[ Android ]  Mobile malware uses API and legitimate, open source projects to bypass Android security http://symc.ly/24gu48R https://t.co/SEEy8P1H2t

[ Attack ]  Tumblr 's Database leak https://mega.nz/#!V9ZmSCCS!lRgT4irycFEefJvWVm0-xZOuhNRZP7Hg41rJJuydSQY

[ Backdoor ]  Backdooring a DLL http://www.gironsec.com/blog/2016/06/backdooring-a-dll/

[ Detect ]  Our blog post on signature-free #malware C2 detection has been updated with a #Kovter signature by @ networktotal ;) http://netres.ec/?b=165BF7D

[ Hardware ]  Physical Key Extraction Attacks on PCs: http://m.cacm.acm.org/magazines/2016/6/202646-physical-key-extraction-attacks-on-pcs/fulltext

[ Malware ]  Exploiting malware C2 servers : http://samvartaka.github.io/exploitation/2016/06/03/dead-rats-exploiting-malware https://t.co/XSwx45TQMK

[ Malware ]  CylancePROTECT® vs. CryptXXX https://blog.cylance.com/cylanceprotect-vs-cryptxxx

[ Network ]  Some discussion of #IPv6 ACLs for Cisco devices: https://www.insinuator.net/2015/12/developing-an-enterprise-ipv6-security-strategy-part-3-traffic-filtering-in-ipv6-networks-i/ https://www.insinuator.net/2015/12/developing-an-enterprise-ipv6-security-strategy-part-4-traffic-filtering-in-ipv6-networks-ii/ https://www.insinuator.net/2016/05/cve-2016-1409-ipv6-ndp-dos-vulnerability-in-cisco-software/

[ OpenSourceProject ]  A Little on V8 and WebAssembly : https://ia601503.us.archive.org/32/items/vmss16/titzer.pdf (pdf)

[ Others ]  Seems CVE-2016-3117 found by Checkpoint gives AT command access. This means stealing mobile auth as described here! http://conference.hitb.org/hitbsecconf2015ams/wp-content/uploads/2014/12/D1T1-Markus-Vervier-Mobile-Authentication-Subspace-Travel.pdf

[ Others ]  Identifying People from their Driving Patterns https://www.schneier.com/blog/archives/2016/05/identifying_peo_7.html

[ Popular Software ]  DeadUpdate; Or, How I learned to stop worrying and execute arbitrary executables from HTTP - http://teletext.zaibatsutel.net/post/145370716258/deadupdate-or-how-i-learned-to-stop-worrying-and from HTTP to SYSTEM

[ Protocol ]  More LTE protocol implementation and new (unpatched) baseband vulnerabilities by Benoit Michau and C. Devine - https://www.sstic.org/media/SSTIC2016/SSTIC-actes/how_to_not_break_lte_crypto/SSTIC2016-Article-how_to_not_break_lte_crypto-michau_devine.pdf

[ Tools ]  Finished a JS wrapper for Keystone 0.9 with Emscripten to make a realtime assembler in browser: http://alexaltea.github.io/keystone.js/ cc. @ keystone_engine

[ Tools ]  How to instantly write 2000 exploits w/ Binary Ninja: https://blog.trailofbits.com/2016/06/03/2000-cuts-with-binary-ninja/ ,Binary Ninja: http://binary.ninja/ https://t.co/zje8PqQ8F5

[ Web Security ]  Bait and Switch: The Failure of Facebook Advertising – An OSINT Investigation via @ bellingcat https://www.bellingcat.com/resources/2016/06/02/bait-and-switch-the-failure-of-facebook-advertising-an-osint-investigation/

[ Web Security ]  The Shortest Reflected XSS Attack Possible http://brutelogic.com.br/blog/shortest-reflected-xss-possible/