All images scavenged without permission

GNEWS PREVIOUSLY All images scavenged without permission

Patch Tuesday Nov - 12 Patches – 4 Critical - 53 CVEs MS15-112 - Cumulative Security Update for Internet Explorer, Remote Code MS15-113 - Cumulative Security Update for Microsoft Edge, Remote Code MS15-114 - Windows Journal, Remote Code MS15-115 - Microsoft Windows, Remote Code MS15-116 - Microsoft Office, Remote Code MS15-117 - NDIS, Privilege Escalation MS15-118 - .NET Framework, Privilege Escalation MS15-119 - Winsock, Privilege Escalation MS15-120 - IPSec, DoS MS15-121 - SChannel, Address Spoofing MS15-122 - Kerberos, Feature Bypass MS15-123 - Skype for Business and Microsoft Lync, Info Disclosure Sources: http://technet.microsoft.com/en-us/security/bulletin/ms15-nov

Holes / Patches Oracle Adobe Apple Cisco VMWare 154 Fixes APSB15-26 Shockwave ( 1 CVE) APSB15-27 Flash Player ( 3 CVE) APSB15-28 Flash Player ( 17 CVE) Apple Mac EFI Sec Update 2015-002 xCode 7.1 iTunes 12.3.1 OSX Server 5.0.15 WatchOS 2.0.1 iOS 9.1 Safari 9.0.1 OS X El Captain 10.11.1 Cisco ??? VMWare none Sources: ## Oracle Patches http://www.oracle.com/technetwork/topics/security/alerts-086861.html ##Adobe Patches https://helpx.adobe.com/security.html https://helpx.adobe.com/security/products/shockwave/apsb15-26.html https://helpx.adobe.com/security/products/flash-player/apsb15-27.html https://helpx.adobe.com/security/products/flash-player/apsb15-28.html ##Apple patches http://support.apple.com/kb/HT1222 ##Cisco patches http://tools.cisco.com/security/center/home.x http://tools.cisco.com/security/center/viewAllSearch.x?currentPage=&sortType=d&recordsPerPage=100&searchkey=&filter=43&pageSize=100&pageNo=1 ## VMWare http://www.vmware.com/security/advisories/ Apple 0-day "tpwn"priv escalation http://appleinsider.com/articles/15/08/16/new-privilege-escalation-exploit-discovered-in-os-x-yosemite-also-affects-just-released-10105 ios keyraider https://threatpost.com/keyraider-malware-steals-certificates-keys-and-account-data-from-jailbroken-iphones/114473

Hacking Java UnSerialize by Foxglove Siri GVoice attacks GVoice History fitbit hack, pc infect on sync Hacking Sources: Java UnSerialize by Foxglove http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/ Siri GVoice attacks http://www.net-security.org/secworld.php?id=18984 GVoice History http://qz.com/526545/googles-been-quietly-recording-your-voice-heres-how-to-listen-to-and-delete-the-archive/ hitbit hack, pc infect on sync http://www.techmistory.com/2015/10/fitbit-health-tracker-can-be-hacked-in-just-10-seconds-via-simple-malware-attack

Corp Like Button Becomes a Tracker FirstData IPO Square IPO AMerica's Thirft Stores Breach MS Transparency Hub FB nation state notices Visa Fireeye threat intel service HP sells TippingPoint to TrendMicro Cisco buys lancope IBM buys weather channel MS depricates Sha-1 early Sources: Like Button Becomes a Tracker https://www.eff.org/deeplinks/2015/10/internet-companies-confusing-consumers-profit FirstData IPO https://www.firstdata.com/en_us/about-first-data/media/press-releases/10_14_15.html Square IPO http://www.wsj.com/articles/square-discloses-ipo-plans-1444854139 AMerica's Thirft Stores Breach http://www.esecurityplanet.com/network-security/americas-thrift-stores-acknowledges-credit-card-breach.html MS Transparency Hub https://www.microsoft.com/about/corporatecitizenship/en-us/transparencyhub/ FB nation state notices http://threatpost.com/facebook-notifying-users-of-targeted-nation-state-attacks/115090/ Visa Fireeye threat intel service http://investor.visa.com/news/news-details/2015/Visa-and-FireEye-Launch-New-Cyber-Intelligence-Service/default.aspx HP sells TippingPoint to TrendMicro Cisco buys lancope IBM buys weather channel MS depricates Sha-1 early https://threatpost.com/microsoft-considers-earlier-sha-1-deprecation-deadline/115299/ Corp

