Tuesday, February 19
TOP STORY
Crowdstrike published their 2019 Global Threat Report, which included a ranking of threat groups based on their "breakout time." Russia leads the pack with a 20-minute breakout time.
TWEET OF THE DAY
Here is the whole exploit chain of Jenkins Unauthenticated RCE (and PoC video)
Hacking Jenkins Part 2 - Abusing Meta Programming for Unauthenticated RCE! - @orange_8361
OTHER ARTICLES WE’RE READING
The Today show profiled Stanford student and bug bounty hunter @cablej
Motherboard profiles Australian startup Azimuth Security, dealing in exploit trade to democratic governments worldwide
Third round of breached databases are up for sale on Dark Web, around 93 million more records per ZDNet.
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: zerodaily@hackerone.com
I'm personally aware of two federal agencies that are granted annual security exemptions for pre-2007 Office because mission workloads depend on complex spaghetti macro spreadsheets that no one understands.