[ Android ]  Infected firmware spotted in well-known low-cost Android devices http://securityaffairs.co/wordpress/54360/malware/low-cost-android-devices.html

[ Attack ]  Modbus Stager: Using PLCs as a payload/shellcode distribution system http://www.shelliscoming.com/2016/12/modbus-stager-using-plcs-as.html

[ Browser ]  Project Zero guest blog post: "Chrome OS exploit: one byte overflow and symlinks" - https://googleprojectzero.blogspot.com/2016/12/chrome-os-exploit-one-byte-overflow-and.html

[ Firmware ]  Practical Reverse Engineering a router(Part 5)- Digging Through Firmware: http://jcjc-dev.com/2016/12/14/reversing-huawei-5-reversing-firmware/ 4: http://jcjc-dev.com/2016/06/08/reversing-huawei-4-dumping-flash/ cc @ Palantir555

[ Hardware ]  New post: Home Routers: Mitigating Attacks that can Turn them to Zombies http://bit.ly/2h0oPsO @ TrendMicro

[ IoTDevice ]  Some brilliant exploits collected by GeekPwn could lead to a systematic study of IoT devices' security flaws #BHASIA http://ow.ly/Hdno3076r0i

[ Linux ]  Linux 4.9 allows introspecting to enumerate all the namespaces on a system (description + Golang example program); https://t.co/Klk49adash

[ MalwareAnalysis ]  Nymaim using MAC addresses to uncover virtual environments and bypass antivirus http://feedproxy.google.com/~r/nakedsecurity/~3/zx9a3jywFsc/

[ MalwareAnalysis ]  Been shopping lately? Fake credit card email can spook you into downloading Cerber ransomware https://blogs.technet.microsoft.com/mmpc/2016/12/13/been-shopping-lately-fake-credit-card-email-can-spook-you-into-downloading-cerber-ransomware/

[ Others ]  IE/Edge Workers SOP bypass using leaked script errors thanks to base href or importScripts) http://www.brokenbrowser.com/workers-sop-bypass-importscripts-and-basehref/ https://t.co/1kse7COZvJ

[ Others ]  For our 14th advent calendar gift, we analyzed not less than all available Wordpress plugins with RIPS https://blog.ripstech.com/2016/the-state-of-wordpress-security/

[ Others ]  Google Discloses Contents of Eight National Security Letters: https://threatpost.com/google-discloses-contents-of-eight-national-security-letters/122488/ via @ threatpost

[ Others ]  Project Springfield - Microsoft fuzz testing service, implemented in F# https://blogs.msdn.microsoft.com/dotnet/2016/12/13/project-springfield-a-cloud-service-built-entirely-in-f/

[ Others ]  Apple Security Update https://support.apple.com/en-us/HT201222 https://t.co/LHOnpqVird

[ Others ]  Metadata Recovery From Obfuscated Programs Using Machine Learning http://mediatum.ub.tum.de/doc/1340143/1340143.pdf

[ Popular Software ]  Nagios Core < 4.2.2 Curl Command Injection Exploit PoC (CVE-2016-9565) : https://legalhackers.com/advisories/Nagios-Exploit-Command-Injection-CVE-2016-9565-2008-4796.html

[ Popular Software ]  Adobe Animate <= v15.2.1.95 Memory Corruption Vulnerability https://goo.gl/fb/Ryggxp #FullDisclosure

[ Popular Software ]  Reflected XSS in MailChimp for WordPress could allow an attacker to do… https://goo.gl/fb/tuVEc0 #FullDisclosure

[ SecurityReport ]  A really interesting document on evolution of #phishing attacks! Worth reading .. A Decade of Phishing from RSA https://t.co/DLNtDGWBQ0

[ SecurityReport ]  Security Bulletin 2016. Review of the year. Overall statistics for 2016: https://securelist.com/analysis/kaspersky-security-bulletin/76858/kaspersky-security-bulletin-2016-executive-summary/ https://t.co/HRLvUeklkD

[ Tools ]  #BloodHound is a tool to analyze and understand #ActiveDirectory Trust Relationships. Amazing ;) cc: @binitamshah… https://t.co/Pguqq1oMvu

[ Vulnerability ]  Vulnerability Spotlight: Joyent SmartOS http://blogs.cisco.com/security/talos/vulnerability-spotlight-joyent

[ Windows ]  [BLOG] CVE-2016-7259: An empty file into the blue: a tale of a crash in win32k.sys http://blog.quarkslab.com/cve-2016-7259-an-empty-file-into-the-blue.html

[ WirelessSecurity ]  Bluetooth Attacks on Commercial-Grade Electronic Locks : http://www.somersetrecon.com/blog/2016/10/14/electronic-safe-lock-analysis-part-2- , Demo : https://www.youtube.com/watch?v=4lkJsRkwGXY