Hacking, AppSec, and Bug Bounty newsletter
2019-01-14 | Zero Daily is back! Your Infosec catch up Dec + Jan
Monday, January 14
Hello again, friends. Missed us? We missed you. <3
What’s been going on since we last published all the way back in December 2018?
Marriott had a breach and China’s playing the long game,
OWASP dropped their 2018 edition of the top 10 IoT vulnerabilities,
it took less than 1-day into 2019 for a data breach to be reported,
zseano found the coolest CSRF ‘bypass’ ever,
Joseph Cox has a tip for journos,
Motherboard reported that some big cell phone co’s are selling customers’ location data,
Signal Science’s Andrew Peterson crowdsourced infosec book recommendations,
Chris Roberts says there’s no such thing as security, just the measurement of risk,
The US Government shutdown affecting well, a lot of people including the DOJ’s cyber crime attorneys and Senator Ron Wyden is concerned about the shutdown’s impact of the IRS’ ability to defend against cyber criminals,
Stok asked #bugbounty twitterites what their top 3 tips for the next gen of bounty hunters are,
There’s a DNS hijacking wave targeting companies at a pretty fast clip,
And we’re sure we missed our share of spits and spats on Twitter (I mean, why do we; can’t we not, wouldn’t it be better if…). It’s like the philosopher 0daySimpson said:
“Don't let infosec distract you from hacking.”
2019, let’s do this.
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: email@example.com
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.