Hacking, AppSec, and Bug Bounty newsletter
2019-02-22 | WinRAR’s 19-year old secret, dawgyg on Web Hacking ProTips, and Don’t expose Winbox to the internet
Friday, February 22
CheckPoint researchers found a code execution vulnerability in WinRAR that had existed for about 19 years.
TWEET OF THE DAY
How people think APT train to hack their network - @SwiftOnSecurity
OTHER ARTICLES WE’RE READING
CRXcavator by Duo Labs, a free service that analyzes Chrome extensions and produces comprehensive security reports.
NIST and NCCOE published a 191 page mobile device security cloud and hybrid builds report. Section 3.4.2 covers vulnerabilities.
Web Hacking ProTips interview with @thedawgyg by @yaworsk
MikroTik Firewall & NAT Bypass blog. TL;DR don’t expose Winbox to the internet.
Office of Science and Technology Policy published their 2nd report under the Trump Administration, several bulleted achievements in the cybersecurity section, mostly operational or structural in nature.
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: email@example.com
Remember, you're only "a corporate credit card" away from someone spinning up a new AWS account without your onerous controls. Aim to build guardrails, not impermeable gates, or you'll hate what happens next.