Hacking, AppSec, and Bug Bounty newsletter
2018-06-12 | Apple code signing vulnerability reported by Okta, The rise of cryptocurrency miners, and Burp Suite testing tips
Tuesday, June 12
Lack of input sanitization made the Crestron DGE-100 Console, a widely used video processing service, vulnerable to command injection that could be used to gain root-level access (CVE-2018-5553). Fixed last week, disclosed today in a blog post by Rapid7.
TWEET OF THE DAY
Spotted: A very performant car - @ayanonagon
OTHER ARTICLES WE’RE READING
Palo Alto Networks looks at the rise of cryptocurrency miners. Guess what? The “popularity of malicious cryptocurrency mining activity continues to skyrocket”.
Okta researcher Josh Pitts discovered a bypass in third party developers’ interpretation of code signing API which allowed for unsigned malicious code to appear to be signed by Apple.
Banco de Chile cyberattack mirrors attack on a Mexican bank per The Register
Burp Suite testing tips from Coalfire’s Esteban Rodriguez
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: email@example.com
Get this email forwarded to you? Click here to subscribe to the Zero Daily
NEVER, NEVER, NEVER, say, “My company would have “prevented Mirai, or WannaCry, or Meltdown/Spectre.” It may be true (doubtful) but you’ll only appear arrogant, which is never endearing to a customer.
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.