2. PREVIOUS GNEWS

3. Mar – 13 Patches – 6 Critical – 30 CVEs MS16-037 - Cumulative Security Update for IE MS16-038 - Cumulative Security Update for Microsoft Edge MS16-039 - Microsoft Graphics Component MS16-040 - Microsoft XML Core Services MS16-041 -.NET Framework MS16-042 - Microsoft Office MS16-044 - Windows OLE MS16-045 - Windows Hyper-V MS16-046 - Secondary Logon MS16-047 - SAM and LSAD Remote Protocols MS16-048 - CSRSS MS16-049 - HTTP.sys MS16-050 - Adobe Flash Player Patch Tuesday

4. Oracle –Due April 19th Adobe –APSA16-01 Flash Player ( 1 CVE) –APSB16-10 Flash Player ( 24 CVE) –APSB16-11 Creative Cloud ( 1 CVE) –APSB16-12 RoboHelp ( 1 CVE) Apple –iOS 9.3 / 9.3.1 ( 38 CVE) –watchOS 2.2 ( 34 CVE) –tvOS 9.3 ( 23 CVE) –Xcode 7.3 ( 3 CVE) –OSX Security Update 2016-002 ( 59 CVE) –Safari 9.1 ( 11 CVE) –OSX Server 5.1 ( 4 CVE) –iBooks Author 2.4.1 ( 1 CVE) VMWare –VMSA-2016-0003 ( 2 CVE) –XSS in vRealize Automation x Holes / Patches

5. Adobe 0-day –CVE-2016-1010 –CVE-2016-1019 Bad Java Patch –Sandbox bypass OpenSSH –Info Disclosure Symantec Endpoint Protection (SEP) –SEPM, XSS and SQL Injection –SysPlant.sys driver, code execution Apple iMessage –Crypto weakness (patched in 9.3) Apple System Integrity Protection (SIP) bypass Badlock warning is bad –Preannounce vs responsible disclosure vs full disclosure –Ms16-047 Holes / Patches

6. ios worm FB account take over Finger printing based on mouse usage prime patterns DDR4 suseptible to rowhammer surveilence as art usb thief - portable app sidecar ransomware going fileless Security Cams Pre-Infected with malware Windows 10 “Blue Screen” now with QR Codes Hacking

7. EFA Launched eero - wifi mesh router landesk to buy appsense google doubles chromebook bounty uber bug bounties amex 3rd party breach 1800 flowers hacked verizon breached CBS Sports App leaks personal data Wordpress.com HTTPS for all! Corp

8. 3rd party access method Whatsapp is next? CVE backlog Darpa improv lavabit = snowden fbi delay / drop case with apple “One Time” request moves to NY breakdown of intell sharing restrictions HR.2666 Threat to Net Neutrality? Burr Feinstein anti-crypto bill FBI modifies data redaction rules Govt

9. mimikatz intro https://www.sans.org/reading-room/whitepapers/forensics/mimikatz-overview-defenses-detection-36780 imperva cryptowall report http://www.imperva.com/docs/IMPERVA_HII_CryptoWall_report.pdf imperva web app report https://www.imperva.com/docs/HII_Web_Application_Attack_Report_Ed6.pdf Cisco Talos RansomWare Report http://blog.talosintel.com/2016/04/ransomware.html#toc Papers

10. hackers misspell foundation

11. Tools pafish v0.57 - malware analysis lynis v2.2.0 - unix security audit tool nmap 7.11 IIS Crypto - manage ciphers on windows iis AutoNessus - (python nessus api) automate scanner tasks

12. CanSecWest – Vancouver 16-18 Mar B-Sides Austin - 31-1 Mar-Apr InfoSec Southwest – Austin 8-10 Apr B-Sides OK – 09 Apr Past Cons

13. B-Sides Nashville – 16 Apr ThotCon 0x7 – Chicago 5-6 May B-Sides - San Antonio21 May Circle City Con – Indianapolis 10-12 Jun SANS DFIR Summit – Austin 23-30 Jun SANS San Antonio – 18-23 Jul Hope 11 – NYC 22-24 Jul BlackHat – Vegas 30 Jul – 4 Aug BSidesLV – Vegas 2-3 Aug DefCon 24 – Vegas 4 – 7 Aug SANS Dallas – 8 – 13 Aug OWASP CFP Open – DC 11-14 Oct Future Cons

14. DHA ( 1 st Wednesday / Family Karaoke, dallas ) TX2600 ( 1 st Fri / Wild Turkey 35&WalnutHill, dallas ) The Lab.MS ( 2 nd Monday + random events / TheLab.ms, plano ) OWASP Dallas ( 3 rd Tuesday / location varies ) Crypto Party ( 3 rd Thursday / Improving Enterprises, addison ) National Information Security and Assurance Group ( 4 th Thursday, Jakes, Frisco ) Dallas MakerSpace ( Random events / carrollton )

15. All images scavenged without permission