Risky Business Podcast

FBI - Statement by FBI Director James B. Comey on the Investigation of Secretary Hillary Clinton's Use of a Personal E-Mail System
https://www.fbi.gov/news/pressrel/press-releases/statement-by-fbi-direct...

Infidelity website Ashley Madison facing FTC probe, CEO apologizes | Reuters
http://www.reuters.com/article/us-ashleymadison-cyber-idUSKCN0ZL09J

Chelsea Manning 'rushed to hospital after trying to take own life' | Americas | News | The Independent
http://www.independent.co.uk/news/world/americas/chelsea-manning-rushed-...

Sorry Privacy Lovers, The Blackphone Is Flirting With Failure - Forbes
http://www.forbes.com/sites/thomasbrewster/2016/07/06/silent-circle-blac...

Researchers Sue the Government Over Computer Hacking Law | WIRED
https://www.wired.com/2016/06/researchers-sue-government-computer-hackin...

Over 100 Snooping Tor Nodes Have Been Spying on Dark Web Sites | Motherboard
http://motherboard.vice.com/read/over-100-snooping-tor-nodes-have-been-s...

These Maps Show What the Dark Web Looks Like | Motherboard
http://motherboard.vice.com/read/these-maps-show-what-the-dark-web-looks...

After hiatus, in-the-wild Mac backdoors are suddenly back | Ars Technica
http://arstechnica.com/security/2016/07/after-hiatus-in-the-wild-mac-bac...

How a Hacker Is Gaming the Media to Extort His Victims | Motherboard
http://motherboard.vice.com/read/how-a-hacker-is-gaming-the-media-to-ext...

Scope of ThinkPwn UEFI Zero Day Expands | Threatpost | The first stop for security news
https://threatpost.com/scope-of-thinkpwn-uefi-zero-day-expands/119027/

HummingBad Android Malware Connected to YiSpecter iOS Attacks | Threatpost | The first stop for security news
https://threatpost.com/chinese-ad-firm-raking-in-300k-a-month-through-ad...

Android's full-disk encryption just got much weaker-here's why | Ars Technica
http://arstechnica.com/security/2016/07/androids-full-disk-encryption-ju...

Most Post-Intrusion Cyber Attacks Involve Everyday Admin Tools | Threatpost | The first stop for security news
https://threatpost.com/most-post-intrusion-cyber-attacks-involve-everyda...

SSD Advisory - Wget Arbitrary Commands Execution - SecuriTeam Blogs
https://blogs.securiteam.com/index.php/archives/2701

DOJ Deploys Highly-Questionable Legal Arguments In Attempt To Save FBI's Hacking Warrants | Techdirt
https://www.techdirt.com/articles/20160503/17463334339/doj-deploys-highl...

Another Court Finds FBI's NIT Warrants To Be Invalid, But Credits Agents' 'Good Faith' To Deny Suppression | Techdirt
https://www.techdirt.com/articles/20160523/09060034525/another-court-fin...

U.S. court rules that FBI can hack into a computer without a warrant | PCWorld
http://www.pcworld.com/article/3088354/security/us-court-rules-that-fbi-...

Senetas
http://www.senetas.com/

If you only read one item from this week's notes, make it this excellent write up from Matt Levine on the DAO fiasco:
http://www.bloomberg.com/view/articles/2016-06-17/blockchain-company-s-s...

Hackers invade Dems' servers, steal entire Trump opposition file | Ars Technica
http://arstechnica.com/security/2016/06/hackers-invade-dems-servers-stea...

"Guccifer" leak of DNC Trump research has a Russian's fingerprints on it | Ars Technica
http://arstechnica.com/security/2016/06/guccifer-leak-of-dnc-trump-resea...

A Chaotic Whodunnit Follows the DNC's Trump Research Hack | WIRED
https://www.wired.com/2016/06/chaotic-whodunnit-follows-dncs-trump-resea...

Hack Brief: Russia's Breach of the DNC Is About More Than Trump's Dirt | WIRED
https://www.wired.com/2016/06/hack-brief-russias-breach-dnc-trumps-dirt/

EXCLUSIVE: Brexit '2nd Referendum Petition' A 4 Chan Prank: BBC Report It As Real | Heat Street
https://heatst.com/uk/exclusive-brexit-2nd-referendum-petition-a-4-chan-...

Bitcoin rival Ethereum fights for its survival after $50 million heist | Ars Technica
http://arstechnica.com/security/2016/06/bitcoin-rival-ethereum-fights-fo...

Anti-Surveillance Measure Quashed: Orlando Massacre Cited as Reason | Threatpost | The first stop for security news
https://threatpost.com/anti-surveillance-measure-quashed-orlando-massacr...

