1681

SMTP over XXE − how to send emails using Java’s XML parser
https://shiftordie.de/blog/2017/02/18/smtp-over-xxe/

1682

Advisory: Java/Python FTP Injections Allow for Firewall Bypass
http://blog.blindspotsecurity.com/2017/02/advisory-javapython-ftp-injections.html

1683

Microsoft Edge and IE: Type confusion in HandleColumnBreakOnColumnSpanningElement
https://bugs.chromium.org/p/project-zero/issues/detail?id=1011
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0037

1684

Decrypting after a Findzip ransomware infection
https://blog.malwarebytes.com/cybercrime/2017/02/decrypting-after-a-findzip-ransomware-infection/

1685

Nextcloud releases security scanner to help protect private clouds
https://nextcloud.com/blog/nextcloud-releases-security-scanner-to-help-protect-private-clouds/
https://scan.nextcloud.com/

1686

Spammergate: The Fall of an Empire
https://mackeeper.com/blog/post/339-spammergate-the-fall-of-an-empire
http://www.csoonline.com/article/3176433/security/spammers-expose-their-entire-operation-though-bad-backups.html

1687

Multiple vulnerabilities found in Wireless IP Camera (P2P) WIFICAM cameras and vulnerabilities in custom http server
https://pierrekim.github.io/blog/2017-03-08-camera-goahead-0day.html

1688

The Skinner adware rears its ugly head on Google Play
http://blog.checkpoint.com/2017/03/08/skinner-adware-rears-ugly-head-google-play/

1689

Content-Type: Malicious - New Apache Struts2 0-day Under Attack
http://blog.talosintelligence.com/2017/03/apache-0-day-exploited.html
https://cwiki.apache.org/confluence/display/WW/S2-045

1690

Thou Shalt Not Depend on Me: Analysing the Use of Outdated JavaScript Libraries on the Web
http://www.ccs.neu.edu/home/arshad/publications/ndss2017jslibs.pdf

1691

Mac FindZip ransomware decryption tool unzips your encrypted files
https://blog.avast.com/mac-findzip-ransomware-decryption-tool-helps-you-unzip-your-encrypted-files

1692

Microsoft Security Bulletin Summary for March 2017
https://technet.microsoft.com/library/security/ms17-mar.aspx

1693

Big this month, considering the pulling of last months update. Still haven’t received mine yet, but I’m in no rush.

Looking at the list, it doesn’t seem that Microsoft has learnt anything, same issues time and time again, ‘Remote Code Execution,’ 'Elevation of Privileges, ‘Information Disclosure,’ etc. etc.

1694

Yep, let’s call it double-trouble. :wink:

1695

The update this month also took almost as much time as a new install.

1696

Either that or someone keeps figuring out ways to circumvent Microsoft fixes. Any way you look at Microsoft can’t get a handle on it.

1697

You would like to hope that MS would actually be testing for these vulnerabilities when the elements are designed.

1698

Taking Stock: Estimating Vulnerability Rediscovery
https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2928758

1699

Star Trek Themed Kirk Ransomware Brings us Monero and a Spock Decryptor!
https://www.bleepingcomputer.com/news/security/star-trek-themed-kirk-ransomware-brings-us-monero-and-a-spock-decryptor/

1700

Zero Days, Thousands of Nights - The Life and Times of Zero-Day Vulnerabilities and Their Exploits
http://www.rand.org/pubs/research_reports/RR1751.html
http://www.rand.org/content/dam/rand/pubs/research_reports/RR1700/RR1751/RAND_RR1751.pdf