ZERO DAILY

Hacking, AppSec, and Bug Bounty newsletter

2018-05-15 | Blue cloud of death, EFAIL latest, and Apple ID-targeted GDPR phishing scam

Tuesday, May 15

TOP STORY

  • EFAIL latest: The high-level overview site: https://efail.de/ has been published by the researchers (yes, there’s a logo included) and Ars Technica’s Dan Goodin has an updated post which provides a good recap. Overall, lots of debate on both sides about the impact. Matthew Green saysthe real news here is probably about S/MIME, which is actually used in corporate e-mail settings. Attacking and modifying encrypted email stored on servers could actually happen, so this is a big deal.”  

TWEET OF THE DAY

  • Today, as your management loses their minds over another logo+branded "vuln" please don't forget that one allowing *remote code execution* was found over the weekend: https://www.trustwave.com/Resources/SpiderLabs-Blog/CVE-2018-1000136---Electron-nodeIntegration-Bypass/ … - this is probably a way bigger deal for 90% of orgs out there. - @dk_effect

OTHER ARTICLES WE’RE READING


ABOUT ZERO DAILY

Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.

Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?

Have a news tip / story to highlight? We’d love to hear about it. Email: zerodaily@hackerone.com

Get this email forwarded to you? Click here to subscribe to the Zero Daily


I still use it [PGP] every day to reply to the notification emails I get about a new MySpace message.

Eric Geller