2018-06-08 | Adobe Flash Zero Day, Encryption Act is back, and Frans Rosen’s Security Fest talk

Friday, June 8

TOP STORY

New Adobe Flash Zero Day CVE-2018-5002 was discovered by Icebrg’s security research team and reportedly used in a targeted attack in the Middle East. More from Krebs on Security and Adobe’s advisory.

TWEET OF THE DAY

If you at a conference, assume EVERYONE you meet is the CTO, can code, has degree(s), and didn’t go to the conference to tell you any of that. Booth people, janitors, everyone. You’ll have a better conference experience. - @shanselman

OTHER ARTICLES WE’RE READING

Ticketfly Cyber Incident Update “information including names, addresses, email addresses and phone numbers connected to approximately 27 million Ticketfly accounts was accessed.”
Breaking and abusing specifications and policies talk by Frans Rosen at Security Fest
Encryption Act is back introduced by a partisan group in the US House of Representatives. Genesis of bill was 2016, spurred by the FBI vs Apple iPhone encryption debates. More analysis by Tim Starks today in Politico, including tech co’s lobbying against it.
New and improved Gitrob
Laundromats mining cryptocurrency

ABOUT ZERO DAILY

Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.

Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?

Have a news tip / story to highlight? We’d love to hear about it. Email: zerodaily@hackerone.com

Get this email forwarded to you? Click here to subscribe to the Zero Daily

My reaction to people telling me about their blockchain-based voting scheme is roughly similar to how I would react to my anesthesiologist telling me about their belief in homeopathic remedies right before I'm wheeled into surgery.

Matt Blaze

HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.