Hacking, AppSec, and Bug Bounty newsletter
2018-03-16 | US-CERT Alert on Russian attacks on critical US infrastructure, PKI explained, and The latest from CanSecWest
Friday, March 16
US-CERT Alert (TA18-074A) Russian attacks on government agencies and critical infrastructure. References Symantec’s Dragonfly. Politico’s Tim Starks parses the Russia sanctions and hacking accusations.
OTHER ARTICLES WE’RE READING
"we got shells." Trail of bits’ technical write up on the AMD flaws
TPM Genie repo by @uffeux. “Here you can find my white paper as well as TPM Genie itself: interposer firmware, hardware build plan, usage instructions, and a number of attack PoCs which I demoed today.”
Assemblyline by CSE - a malware detection and analysis tool
Richard Zhu is the 2018 Master of Pwn - See all the details of the $267,000 awarded
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
Get this email forwarded to you? Click here to subscribe to the Zero Daily
There is no immediate risk of exploitation of these vulnerabilities for most users. Even if the full details were published today, attackers would need to invest significant development efforts to build attack tools that utilize these vulnerabilities.
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.