Senate Narrowly Rejects Controversial FBI Surveillance Expansion-For Now
https://theintercept.com/2016/06/22/senate-narrowly-rejects-controversia...

Bangladesh unlikely to extend FireEye contract for heist probe | Reuters
http://www.reuters.com/article/us-cyber-heist-bangladesh-idUSKCN0Z81U6

Ukrainian bank cyber-heist: Hackers take off with $10m
http://www.ibtimes.co.uk/ukrainian-bank-cyber-heist-hackers-compromise-s...

Authorities Arrest an IT Worker From the Panama Papers Law Firm | WIRED
https://www.wired.com/2016/06/worker-panama-papers-law-firm-arrested/

800-pound Comodo tries to trademark upstart rival's "Let's Encrypt" name | Ars Technica
http://arstechnica.com/tech-policy/2016/06/800-pound-comodo-tries-to-tra...

IRS Re-Enables 'Get Transcript' Feature - Krebs on Security
http://krebsonsecurity.com/2016/06/irs-re-enables-get-transcript-feature/

Rise of Darknet Stokes Fear of The Insider - Krebs on Security
http://krebsonsecurity.com/2016/06/rise-of-darknet-stokes-fear-of-the-in...

Citing Attack, GoToMyPC Resets All Passwords - Krebs on Security
http://krebsonsecurity.com/2016/06/citing-attack-gotomypc-resets-all-pas...

Thousands of Hacked Government and Corporate Servers Selling for $6 on Black Market | WIRED
https://www.wired.com/2016/06/xdedic-server-trading-forum-kaspersky/

655,000 Healthcare Records Being Sold on Dark Web | Threatpost | The first stop for security news
https://threatpost.com/655000-healthcare-records-being-sold-on-dark-web/...

Large botnet of CCTV devices knock the snot out of jewelry website | Ars Technica
http://arstechnica.com/security/2016/06/large-botnet-of-cctv-devices-kno...

Report: FBI Doing Poor Job Securing 411 Million Facial Recognition Photos | Threatpost | The first stop for security news
https://threatpost.com/report-fbi-doing-poor-job-securing-411-million-fa...

iOS 10 beta still encrypts user data, but not the kernel | Ars Technica
http://arstechnica.com/apple/2016/06/ios-10-beta-still-encrypts-user-dat...

"Godless" apps, some found in Google Play, can root 90% of Android phones | Ars Technica
http://arstechnica.com/security/2016/06/godless-apps-some-found-in-googl...

$90K Windows Zero Day Gets a Price Cut | Threatpost | The first stop for security news
https://threatpost.com/90k-windows-zero-day-gets-a-price-cut/118594/

Patched BadTunnel Windows Bug Has 'Extensive' Impact | Threatpost | The first stop for security news
https://threatpost.com/patched-badtunnel-windows-bug-has-extensive-impac...

High-severity bugs in 25 Symantec/Norton products imperil millions | Ars Technica
http://arstechnica.com/security/2016/06/25-symantec-products-open-to-wor...

Apple Patches AirPort Remote Code Execution Flaw | Threatpost | The first stop for security news
https://threatpost.com/apple-patches-airport-remote-code-execution-flaw/...

A Bug in Chrome Makes It Easy to Pirate Movies | WIRED
https://www.wired.com/2016/06/bug-chrome-makes-easy-pirate-movies/

7 Ways the Cops Will Bust You on the Dark Web | Motherboard
http://motherboard.vice.com/read/7-ways-the-cops-will-bust-you-on-the-da...

Trail of bits stuff, including links to new open source dev tools:
----------------------------------------------------------------------------

Trail of Bits | Home
https://www.trailofbits.com/

Trail of Bits | Products
https://www.trailofbits.com/products/#mast

Tidas \xb7 GitHub
https://github.com/tidas

GitHub - trailofbits/SecureEnclaveCrypto: Crypto with the Secure Enclave
https://github.com/trailofbits/SecureEnclaveCrypto

Jacob Appelbaum Has Allegedly Engaged in Sexual Misconduct for Over a Decade
http://gizmodo.com/jacob-appelbaum-has-allegedly-engaged-in-sexual-misco...

Eyewitnesses Recount Tor Developer Jacob Appelbaum's Unwanted Sexual Advances
http://gizmodo.com/eyewitnesses-recount-tor-developer-jacob-appelbaum-s-...

He said, they said - hypatia dot ca
https://hypatia.ca/2016/06/07/he-said-they-said/

Jacob Appelbaum
http://jacobappelbaum.net/

Jacob Appelbaum allegedly intimidated victims into silence and anonymity | The Daily Dot
http://www.dailydot.com/politics/jacob-appelbaum-tor-project-suspension-...

What Jake Appelbaum did to me - Medium
https://medium.com/@nickf4rr/hi-im-nick-farr-nickf4rr-35c32f13da4d#.eqfi...

