Hacking, AppSec, and Bug Bounty newsletter
2018-06-27 | WPA3 certification begins, Rancor cyber espionage group, and Thanatos Decryptor
Wednesday, June 27
The Wi-Fi Alliance is beginning to certify products that support WPA3. Daniel Miessler notes two major upgrades to security: 1) it makes it harder to do offline brute-forcing, and 2) it implements forward secrecy so that even if you do get access to some data it'll be a much smaller amount.
TWEET OF THE DAY
So here's the hard facts - I'm dipping into my pocket every week to the tune of... $7.40 for you guys to do 54M searches against a repository of half a billion passwords :) - @troyhunt
OTHER ARTICLES WE’RE READING
Palo Alto Networks Unit 42 details research on a new cyber espionage group dubbed RANCOR, which has been targeting political entities in Singapore, Cambodia, and Thailand.
Thanatos Decryptor: Cisco’s Talos releases a free decryption tool to help victims recover from the Thanatos malware
Exigent circumstances legal loophole could be used by law enforcement to download cell phone data without a warrant
FastBooking breach reported by Bleeping Computer
Gary is a hacker and proud of it
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
Get this email forwarded to you? Click here to subscribe to the Zero Daily
When anyone tries to sell you an IoT device, just remember that the Battlestar Galactica was the only ship to survive the Cylon attack because it was not networked to the rest of the fleet.
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.