Hacking, AppSec, and Bug Bounty newsletter
2018-07-24 | No more phishing at Google, Huawei router botnet, and Electron makes open redirects great again
Tuesday, July 24
Researchers at the Israel Institute of Technology identified a security vulnerability in two related Bluetooth features: Secure Simple Pairing and LE Secure Connections. CERT has more in Vulnerability Note VU#304725
OTHER ARTICLES WE’RE READING
WSJ reports [paywall] that the US Department of Homeland Security (DHS) has revealed that a Russia-backed group hit hundreds of U.S. electrical utility targets last year and the campaign likely continues today. Axio’s Joe Uchill says it’s not time to panic (yet).
CVE-2017-17215 exploited by malware author to build 18,000-strong Huawei router botnet. The vulnerability is a known security flaw which Huawei had already published a security fix for. New Sky researcher Ankit Anhubav posted details on twitter.
No more Phishing at Google. Brian Krebs reports that since the company began requiring all employees to use physical Security Keys in place of passwords and one-time codes they have had zero phishing incidents.
Varonis published a report “The World in Data Breaches” last week. Total data records lost or stolen since 2013: 9.7 billion. About 64 percent of the total stolen data records occurred in the United States.
Electron makes open redirects great again. Michael Bentkowski blogged about a vulnerability in Google Hangout chat
Starting today, Google Chrome will issue warnings to users when they visit websites not equipped with HTTPS encryption with a valid certificate
GraphQL art by ITSecurityguard
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
They even found one vulnerable machine in their own lab. This was so that another research group, at MIT, could remotely operate the robot using virtual reality. “But we should’ve taken it offline after we were done”...
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.