All images scavenged without permission PREVIOUS GNEWS

Patch Tuesday Jan – 4 Patches – 1 Critical – 3 CVEs MS17-001 - Cumulative Security Update for Microsoft Edge, Privilege Escalation MS17-002 - Microsoft Office, Remote Code MS17-003 - Adobe Flash Player, Remote Code MS17-004 - Local Security Authority Subsystem Service, DoS Sources: http://technet.microsoft.com/en-us/security/bulletin/ms17-Jan

Holes / Patches VMWare Oracle Adobe Android Apple MongoDB Due out 17 Jan Adobe APSB17-01 Acrobat and Reader ( 29 CVE) APSB17-02 Flash Player ( 13 CVE) Apple x MS Disabling Flash in Edge VMWare VMSA-2016-0023 ( 1 CVE) ESXi, XSS VMSA-2016-0024 ( 1 CVE) vSphere Data Protection, SSH Android 2017-01-01, 23 CVE, 1 Critical 2017-01-05, 72 CVE, 28 Critical MongoDB Mass hihackings Sources: ## Oracle Patches http://www.oracle.com/technetwork/topics/security/alerts-086861.html ##Adobe Patches https://helpx.adobe.com/security.html https://helpx.adobe.com/security/products/acrobat/apsb17-01.html https://helpx.adobe.com/security/products/flash-player/apsb17-02.html ##Apple patches http://support.apple.com/kb/HT1222 ##Cisco patches http://tools.cisco.com/security/center/home.x http://tools.cisco.com/security/center/viewAllSearch.x?currentPage=&sortType=d&recordsPerPage=100&searchkey=&filter=43&pageSize=100&pageNo=1 ## VMWare http://www.vmware.com/security/advisories/ https://www.vmware.com/security/advisories/VMSA-2016-0023.html https://www.vmware.com/security/advisories/VMSA-2016-0024.html Android https://source.android.com/security/bulletin/2017-01-01.html#security-vulnerability-summary Disabling falsh in edge https://news.hitb.org/content/microsoft-disable-most-flash-content-its-edge-browser mongodb is having a bad time okay https://threatpost.com/attacks-on-mongodb-rise-as-hijackings-continue/122887/

Hacking voice hacking exploding smart meters malicious doc via whatsapp DOXWARE it is the next buzzword github key finder "ghost host" webfilter evasion Hacking Sources: voice hacking https://news.hitb.org/content/ethics-hacking-your-voice exploding smart meters http://www.theregister.co.uk/2017/01/04/smart_metres_ccc/ malicious doc via whatsapp https://news.hitb.org/content/hackers-have-new-way-steal-your-banking-login-using-whatsapp DOXWARE it is the next buzzword http://www.darkreading.com/attacks-breaches/ransomware-has-evolved-and-its-name-is-doxware/a/d-id/1327767 github key finder http://www.theregister.co.uk/2017/01/09/hacker_publishes_github_secret_key_hunter/ "ghost host" webfilter evasion http://blog.cyren.com/articles/new-threat-report-everything-you-need-to-know-about-botnets.html

Corp Rapid7 CVE naming Google Discloses NSL 1st Prime Drone deliveries Ameriprise Financial NAS breach Nokia claims Apple did patent infringement VW buys PayByPhone Honda unveils car payment system Topps breached TMobile data "buy-back" Sources: R7 cve naming http://www.infosecurity-magazine.com/news/rapid7-named-cve-numbering/ Google NSL https://threatpost.com/google-discloses-contents-of-eight-national-security-letters/122488/ Drone deliveries https://news.hitb.org/content/amazon-prime-air-makes-its-first-drone-delivery ameriprise financial NAS breach http://threatpost.com/insecure-nas-device-exposes-350-ameriprise-investment-accounts/122588/ nokia claims appl patent infringement https://news.hitb.org/content/nokia-sues-apple-claims-patent-infringement-iphone-and-other-devices VW buys PayByPhone https://www.bloomberg.com/news/articles/2016-12-28/vw-buys-mobile-payment-provider-paybyphone-for-parking-services Honda car payment system https://www.nfcworld.com/2017/01/06/349323/honda-unveils-vehicle-payment-service-fuel-parking-ces/ Topps breached http://www.esecurityplanet.com/network-security/topps-data-breach-exposes-months-of-credit-card-data.html tmobile data "buy-back" https://news.hitb.org/content/t-mobile-will-pay-you-back-if-you-dont-use-much-data Corp

