ZERO DAILY

Hacking, AppSec, and Bug Bounty newsletter

2018-05-15 | Blue cloud of death, EFAIL latest, and Apple ID-targeted GDPR phishing scam

Tuesday, May 15

TOP STORY

  • EFAIL latest: The high-level overview site: https://efail.de/ has been published by the researchers (yes, there’s a logo included) and Ars Technica’s Dan Goodin has an updated post which provides a good recap. Overall, lots of debate on both sides about the impact. Matthew Green saysthe real news here is probably about S/MIME, which is actually used in corporate e-mail settings. Attacking and modifying encrypted email stored on servers could actually happen, so this is a big deal.”  

TWEET OF THE DAY

  • Today, as your management loses their minds over another logo+branded "vuln" please don't forget that one allowing *remote code execution* was found over the weekend: https://www.trustwave.com/Resources/SpiderLabs-Blog/CVE-2018-1000136---Electron-nodeIntegration-Bypass/ … - this is probably a way bigger deal for 90% of orgs out there. - @dk_effect

OTHER ARTICLES WE’RE READING


ABOUT ZERO DAILY

Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.

Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?

Have a news tip / story to highlight? We’d love to hear about it. Email: zerodaily@hackerone.com

Get this email forwarded to you? Click here to subscribe to the Zero Daily


I still use it [PGP] every day to reply to the notification emails I get about a new MySpace message.

Eric Geller

 


HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.