Monday, April 30
TOP STORY
Certificate Transparency logging is now mandatory by Hanno Bock: beginning today, Google Chrome will require all new certs to be compliant with CT.
TWEET OF THE DAY
Current state of my inbox:
We’ve updated our privacy policy.
We’ve updated our privacy policy.
We’ve updated our privacy policy.
We’ve updated our privacy policy.
We’ve updated our privacy policy.
We’ve updated our privacy policy.
We’ve updated our privacy policy.
… @ncremins
OTHER ARTICLES WE’RE READING
Nothing has really changed and most VPNs are scams: SwiftonSecurity penned a colorful tweet thread about the almighty VPN
The position that “nobody noticed [the BGP hijacking of AWS traffic] for two hours” is “sheer lunacy” says Corey Quinn in his post Put Down the Pitchfork, AWS Didn't Steal Your Dunning-Krugerrands
Looks like Oracle’s patch for CVE-2018-2628 - Weblogic Server Deserialization Remote Command Execution can be bypassed
Some good lunch time reading: Protecting the nuclear facility supply chain. And while you’re at it, check out the WaPo cover story on Dragos
Blue team can have fun too: Locked Shields 2018, put on by the Cooperative Cyber Cyber Defense Centre of Excellence. NATO team won (congrats), and it also looks pretty cool
Creating a suborigin with existing tools + hacks by Devdatta Akhawe: How I learnt to play in the (CSP) Sandbox
Infection Monkey: an open source security tool for testing a data center's resiliency to perimeter breaches and internal server infection
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: zerodaily@hackerone.com
Get this email forwarded to you? Click here to subscribe to the Zero Daily
“Just pick a good VPN” is like telling thirsty people to “go to a store and drink clear liquid.”
They drank bleach, but at least you helped.
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.