Tor Developer Jacob Appelbaum Resigns Amid Sex Abuse Claims | WIRED
https://www.wired.com/2016/06/tor-developer-jacob-appelbaum-resigns-amid...

Jacob Appelbaum allegedly intimidated victims into silence and anonymity | The Daily Dot
http://www.dailydot.com/politics/jacob-appelbaum-tor-project-suspension-...

Statement | The Tor Blog
https://blog.torproject.org/blog/statement

TwitLonger - When you talk too much for Twitter
http://www.twitlonger.com/show/n_1soorlp

No internet for Singapore public servants - BBC News
http://www.bbc.com/news/world-asia-36476422

TeamViewer confirms number of abused user accounts is "significant" | Ars Technica
http://arstechnica.com/security/2016/06/teamviewer-says-theres-no-eviden...

Mark Zuckerberg's Twitter, Pinterest accounts compromised | Ars Technica
http://arstechnica.com/security/2016/06/mark-zuckerberg-twitter-pinteres...

FTC's chief technologist gets her mobile phone number hijacked by ID thief | Ars Technica
http://arstechnica.com/tech-policy/2016/06/ftcs-chief-technologist-gets-...

University pays almost $16,000 to recover crucial data held hostage | Ars Technica
http://arstechnica.com/security/2016/06/university-pays-almost-16000-to-...

100M Credentials From 'Russian Facebook' VK.com For Sale | Threatpost | The first stop for security news
https://threatpost.com/100m-russian-facebook-credentials-for-sale/118483/

\u200bOne of the World's Largest Botnets Has Vanished | Motherboard
http://motherboard.vice.com/read/one-of-the-worlds-largest-botnets-has-v...

The Troubling Metadata Sharing Program That Was Just Revealed in the UK | Motherboard
http://motherboard.vice.com/read/gchq-gives-uk-police-access-to-metadata...

It Takes Mere Minutes to Make a Fake, Potentially Malicious Facebook Ad | Motherboard
http://motherboard.vice.com/read/it-takes-mere-minutes-to-make-a-fake-po...

There's a Stuxnet Copycat, and We Have No Idea Where It Came From | Motherboard
http://motherboard.vice.com/read/theres-a-stuxnet-copycat-and-we-have-no...

ISIS worries that fake Android apps are spying on its ranks
http://www.engadget.com/2016/06/05/isis-worries-about-fake-android-apps/

IT Admin Faces Felony for Deleting Files Under Flawed Hacking Law | WIRED
https://www.wired.com/2016/06/admin-faces-felony-deleting-files-flawed-h...

WordPress plugin with 10,000+ installations being exploited in the wild | Ars Technica
http://arstechnica.com/security/2016/06/10000-wordpress-sites-imperilled...

New Angler Exploits Bypass EMET Mitigations | Threatpost | The first stop for security news
https://threatpost.com/new-angler-exploits-bypass-emet-mitigations/118485/

NTP Patches Flaws That Enable DDoS | Threatpost | The first stop for security news
https://threatpost.com/ntp-patches-flaws-that-enable-ddos/118470/

June 2016 Android Security Bulletin | Threatpost | The first stop for security news
https://threatpost.com/latest-android-security-bulletin-heavy-on-critica...

Lenovo Tells Users to Uninstall Vulnerable Updater | Threatpost | The first stop for security news
https://threatpost.com/lenovo-tells-users-to-uninstall-vulnerable-update...

Uber Pays Researcher $10K for Login Bypass Exploit | Threatpost | The first stop for security news
https://threatpost.com/uber-pays-researcher-10k-for-login-bypass-exploit...

Facebook Messenger Vulnerability Patched | Threatpost | The first stop for security news
https://threatpost.com/facebook-messenger-vulnerability-patched/118511/

Chrome Defaults to HTML5 over Adobe Flash Starting in Q4 | Threatpost | The first stop for security news
https://threatpost.com/chrome-defaults-to-html5-over-adobe-flash-startin...

Google Set to Kill SSLv3, RC4 in SMTP, Gmail in June | Threatpost | The first stop for security news
https://threatpost.com/google-set-to-kill-sslv3-and-rc4-in-smtp-gmail-in...

Tavis Ormandy on Twitter: "Kernel memory corruption in Symantec/Norton antivirus, CVE-2016-2208 (more patches soon). https://t.co/Sqhm0a48Fp https://t.co/F22xDIelSU"
https://twitter.com/taviso/status/732365178872856577

Patrick Gray on Twitter: "Inspecting malicious code in the kernel? That's like the bomb squad bringing a suspicious package into a kindergarten to open it. CC @taviso"
https://twitter.com/riskybusiness/status/732374512449277952

TeslaCrypt shuts down and Releases Master Decryption Key
http://www.bleepingcomputer.com/news/security/teslacrypt-shuts-down-and-...

