All images scavenged without permission

PREVIOUS GNEWS All images scavenged without permission

Patch Tuesday Mar – 16 Patches – 8 Critical – 33 CVEs MS16-051 - Cumulative Security Update for IE, Remote Code MS16-052 - Cumulative Security Update for Microsoft Edge , Remote Code MS16-053 - Cumulative Security Update JScript and VBScript , Remote Code MS16-054 - Microsoft Office, Remote Code MS16-055 - Microsoft Graphics Component , Remote Code MS16-056 - Windows Journal, Remote Code MS16-057 - Windows Shell, Remote Code MS16-058 - Windows IIS, Remote Code MS16-059 - Windows Media Center, Remote Code MS16-060 - Windows Kernel, Privilege Escalation MS16-061 - Microsoft RPC, Privilege Escalation MS16-062 - Windows Kernel-Mode Drivers, Privilege Escalation MS16-064 - Adobe Flash Player, Remote Code MS16-065 - .Net Framework, Info Leak MS16-066 - Virtual Secure Mode, Security Bypass MS16-067 - Volume Manager Driver, Info Leak Sources: http://technet.microsoft.com/en-us/security/bulletin/ms16-may

Holes / Patches Oracle Adobe Apple VMWare Jboss 136 fixes Adobe APSA16-02 Flash Player ( 1 CVE) APSB16-13 Analytics ( 1 CVE) APSB16-14 Acrobat and Reader ( 02 CVE) APSB16-16 ColdFusion ( 3 CVE) Apple Xcode 7.3.1 ( 2 CVE) VMWare VMSA-2016-0004 ( 1 CVE) Client Integration Plugin Jboss 3.2 mil web sites Cisco Patch for DoS in WLC and ASA Win10 App Whitelist Bypass in Regsvr32.exe & COM Sources: ## Oracle Patches http://www.oracle.com/technetwork/topics/security/alerts-086861.html oracle 136 fixes https://threatpost.com/oracle-fixes-136-vulnerabilities-with-april-critical-patch-update/117548/ ##Adobe Patches https://helpx.adobe.com/security.html https://helpx.adobe.com/security/products/flash-player/apsa16-02.html https://helpx.adobe.com/security/products/analytics/apsb16-13.html https://helpx.adobe.com/security/products/acrobat/apsb16-14.html https://helpx.adobe.com/security/products/coldfusion/apsb16-16.html ##Apple patches http://support.apple.com/kb/HT1222 ##Cisco patches http://tools.cisco.com/security/center/home.x http://tools.cisco.com/security/center/viewAllSearch.x?currentPage=&sortType=d&recordsPerPage=100&searchkey=&filter=43&pageSize=100&pageNo=1 Cisco DoS https://threatpost.com/cisco-patches-denial-of-service-flaws-across-three-products/117586/ ## VMWare http://www.vmware.com/security/advisories/ https://www.vmware.com/security/advisories/VMSA-2016-0004.html JBOSS https://threatpost.com/3-2-million-servers-vulnerable-to-jboss-attack/117465/ http://blog.talosintel.com/2016/04/jboss-backdoor.html Win whitelisting bypass http://subt0x10.blogspot.com/2016/04/hunting-threats-regsvr32exe-example.html?m=1 http://subt0x10.blogspot.com/2016/04/bypass-application-whitelisting-script.html?m=1

Hacking ARS Router MIT hacking AI detects 85% mousejack range increase MIT bounty program slack tokens in github Hacking Sources: ARS Router http://arstechnica.com/gadgets/2016/04/the-ars-guide-to-building-a-linux-router-from-scratch/ MIT hacking AI https://news.hitb.org/content/mit-builds-ai-bot-spots-85-cent-hacker-invasions mousejack range increase https://threatpost.com/range-of-mousejack-attack-more-than-doubles/117506/ MIT bounty program https://bounty.mit.edu/ http://www.darkreading.com/operations/mit-launches-bug-bounty-program/d/d-id/1325193?_mc=RSS_DR_EDT slack tokens in github http://www.securityweek.com/slack-tokens-leaked-github-put-companies-risk

