Hacking, AppSec, and Bug Bounty newsletter
2019-04-09 | Zhang’s thumbdrive, Bad hacker stock art, and Cybersecurity Talent Initiative
Tuesday, April 9
Lots of great insights in this thread in response to the question: “You’re the sole security person in a medium sized business with no formal security program, what do you do to defend the company and grow the security program?”. Links to Defensive Security Handbook, using the SANS top 20 as a framework to guide to the basics, the jargon free security model, and more.
TWEET OF THE DAY
New one for the annals of bad hacker stock art. I don't even know what concept is trying to be conveyed here - @gregotto
OTHER ARTICLES WE’RE READING
@WeldPod laments, “So the Secret Service stuck Zhang's thumbdrive into their computer.”
Contribute to open source tools you love. ActiveScan++ Pull #17 by @infosec_au
The Partnership for Public Service just announced Cybersecurity Talent Initiative, a public-private partnership that sounds like a decent gig. Work for a few years for Federal agency and get $75K in student loan assistance.
Inside a 2014 breach at a Saudi Embassy in the Netherlands by JM Porup of CSO. The attack compromised the Saudi embassy's non-classified computer network. They deployed a garden-variety rootkit on the workstation of the ambassador’s secretary and took over the embassy's official email account.
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
If I ever find a vulnerability in any Cisco gear you can bet I’m naming the exploit “Panic! At the Cisco.”