SMTP over XXE − how to send emails using Java’s XML parser
https://shiftordie.de/blog/2017/02/18/smtp-over-xxe/

Advisory: Java/Python FTP Injections Allow for Firewall Bypass
http://blog.blindspotsecurity.com/2017/02/advisory-javapython-ftp-injections.html

Microsoft Edge and IE: Type confusion in HandleColumnBreakOnColumnSpanningElement
https://bugs.chromium.org/p/project-zero/issues/detail?id=1011
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0037

Decrypting after a Findzip ransomware infection
https://blog.malwarebytes.com/cybercrime/2017/02/decrypting-after-a-findzip-ransomware-infection/

Nextcloud releases security scanner to help protect private clouds
https://nextcloud.com/blog/nextcloud-releases-security-scanner-to-help-protect-private-clouds/
https://scan.nextcloud.com/

Spammergate: The Fall of an Empire
https://mackeeper.com/blog/post/339-spammergate-the-fall-of-an-empire
http://www.csoonline.com/article/3176433/security/spammers-expose-their-entire-operation-though-bad-backups.html

Multiple vulnerabilities found in Wireless IP Camera (P2P) WIFICAM cameras and vulnerabilities in custom http server
https://pierrekim.github.io/blog/2017-03-08-camera-goahead-0day.html

The Skinner adware rears its ugly head on Google Play
http://blog.checkpoint.com/2017/03/08/skinner-adware-rears-ugly-head-google-play/

Content-Type: Malicious - New Apache Struts2 0-day Under Attack
http://blog.talosintelligence.com/2017/03/apache-0-day-exploited.html
https://cwiki.apache.org/confluence/display/WW/S2-045

Thou Shalt Not Depend on Me: Analysing the Use of Outdated JavaScript Libraries on the Web
http://www.ccs.neu.edu/home/arshad/publications/ndss2017jslibs.pdf

Mac FindZip ransomware decryption tool unzips your encrypted files
https://blog.avast.com/mac-findzip-ransomware-decryption-tool-helps-you-unzip-your-encrypted-files

Microsoft Security Bulletin Summary for March 2017
https://technet.microsoft.com/library/security/ms17-mar.aspx

Big this month, considering the pulling of last months update. Still haven’t received mine yet, but I’m in no rush.

Looking at the list, it doesn’t seem that Microsoft has learnt anything, same issues time and time again, ‘Remote Code Execution,’ 'Elevation of Privileges, ‘Information Disclosure,’ etc. etc.

Yep, let’s call it double-trouble.

The update this month also took almost as much time as a new install.

Either that or someone keeps figuring out ways to circumvent Microsoft fixes. Any way you look at Microsoft can’t get a handle on it.

You would like to hope that MS would actually be testing for these vulnerabilities when the elements are designed.

Taking Stock: Estimating Vulnerability Rediscovery
https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2928758

Star Trek Themed Kirk Ransomware Brings us Monero and a Spock Decryptor!
https://www.bleepingcomputer.com/news/security/star-trek-themed-kirk-ransomware-brings-us-monero-and-a-spock-decryptor/

Zero Days, Thousands of Nights - The Life and Times of Zero-Day Vulnerabilities and Their Exploits
http://www.rand.org/pubs/research_reports/RR1751.html
http://www.rand.org/content/dam/rand/pubs/research_reports/RR1700/RR1751/RAND_RR1751.pdf