Hacking, AppSec, and Bug Bounty newsletter
2018-06-26 | Firefox Monitor, Recon.JSON, and Did Mandiant Hack Back?
Tuesday, June 26
Firefox Monitor taps into Have I Been Pwned and alerts users of breaches. Initial testing includes 250K accounts. Troy Hunt writes in a blog post about enhanced 1Password integration and that “you can search HIBP from directly within 1Password via the Watchtower feature in the web version of the product.”
TWEET OF THE DAY
In my inbox this morning: the best cybersecurity company name I have ever seen: "Secret Double Octopus" - @Bing_Chris
OTHER ARTICLES WE’RE READING
What did David Sanger actually see? What did FireEye actually do? Good summary by Cyberscooop. But many questions swirling around NYT writer David Sanger’s new book and the “hack back” implications of Mandiant / APT1. Richard Bejtlich, former Mandiant employee wrote in a blog post that “at no time when I worked for Mandiant or FireEye, or afterwards, was there ever a notion that we would hack into adversary systems.”
The Intercept writes about the NSA’s wiretap rooms in cities around America.
Wannacry phishing emails making the rounds
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
Get this email forwarded to you? Click here to subscribe to the Zero Daily
“One day I sat next to some of Mandiant’s team, watching the Unit 61398 hacking corps at work; it was a remarkable sight. My previous mental image of PLA officers was a bunch of stiff old generals sitting around in uniforms with epaulets, reminiscing about the glory days with Mao. But these guys were wearing leather jackets or just undershirts, and probably saw Mao only if they visited his mausoleum in Tiananmen Square.”
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.