Mike Mimoso and Chris Brook recap the first day of this year’s Security Analyst Summit, including Mark Dowd’s memory corruption bug keynote, the digital archeology around Moonlight Maze, ATM hacking, and the Lazarus APT.

This year’s Security Analyst Summit is previewed and the news of the week is discussed, including a Microsoft IIS zero day, a new Mirai variant, and the broadband privacy ruling.

Researchers are tracking a new variant of the Mirai malware after it launched a 54-hour long DDoS attack against a U.S. college.

VMware patched vulnerabilities uncovered earlier this month at Pwn2Own that could have let an attacker execute code on the VMware Workstation and carry out a virtual machine escape.

Five vulnerabilities exist in Siemens RUGGEDCOM gear; the vendor has made a number of workarounds available, but it’s unknown whether patches will be made available.

Researchers have disclosed a zero-day vulnerability and proof-of-concept exploit for a flaw in Microsoft IIS 6.0. The zero-day has been under attack since last July, the researchers said.

Apple fixed hundreds of bugs, 223 to be exact, across macOS Sierra, iOS, Safari, watchOS, and tvOS on Monday.

Microsoft patched a zero-day vulnerability actively used in a campaign by a hacking group known as Zirconium.

Researchers report new connections between Magic Hound and Shamoon 2, along with descriptions of how the Disttrack malware component of campaigns moves laterally within infected networks.

The latest Wikileaks dump of Apple hacking tools, the LastPass vulnerabilities, and a new Android security report are discussed.