutional-general-warrant DMCA vs 1st Ammendment? https://www.eff.org/press/releases/eff-asks-court-block-us-prosecuting-security-researcher-detecting-and-publishing Germany says no to FB/WhatsApp https://threatpost.com/germany-orders-facebook-to-stop-collecting-data-on-whatsapp-users/120919/ openwhisper gag order https://news.hitb.org/content/government-uses-gag-order-keep-encryption-company-quiet Govt

x Papers Sources:

x WTF Sources:

labyREnth CTF solutions Tools Sources: labyREnth CTF solutions http://researchcenter.paloaltonetworks.com/2016/09/labyrenth-capture-the-flag-ctf-windows-track-1-6-solutions/ http://researchcenter.paloaltonetworks.com/2016/09/unit-42-labyrenth-capture-the-flag-ctf-windows-track-7-9-solutions/

Future Cons Root 66 / InnoTech OKC - 1 Nov LASCON Austin – 1-2 training / 3-4 Con Nov BSidesDFW 2016 – 5 Nov Threat Intelligence Summit NOLA – 6-7 Dec Future Cons Sources: https://www.concise-courses.com/security/conferences-of-2016/ http://www.securitybsides.com/w/page/12194156/FrontPage

OWASP Dallas @OWASPDallas DHA @Dallas_Hackers ( 1st Wednesday / Family Karaoke, dallas ) TX2600 @dallas2600 ( 1st Fri / Wild Turkey 35&WalnutHill, dallas ) The Lab.MS @TheLab_ms ( 2nd Monday + random events / TheLab.ms, plano ) OWASP Dallas @OWASPDallas ( 3rd Tuesday / location varies ) Crypto Party DFW @CryptoPartyDFW ( 3rd Thursday / Improving Enterprises, addison ) North Texas Cyber Security Group @ntxcsg ( Last Thursday, Jakes, Frisco ) Dallas MakerSpace @dallasmakers ( Random events / carrollton ) Hack Ft Worth @Hack_FtW ( 3rd Thursday / ?? West 7th ?? Abby Pub) Lock Pick DFW @LockPickDFW ( Last Monday/ Sherlocks arlington ) Sources: https://calendar.google.com/calendar/embed?src=OW1vaTQxMjl1OXBhOWk3NTc4ZmVrN2dtMWtAZ3JvdXAuY2FsZW5kYXIuZ29vZ2xlLmNvbQ

Sources: All images scavenged without permission