My favorite thing this week: SwiftOnSecurity accidentally dropped a Confluence 0-day on Twitter. Oopsie.
https://www.theregister.co.uk/2019/12/05/atlassian_zero_day_bug/
An Android spoofing vulnerability is already being exploited by bank thieves. Hard to write secure apps when the platform doesn't help.
https://arstechnica.com/information-technology/2019/12/vulnerability-in-fully-patched-android-phones-under-active-attack-by-bank-thieves/
On that topic, here's a cool primer on Android reverse engineering.
https://maddiestone.github.io/AndroidAppRE/
TruffleHog is a new (and still a little rough) script to sniff out secrets from GitHub repos.
https://www.darknet.org.uk/2019/12/trufflehog-search-git-for-high-entropy-strings-with-commit-history/
AWS built a took to yell at you if you have open S3 buckets.
https://www.theregister.co.uk/2019/12/03/aws_s3_buckets/
That's the news, folks. Stay safe out there.