Govt first real cyberterrorism charge Bad automotive security discussions in congress Phone snarfing deadline Sources: first real cyberterrorism charge http://www.darkreading.com/attacks-breaches/first-cyberterror-charges-doj-accuses-hacker-of-giving-military-pii-to-isis/d/d-id/1322691?_mc=RSS_DR_EDT Bad automotive security discussions in congress https://www.eff.org/deeplinks/2015/10/vehicle-security-research Phone snarfing deadline https://theintercept.com/2015/10/21/nsa-pushing-its-deadline-for-ending-bulk-collection-of-u-s-phone-call-metadata/ Govt

NSA 1024 Diffie-Hellman cracking https://weakdh.org/imperfect-forward-secrecy-ccs15.pdf https://freedom-to-tinker.com/blog/haldermanheninger/how-is-nsa-breaking-so-much-crypto/ CHIP and PIN hack http://www.wired.com/2015/10/x-ray-scans-expose-an-ingenious-chip-and-pin-card-hack/ https://eprint.iacr.org/2015/963.pdf Papers Sources: NSA 1024 Diffie-Hellman cracking https://weakdh.org/imperfect-forward-secrecy-ccs15.pdf https://freedom-to-tinker.com/blog/haldermanheninger/how-is-nsa-breaking-so-much-crypto/ CHIP and PIN hack http://www.wired.com/2015/10/x-ray-scans-expose-an-ingenious-chip-and-pin-card-hack/ https://eprint.iacr.org/2015/963.pdf

unicorns do exist (cpu emulator) mjolnir selfie pay SprayWMI unicorns do exist (cpu emulator) Sources: mjolnir http://www.cnet.com/news/engineer-builds-working-thors-hammer-only-he-can-lift/ selfie pay http://www.usatoday.com/story/money/personalfinance/2015/10/20/mastercard-selfie-pay-online-purchases/72982264/ SprayWMI https://www.trustedsec.com/october-2015/new-tool-spraywmi-mass-wmi-pwnage/ unicorns do exist (cpu emulator) http://seclists.org/fulldisclosure/2015/Oct/67 WTF / Tools

Cons Past BSides DFW Toor Con Sources: Derby https://threatpost.com/bypass-developed-for-microsoft-memory-protection-control-flow-guard/114768/ internet enabled medical devices http://www.esecurityplanet.com/network-security/thousands-of-critical-medical-devices-exposed-online.html infecting diagnostic tools for cars http://www.wired.com/2015/10/car-hacking-tool-turns-repair-shops-malware-brothels/ CTF stats https://www.trustedsec.com/october-2015/derbycon-ctf-statistics/ HITBGSEC talk pulled https://news.hitb.org/content/ip-camera-makers-pressure-researcher-cancel-security-talk-hitbgsec https://threatpost.com/canceled-talk-re-ignites-controversy-over-legitimate-security-research/114932/

Local LockPick DFW DHA TX2600 The Lab.MS Crypto Party ( 1st Wednesday / Family Karaoke, dallas ) TX2600 ( 1st Fri / Wild Turkey 35&WalnutHill, dallas ) (1st Fri / 1418 Coffeehouse, plano) The Lab.MS ( 2nd Monday + random events / TheLab.ms, plano ) Crypto Party ( 3rd Thursday / Improving Enterprises, addison ) NAISG replacement is coming ( ??? ) Dallas MakerSpace ( Random events / carrollton ) LockPick DFW ( we want to think it exists ) Sources: Local

Sources: All images scavenged without permission