PREVIOUS GNEWS
Patch
•
Feb – 1 Patches – 1 Critical – 13 CVEs
•
MS17-005 - Adobe Flash Player, Remote Code
•
Mar – ? Patches – ? Critical – ? CVEs
Tuesday
Holes / Patches
•
Oracle
•
– Due in April
VMWare
– VMSA-2017-0002 ( 1 CVE)
•
•
Adobe
– APSB17-04 Flash Player( 13 CVE)
– APSB17-05 Digital Editions ( 9 CVE)
– APSB17-06 Campaign ( 2 CVE)
•
•
Android
–
–
–
–
Apple
– Logic Proc X 10.3.1 ( 1 CVE)
– GarageBande 10.1.6 ( 1 CVE)
•
•
•
Horizon DaaS, data validation
2017-02-01 ( 23 CVE)
2017-02-05 ( 35 CVE)
2017-03-01 ( 34 CVE)
2017-03-05 ( 71 CVE)
Bind (DNS64 & RPZ)
•
MS GDI Library (multi-vuln, gdi32.dll)
Cisco NetFlow (SCTP packet
validation)
Nexpose Console (hardcoded java •
passphrase)
•
F5 “TicketBleed”
Cloudflare “CloudBleed”
•
Macs now with macro malware
•
Malicious iframes in Google Play
•
Dharma keys exposed
•
IoT bug bounty
•
SHA1 collision
Hacking
•
Linux 4.10
•
Uber CA
•
Cyber Threat Alliance
•
Bitcoin sets another all time high $1,172.09
•
sophos buys invincea (anti-malware)
•
mozilla buys Pocket (to make open source)
•
Walmart buys moosejaw (outdoor outfitters)
•
palo buys lightcyber (behavioral)
•
square buys orderahead (online call-ahead)
•
okta acquires stormpath (identity api)
•
ca acquires veracode (app sec)
Corp
•
arbys popped
•
coachella popped
•
cloudpets, Bad Teddy
•
boeing employee breach
•
aptos popped
Corp
•
FCC zero rating investigation halted
•
FCC suspends ISPs data security rules
•
AZ/TN to enact CRA against privacy protection?
•
H.R 387 Email Privacy Act passed, now to the senate
•
OR to push for warrants for border searches
•
FBI guide on “spot the terrorist”
•
DHS drops new NCIRP (response plan)
•
MS transparency case (gags violates 1st amendment)
•
MD to make ransomeware illegal
•
Let's legislate NIST metrics?
•
hack back?
•
DOJ dismisses PlayPen case
Govt
Random
PCI council MFA guidance
https://www.pcisecuritystandards.org/pdfs/PCI_SSC_Issues_Multi-Factor_Authentication_Guidance.pdf
Expose all the things
https://www.trendmicro.com/vinfo/us/security/news/internet-of-things/us-cities-exposed-in-shodan
https://www.sans.org/reading-room/whitepapers/forensics/os-forensic-platform-37637
TOR Browser artifacts in win10
https://www.sans.org/reading-room/whitepapers/forensics/tor-browser-artifacts-windows-10-37642
Papers
OSX for forensics
Dominos Wedding Registry
Phone as ATM
WTF
IMF
ctf
Netflix Stethoscope
user device information
Best of 2016
top 10 list
E2EMail
chrome extension for pgp
ReBreakCaptcha
Captcha bypass
HackerOne CE
bug bounty platform
Vault 7
leaked cia tool
Tools
CanSecWest 15-17 Mar
Hou.Sec.Con 7.0 23 Mar
BSides OK 23-24 Mar
SANS PenTest Austin 27 Mar-01 Apr
Women in Cybersecurity 31 Mar-01 Apr
InfoSec Southwest 07-08 Apr
BSides Nashville 22 Apr
BSides Austin 4-5 May
Circle City Con Indy 9-11 Jun
DHA @Dallas_Hackers
(
1st
Wednesday / Family Karaoke, Dallas )
TX2600 @dallas2600
(
1st
Fri / Wild Turkey 35&WalnutHill, Dallas )
The Lab.MS @TheLab_ms
(
2nd
Saturday + random events / TheLab.ms, Plano )
ISSA Fort Worth @ISSAFortWorth
( 2nd Tuesday / location varies )
Fort Worth Crypto Party
( 2nd Tuesday ? / The Maker Spot, N. Richland Hills )
Hack Ft Worth @Hack_FtW
( 3rd-ish Tuesday / Buffalo West, Fort Worth)
OWASP Dallas @OWASPDallas
( 3rd Tuesday / location varies )
Crypto Party DFW @CryptoPartyDFW
( 3rd Thursday / TheLab.ms, Plano )
North Texas Cyber Security Group @ntxcsg
( Last Thursday, Jakes, Frisco )
Dallas MakerSpace @dallasmakers
( Random events / Carrollton )
Lock Pick DFW @LockPickDFW
( Last Monday/ Sherlocks Arlington )
All images scavenged without permission
All images scavenged without permission