Whitelists: The Holy Grail of Attackers https://isc.sans.edu/forums/diary/Whitelists+The+Holy+Grail+of+Attackers/22262/ Java Struts2 Vulnerability Used To Install Ransomware https://isc.sans.edu/forums/diary/Java+Struts2+Vulnerability+Used+To+Install+Cerber+Crypto+Ransomware/22264/ Brazilian Bank Looses Control Over Domains https://threatpost.com/lessons-from-top-to-bottom-compromise-of-brazilian-bank/124770/ Google Android April Patch Day https://source.android.com/security/bulletin/2017-04-01#security-vulnerability-summary Radware Observes "BrickerBot" Destroying Devices https://security.radware.com/ddos-threats-attacks/brickerbot-pdos-permanent-denial-of-service/ Struts2 Vulnerability Webcast https://www.sans.org/webcasts/struts-shock-current-attacks-struts2-defend-104787
Exploiting Broadcom's Wi-Fi Stack https://googleprojectzero.blogspot.com/2017/04/over-air-exploiting-broadcoms-wi-fi_4.html Covert Channel Between Virtual Machines Via CPU Cache https://cmaurice.fr/pdf/ndss17_maurice.pdf 40 Vulnerabilities in Samsung Tizen https://motherboard.vice.com/en_us/article/samsung-tizen-operating-system-bugs-vulnerabilities
Diverting built-in features for the bad https://isc.sans.edu/forums/diary/Diverting+builtin+features+for+the+bad/22250/ Fake Job Offers to GitHub Developers Include Malware http://researchcenter.paloaltonetworks.com/2017/03/unit42-dimnie-hiding-plain-sight/ Drones With Lasers! https://arxiv.org/pdf/1703.07751.pdf
New Exploit Variant for Recent Struts2 Vulnerability https://blog.gdssecurity.com/labs/2017/3/27/an-analysis-of-cve-2017-5638.html PoC Exploit for iBook ePub Javascript Vulnerability https://s1gnalcha0s.github.io/ibooks/epub/2017/03/27/This-book-reads-you-using-JavaScript.html Microsoft Docs.com Leak https://twitter.com/gossithedog/status/845446263244050434 Symantec SSL CA tool https://www.renditioninfosec.com/socapps/sslcheck/index.php
Apple Updates https://support.apple.com/en-us/HT201222 IIS 6 / Windows Server 2003 Exploit https://github.com/edwardz246003/IIS_exploit/blob/master/exploit.py Symantec SSL Update https://www.symantec.com/connect/blogs/message-our-ca-customers
Google Announces Removal of Symantec CAs for Extended Validation https://www.symantec.com/connect/blogs/symantec-backs-its-ca https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/eUAKwjihhBs https://chromium.googlesource.com/chromium/src/+/master/net/data/ssl/symantec/README.md Spoofing Referrer in Microsoft Edge https://www.brokenbrowser.com/referer-spoofing-patch-bypass/ Smart TV Compromise Via Broadcast Signals https://www.youtube.com/watch?v=bOJ_8QHX6OA Defending Web Applications Class https://www.sans.org/event/sans-security-west-2017/course/defending-web-applications-security-essentials
Criminals Threaten to Erase Millions of iCloud Conntected Apple devices https://motherboard.vice.com/en_us/article/hackers-we-will-remotely-wipe-iphones-unless-apple-pays-ransom?utm_source=vicefbus Siemens Control Systems Affected by Fake Firmware https://dragos.com/blog/mimics/ GitHub Used for C&C http://blog.trendmicro.com/trendlabs-security-intelligence/winnti-abuses-github/ Adium IM Vulnerable to Older libpurple Issue http://seclists.org/fulldisclosure/2017/Mar/57
An Example of a Multiple States Dropper https://isc.sans.edu/forums/diary/Example+of+Multiple+Stages+Dropper/22197/ Real-World Wiretaping Attacks Against ZRTP https://www.ibr.cs.tu-bs.de/papers/schuermann-popets2017.pdf Authenticating Against MySQL Server Using a Hashed Password https://github.com/cyrus-and/mysql-unsha1
Certain Ubiquity Equipment Vulnerable to CSRF/Code Execution https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170316-0_Ubiquiti_Networks_authenticated_command_injection_v10.txt Proton Mac OS RAT https://www.cybersixgill.com/proton-a-new-mac-os-rat/ Linux Kernel n_hdlc Privilege Escalation http://seclists.org/oss-sec/2017/q1/569 VMWare Copy/Paste Exploit Fixed https://www.vmware.com/security/advisories/VMSA-2017-0005.html
Twitter App "Twitter Counter" Compromise Leads to Unauthorized Tweets From a Large Number of Accounts https://twitter.com/thecounter Telegram and WhatsApp Image Vulnerability http://blog.checkpoint.com/2017/03/15/check-point-discloses-vulnerability-whatsapp-telegram/ RSA Panel Webcast https://cc.readytalk.com/registration/#/?meeting=6oowksc223hm&campaign=ijmt1z8qsc1q
Creating SHA3 Hashes with sigs.py https://isc.sans.edu/forums/diary/New+tool+sigspy/22181/ Canada Revenue Agency Website Attacked / Down over Struts2 http://www.cbc.ca/news/politics/cra-internet-vulnerability-government-1.4022591 Webkit Exploit Adobted to Nintendo Switch https://www.youtube.com/watch?v=xkdPjbaLngE Analysis of Outdated Javascript Libraries on the Web http://www.ccs.neu.edu/home/arshad/publications/ndss2017jslibs.pdf Github Enterprise SAML Authentication Bypass http://www.economyofmechanism.com/github-saml
Issues With Out Of Date Geo Location Databases https://isc.sans.edu/forums/diary/The+Side+Effect+of+GeoIP+Filters/22173/ Recovering Mobile Device PINs via Thermal Images http://www.mkhamis.com/data/papers/abdelrahman2017chi.pdf Unmasking Randomized MAC Addresses https://arxiv.org/abs/1703.02874v1 Mobile Phone Supply Chain Attacks http://blog.checkpoint.com/2017/03/10/preinstalled-malware-targeting-mobile-users/