Hacking, AppSec, and Bug Bounty newsletter
2018-05-30 | Xbooster malware, JWT Tokens security, and Europol’s dark web team
Wednesday, May 30
Cloudflare's 220.127.116.11 DNS service was rerouted through a BGP leak lasting less than 2 minutes reports Ars Technica’s Dan Goodin. Related, see BGPStream event recap.
TWEET OF THE DAY
Two posts I made a while back but have been discussed a lot recently when chatting to folks about #BugBounty… - @ZephrFish
OTHER ARTICLES WE’RE READING
Europol announced the creation of a dedicated dark web team
Xbooster malware abuses AWS to hijack computers and mine cryptocurrency
ZenMate VPN Browser Extension Deanonymization & Hijacking Vulnerability write up by @IAmMandatory
Creating a network of fake carding sites may be the perfect cybercrime says Brian Krebs. Brian dives deep on the Joker Stash carding site and scammers scamming scammers
The first cyberattack took place nearly 200 years ago in France
JWT Tokens Security presentation by Louis Nyffenegger of @PentesterLab
NahamSec’s latest edition to Lazyrecon: script to pull list of domains from crt.sh for automation
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
Get this email forwarded to you? Click here to subscribe to the Zero Daily
...Network attacks do not just pre-date modern electronic networks – they are as old as networks themselves… with any new invention, people will always find a way to make malicious use of it. This is a timeless aspect of human nature, and is not something that technology can or should be expected to fix.
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.