[ Android ]  First Preview of Android N : http://android-developers.blogspot.in/2016/03/first-preview-of-android-n-developer.html

[ Android ]  Paper "Building a Hybrid Experimental Platform for Mobile Botnet Research" Malatras & Beslay #Botconf 2015 #CybIN https://www.botconf.eu/2015/building-a-hybrid-experimental-platform-for-mobile-botnet-research/

[ Android ]  Fix for CVE-2016-0815 Android stagefright RCE https://android.googlesource.com/platform/frameworks/av/+/5403587a74aee2fb57076528c3927851531c8afb%5E%21/#F0 Looks exactly same bug as "DRMfright" Oct/2015 https://github.com/programa-stic/security-advisories/tree/master/Android/Stagefright/CVE-2015-3873

[ Android ]  Patch for Android's CVE-2016-1621 bug. Remote Code Exec in mediaserver, looks like int sign issue parsing .MKV files https://android.googlesource.com/platform/external/libvpx/+/04839626ed859623901ebd3a5fd483982186b59d%5E%21/#F0

[ Android ]  Android fixes obvious MediaTek wifi kernel driver buffer overflow while leaving four identical overflows in the code.

[ Attack ]  Shifting Tactics: Tracking changes in years-long espionage campaign against Tibetans https://citizenlab.org/2016/03/shifting-tactics/ #malware #china #APT

[ Attack ]  Discover the state of the threat landscape with our Latest Intelligence for February 2016 http://symc.ly/221SGmx https://t.co/Yo33aFo1vU

[ Attack ]  Massive Volume of Ransomware Downloaders being Spammed https://www.trustwave.com/Resources/SpiderLabs-Blog/Massive-Volume-of-Ransomware-Downloaders-being-Spammed

[ Attack ]  Chinese ISP's traffic injection based ads platform was abused for Trojan's drive-by downloading: http://drops.wooyun.org/papers/13595

[ Attack ]  New post: Exploit Kits in 2015: Flash Bugs, Compromised Sites, Malvertising Dominate http://bit.ly/1YB2ZMd @ TrendMicro

[ Attack ]  Lessons from Operation RussianDoll http://www.fireeye.com/blog/threat-research/2016/03/lessons-from-operation-russian-doll.html

[ Cloud ]  New blog post: Cloud Security & Trust https://www.insinuator.net/2016/03/cloud-security-trust/

[ Debug ]  pykd 0.3.0.38 Released! http://pykd.codeplex.com/releases/view/620279 many changes, recommended for upgrade

[ Detect ]  Hypro - VMI on BitVisor to detect hidden rootkits. http://ow.ly/ZgVNB

[ Detect ]  Counting the Frequency of Indirect Branches to Detect Return-Oriented Programming Attacks http://www.lbd.dcc.ufmg.br/colecoes/dsn/2015/020.pdf

[ Forensics ]  Forensic Challenges : http://www.amanhardikar.com/mindmaps/ForensicChallenges.html

[ Fuzzing ]  bNumEndpoints==0 in USB config descriptor…same bug described ~2 years ago,disregarded by MS http://blog.quarkslab.com/usb-fuzzing-basics-from-fuzzing-to-bug-reporting.html https://twitter.com/NCCGroupInfosec/status/707859018690199552

[ iOS ]  IORegistryIterator竞争条件漏洞分析与利用 - http://nirvan.360.cn/blog/?p=1005 by 360's Nirvan Team

[ iOS ]  New blog post: Exploring the Physical Address Space on iOS http://embeddedideation.com/2016/03/10/exploring-the-physical-address-space-on-ios/

[ IoTDevice ]  Simple reverse engineering of Corsair USB mouse LED control protocol http://boredhackerblog.blogspot.com/2016/03/reversing-corsair-sabre-led-control-and.html

[ Malware ]  The three heads of the Cerberus-like Cerber ransomware https://blogs.technet.microsoft.com/mmpc/2016/03/09/the-three-heads-of-the-cerberus-like-cerber-ransomware/

[ Malware ]  “SORRY.i_have_to_do_this” - RC4 encrypted message left by #PlugX #APT coder https://securelist.com/blog/virus-watch/74150/plugx-malware-a-good-hacker-is-an-apologetic-hacker/ #China https://t.co/IIUt0mNlEy

[ Others ]  New blog post: Docker, DevOps & Security https://www.insinuator.net/2016/03/docker-devops-security/

[ Others ]  I fuzzed the SPIR-V parser & NVIDIA compiler & found out Vulkan eruption is easy to trigger. http://allsoftwaresucks.blogspot.ru/2016/03/fuzzing-vulkans-how-do-they-work.html https://t.co/biZzqd3klH

[ Pentest ]  DET : Data Exfiltration Toolkit : https://github.com/sensepost/DET

[ Popular Software ]  . @ Adobe #Flash Player Update Patches 18 Remote Code Execution Flaws: https://threatpost.com/flash-player-update-patches-18-remote-code-execution-flaws/116707/ via @ threatpost

[ Popular Software ]  [SE-2012-01] Broken security fix in Oracle Java SE 7/8/9 http://seclists.org/fulldisclosure/2016/Mar/31

[ ReverseEngineering ]  Codemap is a binary analysis tool for "run-trace visualization" provided as IDA plugin. https://github.com/c0demap/codemap

[ SecurityProduct ]  #DragonPunch Comodo AV & Dragon Browser Local Privilege Elevation #Exploit #asciiart #greetz #sploitlikeits1999 http://pastebin.com/meQvnLRU

[ SecurityProduct ]  Working on an unusual exploit for Comodo Antivirus, just *scanning* a file can exfiltrate keystrokes. #wtf https://t.co/NKmPGh2DMW

[ ThreatIntelligence ]  Part 2 of @ pdxbek's threat intel foundations blog series is now live — Threat Intelligence: Crawl, Walk, Analyze — https://community.rapid7.com/community/infosec/blog/2016/03/10/threat-intelligence-foundations-crawl-walk-analyze-part-2

[ Tools ]  A patch for IDA for OSX serves executable code over HTTP >< ... SHA1 is submitted over the same insecure channel http://www.hexblog.com/?p=1016

[ Tools ]  toolsmith #114: WireEdit and Packet Manipulation http://holisticinfosec.blogspot.com/2016/03/toolsmith-114-wireedit-and-packet.html

[ Tools ]  Introducing Pencil: A Microframework Inspired By Flask For Rust https://fengsp.github.io/blog/2016/3/introducing-pencil/

[ Tools ]  This is super cool: highlight, copy, and translate text from any image. https://projectnaptha.com/

[ Windows ]  Nice piece by @ _mhastings_ on DLL Search Order Hijacks and detection via Tanium: https://blog.tanium.com/dont-hijack-me-bro-searching-for-dll-load-order-attacks-with-tanium/

[ Windows ]  NCC Group Advisory: Win 10 USB Mass Storage driver arb code execution in kernel mode - https://www.nccgroup.trust/uk/our-research/windows-10-usb-mass-storage-driver-arbitrary-code-execution-in-kernel-mode/ by Andy Davis - CVE-2016-0133