[ Android ]  . @ IBM analyzes market for #Android malware, in particular overlay malware which steal credentials. https://threatpost.com/scourge-of-android-overlay-malware-on-rise/117720/

[ Attack ]  Qatar National Bank 1.5 Gb archive leaked online http://securityaffairs.co/wordpress/46764/data-breach/qatar-national-bank-data-leak.html

[ Browser ]  Compare browser type systems with the new API Catalog tool https://blogs.windows.com/msedgedev/2016/04/28/introducing-api-catalog/ https://t.co/TV9xCtz0UL

[ Defend ]  Defend against @ subTee's AppLocker Bypass technique using EMET's ASR https://github.com/iadgov/Secure-Host-Baseline/tree/master/EMET#blocking-the-regsvr32-application-whitelisting-bypass-technique … #squiblydoo

[ Exploit ]  Hidden Bind Shell : Keep your shellcode hidden from scans : http://www.shelliscoming.com/2014/03/hidden-bind-shell-keep-your-shellcode.html , Demo : https://www.youtube.com/watch?v=xYBuaVNQjGA

[ Hardware ]  LimeSDR is now open source hardware! https://myriadrf.org/blog/limesdr-now-open-source-hardware/ #OSHW #FOSS #OpenSource #SDR https://t.co/8qJBx2i8R3

[ iOS ]  Riskware "ImgNaix" repackaged into Wechat, abused private API and affected non-jailbroken iOS device: http://drops.wooyun.org/mobile/15406 by @ SparkZheng

[ Malware ]  TeslaCrypt 4.2 Released with quite a few Modifications http://ow.ly/4nbvpM

[ Malware ]  #Afraidgate: Major Exploit Kit campaign swaps #Locky ransomware for #CryptXXX http://bit.ly/21hQqqE #Unit42

[ Others ]  PHP 7.x Heap Overflow https://packetstormsecurity.com/files/136843/php7-overflow.txt

[ Others ]  Flaw allowed anyone to modify & take control over ANY .as domain https://isecguy.wordpress.com/2016/04/25/flaw-allowed-anyone-to-modify-take-control-over-any-as-domain/

[ Others ]  New Paper. How It Works: Steganography Hides Malware in Image Files https://www.virusbulletin.com/virusbulletin/2016/04/how-it-works-steganography-hides-malware-image-files/ https://t.co/Aev6TcQjzU

[ Pentest ]  User Exploitation at Scale http://blog.cobaltstrike.com/2016/04/28/user-exploitation-at-scale https://t.co/68AzKuEyYh

[ Programming ]  AMD64 Architecture Programmer’s Manual (Vol - II : System Programming) : http://support.amd.com/TechDocs/24593.pdf (pdf)

[ Sandbox ]  detux : Analyze linux malwares on x86, x86-64,ARM,MIPS ,MIPSEL cpu architecture - The Multiplatform Linux Sandbox : https://github.com/detuxsandbox/detux

[ Tools ]  We just uploaded a new tool created by @ ukstufus for rapid @ OpenVPN certificate & configuration deployment https://labs.mwrinfosecurity.com/tools/rapid-openvpn-certificate-and-configuration-deployment/

[ Tools ]  We've published a video blog about the Noise Protocol Framework http://noiseprotocol.org/ at https://cryptoservices.github.io/cryptography/protocols/2016/04/27/noise-protocol.html by @ lyon01_david

[ Tools ]  Python script to speed up analysis of newer MS office docs. Uses officedissector library, dumps macros https://github.com/infoassure/officefileinfo @ Info_Assure

[ Tools ]  Just published Sysinternals updates, including Sysmon v4 with enhanced filtering, Procdump v8 and Sigcheck v2.51. https://blogs.technet.microsoft.com/sysinternals/2016/04/28/update-sysmon-v4-procdump-v8-sigcheck-v2-51/

[ Web Security ]  D2 Elliot 1.5 is available with new exploits and tools. Bonus for this release: #0day for #joomla 1.5.26 and #vBSEO. http://d2sec.com/updates/d2_elliot_1.5.html

[ Windows ]  COM Object hijacking: the discreet way of persistence https://blog.gdatasoftware.com/2014/10/23941-com-object-hijacking-the-discreet-way-of-persistence #DFIR

[ Windows ]  Microsoft Windows Kernel win32k.sys TTF Processing Pool Corruption https://packetstormsecurity.com/files/136844/GS20160428155107.tgz