Corp Intel on chip FPGA Apple to rebrand OSX to MacOS Apple Transparency report 2016 DBIR PCI 3.2 Released Sources: Intel on chip FPGA https://news.hitb.org/content/intel-starts-baking-speedy-fpgas-chips Apple to rebrand OSX to MacOS https://news.hitb.org/content/apple-may-rebrand-os-x-macos-summer Apple Trans report https://threatpost.com/apple-transparency-report-shows-spike-in-requests-for-data/117584/ 2016 DBIR http://www.verizonenterprise.com/verizon-insights-lab/dbir/ PCI 3.2 https://www.pcisecuritystandards.org/pdfs/PCI_DSS_3.2_Press_Release.pdf Corp

Govt EU adopts GDPR MS claims US abusing secret warrants FTC Mobile Health App tool all your searches are belong to US Supreme Court change to Rule 41 of Federal Rule of Criminal Procedure Sources: EU adopts GDPR https://www.huntonprivacyblog.com/2016/04/14/eu-general-data-protection-regulation-finally-adopted/ MS claims us abusing secret warrents https://theintercept.com/2016/04/14/microsoft-says-u-s-is-abusing-secret-warrants/ FTC health App tool https://www.huntonprivacyblog.com/2016/04/21/ftc-releases-interactive-tool-for-mobile-health-apps/ all your searches are belong to US http://www.pcworld.com/article/3063167/security/supreme-court-approves-rule-change-that-expands-fbi-computer-search-powers.html#tk.PCW_nlt_pcw_bestof_html_2016-04-29 Change to rule 41 https://www.eff.org/deeplinks/2016/04/rule-41-little-known-committee-proposes-grant-new-hacking-powers-government Govt

threat intell planning DHS tech report https://www.dhs.gov/sites/default/files/publications/CSD%20TTP%20FY16%20Tech%20Guide.pdf threat intell planning https://www.sans.org/reading-room/whitepapers/threats/threat-intelligence-planning-direction-36857 log analysis https://www.sans.org/reading-room/whitepapers/logging/boiling-ocean-security-operations-log-analysis-36867 securing Jenkins https://www.sans.org/reading-room/whitepapers/bestprac/securing-jenkins-ci-systems-36872 Papers Sources: DHS tech report https://www.dhs.gov/sites/default/files/publications/CSD%20TTP%20FY16%20Tech%20Guide.pdf threat intell planning https://www.sans.org/reading-room/whitepapers/threats/threat-intelligence-planning-direction-36857 log analysis https://www.sans.org/reading-room/whitepapers/logging/boiling-ocean-security-operations-log-analysis-36867 securing Jenkins https://www.sans.org/reading-room/whitepapers/bestprac/securing-jenkins-ci-systems-36872

Rand Corp survey shows 11% unlikely to patron post breach BRAND IS IRRELEVENT Rand Corp survey shows 11% unlikely to patron post breach nightworkgames.com (creator of Doom returns) Sources: THANK YOU - BRAND IS IRRELEVENT http://www.darkreading.com/attacks-breaches/rand-survey-shows-breaches-have-little-impact-on-customer-loyalty/d/d-id/1325125 nightworkgames.com

x Tools Sources:

Future Cons B-Sides - San Antonio 21 May Circle City Con – Indianapolis 10-12 Jun SANS DFIR Summit – Austin 23-30 Jun SANS San Antonio – 18-23 Jul Hope 11 – NYC 22-24 Jul BlackHat – Vegas 30 Jul – 4 Aug BSidesLV – Vegas 2-3 Aug DefCon 24 – Vegas 4 – 7 Aug SANS Dallas – 8 – 13 Aug OWASP CFP Open – DC 11-14 Oct Future Cons Sources: https://www.concise-courses.com/security/conferences-of-2016/ http://www.securitybsides.com/w/page/12194156/FrontPage Owasp CFP http://seclists.org/fulldisclosure/2016/Mar/57 HITB Amsterdam CANSEE - automotive IDS https://conference.hitb.org/hitbsecconf2016ams/sessions/cansee-an-automobile-intrusion-detection-system/

National Information Security and Assurance Group DHA ( 1st Wednesday / Family Karaoke, dallas ) TX2600 ( 1st Fri / Wild Turkey 35&WalnutHill, dallas ) The Lab.MS ( 2nd Monday + random events / TheLab.ms, plano ) OWASP Dallas ( 3rd Tuesday / location varies ) Crypto Party ( 3rd Thursday / Improving Enterprises, addison ) National Information Security and Assurance Group ( 4th Thursday, Jakes, Frisco ) Dallas MakerSpace ( Random events / carrollton ) Sources:

Sources: All images scavenged without permission