PREVIOUS GNEWS Patch Tuesday May 2017 —

PREVIOUS GNEWS

Patch Tuesday May 2017 - 243 CVEs • • • Advisories Malware Protection Engine Deprecating Sha-1 IE / Edge. NET Privilege Escalation Update Client Failure • • • Windows 10 and Windows Server 2016 (including Microsoft Edge) / Remote Code Windows 8. 1 and Windows Server 2012 R 2 / Remote Code Windows Server 2012 / Remote Code Windows RT 8. 1 / Remote Code Windows 7 and Windows Server 2008 R 2 / Remote Code Windows Server 2008 / Remote Code Internet Explorer / Remote Code Adobe Flash Player / Remote Code Microsoft Office, Office Services, Office Web Apps, and other Office-related software / Remote Code. NET Framework / Security Bypass •

Holes / Patches • • Oracle – 300 security fixes • • VMWare – VMSA-2017 -0007 ( 1 CVE) • 8 Java / 40 My. SQL Patches vuln with struts – VMSA-2017 -0008. 2 ( 7 CVE) • • Adobe – APSB 17 -14 Cold. Fusion ( 2 CVE) – APSB 17 -15 Flash Player ( 7 CVE) – APSB 17 -16 Experienace Manager Forms ( 1 CVE) • Android – Coming soon Unified Access Gateway, Horizon View, Workstation Intel AMT – ver 6. x – 11. 6 • • v. Center Server MS Wifi. Sense – now disabled by default

• bad fingerprint reader • iot white-worm hajime • domain fronting • data pollution tools are they worth it • SS 7 • EG Pass. Freely Oarcle Auth Bypass • USAF Bug Bounty • CIA tool ''scribbles' • Apple revokes cert OSX/Dok • keyless entry bypass • Google Doc Phish • True Health Patient Portal Hacking

• finger your card • MS phone sign-on, cause compromise never happens due to a stolen phone • cylance samples? ? • FB password SDK • intercontinental popped again • how not to startup • chipotle popped • holiday inn (IHG) popped • tinder popped • Albertsons too buy wholefoods? • petsmart buys chewy • sabre popped • hipchat popped • ALliance direct lending popped • IBM pops Storwize cusomters Reconyc on usbdrives Corp

• guns • end of net neutrality? • new copyright censors qwith china • Social Security luanches 2 FA Govt

Car hacking archive https: //www. theregister. co. uk/2017/04/25/car_hacking_research/? mt=1493124610430 http: //illmatics. com/carhacking. html Verizon DBIR http: //www. verizonenterprise. com/verizon-insights-lab/dbir/ https: //community. rapid 7. com/community/infosec/blog/2017/05/05/2017 -verizon-data-breach-report-dbir-key-takeaways https: //www. sec. cs. tu-bs. de/pubs/2017 a-eurosp. pdf Papers ultrasonic beacons

Bill would require hardware mods and porrn tax internet archives, apps in browser USA today FBI Facebook Canadian parking app WTF

Shodan malware hunter https: //malware-hunter. shodan. io PA Laby. REnth CTF 2017 http: //researchcenter. paloaltonetworks. com/2017/04/unit 42 labyrenth-ctf-2017/ donkeydocker ctf http: //resources. infosecinstitute. com/donkeydocker 1 -ctfwalkthrough/ billu box vulnwebapp http: //resources. infosecinstitute. com/billu-b 0 x-walkthrough/ jackhammer https: //github. com/olacabs/jackhammer Tools

st a s P on C BSides Nashville 22 Apr BSides Austin 4 -5 May Thotcon Chicago 4 -5 May

Fu tur Co e ns Hack. Miami 19 -21 May Nola. Con 19 -21 May Circle City Con Indy 9 -11 Jun ANYCon Albany 16 -18 Jun Black. Hat 22 -27 Jul BSides. LV 25 -26 Jul Def. Con 27 -30 Jul

DHA @Dallas_Hackers ( 1 st Wednesday / Family Karaoke, Dallas ) TX 2600 @dallas 2600 ( 1 st Fri / Wild Turkey 35&Walnut. Hill, Dallas ) The Lab. MS @The. Lab_ms ( 2 nd Saturday + random events / The. Lab. ms, Plano ) ISSA Fort Worth @ISSAFort. Worth ( 2 nd Tuesday / location varies ) Fort Worth Crypto Party ( 2 nd Tuesday ? / The Maker Spot, N. Richland Hills ) Hack Ft Worth @Hack_Ft. W ( 3 rd-ish Tuesday / Buffalo West, Fort Worth) OWASP Dallas @OWASPDallas ( 3 rd Tuesday / location varies ) Crypto Party DFW @Crypto. Party. DFW ( 3 rd Thursday / The. Lab. ms, Plano ) North Texas Cyber Security Group @ntxcsg ( Last Thursday, Jakes, Frisco ) Where Dallas Maker. Space @dallasmakers ( Random events / Carrollton ) Lock Pick DFW @Lock. Pick. DFW ( Last Monday/ Sherlocks Arlington )

All images scavenged without permission