2. PREVIOUSLY GNEWS

3. Patch Tuesday Jan – 10 (9) Patches – 6 Critical – 24ish CVEs MS16-001 - Cumulative Security Update for IE, Remote Code MS16-002 - Cumulative Security Update for Edge, Remote Code MS16-003 - Cumulative Security Update for JScript and VBScript, Remote Code MS16-004 - Microsoft Office, Remote Code MS16-005 - Windows Kernel-Mode Drivers, Remote Code MS16-006 - Silverlight, Remote Code, Remote Code MS16-007 - Microsoft Windows, Remote Code MS16-008 - Windows Kernel, Privilege Escalation MS16-009 - ??, ?? MS16-010 - Microsoft Exchange Server, Spoofing

4. Adobe –Due on 19 Jan Adobe –APSB16-01 Flash Player ( 19 CVE) –APSB16-02 Acrobat/Reader ( 17 CVE) Apple –QuickTime 7.7.9 ( 9 CVE) –Security Update 2015-006 ( 56 CVE) –iTunes 12.3.2( 12 CVE) MS –MS15-122 Radius issue Can bypass Bitlocker when pre-boot is diabled. –PUP detection coming to SCEP/FEP VMWare –VMSA-2015-0009 ( 1 CVE) deserialization –VMSA-2016-0001 ( 1 CVE) guest privilege escalation Jabber MITM FireEye Bug Juniper Bug Win8, IE 8/9/10 – lose support Holes / Patches

5. port fail (vpn data leakage) latentbot, super stealthy of the week 13 mil mackeeper datas Corolla controlled by cellphone Unsecure Mongos Dell pre-boot driver Side Loading iOS apps Comcast home security fail open 3d print ceramics Hacking

6. The tweets warn on state-sponsorship MS to join the nation state advisory band wagon FB open-sources hardware design SEC allows blookchain for stocks Linux foundation corrals IBM, Intel, Chase and more with Openledger (blockchain) Java slap Target mobile app data leak Landry’s breach Hello Kitty breach 3.3 million Hyatt breach Corp

7. TWC Hacked Voter DB exposed SpaceX makes a successful landing MS acquires Metanautix Toshiba to 86 TV, Laptops, and 7k people Windows 10 + MS Account = encryption key upload Tmobile throttling / CEO asks "who is EFF" GM and Lyft partnership GM "bounty" program TOR Project bug bounty Corp

8. CISA, because… budget Spy catalouge leaked Kim Dotcom to be extradited DHS Drone Guidance Dutch say yes to encryption body scans one step closer to mandatory Govt

9. Win10 STIG http://iase.disa.mil/stigs/os/windows/Pages/win10.aspx Kerberos http://dfir-blog.com/2015/12/13/protecting-windows-networks-kerberos-attacks National Security Implications of Virtual Currency https://www.rand.org/content/dam/rand/pubs/research_reports/RR1200/RR1231/RAND_RR1231.pdf powershell remoting https://www.sans.org/reading-room/whitepapers/incident/power-implications-enabling-powershell- remoting-enterprise-36542 Data Analytics on Vulnerability Data (using python pandas) https://www.sans.org/reading-room/whitepapers/metrics/applying-data-analytics-vulnerability-data- 36532 Papers

10. threat intel sharing/automation https://www.sans.org/reading-room/whitepapers/detection/automated-network-defense-threat- intelligence-knowledge-management-36572 TLS bicycle attack - Guido Vranken https://guidovranken.files.wordpress.com/2015/12/https-bicycle-attack.pdf SLOTH attacks on SHA-1 http://www.mitls.org/downloads/transcript-collisions.pdf https://threatpost.com/sloth-attacks-up-ante-on-sha-1-md5-deprecation/115807/ Freestart attacks on SHA-1 https://threatpost.com/microsoft-details-flame-hash-collision-attack-060612/76658/ https://eprint.iacr.org/2015/967.pdf Papers

11. Frijoles LV commercial "first" power station hack WTF !!!

12. Cheap course bundle stacksocial.com Firemon Immediate Insight Community edition Log Analytics ToolWath.org 2014 Top Tools SCADA Default Passwds https://github.com/scadastrangelove/SCADAPASS/blob/mast er/scadapass.csv PrivaTegrity new crypto tool to be released

13. ShmooCon – DC 15-17 Jan B-Sides Houston - ? Jan CanSecWest – Vancouver 16-18 Mar B-Sides Austin - 31-1 Mar-Apr InfoSec Southwest – Austin 8-10 Apr B-Sides OK – 09 Apr B-Sides Nashville – 16 Apr ThotCon 0x7 – Chicago 5-6 May B-Sides San Antonio21 May Cons

14. DHA ( 1 st Wednesday / Family Karaoke, dallas ) TX2600 ( 1 st Fri / Wild Turkey 35&WalnutHill, dallas ) The Lab.MS ( 2 nd Monday + random events / TheLab.ms, plano ) OWASP Dallas ( 3 rd Tuesday / location varies ) Crypto Party ( 3 rd Thursday / Improving Enterprises, addison ) NAISG replacement is coming ( 4 th Thursday, Jakes, Frisco ) Dallas MakerSpace ( Random events / carrollton )

15. All images scavenged without permission