Hacking, AppSec, and Bug Bounty newsletter
2017-12-15 | TRISIS, Tanner’s hacker helper tools, and Safari allows special characters in the domain
Friday, December 15
Dragos and FireEye both published writeups on the “TRISIS Malware” which targets Schneider Electric’s Triconex safety instrumented system (SIS). This is a blueprint for future industrial grid attacks, as Ars Technica notes.
Coinbase paid out not one but two bounties over $10K in the past 24-hours! U.S. Department of Defense, Adobe, Dashlane, Baidou, VLC, and more disclosed reports on hacktivity.
TWEET OF THE DAY
OTHER ARTICLES WE’RE READING
White House IT Modernization Center of Excellence includes recommendations for bug bounty programs.
Safari allows special characters in the domain?! The Good, The Bad and The Ugly of Safari in Client-Side Attacks
Tripwire: Inferring internet site compromise
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: email@example.com
Get this email forwarded to you? Click here to subscribe to the Zero Daily
Although the attack is not highly scalable, the tradecraft displayed is now available as a blueprint to other adversaries looking to target SIS and represents an escalation in the type of attacks seen to date as it is specifically designed to target the safety function of the process,