Wednesday, January 17
TOP STORY
Trisis is out in the wild and it’s still nasty and still a mystery. The malware that shut down a Middle East oil and gas facility is stumping researchers thus far.
OTHER ARTICLES WE’RE READING
Skygofree writeup of new Android spyware discovered by Kaspersky Labs
Blockchain blues: TL;DR: you can hijack certain Lisk accounts and steal all their balance after only 264 evaluations of the address generation function (a combination of SHA-256, SHA-512, and a scalar multiplication over Ed25519’s curve).
Hacking Facebook accounts using CSRF in Oculus-Facebook integration
Censys subdomain finder by @christophetd
iCloud in China: Does Apple encrypt your iCloud backups? So what exactly is Apple storing in China? Thought-provoking questions by Matthew Green
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: zerodaily@hackerone.com
Get this email forwarded to you? Click here to subscribe to the Zero Daily
The Trisis malware framework is just one component of what would need to be a highly sophisticated, multi-step intrusion that first compromises industrial control equipment before covertly planting Trisis.
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.