[ Android ]  Covert Communication in Mobile Applications [pdf] http://j.mp/1SkwkXQ

[ Android ]  Vulnerability in #Android mediaserver could allow remote attacks. #MobileMonday http://symc.ly/1Ouu0de https://t.co/uwpb18s9pZ

[ Android ]  It's that time of the month again... Security fixes for Android https://source.android.com/security/bulletin/2016-01-01.html with some details here http://changes.droidsec.org/2016/01/04/android-5.1.1_r33.html

[ Android ]  “百脑虫”手机病毒分析报告 - http://blogs.360.cn/360mobile/2016/01/06/analysis_of_bainaochong/

[ Android ]  Get the resources for #Secure #coding for #Android #app. #Blrdroid #mobsec #Androidsecurity http://buff.ly/1SIkiKr https://t.co/aQCZNFTQBL

[ Attrack ]  Angler Exploit Kit continues to evade detection, #Unit42 finds over 90,000 websites compromised http://bit.ly/1JFOMKV

[ Attrack ]  NCC Group Blog: Cyber Security For The Financial Sector - https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2016/january/cyber-security-for-the-financial-sector/

[ Attrack ]  Analysis confirms coordinated hack attack caused Ukrainian power outage http://arstechnica.com/security/2016/01/analysis-confirms-coordinated-hack-attack-caused-ukrainian-power-outage/

[ Browser ]  Google Chrome - Javascript Execution Via Default Search Engines http://goo.gl/fb/7Z6Z9e #FullDisclosure

[ Conference ]  YouTube videos of security conferences in 2015: https://www.tunnelsup.com/online-security-conferences/

[ Crypto ]  My favourite #realworldcrypto talk is online. K. Bhargavan: No more downgrades. Protecting TLS from legacy crypto. https://drive.google.com/file/d/0By2exizVD04fRW1kTnpPY1RTc1lOMnA4bXZYa1dQU0ROMG9N

[ Detect ]  A Hybrid Real-time Zero-day Attack Detection and Analysis System http://www.mecs-press.org/ijcnis/ijcnis-v7-n9/IJCNIS-V7-N9-3.pdf

[ Exploit ]  AuthentiShellcode Pops Calc From Authenticode block Signature Checks Out vie Sigcheck.exe https://gist.github.com/subTee/a48d38ceba8e1e9d75ed :) https://t.co/EZhxF0jsAp

[ Hardware ]  NCC Group Research Insights Vol 8 - Hardware Design: FPGA Security Risks - https://www.nccgroup.trust/uk/our-research/research-insights-vol-8-hardware-design-fpga-security-risks/?research=Whitepapers

[ iOS ]  iOS 8.1.2 越狱过程详解及相关漏洞分析 - http://nirvan.360.cn/blog/?p=887 by Proteas of Qihoo 360 Nirvan Team

[ Linux ]  Amanda 3.3.1 local root exploit (0day) https://github.com/HackerFantastic/Public/blob/master/exploits/amanda-backup.txt - fun for all the family on Monday.

[ Malware ]  A Case Study of Information Stealers: Part II http://goo.gl/9sYYCX #Hacking #NetworkSecurity

[ Malware ]  Web Malware Collection Github Repo #Webshells & Flooder https://github.com/nikicat/web-malware-collection https://t.co/ejVdiVCMlz

[ Network ]  Exploring Peer to Peer Botnets - http://www.malwaretech.com/2016/01/exploring-peer-to-peer-botnets.html https://t.co/larm4yYRZ8

[ Network ]  The evolution of wireless penetration testing: http://immunityservices.blogspot.com/2016/01/the-evolution-of-wireless-penetration.html

[ Others ]  Posted my notes on the domain generation algorithm in some DNSChanger / Alureon samples http://johannesbader.ch/2016/01/the-dga-in-alureon-dnschanger/. #dga

[ Others ]  Two Grassroots DICOM (GDCM) advisories by CENSUS co-worker Stelios Tsampas: http://census-labs.com/news/2016/01/11/gdcm-buffer-overflow-imageregionreaderreadintobuffer/ and http://census-labs.com/news/2016/01/11/gdcm-out-bounds-read-jpeglscodec-decodeextent/

[ Others ]  on #skylake there is a new clflushopt (optimized) instruction that allows faster #rowhammer-ing. I just added it to https://github.com/IAIK/rowhammerjs/tree/master/native

[ Others ]  书安第四期《JAVA反序列化》- http://down.jdsec.com/secbook-4/%E4%B9%A6%E5%AE%89-%E7%AC%AC%E5%9B%9B%E6%9C%9F.pdf

[ Popular Software ]  TrendMicro node.js HTTP server listening on localhost can execute commands https://code.google.com/p/google-security-research/issues/detail?id=693

[ Web Security ]  Hijacking Verizon FiOS Accounts http://randywestergren.com/hijacking-verizon-fios-accounts/

[ Windows ]  Virtual Bitlocker Containers, (Sat, Jan 9th) https://isc.sans.edu/diary.html?storyid=20593&rss

[ Windows ]  Good Read: Caveats for Authenticode Code Signing http://blogs.msdn.com/b/ieinternals/archive/2014/09/04/personalizing-installers-using-unauthenticated-data-inside-authenticode-signed-binaries.aspx Exploring Authenticode *grin*