The Intercept
https://theintercept.com/snowden-sidtoday/

2011 7 27 Culture Shock NSA From the Perspective of Summer Interns
https://www.documentcloud.org/documents/2830624-2011-7-27-Culture-Shock-...

The curious case of Besa Mafia | All Things VICE
https://allthingsvice.com/2016/05/14/the-curious-case-of-besa-mafia/

Hitting on the Aussies - the Besa Mafia files | All Things VICE
https://allthingsvice.com/2016/05/15/hitting-on-the-aussies-the-besa-maf...

Breach of Nulled.io crime forum could cause a world of pain for members | Ars Technica
http://arstechnica.com/security/2016/05/breach-of-nulled-io-crime-forum-...

Tumblr Requires Password Reset | Threatpost | The first stop for security news
https://threatpost.com/tumblr-accounts-must-reset-passwords/118084/

That time a patient's heart procedure was interrupted by a virus scan | Ars Technica
http://arstechnica.com/security/2016/05/faulty-av-scan-disrupts-patients...

Hacker fans give Mr. Robot website free security checkup | Ars Technica
http://arstechnica.com/security/2016/05/hacker-fans-give-mr-robot-websit...

That Insane, $81M Bangladesh Bank Heist? Here's What We Know | WIRED
https://www.wired.com/2016/05/insane-81m-bangladesh-bank-heist-heres-know/

SWIFT Warns of Second Bank Attack via PDF Malware | Threatpost | The first stop for security news
https://threatpost.com/swift-warns-of-second-bank-attack-via-pdf-malware...

U.S. banks scrutinize SWIFT security after hacks: reports | Reuters
http://www.reuters.com/article/us-cyber-heist-swift-banks-idUSKCN0Y82HW

Exclusive: UK banks ordered to review cyber security after SWIFT heist | Reuters
http://www.reuters.com/article/us-cyber-heist-bankofengland-idUSKCN0Y92KR

Judge Changes Mind, Says FBI Doesn't Have to Reveal Tor Browser Hack | Motherboard
http://motherboard.vice.com/read/judge-changes-mind-says-fbi-doesnt-have...

Motion Filed Asking FBI To Disclose Tor Browser Zero Day | Threatpost | The first stop for security news
https://threatpost.com/motion-filed-asking-fbi-to-disclose-tor-browser-z...

Academics Make Theoretical Breakthrough in Random Number Generation | Threatpost | The first stop for security news
https://threatpost.com/academics-make-theoretical-breakthrough-in-random...

Gaping Security Hole in Android Platform Grows Larger, Researchers Claim | Threatpost | The first stop for security news
https://threatpost.com/scope-of-gaping-android-security-hole-grows/118161/

Banking Trojan Outwits Google Play Malware Scanner | Threatpost | The first stop for security news
https://threatpost.com/banking-trojan-outwits-google-verify-apps-scanner...

Malware-Laced Porn Apps Behind Wave of Android Lockscreen Attacks | Threatpost | The first stop for security news
https://threatpost.com/malware-laced-porn-apps-behind-wave-of-android-lo...

Don't Use Allo | Motherboard
http://motherboard.vice.com/read/dont-use-google-allo

John McAfee Apparently Tried to Trick Reporters Into Thinking He Hacked WhatsApp
http://gizmodo.com/john-mcafee-apparently-tried-to-trick-reporters-into-...

Adobe Emergency Update Patches Flash Zero Day | Threatpost | The first stop for security news
https://threatpost.com/emergency-flash-update-patches-public-zero-day/11...

Major Remote SSH Security Issue in CoreOS Linux Alpha, Subset of Users Affected
https://coreos.com/blog/alpha-security-incident-subset-of-users-affected...

The Bank Job
https://boris.in/blog/2016/the-bank-job/

Stewart Baker - Wikipedia, the free encyclopedia
https://en.wikipedia.org/wiki/Stewart_Baker

RSS Feed
http://www.steptoe.com/feed-Cyberlaw.rss

France votes to penalize companies for refusing to decrypt devices, messages | Ars Technica
http://arstechnica.com/tech-policy/2016/03/france-votes-to-penalise-comp...

complementing_avaya_fabric_connect_with_senetas_encryption_dn7794.pdf
https://www.avaya.com/usa/documents/complementing_avaya_fabric_connect_w...

UPDATE: When these notes were first posted the link to the php bugs discussed wasn't in them. Here it is:

https://github.com/dyntopia/exploits

--

$1B Bangladesh heist: Officials say SWIFT technicians left bank vulnerable | Ars Technica
http://arstechnica.com/security/2016/05/1b-bangladesh-heist-officials-sa...

