[ Attack ]  Technical in-depth analysis of Sednit operation. https://twitter.com/nyx__o/status/789077774367535104

[ Attack ]  [Blog] Rotten Apples: Resurgence http://bddy.me/2ekkkve #phishing https://t.co/3YHBC0K3lo

[ Attack ]  3.2 million Indian debit cards compromised. Malware found on Hitachi Payment Services ATM network. http://economictimes.indiatimes.com/articleshow/54945561.cms

[ Browser ]  #DailyBug #Firefox assert on x86 Windows https://bugzilla.mozilla.org/show_bug.cgi?id=1311612 https://t.co/zClvU1glZ9

[ Browser ]  [Paper] Bypassing XSS Filters using XML internal entities http://www.davidlitchfield.com/BypassingXSSFiltersusingXMLInternalEntities.pdf

[ Browser ]  A Study of WebRTC Security https://webrtc-security.github.io/

[ Conference ]  Use-After-Use-After-Free (UAUAF), a novel & relatively universal exploit technique for UAF vulns in Flash #BHEU http://ow.ly/moaK305lMDs

[ Crypto ]  A. Jana, G. Paul, "Revisiting RC4 Key Collision: Faster Search Algorithm and New 22-byte Colliding Key Pairs" https://eprint.iacr.org/2016/1001

[ Hardware ]  How to fool an ADC, part II or attacks against sigma-delta data converters by @ dark_k3y @ IOActive http://youtu.be/yzRJKzFl_ZA?a

[ IoTDevice ]  .@ hardwear_io 2016 : Analyzing vehicle networks with CANToolz by Michael Elizarov. https://www.youtube.com/watch?v=FqrQUthne3k

[ Linux ]  [BLOG] No Tears, No Fears: using #lkvm to provide invisible isolation http://blog.quarkslab.com/no-tears-no-fears.html

[ Linux ]  Dirty COW (CVE-2016-5195) Linux Kernel privilege escalation vulnerability. https://t.co/Ql5ReZyZST

[ Linux ]  The Linux COW bug is likely a Chrome/ChromeOS sandbox escape as well: https://cs.chromium.org/chromium/src/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc?l=176&dr=C

[ Malware ]  Short summary of my talk @ Day_Con_X / Dayton Security Summit on the Mirai Botnet Bot https://insinuator.net/2016/10/a-quick-insight-into-the-mirai-botnet/

[ OpenSourceProject ]  OpenSSH : Memory exhaustion issue http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/kex.c?rev=1.127&content-type=text/x-cvsweb-markup #infosec #openssh #vulnerability

[ Others ]  We just published @nwalsh_sec work! Great blog post and new @Burp_Suite Extension to detect SOME vulnerabilities https://t.co/xPU5bLkUbh

[ Others ]  Windows Kernel Registry Hive loading: negative RtlMoveMemory size in nt!CmpCheckValueList https://bugs.chromium.org/p/project-zero/issues/detail?id=873

[ Others ]  We detail the modification of an app’s source code for bypass SSL pinning, checking for tampering protection, & mor… https://twitter.com/i/web/status/788971276706742272

[ Popular Software ]  Experts devised a method to capture keystrokes during Skype calls http://securityaffairs.co/wordpress/52493/breaking-news/skype-calls.html

[ Popular Software ]  Oracle fixed some of the issues discussed in "OLAP DML Injection" (http://www.davidlitchfield.com/OLAPDMLInjection.pdf) in Apr2016 but forgot to tell me (CVE-2016-0681)

[ Protocol ]  New blog post: A journey into the depths of VoWiFi Security https://insinuator.net/2016/10/a-journey-into-the-depths-of-vowifi-security/

[ Web Security ]  Slack Access Control Bypass ($9k) http://secalert.net/slack-security-bug-bounty.html

[ Web Security ]  https://sites.google.com/site/bughunteruniversity/best-reports/openredirectsthatmatter nice chained bug! #xss #openredirect #google #vrp #bugbounty

[ Web Security ]  Chaining queries to execute SQL as SYS from SQL injection in web apps built on eBusiness Suite http://www.davidlitchfield.com/oracle-apps-to-sys.pdf

[ Web Security ]  http://securityaffairs.co/wordpress/52468/hacking/jja-k2-filter-search-joomla.html

[ Web Security ]  Everything You Need to Know About Certificate Pinning : https://2016.appsec.eu/wp-content/uploads/2016/07/AppSecEU2016-John-Kozyrakis-Certificate-Pinning.pdf by @ ikoz

[ Windows ]  Windows EoP zero-day exploit used in targeted attacks by FruityArmor APT. https://securelist.com/blog/research/76396/windows-zero-day-exploit-used-in-targeted-attacks-by-fruityarmor-apt/ https://t.co/ASbbrAkKxG

[ Windows ]  Windows and Ubuntu Interoperability https://blogs.msdn.microsoft.com/wsl/2016/10/19/windows-and-ubuntu-interoperability/

[ Windows ]  Windows Kernel Registry Hive loading: relative arbitrary read in nt!RtlValidRelativeSecurityDescriptor https://bugs.chromium.org/p/project-zero/issues/detail?id=876

[ Windows ]  Windows Kernel win32k.sys TTF font processing: use-after-free in win32k!sbit_Embolden / win32k!ttfdCloseFontContext https://bugs.chromium.org/p/project-zero/issues/detail?id=868

[ Windows ]  Windows Kernel win32k.sys TTF font processing: out-of-bounds read in the RCVT TrueType instruction handler https://bugs.chromium.org/p/project-zero/issues/detail?id=864

[ WirelessSecurity ]  RTL-SDR Tutorial: Receiving and Decoding Data from the Outernet http://www.rtl-sdr.com/rtl-sdr-tutorial-receiving-and-decoding-data-from-the-outernet/ https://t.co/kmOHyuP7sI