1. PREVIOUS GNEWS
All images scavenged without permission

2. Patch Tuesday Sep 2017 – 79 vulnerabilities with 256 unique downloads
Windows 10 and Windows Server 2016 (including Microsoft Edge) / Remote Code
Windows 8.1 and Windows Server 2012 R2 / Remote Code
Windows Server 2012 / Remote Code
Windows RT 8.1 / Remote Code
Windows 7 and Windows Server 2008 R2 / Remote Code
Windows Server 2008 / Remote Code
Microsoft Office-related software / Remote Code
Internet Explorer / Remote Code
Microsoft SharePoint Server, SharePoint Enterprise Server, and SharePoint Foundation / Remote Code
Skype for Business, Microsoft Lync, and Microsoft Live Meeting / Remote Code
Microsoft Exchange Server / Info Disclosure
.NET Framework / Remote Code
Adobe Flash Player / Remote Code
.Net bug
Kernel bug
Sources:
MS Kernel bug
MS no edge patch
.net zero day patched
Last Update Mar 2017
No longer working

3. Holes / Patches Oracle Adobe Android Aerohive Siri / Alexa VMWare
Due 17 Oct 2017
Adobe
APSB17-25 RoboHelp ( 2 CVE)
APSB17-28 Flash Player ( 2 CVE)
APSB17-30 ColdFusion ( 4 CVE)
Android
( ? CVE)
( ? CVE)
Aerohive
Hive Manager, Privilege Escalation
Siri / Alexa
Dolphin attack
VMWare
VMSA ( 1 CVE)
NSX-V Edge OSPF DoS
Apple
iTunes 12.7 ( ? CVE)
Enclave Firmware Decryption
Juniper
Routers / Switches
Libgd, heap overflow via compressed gd2 data.
AT&T U-verse (Arris Modems)
Multiple Vulns, SSH creds
ARM Chip Sets
Multiple Vulns, BootStomp
Nvidia (Nexus 9),
Sources:
## Oracle Patches
##Adobe Patches
##Apple patches
Apple enclave decrypt?
##Cisco patches
## VMWare
## Android
Juniper
Arris modems, U-vers
bad bootloaders / bootstomp
Aerohive escalation and cod execution
siri / alxa / dolphin

4. Hacking Weaponized DNA 4K apps that record audio and log
row hammer for NAND
Secret chips in repair parts
Ropemaker, manipulation vis CSS
4d quantum encryption tested
S3 buckets host malware
PoC Code for iOS vuln (patched in May)
IME killswitch
wireX takedown
Traffic shaping to "secure" iot data
Hacking
Sources:
Weaponized DNA
4K bad apps
row hammeer for nand
"secret" chips
ropemaker
4d quantum encryption tested
S3 buckets host malware
PoC Code for iOS vuln
IME killswitch
wireX takedown
Traffic shaping to "secure" iot data

5. Corp PayPal acquires Swift Walmart Scan&Go Verizon location data
cloudflare daily stormer
Docker for Main Frames
LG, Late WannaCry infection
Philips DoseWise hardcoded Creds
Miami Heat launches mobile only tickets
Uber settles
FB pays out 100K to sec researcher
DJI bug bounty (drones)
Sources:
PayPal acquires Swift
Walmart Scan&Go
Verizon location data
cloudflare daily stormer
Docker for Main Frames
LG, Late WannaCry infection
Philips DoseWise hardcoded Creds
Miami Heat launches mobile only tickets
Uber settles
FB pays out 100K to sec researcher
DJI bug bounty (drones)
Corp

6. Corp PayPal launches CC bitcoin.com stops european support Sun is dead
Mil Contractor S3 bucket
TWC S3
Zombie Cookie, Sue Verizon
equifax breach
Google to distrust "old" Symantec certs
Sources:
PayPal launches CC
bitcoin.com stops european support
Sun is dead
Mil Contractor s3
TWC s3
Sue Verizon
equifax breach
predictable pins
WTH Trend?
Google to distrust "old" Symantec certs
Corp

7. Govt Vancouver dispensary DB leak TX Dr medicad fraud
Linkedin doesn't like scraping
CIA torture settlement
Delaware Data Breach Law revised
PA bill to invoice activists if arrested
DC judge allows search of activist website
MalwareTechBlog case exempted from "Speedy Trail Act"
Shotspotter goes to the whitehouse / dumped by SATX
Russia data privacy law revised
First FDA security recall
Govt site hosting malware
SESTA
Sources:
Vancouver dispensary DB leak
TX Dr medicad fraud
Linkedin doesn't like scraping
CIA torture settlement
Deleware Data Breach Law revised
PA bill to invoice activists if arrested
DC judge allows search of activist website
MalwareTechBlog case exempted from "Speedy Trail Act"
Shotspotter goes to the whitehouse
dumped by SATX
Russia data privacy law revised
First FDA security recall
Govt site hosting malware
SESTA
Govt

8. Papers Nice SOC summary powershell for vulnerability verification
powershell for vulnerability verification
NSS Labs Evasion testing
EFF tips for students
NIAC Critical Infrastructure Report
FDA Guidance
Papers
Sources:
Nice SOC summary
powershell for verification
NSS Labs Evasion testing
EFF tips for students
NIAC Critical Infrastructure Report
FDA Guidance

9. WTF Thia activist jailed for posting to FB Crotch Charms
“SIM swap” -- why is this a thing in the media
BK BitCoin
FCC redefine broadband
Killer sex robots
PI Earrings
WTF
Sources:
Thia jailed for posting to FB
Charms
SIM swap -- why is this a thing in the media
BK BitCoin
FCC redefine broadband
sex robots
Earrings

10. Tools babadook powershell backdoor UACMe UAC evasion (as root)
Apple password cracker
SEMU
Malware analysis tool
FireEye Flare-On Challange
reverse engineering competition
FIR - IR ticketing
GitMiner
Tools
Sources:
babadook
UACMe
The tool requires an Admin account with the Windows UAC set to default settings.
Apple password cracker
SEMU
FireEye RE Challange
FIR - IR ticketing
GitMiner

11. Future Cons DerbyCon, Louisville 20-24 Sep
Rock Stars of Cybersecurity Technologies, Denver 26 Sep
CactusCon, Phoenix Sep
Root 66, OKC 5 oct
Hacker Halted, Atlanta 5-10 Oct
Secure World Dallas Oct
LASCON 2017, Austin Oct
BSidesDFW, Plano 4 Nov
NTXISSACSC5, Plano 10 Nov
Future Cons
Sources:

12. Where DHA @Dallas_Hackers TX2600 @dallas2600 The Lab.MS @TheLab_ms
( 1st Wednesday / Family Karaoke, Dallas )
TX2600 @dallas2600
( 1st Fri / Wild Turkey 35&WalnutHill, Dallas )
The Lab.MS @TheLab_ms
( 2nd Saturday + random events / TheLab.ms, Plano )
ISSA Fort Worth @ISSAFortWorth
( 2nd Tuesday / location varies )
Hack Ft Worth @Hack_FtW
( 3rd-ish Tuesday / Buffalo West, Fort Worth)
OWASP Dallas @OWASPDallas
( 3rd Tuesday / location varies )
Crypto Party DFW @CryptoPartyDFW
( 3rd Thursday / TheLab.ms, Plano )
North Texas Cyber Security Group @ntxcsg
( Last Thursday, Jakes, Frisco )
Dallas MakerSpace @dallasmakers
( Random events / Carrollton )
Sources:
Where

13. Sources: All images scavenged without permission