[ Android ]  backdoor-apk : a shell script that simplifies the process of adding a backdoor to any Android APK file : https://github.com/dana-at-cp/backdoor-apk

[ Browser ]  Chakra JIT CFG Mitigation Bypass http://theori.io/research/chakra-jit-cfg-bypass

[ Hardware ]  #DNSChanger exploit kit attack targets routers, not browsers - #malvertising http://bit.ly/2hBS7if

[ Hardware ]  (1/6) The following is a list of all the car hacking papers written by me and @nudehaberdasher. In total 342 pages of info.

[ Linux ]  Remote code exec in Ubuntu desktop all versions http://goo.gl/QENks7

[ macOS ]  macOS FileVault2 Password Retrieval http://blog.frizk.net/2016/12/filevault-password-retrieval.html

[ macOS ]  XNU kernel UaF due to lack of locking in set_dp_control_port https://bugs.chromium.org/p/project-zero/issues/detail?id=965

[ MalwareAnalysis ]  Let It Ride: The Sofacy Group’s DealersChoice attacks continue http://oak.ctx.ly/r/5b8kd #Unit42

[ MalwareAnalysis ]  Goldeneye Ransomware – the Petya/Mischa combo rebranded https://blog.malwarebytes.com/malwarebytes-news/2016/12/goldeneye-ransomware-the-petyamischa-combo-rebranded/

[ MalwareAnalysis ]  Proper analysis of Mirai's DGA https://twitter.com/GovCERT_CH/status/809338059548459008

[ Others ]  .@ Microsoft, @ Google to block @ Adobe Flash by default in Edge, Chrome - http://bit.ly/2hzeury

[ Others ]  Intel PIN, Cheatz, Hax, And Detection Part 1 http://www.gironsec.com/blog/2016/12/intel-pin-cheatz-hax-and-detection-part-1/

[ Others ]  Long read for you today on vulns in third-party code libraries finding their way into apps. https://threatpost.com/code-reuse-a-peril-for-secure-software-development/122476/ via @ threatpost

[ Pentest ]  SS7 Pentesting Toolkit: ss7MAPer https://n0where.net/ss7-pentesting-toolkit-ss7maper/ #InfoSec #CyberSecurity

[ Pentest ]  Injecting Flask - Template Injection attacks https://nvisium.com/blog/2015/12/07/injecting-flask/

[ Popular Software ]  Simple Bug allows Hackers to Read all your Private #Facebook Messenger Chats http://thehackernews.com/2016/12/hack-facebook-messenger-chats.html #security https://t.co/MRrtnozgJX

[ Popular Software ]  Nice. Twitter expands 2-factor auth to third party TOTP apps, including Google Authenticator. https://twitter.com/safety/status/809171110293975041

[ Popular Software ]  Nagios Core < 4.2.4 Root Privilege Escalation [CVE-2016-9566] https://goo.gl/fb/2oKf1W #FullDisclosure

[ Popular Software ]  XenForo 1.5.x Unauthenticated Remote Code Injection https://goo.gl/fb/81rmBJ #FullDisclosure

[ SecurityReport ]  Research report: Vulnerability Disclosure Attitudes and Actions - from the NTIA Awareness and Adoption Group http://r-7.co/2gONWRV

[ Web Security ]  postMessage XSS on a million sites https://labs.detectify.com/2016/12/15/postmessage-xss-on-a-million-sites/

[ Windows ]  Find out how we bypass application whitelisting using msiexec, using a technique discovered by @benpturner https://t.co/splL95ngdB ?

[ WirelessSecurity ]  BLE-Security #Hacking #Bluetooth Low Energy Locks #BTLE #IoT #Security https://github.com/merculite/BLE-Security