Thursday, June 28
TOP STORY
Marketing firm Exactis leaked 340 million PII records. Vinny Troia, the security researcher credited with uncovering the open database said “It seems like this is a database with pretty much every US citizen in it”. There's no evidence currently this is a breach.
TWEET OF THE DAY
My biggest security concern is phishing. It’s just too easy for bad actors to spin up a campaign nowadays which keeps my hypervigilant when anyone sends me an attachment. What’s your top security concern? - @reybango
OTHER ARTICLES WE’RE READING
DHS’ threat-sharing program AIS is barely used reports Cyberscoop. Not one entity or person to blame, but lots of room to improve.
Do you care about PCI compliance? This Saturday, is the deadline for disabling SSL/early TLS and implementing a more secure encryption protocol – TLS 1.1 or higher (might as well just make it TLS 1.3 which is coming soon) in order to meet the PCI Data Security Standard (PCI DSS) for safeguarding payment data.
Coin mining increased 629% in Q1 says McAfee report.
What is the definition of hacker? Motherboard chimes in.
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: zerodaily@hackerone.com
Get this email forwarded to you? Click here to subscribe to the Zero Daily
We had this grand vision that once we passed the bill that the legal obstacles and the perceptual obstacles would come down… and that everyone would be enthusiastically accepting threat information from the government and be sharing threat information back with the government.”
Rep. Jim Langevin, D-R.I. on CISA
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.