You Don't See This Often: Simultaneous FBI, DHS, and DoD Cyber Espionage Alerts | Motherboard
http://motherboard.vice.com/read/rare-simultaneous-fbi-dhs-and-dod-cyber...

Yahoo Releases Second Wave Unsealed FISA Documents | Threatpost | The first stop for security news
https://threatpost.com/yahoo-releases-second-wave-of-unsealed-fisc-docum...

Twitter Denies Intelligence Community Fire Hose Access Via Dataminr | Threatpost | The first stop for security news
https://threatpost.com/twitter-turns-off-fire-hose-for-intelligence-comm...

How a security pro's ill-advised hack of a Florida elections site backfired | Ars Technica
http://arstechnica.com/security/2016/05/how-a-security-pros-ill-advised-...

PwnedList Shutdown Unrelated to Parameter Tampering Vulnerability | Threatpost | The first stop for security news
https://threatpost.com/pwnedlist-shutdown-unrelated-to-recent-vulnerabil...

Another Day, Another Hack: Passwords and Sexual Desires for Dating Site 'Fling' | Motherboard
http://motherboard.vice.com/read/another-day-another-hack-passwords-and-...

Another Day, Another Hack: Is Your Fisting Site Updating Its Forum Software? | Motherboard
http://motherboard.vice.com/read/rosebuttboard-ip-board

No more get-out-of-jail-free card for CryptXXX ransomware victims | Ars Technica
http://arstechnica.com/security/2016/05/no-more-get-out-of-jail-free-car...

Someone Replaced Notorious 'Locky' Ransomware With a Dud File | Motherboard
http://motherboard.vice.com/read/someone-replaced-notorious-locky-ransom...

Microsoft and Adobe warn of separate zero-day vulnerabilities under attack | Ars Technica
http://arstechnica.com/security/2016/05/beware-of-in-the-wild-0day-attac...

New Windows 10 build kills controversial password-sharing Wi-Fi Sense | ExtremeTech
http://www.extremetech.com/computing/228259-new-windows-10-build-kills-c...

New Security Flaw Found in Lenovo Solution Center Software | Threatpost | The first stop for security news
https://threatpost.com/new-security-flaw-found-in-lenovo-solution-center...

Tavis Ormandy on Twitter: "Many remote stack overflows in Symantec Endpoint. No big deal, because /GS is the default since 2005, right? Hahaha. https://t.co/ac40M0Ki90"
https://twitter.com/taviso/status/730249521247068162

Critical Qualcomm security bug leaves many phones open to attack | Ars Technica
http://arstechnica.com/security/2016/05/5-year-old-android-vulnerability...

Chinese ARM vendor left developer backdoor in kernel for Android, "Pi" devices | Ars Technica
http://arstechnica.com/security/2016/05/chinese-arm-vendor-left-develope...

Viking Horde Malware Co-Ops Android Devices for Ad Fraud | Threatpost | The first stop for security news
https://threatpost.com/viking-horde-malware-co-ops-android-devices-for-a...

SS7 Attack Circumvents WhatsApp and Telegram Encryption
http://news.softpedia.com/news/ss7-attack-leaves-whatsapp-and-telegram-e...

Feds probe mobile phone industry over the sad state of security updates | Ars Technica
http://arstechnica.com/security/2016/05/feds-probe-mobile-industrys-secu...

Security researcher Stefan Esser releases iPhone & iPad jailbreak detection tool in iOS App Store | 9to5Mac
http://9to5mac.com/2016/05/10/security-research-stefan-esser-releases-ip...

Microsoft Security Intelligence Report: Top Takeaways | Threatpost | The first stop for security news
https://threatpost.com/old-exploits-die-hard-says-microsoft-report/117918/

Attackers Targeting Critical SAP Flaw Since 2013 | Threatpost | The first stop for security news
https://threatpost.com/attackers-targeting-critical-sap-flaw-since-2013/...

Facebook Capture The Flag Platform Open Source | Threatpost | The first stop for security news
https://threatpost.com/facebook-makes-its-ctf-platform-freely-available/...

Snowden's Surveillance Leaks Made People Less Likely to Read About Surveillance | Motherboard
http://motherboard.vice.com/read/snowdens-surveillance-leaks-made-people...

lcamtuf's blog: Clearing up some misconceptions around the "ImageTragick" bug
https://lcamtuf.blogspot.com.br/2016/05/clearing-up-some-misconceptions-...

.:: Phrack Magazine ::.
http://www.phrack.org/issues/69/1.html

Untitled
https://threatbutt.com/press/Threatbutt-DZIR-2016.pdf

Craig Wright is not Satoshi Nakamoto - New Web Order
https://www.nikcub.com/posts/craig-wright-is-not-satoshi-nakamoto/

Extraordinary Claims Require Extraordinary Proof - Dr. Craig Wright BlogDr. Craig Wright Blog
http://www.drcraigwright.net/extraordinary-claims-require-extraordinary-...

