2018-06-07 | VPNFilter malware is worse than originally thought, CyberWar Map, and The ultimate virus removal device

Thursday, June 7

TOP STORY

NTIA announces a new multistakeholder process on software component transparency, also known as "Software Bill of Materials." Upcoming meeting on 2018.07.19, all are welcome.

TWEET OF THE DAY

What’s one secret or piece of knowledge, big or small, that you know that you think more people should know? - @DrJoeHanson

OTHER ARTICLES WE’RE READING

VPNFilter Update: It’s targeting more makes/models of devices than initially thought, and has additional capabilities, including the ability to deliver exploits to endpoints reports Talos.
Read&Write Chrome Extension Same Origin Policy Bypass write up by @iammandatory featuring an impressive vendor response timeline. Fingers crossed for Matt’s tool + audit guide soon.
CyberWar Map: Cool visualization of state-sponsored attacks published by The National Security Archive’s Cyber Vault Project.
New charges were brought against Marcus Hutchins, aka MalwareTech, the WannaCry hero - Ars Technica.
Fix Me Stick: The ultimate virus removal device for three easy payments of $19.99!

ABOUT ZERO DAILY

Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.

Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?

Have a news tip / story to highlight? We’d love to hear about it. Email: zerodaily@hackerone.com

Get this email forwarded to you? Click here to subscribe to the Zero Daily

It is obvious that the scope of this campaign is far bigger than initially thought. The ability to infect endpoints introduces a new variable and the clean up process is more involved than just rebooting routers. Any exploit could have been used by the threat actors to target the computers behind infected routers.

Juniper Networks on VPNFilter

HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.