Hacking, AppSec, and Bug Bounty newsletter
2019-02-20 | WordPress 5.0.0 RCE, Krebs dives deep on recent DNS hijacking attacks, and CERN reproduced the first browser in all its glory
Wednesday, February 20
Symantec published their internet security threat report. Highlights include formjacking as a “breakthrough” threat. Cryptojacking occurred 4x more than 2017, but trended down at the end of the year coinciding with cryptocurrency values tanking. Other high level stats include 78% increase in supply chain attacks, 100% increase in malicious powershell scripts and almost half of all malicious email attachments are Office files.
OTHER ARTICLES WE’RE READING
Krebs dives deep on recent DNS hijacking attacks
An independent security firm in Baltimore, Maryland reviewed 5 popular password managers
WordPress 5.0.0 RCE by Simon Scannell
The day is here: lightsaber dueling is declared an official sport in France reports the Verge
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
Large organizations down to mom-and-pop entities are not paying attention to some very basic security practices, like multi-factor authentication. These days, if you have a sub-optimal security stance, you’re going to get owned. That’s the reality today. We’re seeing much more sophisticated adversaries now taking actions on the Internet, and if you’re not doing the basic stuff they’re going to hit you.