I am Craig Wright, inventor of Craig Wright \u2022 The Register
http://www.theregister.co.uk/2016/05/03/bitcoin_craig_wright/

ImageMagick Security Issue - ImageMagick
https://www.imagemagick.org/discourse-server/viewtopic.php?t=29588

Public Exploits Available for ImageMagick Vulnerabilities | Threatpost | The first stop for security news
https://threatpost.com/public-exploits-available-for-imagemagick-vulnera...

Bipartisan Committee Leaders Seek Briefings from Communications Providers on Vulnerabilities of SS7 | Energy and Commerce Committee
https://energycommerce.house.gov/news-center/press-releases/bipartisan-c...

So \u2026 Now the Government Wants to Hack Cybercrime Victims | WIRED
https://www.wired.com/2016/05/now-government-wants-hack-cybercrime-victims/

Tuesday 10 May: Lauri Love ruling may create dangerous new police powers | Courage Love
https://freelauri.com/2016/04/28/tuesday-10-may-lauri-love-ruling-may-cr...

Eurocops get new cyber powers to hunt down terrorists, criminals | Ars Technica
http://arstechnica.com/tech-policy/2016/05/eurocops-get-new-cyber-powers...

Brazilian Judge Overturns 72-Hour WhatsApp Suspension | Threatpost | The first stop for security news
https://threatpost.com/brazilian-judge-overturns-72-hour-whatsapp-suspen...

Privacy Activists Cheer Passage of Email Privacy Act, Brace for Senate Battle | Threatpost | The first stop for security news
https://threatpost.com/privacy-activists-cheer-passage-of-email-privacy-...

Please Don't Pay Ransoms, FBI Urges - DataBreachToday
http://www.databreachtoday.com/blogs/please-dont-pay-ransoms-fbi-urges-p...

Hacking Slack accounts: As easy as searching GitHub | Ars Technica
http://arstechnica.com/security/2016/04/hacking-slack-accounts-as-easy-a...

Rainbow Six: Siege reportedly reveals your IP address to potential attackers | Ars Technica
http://arstechnica.com/gaming/2016/04/rainbow-six-siege-reportedly-revea...

Fraudsters Steal Tax, Salary Data From ADP - Krebs on Security
http://krebsonsecurity.com/2016/05/fraudsters-steal-tax-salary-data-from...

How the Pwnedlist Got Pwned - Krebs on Security
http://krebsonsecurity.com/2016/05/how-the-pwnedlist-got-pwned/

A Dramatic Rise in ATM Skimming Attacks - Krebs on Security
http://krebsonsecurity.com/2016/04/a-dramatic-rise-in-atm-skimming-attacks/

Dental Assn Mails Malware to Members - Krebs on Security
http://krebsonsecurity.com/2016/04/dental-assn-mails-malware-to-members/

10-Year-Old Hacks Instagram; Wins $10K From Facebook - Forbes
http://www.forbes.com/sites/thomasbrewster/2016/05/03/facebook-10-year-o...

Unskilled Pro-ISIS Hackers A Growing Threat | Threatpost | The first stop for security news
https://threatpost.com/unskilled-pro-isis-hackers-a-growing-threat/117726/

Q1 Summary from Chrome Security - Google Groups
https://groups.google.com/a/chromium.org/forum/#!topic/security-dev/2e-bkPdHvfE

Scourge of Android Overlay Malware on Rise | Threatpost | The first stop for security news
https://threatpost.com/scourge-of-android-overlay-malware-on-rise/117720/

Google Patches More Trouble in Mediaserver | Threatpost | The first stop for security news
https://threatpost.com/google-patches-more-trouble-in-mediaserver/117758/

Office 365 Vulnerability Exposed Any Federated Account | Threatpost | The first stop for security news
https://threatpost.com/office-365-vulnerability-exposed-any-federated-ac...

Microsoft Expands Bug Bounty Program, Preps Windows Server 2016 for Final Release | Threatpost | The first stop for security news
https://threatpost.com/nano-server-added-to-microsoft-bug-bounty-program...

Linux Foundation Badge Program Boost Open Source Security | Threatpost | The first stop for security news
https://threatpost.com/linux-foundation-badge-program-to-boost-open-sour...

Aging and bloated OpenSSL is purged of 2 high-severity bugs | Ars Technica
http://arstechnica.com/security/2016/05/aging-and-bloated-openssl-is-pur...

Commercial software chokkas with ancient brutal open source vulns \u2022 The Register
http://www.theregister.co.uk/2016/05/04/commercial_software_chokkas_with...

