ZERO DAILY

Hacking, AppSec, and Bug Bounty newsletter

2017-12-15 | TRISIS, Tanner’s hacker helper tools, and Safari allows special characters in the domain

Friday, December 15

TOP STORY

  • Dragos and FireEye both published writeups on the “TRISIS Malware” which targets Schneider Electric’s Triconex safety instrumented system (SIS). This is a blueprint for future industrial grid attacks, as Ars Technica notes.  

HACKTIVITY

Coinbase paid out not one but two bounties over $10K in the past 24-hours! U.S. Department of Defense, Adobe, Dashlane, Baidou, VLC, and more disclosed reports on hacktivity.

TWEET OF THE DAY

OTHER ARTICLES WE’RE READING

ABOUT ZERO DAILY

Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.

Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?

Have a news tip / story to highlight? We’d love to hear about it. Email: zerodaily@hackerone.com

Get this email forwarded to you? Click here to subscribe to the Zero Daily

Although the attack is not highly scalable, the tradecraft displayed is now available as a blueprint to other adversaries looking to target SIS and represents an escalation in the type of attacks seen to date as it is specifically designed to target the safety function of the process,

Dragos, Inc.