Hacking, AppSec, and Bug Bounty newsletter
2019-04-04 | Jamie Dimon says cybersecurity is biggest threat to US financial system, Apache Root Privilege Escalation, and Treat your PoC’s with care
Thursday, April 4
Catching up after our amazing h1-65 live hacking event in Singapore. Happy Thursday!
JP Morgan Chairman and CEO Jamie Dimon said in his recent annual letter to shareholders: “The threat of cyber security may very well be the biggest threat to the U.S. financial system.” See page 34 in the letter where he discusses other cybersecurity perspectives.
TWEET OF THE DAY
For April Fools Day, I emailed some people I know at AV companies and told them @taviso has been trying to contact them urgently. - @martijn_grooten
OTHER ARTICLES WE’RE READING
CVE-2019-0211 Apache Root Privilege Escalation. Great writeup of a local privilege escalation vulnerability in Apache, featuring use-after-free exploits, fun with shared memory, and a clever exploitation of what happens when Apache restarts.
The CISO track at BSides LV seems like a fantastic idea. Registration is closed, but applause for the concept.
Australia’s new cyber budget ramps up after breach. To include cyber sprint teams and the creation of a cybersecurity response fund.
Stickers can be dangerous, at least to today’s autopilot tech
Eray gives you tips on how to prepare for a security engineer job interview (also, congrats on the new gig at Facebook!)
Ed advises, treat your PoC’s with care, and your #rickrollin
This was a good thread by @beauwoods on the Medtronic pacemaker RF vulnerability attack scenario. It sounds worse than it is.
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
I’m telling you, Ops people: IT Security needs your skillset. Security people don’t know the dirty terrible things that you know are normal terribleness. Are you a Desktop Helpdesk Specialist? Your LinkedIn now says “Desktop Security Engineer.” Do it. Everybody but you is.