Hacking, AppSec, and Bug Bounty newsletter
2019-02-07 | Breachroom 2018, Business at work report, and Zemnmez’s alt Steam RCE path affected Chrome as well
Thursday, February 7
Templarbit’s breachroom 2018, key insights from data breaches and cyber-attacks of 2018. A few interesting notes: A unproportionally high number of successful attacks targeted American companies, Nearly half of all attacks came through the application layer, 49% of companies decided to disclose the breach right away, and about half were deemed high severity.
TWEET OF THE DAY
Best film score to listen to whilst hacking? - @cybergibbons
OTHER ARTICLES WE’RE READING
Zach Whittaker reports Several major companies are recording your iPhone screen while you use their apps — every tap and swipe, and sometimes even sensitive data.
@zemnmez’s alternate RCE path with steam affected chrome as well
This is a sad story reported on by SecJuice. If Daniel Ocean wasn’t fictitional, I’ll bet he’d take this Casino executive to task for his deplorable behavior.
Okta’s business at work report: companies getting better at MFA.
Lyft CISO Mike Johnson on red team, blue team and rockstar culture in infosec. Great thread (over 400 comments)
Burp Turbo Intruder gets a turbocharge with sortable columns and a halt button
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
Following a serious vulnerability disclosure affecting casinos globally, an executive of casino technology vendor Atrient has assaulted the security researcher who disclosed the vulnerability at the ICE conference in London.
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.