Hacking, AppSec, and Bug Bounty newsletter
2018-11-15 | Privacy not included by Mozilla, Google bots as an attack vector, and Seven new CPU attacks
Thursday, November 15
FireEye’s 2019 security predictions report was published today. No surprises of top concerns or crystal ball predictions. At the top of the list is more nations continuing to develop offensive capabilities. Other trends include continued prediction of cyber skills shortage, supply chain as a weakness, attackers emphasis on the cloud and more (see page 5 for quick bullet list).
TWEET OF THE DAY
Under what conditions are TLS certificate errors, let’s say on a website, NOT a vulnerability? Or, are cert error always a vulnerability? - @jeremiahg
OTHER ARTICLES WE’RE READING
Japan's cyber-security minister has 'never used a computer'. Kim Zetter has a good point though: “Not unlike many US federal lawmakers who craft policy on encryption, cybersecurity, etc. who don't use email, smartphones, etc.”
Must read: Privacy not included by the Mozilla team: Their 2nd gadget review grading privacy and security just in time for the holidays.
Motherboard highlights underground travel agents, offering 5-star hotels on the cheap.
Using Google Bots as an Attack Vector analysis of an F5 report by netsparker
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
not a cellphone in sight. just people living in the moment. absolutely beautiful, wish we could go back
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.