Hacking, AppSec, and Bug Bounty newsletter
2018-09-12 | Dissecting the British Airways real time breach, Breaking the Facebook for Android App, and Bypassing CSP using polyglot JPEGs
Wednesday, September 12
RiskIQ dissected the British Airways real time breach tying the activity to threat group Magecart. WSJ interviewed some other experts on the incident as well.
TWEET OF THE DAY
I'm in India delivering a training course on TLS and the hotel gave me the best room in the house - @Scott_Helme
OTHER ARTICLES WE’RE READING
Ashley King’s $8,500 bounty from Facebook for Breaking The Facebook For Android App
How Microsoft details classifies Windows security bugs summary by ZDNet
Bypassing CSP using polyglot JPEGs by Portswigger
Hello to you to, FRB 121102.
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: email@example.com
One of the challenges that we see overall in the industry as … machines conduct more and more encrypted operations, it’s actually providing the bad guys some cover to be able to get in, operate and get data out. We’re fighting a different battle here. Our network security controls have not caught up and it is something I know that a lot of security architects and teams are just coming to understand.