[ Android ]  Mobile malware variants have new capabilities to evade #Android security. https://threatpost.com/aggressive-triada-horde-variants-up-mobile-malware-threat/118767/ via @ threatpost

[ Android ]  Anti-debugging Skills in APK - http://drops.wooyun.org/mobile/16969 (Chinese)

[ Android ]  Fingerprint Unlock Security: iOS vs. Google Android (Part II) http://blog.elcomsoft.com/2016/06/fingerprint-unlock-security-ios-vs-google-android-part-ii/

[ Attack ]  Revealed earlier this month and a Must Read: the architecture of the UK targeted interception system PRESTON: https://theintercept.com/document/2016/06/07/preston-architecture/

[ Attack ]  Reverse-engineering DUBNIUM’s Flash-targeting exploit https://blogs.technet.microsoft.com/mmpc/2016/06/20/reverse-engineering-dubniums-flash-targeting-exploit/

[ Attack ]  Misconfigured email servers open the door to spoofed emails from top domains https://blog.detectify.com/2016/06/20/misconfigured-email-servers-open-the-door-to-spoofed-emails-from-top-domains/

[ Attack ]  Acer to notify customers of online store data breach https://www.grahamcluley.com/2016/06/acer-customer-data-breach/

[ Attack ]  New post: Banking Trojans as a Service—Theft Made Easy in Brazil http://bit.ly/28Jhj4a @ TrendMicro

[ Browser ]  If you want hour(s) more battery life on Windows, use MS Edge https://blogs.windows.com/windowsexperience/2016/06/20/more-battery-with-edge/ (even more than Opera with battery saver enabled)

[ Browser ]  Small print for TorBrowser high entrp ASLR Selfrando - disable jemalloc & low lvl crypto - https://www.ics.uci.edu/~perl/pets16_selfrando.pdf / http://news.softpedia.com/news/tor-browser-integrates-tool-to-fend-off-deanonymization-exploits-505418.shtml

[ Crypto ]  Authentication with Hash Chains in C : http://brennan.io/2016/06/19/hashchains-in-c/

[ Crypto ]  Introduction to GPU Password Cracking : Owning the LinkedIn Password Dump : https://www.trustedsec.com/june-2016/introduction-gpu-password-cracking-owning-linkedin-password-dump/

[ Fuzzing ]  Fuzzing Rust code with american-fuzzy-lop https://github.com/frewsxcv/afl.rs

[ IoTDevice ]  Available for download our presentation slides from @ iottechexpo http://www.slideshare.net/opposingforce/smart-cities-in-the-iot-era #SmartCity #IoT #IoTSecurity #IoTTechExpo

[ Linux ]  Exploiting Recursion in the Linux Kernel http://googleprojectzero.blogspot.ch/2016/06/exploiting-recursion-in-linux-kernel_20.html #linux #kernel #exploitdev #hacking #infosec https://t.co/ZEtpPxYGZz

[ MachineLearning ]  MIT Deep Learning Book in PDF format (very good resource) https://github.com/HFTrader/DeepLearningBook

[ Malware ]  Public malware techniques used in the wild https://github.com/LordNoteworthy/al-khaser/blob/master/README.md

[ Malware ]  Malware uses Google Talk used to make malicious phone calls https://blog.malwarebytes.com/cybercrime/mobile/2016/06/google-talk-used-to-make-malicious-phone-calls-android-trojan-pawost/

[ Obfuscation ]  FOPO-PHP-Deobfuscator : A simple script to deobfuscate PHP file obfuscated with FOPO Obfuscator : https://github.com/Antelox/FOPO-PHP-Deobfuscator cc @ Antelox

[ OpenSourceProject ]  New OpenSSL Bug, CVE-2016-2177 https://bugzilla.redhat.com/show_bug.cgi?id=1341705

[ Others ]  Some details on the new #1 Top500 supercomputer, with China-developed ShenWei RISC CPUs http://www.netlib.org/utk/people/JackDongarra/PAPERS/sunway-report-2016.pdf

[ Others ]  OWASP Python Security Project http://www.pythonsecurity.org/

[ Others ]  Beyond #BIOS: #SMM #ResourceMonitoring via #EFI Dev-Kit | @ Intel #WhitePaper https://firmware.intel.com/sites/default/files/resources/A_Tour_Beyond_BIOS_Supporting_SMM_Resource_Monitor_using_the_EFI_Developer_Kit_II.pdf | #DevOps #HPC #UEFI #GameDev #Ai #IoT

[ Others ]  #KLEE: Symbolic #VM on #LLVM #compiler proto-#Phoenician? @ GitHub https://klee.github.io/ #DevOps #HPC #JVM #Cloud https://t.co/mtFRySGLWY

[ Others ]  I submitted a bunch of tactics to: https://attack.mitre.org/wiki/Main_Page This s a great reference. #DFIR

[ Popular Software ]  Alfresco Activiti RCE http://remoteawesomethoughts.blogspot.gr/2016/06/alfresco-activiti.html

[ Virtualization ]  Docker for Mac/Windows is now out! http://docker.com/getdocker #DockerCon

[ Web Security ]  Content Security Policy source expression 'unsafe-dynamic' has been renamed 'strict-dynamic' in the latest draft (https://w3c.github.io/webappsec-csp/#strict-dynamic-usage).

[ Windows ]  Windows Kernel ATMFD.DLL NamedEscape 0x250C pool corruption https://bugs.chromium.org/p/project-zero/issues/detail?id=785#c_ts1466427097

[ Windows ]  Windows gdi32.dll heap-based out-of-bounds reads / memory disclosure in multiple DIB-related EMF record handlers https://bugs.chromium.org/p/project-zero/issues/detail?id=757#c_ts1466427071

[ Windows ]  In context of recent talks about long path support in Windows. My research from 2010 http://www.icewall.pl/?p=467&lang=en showing evil influence on AVs.

[ Windows ]  If you saw my @ WEareTROOPERS presentation you might have seen this bug, but this shows how to exploit in a sandbox. https://bugs.chromium.org/p/project-zero/issues/detail?id=779