NIST readies 'post-quantum' crypto competition \u2022 The Register
http://www.theregister.co.uk/2016/05/04/nist_readies_postquantum_crypto_...

Flaws in Samsung's 'Smart' Home Let Hackers Unlock Doors and Set Off Fire Alarms | WIRED
https://www.wired.com/2016/05/flaws-samsungs-smart-home-let-hackers-unlo...

Defence bankrolls Oz Govt's infosec threat sharing strategy \u2022 The Register
http://www.theregister.co.uk/2016/05/04/defence_bankrolls_oz_govts_infos...

Wi-Fi network named 'mobile detonation device' grounds plane \u2022 The Register
http://www.theregister.co.uk/2016/05/03/wifi_hotspot_named_mobile_detona...

A Note on the Verizon DBIR 2016 Vulnerabilities Claims | OSVDB
https://blog.osvdb.org/2016/04/27/a-note-on-the-verizon-dbir-2016-vulner...

Collaborative Data Science - Inside the 2016 Verizon DBIR Vulnerability Section. - Kenna Blog
http://blog.kennasecurity.com/2016/05/collaborative-data-science-inside-...

James Clapper: Snowden sped up sophistication of crypto, "it's not a good thing" | Ars Technica
http://arstechnica.com/tech-policy/2016/04/top-intelligence-official-sno...

Viber Heats Up Crypto-Debate: Adds Encryption to 711 Million Users | Threatpost | The first stop for security news
https://threatpost.com/viber-heats-up-cypto-debate-adds-encryption-to-71...

UK intel agencies spy indiscriminately on millions of innocent folks | Ars Technica
http://arstechnica.com/tech-policy/2016/04/uk-secret-police-surveillance...

FBI paid at least $1.3M for zero-day to get into San Bernardino iPhone | Ars Technica
http://arstechnica.com/tech-policy/2016/04/fbi-paid-at-least-1-3m-for-ze...

The Other Reason the FBI Doesn't Want to Reveal Its Hacking Techniques | Motherboard
http://motherboard.vice.com/read/fbi-hacking-techniques

In a first, US military plans to drop "cyberbombs" on ISIS, NYT says | Ars Technica
http://arstechnica.com/security/2016/04/us-military-plans-to-drop-cyberb...

Hacking group "PLATINUM" used Windows' own patching system against it | Ars Technica
http://arstechnica.com/security/2016/04/hacking-group-platinum-used-wind...

The Uber scammers who take users for a (very expensive) ride | Money | The Guardian
http://www.theguardian.com/money/2016/apr/22/uber-scam-hacking-account-p...

German nuclear plant's fuel rod system swarming with old malware | Ars Technica
http://arstechnica.com/security/2016/04/german-nuclear-plants-fuel-rod-s...

Active drive-by exploits critical Android bugs, care of Hacking Team | Ars Technica
http://arstechnica.com/security/2016/04/active-drive-by-attacks-exploit-...

SpyEye Makers Get 24 Years in Prison - Krebs on Security
http://krebsonsecurity.com/2016/04/spyeye-makers-get-24-years-in-prison/

PoS Attack Net Crooks 20 Million Bank Cards, Up to $400 Million | Threatpost | The first stop for security news
https://threatpost.com/pos-attacks-net-crooks-20-million-stolen-bank-car...

New Decryptor Unlocks CryptXXX Ransomware | Threatpost | The first stop for security news
https://threatpost.com/new-decryptor-unlocks-cryptxxx-ransomware/117668/

Latest TeslaCrypt Targets New File Extensions, Invests Heavily in Evasion | Threatpost | The first stop for security news
https://threatpost.com/latest-teslacrypt-targets-new-file-extensions-inv...

Empty DDoS Threats: Meet the Armada Collective
https://blog.cloudflare.com/empty-ddos-threats-meet-the-armada-collective/

Core Windows Utility Can Be Used to Bypass AppLocker | Threatpost | The first stop for security news
https://threatpost.com/core-windows-utility-can-be-used-to-bypass-apploc...

One Million Access Facebook Over Tor | Threatpost | The first stop for security news
https://threatpost.com/one-million-access-facebook-over-tor/117653/

DRAM bitflipping exploits that hijack computers just got easier | Ars Technica
http://arstechnica.com/security/2016/04/dram-bitflipping-exploits-that-h...

How I Hacked Facebook, and Found Someone's Backdoor Script | DEVCORE \u6234\u592b\u5bc7\u723e
http://devco.re/blog/2016/04/21/how-I-hacked-facebook-and-found-someones...

The Ingenious Way Iranians Are Using Satellite TV to Beam in Banned Internet | WIRED
http://www.wired.com/2016/04/ingenious-way-iranians-using-satellite-tv-b...

