Download presentation
Presentation is loading. Please wait.
1
All images scavenged without permission
2
Patch Tuesday Nov – 55 KB Articles with 195 unique downloads
Internet Explorer Microsoft Edge Microsoft Windows Microsoft Office and Microsoft Office Services and Web Apps ASP.NET Core and .NET Core Chakra Core Sources: No longer working
3
Patch Tuesday Dec – 24 KB Articles with 156 unique downloads
Internet Explorer Microsoft Edge Microsoft Windows Microsoft Office and Microsoft Office Services and Web Apps Microsoft Exchange Server ChakraCore Microsoft Malware Protection Engine Sources: No longer working
4
Holes / Patches Oracle Adobe VMWare Apple Out-Of-Band Tuxedo patch
Regular Patches due out 16 Jan Adobe APSB17-42 Flash Player ( 1 CVE) VMWare VMSA ( 6 CVE ) Workstation, Fusion, Horizon View (multi) VMSA ( 1 CVE ) NSX for vSphere (xss) Apple iOS / 11.2 Security Update tvOS 11.2 watchOS 4.2 Safari macOS High Sierra , Security Update Sierra, and Security Update El Capitan iTunes for Windows AirPort Base Station 7.69 / 7.7.9 Mac passwordless root account ships enabled Sources: ## Oracle Patches oracle tuxedo ##Adobe Patches ##Apple patches Mac passwordless root account ships enabled ##Cisco patches ## VMWare ## Android
5
Holes / Patches MS guidance on DDE disablement Linux 4.14 kernel
Cisco Voice issues Eavesdropper / Twilio REST API / SDK More chip fixes ME 11.x, SPS 4.0, and TXE 3.0 Sources: MS guidance on DDE disablement Linux 4.14 kernel Cisco Voice issues Easdropper / Twilio REST API / SDK More chip fixes
6
Hacking Intel's CPU management controller has been hacked.
Any computer can be owned from USB invisible to the OS malware leveraging Autoit (again) phone charging with ambient light FaceID busted OnePlus root disable Amazon Key cam pfSense command injection ASLR broken? HP printers Echo / Home voice data? saml ticket? key logger on HP laptops all the hacked passwords Hacking Sources: Intel's CPU managment controller has been hacked. Any computer can be owned from USB invisible to the OS malware leveragint Autoit (again) phone charging with ambient light FaceID busted oneplus root disable Amazon Key cam pfSense ASLR broken? HP printers Echo / Home voice data? saml ticket? key logger on hp laptops all the hacked passwords
7
Corp forever 21 popped imgur popped NCF S3 Bucket paypal tio breach
uber hides hack for 1yr+ Google android location data Site trackers FB Messenger Kids pepsico + russia = better milk MS IOT Chip apple acquires shazam Sources: forever 21 popped imgur popped NCF S3 Bucket paypal tio breach uber hides hack for 1yr+ Google android location data Site trackers messenger kids pepsico + russia = better milk MS IOT Chip apple acquires shazam Corp
8
Govt FCC net neutrality Bots breaks FCC and Net Neutrality comments
TSA to use fingerprint for id verification, wants facial biometrics 9th Circuit removed anonymity ‘US vs Glassdoor’ 6th Circuit, upheld anonymity ‘Signatuire Management Team LLC vs John Doe’ Patent vs GDPR new robocaller rules oops contractor botches aws account another mil S3 bucket, this one not so benign ICQ self dox / Ar3s = Sergey Jaretz Sources: FCC net neutrality TSA to use fingerprint for id verification, wants facial biometrics 9th circuit ruling on glassdoor patent vs gdpr new robocaller rules oops contractor botches aws account another S3 bucket, this one not so benign Bots break fcc and net neutrality speaker anomyinty upheld ICQ self dox Govt
9
Papers Google password report FB Privacy Settings
FB Privacy Settings EFF SEC (security education companion) powershell for audit, alerting, remediation Data mining in the dark Mr. HITB goes to washington harvard campaign security playbook Papers Sources: Google password report FB Privacy Settings EFF SEC powershell for sudit darkweb Mr. HIBP goes to washington harvard campaing security playbook
10
malware email address analysis
WebBrowser Security? malware address analysis smartphone sec 101 bug sweeping Papers Sources: WebBrowser Security? malware address analysis smartphone sec 101 bug sweeping
11
WTF WikiLeaks Sources: fuk wikileaks
12
Tools SNIFFlab RDPY txt.fyi Depth1 - ctf walkthrough
Python for MITM environment RDPY Python for RDP hacking txt.fyi Blog plugin to break links Depth1 - ctf walkthrough tenta - DNS over TLS mailsploit Mail spoofing Cred0v3r Credential reuse tool blackhat arsenal Tools Sources: snifflab rdpy - rdp hacking txt.fyi - antiviral Depth1 - ctf walkthrough tenta - DNS over TLS mailsploit Cred0v3r - cred reuse tool blackhat arsenal
13
Future Cons Shmoo Con - 19-21 Jan DC
CyberUSA Conference Jan San Antonio InfoSec SouthWest - Apr Austin Future Cons Sources:
14
Where DHA @Dallas_Hackers TX2600 @dallas2600 The Lab.MS @TheLab_ms
( 1st Wednesday / Family Karaoke, Dallas ) TX2600 @dallas2600 ( 1st Fri / Wild Turkey 35&WalnutHill, Dallas ) The Lab.MS @TheLab_ms ( 2nd Saturday + random events / TheLab.ms, Plano ) ISSA Fort Worth @ISSAFortWorth ( 2nd Tuesday / location varies ) ?? Fort Worth Crypto Party ?? ( 2nd Tuesday ? / The Maker Spot, N. Richland Hills ) Hack Ft Worth @Hack_FtW ( 3rd-ish Tuesday / Buffalo West, Fort Worth) OWASP Dallas @OWASPDallas ( 3rd Tuesday / location varies ) Crypto Party DFW @CryptoPartyDFW ( 3rd Thursday / TheLab.ms, Plano ) North Texas Cyber Security Group @ntxcsg ( Last Thursday, Jakes, Frisco ) Dallas MakerSpace @dallasmakers ( Random events / Carrollton ) Sources: Where
15
Sources: All images scavenged without permission
Similar presentations
