Hacking, AppSec, and Bug Bounty newsletter
2018-05-14 | EFAIL PGP vulnerabilities, Hide and Seek IoT malware can survive reboot, and When spies hack journalism
Monday, May 14
Researchers say they have found critical vulnerabilities in PGP/GPG and S/MIME email encryption penning the vuln name “EFAIL”. EFF wrote a series of posts warning and advising to immediately disable and/or uninstall tools that automatically decrypt PGP-encrypted email. Much debate around if this is FUD or for real? Details available in the efail attack paper.
TWEET OF THE DAY
Before anyone freaks out about "efail", realize that using it would be:
1) extremely easy to detect
2) archived in your target's email
As an attacker, I could not care less about this technique. It's intellectually neat, but operationally stupid. @danguido
OTHER ARTICLES WE’RE READING
LikeCoin? Facebook planning a cryptocurrency to coordinate digital payments on the platform.
Leaving on a jet plane: the trade in fraudulently obtained airline tickets research published by Springer’s Alice Hutchings
Symantec had a rough Friday in the public markets (their worst in 17-years) as they announced an internal investigation by the board’s audit committee. No other details to share yet. Of note, the stock rebounded 12% during intra-day trading today.
Bitdefender published updated info about IoT malware dubbed "Hide and Seek" that can survive device reboots
New York Times’ journalist Scott Shane writes a news analysis article on “When Spies Hack Journalism”.
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: email@example.com
Get this email forwarded to you? Click here to subscribe to the Zero Daily
“Here’s the reality: Most people don’t care about privacy… For those who doubt, here’s a pop quiz: When in the past two or three months did Facebook reach the highest point in app rankings in the Android app store? Literally the day after the #deletefacebook hashtag went viral.”
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.