[ Attack ]  Benchmarking memcmp() for timing attacks http://nzzl.us/XODmrKb

[ Browser ]  Safari Browser: Memory corruption in Array concat https://bugs.chromium.org/p/project-zero/issues/detail?id=1095

[ Conference ]  Ruxcon 2017 Call For Presentations released: https://ruxcon.org.au/cfp

[ Industry News ]  #Stuxnet LNK exploits still widely circulated - http://bit.ly/2oUoQ6C

[ Malware ]  #Spyware writeup recently found on #GooglePlay https://www.zscaler.com/blogs/research/android-spyware-smsvova-posing-system-update-play-store cc @ malwrhunterteam

[ Mobile ]  Attacking ARM Trustzone using Rowhammer by @ eshardNews (direct link) http://www.eshard.com/wp-content/plugins/email-before-download/download.php?dl=9465aa084ff0f070a3acedb56bcb34f5

[ Others ]  Combating a spate of Java malware with machine learning in real-time https://blogs.technet.microsoft.com/mmpc/2017/04/20/combating-a-wave-of-java-malware-with-machine-learning-in-real-time/

[ Popular Software ]  A highly critical security release for #Drupal 8.3.1 and 8.2.8 is now available. Update your sites now. https://t.co/72kyC4157a

[ Popular Software ]  I just published “PASSFREELY: Oracle & SWIFT at risk” https://medium.com/p/passfreely-oracle-swift-at-risk-eb6886908227

[ SecurityProduct ]  How we found 100+ RCE vulnerabilities in Trend Micro software : http://conference.hitb.org/hitbsecconf2017ams/materials/D1T1%20-%20Steven%20Seeley%20and%20Roberto%20Suggi%20Liverani%20-%20I%20Got%2099%20Trends%20and%20a%20%23%20Is%20All%20Of%20Them.pdf (pdf), Brief : http://blog.malerisch.net/2017/04/trend-micro-threat-discovery-appliance-session-generation-authentication-bypass-cve-2016-8584.html cc @ malerisch

[ SecurityReport ]  SSL & TLS Penetration Testing : https://www.aptive.co.uk/blog/tls-ssl-security-testing/

[ SecurityReport ]  Threat intel report Key finding 1. A majority of attackers are still relying on user interactions to create threats: http://r-7.co/2oO8We1

[ SecurityReport ]  Technical details on the Lazarus Group and the SWIFT bank attacks https://securelist.com/files/2017/04/Lazarus_Under_The_Hood_PDF_final.pdf

[ Vulnerability ]  CVE-2017-0199 Python script to #exploit Microsoft RTF #RCE Author: @ bhdresh #meterpreter https://github.com/bhdresh/CVE-2017-0199

[ Windows ]  Abusing Nvidia Node.js to Bypass AppLocker/Device Guard Whitelisting: http://blog.sec-consult.com/2017/04/application-whitelisting-application.html https://t.co/DuFqeFtl16

[ Windows ]  Better performance and more developer features (spoilers! WebAssembly and shared memory) in Edge and ChakraCore. https://blogs.windows.com/msedgedev/2017/04/20/improved-javascript-performance-webassembly-shared-memory/#4S22DBw3oW4ZeiQV.97