Govt Challenages to Brit Snooper Charter Signal blocking (and work around) FOIA updates barret brown is free contractor dumps socom data ransomware officially illegal in CA FTC IOT challange https://www.ftc.gov/iot-home-inspector-challenge Sources: Challenages to Brit Snooper Charter https://www.theguardian.com/law/2016/dec/21/eus-highest-court-delivers-blow-to-uk-snoopers-charter Signal blocking (and work around) https://www.wired.com/2016/12/encryption-app-signal-fights-censorship-clever-workaround/ FOIA updates https://www.eff.org/deeplinks/2016/12/congress-gives-foia-modest-important-update-its-50th-birthday barret brown is free https://news.hitb.org/content/anonymous’-barrett-brown-free—and-ready-pick-new-fights contractor dumps socom data https://threatpost.com/pentagon-subcontractor-inadvertently-leaks-11-gigs-of-sensitive-data/122822/ ransomware officially illegal in CA https://news.hitb.org/content/deploying-ransomware-now-crime-california FTC IOT challange https://www.ftc.gov/iot-home-inspector-challenge Govt

Papers FDA Guidance Ride share algorithm RAM as CPU http://www.fda.gov/ucm/groups/fdagov-public/@fdagov-meddev-gen/documents/document/ucm482022.pdf Ride share algorithm http://www.pnas.org/content/early/2017/01/01/1611675114.full?sid=dec921ad-9ea1-446a-8ee6-da5a17fa9f12 RAM as CPU http://www.nature.com/articles/srep36652 Papers Sources: FDA Guidance http://www.govinfosecurity.com/fda-unveils-additional-medical-device-security-guidance-a-9607 http://www.fda.gov/ucm/groups/fdagov-public/@fdagov-meddev-gen/documents/document/ucm482022.pdf Ride share algorithm http://arstechnica.com/science/2017/01/algorithm-does-real-time-city-wide-ridesharing/ http://www.pnas.org/content/early/2017/01/01/1611675114.full?sid=dec921ad-9ea1-446a-8ee6-da5a17fa9f12 RAM as CPU https://www.sciencedaily.com/releases/2017/01/170103101808.htm http://www.nature.com/articles/srep36652

x WTF Sources:

Tools 40+ vuln sites top 10 tools of 2016 top learning resources bWAPP DVIA / DVWA / DVWS Google Gruyere HACKTHIS!! Hellbound Hackers Mutillidae OverTheWire Perggia Try2Hack Vicnum WebGoat Juice Shop Hack.me Hackademic Slaveack Hackxor Bodgelt Store Moth Enigma Group OWASP Bricks ExploitMe Mobile Android Labs XSS game area W3Challs The Butterfly Security Project Reversing.KR RingZer0 Team Online CTF Tools top 10 tools of 2016 Nmap Metasploit John the Ripper THC Hydra OWASP Zed Wireshark Aircrack-NG Maltego top learning resources Future Learn EH Academy Infosec Institute Canvas Network Leap Courses squidmagic Web Based Traffic Analyzer (C&C detection) Sources: top 10 of 2016 http://resources.infosecinstitute.com/top-ten-hacking-tools-of-2016/ top learning resources http://resources.infosecinstitute.com/top-5-free-learning-resources-for-cyber-security-beginners/ Vuln sites https://www.bonkersabouttech.com/com.bonkersabouttech.model.response.BlogCategory@d96cf4/40-plus-list-of-intentionally-vulnerable-websites-to-practice-your-hacking-skills/392 squidmagic http://www.toolswatch.org/2017/01/squidmagic-web-based-network-traffic-analyzer/

Future Cons ShmooCon 13-15 Jan 3 rounds sold out 4.19 / 2.73 / 2.28 seconds SANS Dallas 27 Feb-04 Mar CanSecWest 15-17 Mar Hou.Sec.Con 7.0 23 Mar BSides Austin SANS PenTest Austin 27 Mar-01 Apr Women in Cybersecurity 31 Mar-01 Apr InfoSec Southwest 07-08 Apr BSides Nashville 22 Apr Future Cons Sources: https://www.concise-courses.com/security/conferences-of-2017/ http://www.securitybsides.com/w/page/12194156/FrontPage

Fort Worth Crypto Party DHA @Dallas_Hackers ( 1st Wednesday / Family Karaoke, dallas ) TX2600 @dallas2600 ( 1st Fri / Wild Turkey 35&WalnutHill, dallas ) The Lab.MS @TheLab_ms ( 2nd Monday + random events / TheLab.ms, plano ) Fort Worth Crypto Party ( 2nd Tuesday / The Maker Spot, n. richland hills ) OWASP Dallas @OWASPDallas ( 3rd Tuesday / location varies ) Crypto Party DFW @CryptoPartyDFW ( 3rd Thursday / TheLab.ms, plano ) North Texas Cyber Security Group @ntxcsg ( Last Thursday, Jakes, Frisco ) Dallas MakerSpace @dallasmakers ( Random events / carrollton ) Hack Ft Worth @Hack_FtW ( 3rdish Tuesday / Buffalo West) Lock Pick DFW @LockPickDFW ( Last Monday/ Sherlocks arlington ) Sources: https://calendar.google.com/calendar/embed?src=OW1vaTQxMjl1OXBhOWk3NTc4ZmVrN2dtMWtAZ3JvdXAuY2FsZW5kYXIuZ29vZ2xlLmNvbQ

Sources: All images scavenged without permission