[ Attack ]  Operations of a Brazilian Payment Card Fraud Group http://www.fireeye.com/blog/threat-research/2016/10/operations_of_a_braz1.html

[ Browser ]  MS Edge: open default txt/css apps without user interaction. PoC: http://www.cracking.com.ar/demos/edgedefaultapp/ Notepad and Visual Studio are opened in my case.

[ Challenges ]  Pwning My Life: HITCON CTF Qual 2016 - House of Orange Write up http://4ngelboy.blogspot.com/2016/10/hitcon-ctf-qual-2016-house-of-orange.html?spref=tw

[ IoTDevice ]  Old SSH Vulnerability at Center of Credential-Stuffing Attacks: https://threatpost.com/old-ssh-vulnerability-at-center-of-credential-stuffing-attacks/121266/ via @ threatpost

[ MachineLearning ]  Five myths about machine learning in cybersecurity: https://securelist.com/blog/opinions/76351/five-myths-about-machine-learning-in-cybersecurity/ via @ Securelist

[ Malware ]  Surge of email attacks using malicious WSF attachments https://www.symantec.com/connect/ko/blogs/surge-email-attacks-using-malicious-wsf-attachments

[ Malware ]  黑产上演《三体》剧情：蠕虫病毒入侵手机群发“钓鱼”短信 - http://blog.avlsec.com/2016/10/3849/worm/

[ Malware ]  Our #VB2016 ppt for topic One-Click Fileless Infection is publicly available https://www.virusbulletin.com/uploads/pdf/conference_slides/2016/Anand_Menrige-vb-2016-One-Click-Fileless.pdf

[ Malware ]  Talos Blog: LockyDump - All Your Configs Are Belong To Us http://bit.ly/2eaFsAu

[ Network ]  Google Creates New Algorithm for Handling TCP Traffic Congestion Control http://news.softpedia.com/news/google-creates-new-algorithm-for-handling-tcp-traffic-congestion-control-508398.shtml

[ NetworkDevice ]  Cisco Patches Critical Bug In Video Conferencing Server Hardware: https://threatpost.com/cisco-patches-critical-bug-in-video-conferencing-server-hardware/121268/ via @ threatpost

[ OpenSourceProject ]  Analysis of OpenSSL Large Message Size Handling Use After Free (CVE-2016-6309) http://blog.fortinet.com/2016/10/12/analysis-of-openssl-large-message-size-handling-use-after-free-cve-2016-6309

[ Others ]  Direct Memory Attack the Kernel : https://github.com/ufrisk/presentations/blob/master/DEFCON-24-Ulf-Frisk-Direct-Memory-Attack-the-Kernel-Final.pdf (pdf)

[ Tools ]  malusb : HID spoofing multi-OS payload for Teensy (Win* & Mac OSX) : https://github.com/LightWind/malusb ,Slides : http://www.slideshare.net/elie-bursztein/does-dropping-usb-drives-really-work-blackhat-usa-2016

[ Vulnerability ]  New post: A Look at the BIND Vulnerability: CVE-2016-2776 http://bit.ly/2ddIgvM @ TrendMicro

[ Windows ]  Analysing the NULL SecurityDescriptor kernel exploitation mitigation in the latest Windows 10 v1607 Build 14393 http://nzzl.us/nNJ2n0H

[ Windows ]  Windows Server 2016 GA'd today (and of course you can now create 2016 GA VMs in Azure)! https://techcrunch.com/2016/10/12/microsofts-windows-server-2016-is-now-generally-available/

[ Windows ]  [Blog Post] Using Application Compatibility Shims http://subt0x10.blogspot.com/2016/10/using-application-compatibility-shims.html So much fun to be had with these. :-)