Hacking, AppSec, and Bug Bounty newsletter
2018-06-21 | Wavethrough browser bug, FormBook malware, and Cache-money’s GitHub privilege escalation bug
Thursday, June 21
Cyberspace operations are hard. Revised Joint Publication 3-12 includes discussions on the complexity of cyberspace and how one-party dominance is impossible. Politico has some thoughts on the 104-page document.
TWEET OF THE DAY
It is amazing how many Linux VMs I can run in the same amount of RAM as Chrome uses to load a single web page - @attrc
OTHER ARTICLES WE’RE READING
Google’s Jake Archibald stumbled into a cross-browser bug, dubbed Wavethrough, affecting Firefox, Chrome, and Edge. Entertaining read.
Cisco Talos new post on FormBook malware it has been tracking since May 2018. FormBook utilizes four different malicious documents in a single phishing email.
New botnet alert: Mylobot reported by DeepInstinct. “Once installed, the botnet shuts down Windows Defender and Windows Update while blocking additional ports on the Firewall.”
Nicholas Weaver thinks the US government needs to be more serious about supply chain attack risk
Cache-money’s privilege escalation on GitHub.
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
Get this email forwarded to you? Click here to subscribe to the Zero Daily
I now have a CVE number I can have etched on my grave. And I'm going to sit here and patiently await my invite to all the cool security parties.
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.