Hector Martin on Twitter: "How to panic a current @grsecurity kernel as any user: $ script /dev/null
https://www.reddit.com/r/programming/comments/4gn0dr/hector_martin_on_tw...

Trent Smith on Twitter: "@riskybusiness I'm hoping @NSAGov just missed April Fools day by a couple of weeks https://t.co/CXe8dd0Isc"
https://twitter.com/TrentatESD/status/724598800921194496

Here are a bunch of links related to SWIFT:

$10 router blamed in Bangladesh bank hack - BBC News
http://www.bbc.com/news/technology-36110421

BAE Systems Threat Research Blog: Two bytes to $951m
http://baesystemsai.blogspot.com.br/2016/04/two-bytes-to-951m.html

CyberCrime & Doing Time: Is the Bank of Bangladesh ready for the Global Economy?
http://garwarner.blogspot.com.br/2016/04/is-bank-of-bangladesh-ready-for...

Exclusive: SWIFT warns customers of multiple cyber fraud cases | Reuters
http://in.reuters.com/article/us-cyber-banking-swift-exclusive-idINKCN0X...

Lessons Learned from Biggest Bank Heist in History -- CIO Update
http://www.cioupdate.com/trends/article.php/3600126/Lessons-Learned-from...

Bangladesh Bank hackers compromised SWIFT software, warning issued | Reuters
http://www.reuters.com/article/us-usa-nyfed-bangladesh-malware-exclusiv-...

'Crypto Wars' timeline: A history of the new encryption debate
http://www.dailydot.com/politics/encryption-crypto-wars-backdoors-timeli...

Brazilian Cybercrime Bills Threaten Open Internet for 200 Million People
https://theintercept.com/2016/04/26/brazilian-cybercrime-bills-threaten-...

How Hacking Team got hacked | Ars Technica
http://arstechnica.com/security/2016/04/how-hacking-team-got-hacked-phin...

How hackers eavesdropped on a US Congressman using only his phone number | Ars Technica
http://arstechnica.com/security/2016/04/how-hackers-eavesdropped-on-a-us...

Apple stops patching QuickTime for Windows despite 2 active vulnerabilities | Ars Technica
http://arstechnica.com/security/2016/04/apple-stops-patching-quicktime-f...

Adobe warns that uninstalling vulnerable QuickTime for Windows can break Creative Cloud | ZDNet
http://www.zdnet.com/article/adobe-warns-that-uninstalling-vulnerable-qu...

Microsoft Wins Widespread Support in Privacy Clash With Govt. | Threatpost | The first stop for security news
https://threatpost.com/microsoft-wins-widespread-support-in-privacy-clas...

Apple and FBI Faceoff at House Encryption Hearing | Threatpost | The first stop for security news
https://threatpost.com/apple-and-fbi-faceoff-at-house-encryption-hearing...

BlackBerry CEO Defends Lawful Access Principles, Supports Phone Hack | Threatpost | The first stop for security news
https://threatpost.com/blackberry-ceo-defends-lawful-access-principles-s...

2015 Google Android Security Report | Threatpost | The first stop for security news
https://threatpost.com/android-security-report-29-percent-of-active-devi...

Cisco Talos Blog: Widespread JBoss Backdoors a Major Threat
http://blog.talosintel.com/2016/04/jboss-backdoor.html

IRS Chief: Agency Faces Loss of Key InfoSec Personnel
http://www.govinfosecurity.com/irs-chief-agency-faces-loss-key-infosec-p...

Matthew Keys Sentenced to Two Years for Aiding Anonymous | WIRED
http://www.wired.com/2016/04/journalist-matthew-keys-sentenced-two-years...

A Scheme to Encrypt the Entire Web Is Actually Working | WIRED
http://www.wired.com/2016/04/scheme-encrypt-entire-web-actually-working/

Researchers Crack Microsoft and Google's Shortened URLs to Spy on People | WIRED
http://www.wired.com/2016/04/researchers-cracked-microsoft-googles-short...

Flashback: Declassified 1970 DOD cybersecurity document still relevant | Ars Technica
http://arstechnica.com/security/2016/04/flashback-declassified-1970-dod-...

Underwriters Labs refuses to share new IoT cybersecurity standard | Ars Technica
http://arstechnica.com/security/2016/04/underwriters-labs-refuses-to-sha...

New MIT Scanner Finds Web App Flaws in a Minute | Threatpost | The first stop for security news
https://threatpost.com/new-mit-scanner-finds-web-app-flaws-in-a-minute/1...

VMware Patches Critical Session Handling Vulnerability | Threatpost | The first stop for security news
https://threatpost.com/vmware-patches-critical-session-handling-vulnerab...

'Blackhole' Exploit Kit Author Gets 7 Years - Krebs on Security
http://krebsonsecurity.com/2016/04/blackhole-exploit-kit-author-gets-8-y...