[ Android ]  Undocumented Patched Vulnerability in Nexus 5X Allowed for Memory Dumping Via USB - https://securityintelligence.com/undocumented-patched-vulnerability-in-nexus-5x-allowed-for-memory-dumping-via-usb/ by @ roeehay

[ Attack ]  SWIFT Warns Banks Of More Cyberattacks https://threatpost.com/swift-warns-banks-of-more-cyberattacks/120293/

[ Browser ]  Our (@ we1x @ slekies @ arturjanc) #CSP paper is out. 95% bypassable, whitelisting is doomed, #strictdynamic helps. https://research.google.com/pubs/pub45542.html

[ Browser ]  Patch now: Google releases security update for Chrome http://googlechromereleases.blogspot.ie/2016/08/stable-channel-update-for-desktop_31.html

[ Defend ]  AMD memory encryption: http://events.linuxfoundation.org/sites/events/files/slides/AMD%20x86%20Memory%20Encryption%20Technology%20LSS%20Slides.pdf

[ IoTDevice ]  Security Analysis and Exploitation of Arduino devices in the Internet of Things http://www.seg.inf.uc3m.es/~guillermo-suarez-tangil/papers/2016mal-iot.pdf

[ Linux ]  360MeshFire Team：CVE-2016-5696 TCP旁路攻击分析与重现 http://bobao.360.cn/learning/detail/2990.html

[ Malware ]  Take it Easy, and Say Hi to This New Python Ransomware http://blog.fortinet.com/2016/09/01/take-it-easy-and-say-hi-to-this-new-python-ransomware

[ Others ]  Exploiting PHP-7 unserialize: Teaching a New Dog Old Tricks http://blog.checkpoint.com/wp-content/uploads/2016/08/Exploiting-PHP-7-unserialize-Report-160829.pdf

[ Others ]  Talos Blog: Talos ShadowGate Take Down: Global Malvertising Campaign Thwarted http://bit.ly/2bLqUWL

[ Others ]  Bugs found in GCC with the help of PVS-Studio for Linux: http://www.viva64.com/en/b/0425/ (#gcc, #bugs, #opensource, #code) https://t.co/YQho7sANg4

[ Others ]  How to pwn the boot process of most computers [pdf] http://goo.gl/wlJpvG

[ Others ]  One Bit Flips, One Cloud Flops: Cross-VM Row Hammer Attacks and Privilege Escalation - https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_xiao.pdf

[ Pentest ]  When expanding access, implants should abuse IPC mechanisms like named pipes to avoid outbound security. http://www.contextis.com/resources/blog/using-smb-named-pipes-c2-channel/ #infosec

[ Popular Software ]  No Flash Player update this month, but Adobe did release an out-of-band patch for ColdFusion, patching CVE-2016-4264 https://helpx.adobe.com/security/products/coldfusion/apsb16-30.html

[ Tools ]  #kekeo supports smartcard (/subject:bob |/dh]) & pre-signed RSA/DH req (/asreq:file) to auth https://github.com/gentilkiwi/kekeo/releases https://t.co/k4b2qxilV1

[ Web Security ]  Releasing long-awaited "Breaking Great Wall of Web - New XSS Evasion Cheatsheet" < RT Pls http://www.rafayhackingarticles.net/2016/09/breaking-great-wall-of-web-xss-waf.html #XSS #WAF

[ Web Security ]  OLX disclosed a bug submitted by exception: https://hackerone.com/reports/158872 #hackerone #bugbounty https://t.co/JBpf3sYm0M

[ Web Security ]  Using Chrome's web-custom-data UTI to inject a stored XSS in Slack https://labs.detectify.com/2016/09/01/using-chromes-web-custom-data-uti-to-inject-a-stored-xss-in-slack/

[ Windows ]  RCE via Outlook Web Access/Exchange MAPI with tool https://sensepost.com/blog/2016/mapi-over-http-and-mailrule-pwnage/ by @ _staaldraad Bonus is a MAPI protocol implementation in Go.

[ Windows ]  Powershell Without Powershell - How To Bypass Application Whitelisting, Environment Restriction… http://www.blackhillsinfosec.com/?p=5257 via @ BHInfoSecurity