Hacking, AppSec, and Bug Bounty newsletter
2018-11-19 | Authentication bypass in NodeJS application by bl4de, Active Directory kill chain attack and defense, and Hack the planet
Monday, November 19
NATO looks at where the line is on declaring cyber activities “acts of war” reports WSJ’s Catherine Stupp. Answering the question, among others of “When does competition cross over into conflict?”
TWEET OF THE DAY
Call comes in:
“Hi this is Telstra, we need to verify your identity”
“Sure, can you verify your identity first?”
“Uh, we’re Telstra”
“Ah, but that’s not how this is going to work, can you verify my account information”
“But we need to verify you first!”
Yeah, nah, bye! - @troyhunt
OTHER ARTICLES WE’RE READING
Voxox data breach of massive database containing tens of millions of text messages, with password reset links, two-factor codes, shipping notifications and more reported by Techcrunch.
US Merchants need to get on the chip bandwagon, credit card fraud is on the rise. “These results directly reflect the lack of US merchant compliance with the EMV implementation.”
DMARC map and leaderboard : Information on 500k+ domains related to DMARC and SPF in various formats (map, globe, chart and table)
Nice repo on Active Directory kill chain attack and defense
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: email@example.com
The idea of "encryption at rest" in large cloud providers always struck me as focusing on the wrong things. If someone breaks into an AZ, steals the drives, escapes alive with them, reconstitutes them all and gets my data, I kinda think they deserve it?