Hacking, AppSec, and Bug Bounty newsletter
2019-02-07 | Breachroom 2018, Business at work report, and Zemnmez’s alt Steam RCE path affected Chrome as well
Thursday, February 7
Templarbit’s breachroom 2018, key insights from data breaches and cyber-attacks of 2018. A few interesting notes: A unproportionally high number of successful attacks targeted American companies, Nearly half of all attacks came through the application layer, 49% of companies decided to disclose the breach right away, and about half were deemed high severity.
TWEET OF THE DAY
Best film score to listen to whilst hacking? - @cybergibbons
OTHER ARTICLES WE’RE READING
Zach Whittaker reports Several major companies are recording your iPhone screen while you use their apps — every tap and swipe, and sometimes even sensitive data.
@zemnmez’s alternate RCE path with steam affected chrome as well
This is a sad story reported on by SecJuice. If Daniel Ocean wasn’t fictitional, I’ll bet he’d take this Casino executive to task for his deplorable behavior.
Okta’s business at work report: companies getting better at MFA.
Lyft CISO Mike Johnson on red team, blue team and rockstar culture in infosec. Great thread (over 400 comments)
Burp Turbo Intruder gets a turbocharge with sortable columns and a halt button
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
Following a serious vulnerability disclosure affecting casinos globally, an executive of casino technology vendor Atrient has assaulted the security researcher who disclosed the vulnerability at the ICE conference in London.