[ Android ]  New in Android N: Strictly Enforced Verified Boot with Error Correction http://android-developers.blogspot.com/2016/07/strictly-enforced-verified-boot-with.html Thanks @ samitolvanen!

[ Android ]  @ Morpheus______ 's presentation slides on #ARM #TrustZone usage in #iOS and #Android #Boot - http://technologeeks.com/files/TrustZone.pdf https://t.co/T9PTFOpcRq

[ Attack ]  'Prominent' Admin of Top ISIS Forum Hacked; messages dumped online https://motherboard.vice.com/read/prominent-admin-of-top-isis-jihadi-forum-hacked https://t.co/lLyQC2q65t

[ Detect ]  Bypassing Gmail’s Malicious Macro Signatures https://warroom.securestate.com/bypassing-gmails-malicious-macro-signatures/

[ Detect ]  Detecting the Neutrino exploit kit based on its network behaviour http://capstarforensics.com/?p=713

[ Forensics ]  ssd forensics http://goo.gl/0WSn66

[ iOS ]  Lots of iOS bugs fixed today. I wonder if the imageIO ones were reachable via iMessage: https://support.apple.com/en-au/HT206902

[ IoTDevice ]  Internet of Things. Security Evaluation of 7 Fitness Trackers on Android and the Apple Watch https://www.av-test.org/fileadmin/pdf/avtest_2016-07_fitness_tracker_english.pdf https://t.co/ryGdCYZ6sM

[ macOS ]  OS X 10.11.5 now available: http://opensource.apple.com/release/os-x-10115/

[ Malware ]  FireEye researchers analyze the attack process of the Cerber ransomware https://www.fireeye.com/blog/threat-research/2016/07/cerber-ransomware-attack.html https://t.co/mzBP8PtWoH

[ Others ]  Drupal 8.1.6 HTTP traffic to an arbitrary proxy server https://cxsecurity.com/issue/WLB-2016070150

[ Others ]  New search engine lets you search for vulnerabilities in Javascript code https://nerdydata.com/search?terms%5B%5D=(eval%5C(%5B%5E%5C)%5D%2B%5C))&regex=true

[ Others ]  This is a huge bug. ASN.1 bug in objective systems implementation popular on baseband stacks https://twitter.com/4dgifts/status/755179455258226690

[ Others ]  SKEE: A Lightweight Secure Kernel-level Execution Environment for ARM https://www.internetsociety.org/sites/default/files/blogs-media/skee-lightweight-secure-kernel-level-execution-environment-for-arm.pdf

[ Pentest ]  Building an Active Directory Lab : https://www.psattack.com/series/building-an-active-directory-lab/ cc @ jaredhaight

[ Popular Software ]  Client-Side Redis Attack PoC https://ericrafaloff.com/client-side-redis-attack-poc/

[ Popular Software ]  Multiple Cross-Site Scripting vulnerabilities in Ninja Forms WordPress Plugin http://goo.gl/fb/yd88pX #FullDisclosure

[ Popular Software ]  Django CMS v3.3.0 - (Editor Snippet) Persistent Web Vulnerability (CVE-2016… http://goo.gl/fb/gsN6xo #FullDisclosure

[ Popular Software ]  Use After Free Vulnerability in SNMP with GC and unserialize() https://bugs.php.net/bug.php?id=72479

[ Tools ]  SZpy - Z3 Symbolic Execution python. Based on z3. https://github.com/dariosharp/SZpy

[ Tools ]  Just open-sourced gotrace. Try it, feedback is welcome. Particularly interested if README is clear enough. #golang https://github.com/divan/gotrace

[ Web Security ]  Paypal bug bounty: Updating the Paypal.me profile picture without consent (CSRF attack) https://hethical.io/paypal-bug-bounty-updating-the-paypal-me-profile-picture-without-consent-csrf-attack/

[ Web Security ]  Stealing Facebook access_tokens using CSRF in device login flow https://www.josipfranjkovic.com/blog/hacking-facebook-csrf-device-login-flow

[ Windows ]  Captain Hook: Pirating AVs to Bypass Exploit Mitigations http://breakingmalware.com/vulnerabilities/captain-hook-pirating-avs-bypass-exploit-mitigations/

[ WirelessSecurity ]  Just released tech report with results from my #LTE #security and #exploit research and @ shmoocon talk. #infosec http://arxiv.org/abs/1607.05171