- Pwn2Own 2016: Hackers Earn $460,000 for 21 New Flaws – securityweek.com
On the first day, contestants earned $282,500 for vulnerabilities in Safari, Flash Player, Chrome, Windows and OS X. On the second day, Tencent Security Team Sniper took the lead after demonstrating a successful root-level code execution exploit in Safari via a use-after-free flaw in Safari and an out-of-bounds issue in Mac OS X.
- Cyphercon 2016 Videos – irongeek.com
These are the videos from the Cyphercon 2016 conference.
- Nmap 7.10 released – nmap.org
I’m pleased to announce the release of Nmap 7.10 with many great improvements! It’s got 12 new NSE scripts, hundreds of new OS/version fingerprints, and dozens if smaller improvements and bug fixes. And that’s not even counting the changes in Nmap 7.01, which we released in December but I never got around to announcing because I suck at marketing.
- rop_compiler – github.com
This repository contains my attempts at making a useful, open source, multi-architecture ROP compiler.
- sdrsharp-bladerf – github.com
- The .om Domain Scam
Typosquatters are targeting Apple computer users with malware in a recent campaign that snares clumsy web surfers who mistakenly type .om instead of .com when surfing the web.
- CVE-2016-3115 OpenSSH forced-command and security bypass – eromang.zataz.com
Missing sanitisation of untrusted input allows an authenticated user who is able to request X11 forwarding to inject commands to xauth.
- AceDeceiver: First iOS Trojan Exploiting Apple DRM Design Flaws to Infect Any iOS Device – researchcenter.paloaltonetworks.com
What makes AceDeceiver different from previous iOS malware is that instead of abusing enterprise certificates as some iOS malware has over the past two years, AceDeceiver manages to install itself without any enterprise certificate at all.
- Once thought safe, DDR4 memory shown to be vulnerable to “Rowhammer” – arstechnica.com
The paper, titled How Rowhammer Could Be Used to Exploit Weaknesses in Computer Hardware, arrived at that conclusion by testing the integrity of dual in-line memory modules, or DIMMs, using diagnostic techniques that hadn’t previously been applied to finding the vulnerability.
TP-Link blocks open source router firmware to comply with new FCC rule – news.ycombinator.com