Solutions
- Initiatives
  - Business Initiatives
    What is your cybersecurity need?
  - Secure the Attack Surface
    Protect your evolving assets.
  - Secure Software Development
    Scale app security across the SDLC.
  - Digital Brand Trust
    Build your brand and protect your customers.
  - Ensure Compliance
    Meet compliance requirements and more.
  - Hidden Placeholder
    Hidden Placeholder
- Industries
  - Government
  - Financial Services
Products
- Explore
  - Explore the Products
    Reshaping the way companies find and fix critical vulnerabilities before they can be exploited.
  - Response
    The first step in receiving and acting on vulnerabilities discovered by third-parties.
  - Bounty
    Continuous testing to secure applications that power organizations.
  - Pentest
    Establish a compliant vulnerability assessment process.
  - HackerOne Clear
    Highly vetted, specialized researchers with best-in-class VPN.
  - Services
    Enhance your hacker-powered security program with our Advisory and Triage Services.
Why HackerOne
- For Hackers
Company
- About HackerOne
- In the News
  - Press
  - Press Archive
Resources
- Resources
- Events
  - Events
  - Security@ Conference
Contact Us

ZERO DAILY

Hacking, AppSec, and Bug Bounty newsletter

2019-04-09 | Zhang’s thumbdrive, Bad hacker stock art, and Cybersecurity Talent Initiative

Tuesday, April 9

TOP STORY

Lots of great insights in this thread in response to the question: “You’re the sole security person in a medium sized business with no formal security program, what do you do to defend the company and grow the security program?”. Links to Defensive Security Handbook, using the SANS top 20 as a framework to guide to the basics, the jargon free security model, and more.

TWEET OF THE DAY

New one for the annals of bad hacker stock art. I don't even know what concept is trying to be conveyed here - @gregotto

OTHER ARTICLES WE’RE READING

@WeldPod laments, “So the Secret Service stuck Zhang's thumbdrive into their computer.”
Contribute to open source tools you love. ActiveScan++ Pull #17 by @infosec_au
The Partnership for Public Service just announced Cybersecurity Talent Initiative, a public-private partnership that sounds like a decent gig. Work for a few years for Federal agency and get $75K in student loan assistance.
Inside a 2014 breach at a Saudi Embassy in the Netherlands by JM Porup of CSO. The attack compromised the Saudi embassy's non-classified computer network. They deployed a garden-variety rootkit on the workstation of the ambassador’s secretary and took over the embassy's official email account.

ABOUT ZERO DAILY

Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.

Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?

Have a news tip / story to highlight? We’d love to hear about it. Email: zerodaily@hackerone.com

If I ever find a vulnerability in any Cisco gear you can bet I’m naming the exploit “Panic! At the Cisco.”

@itsrajivshah

Strengthen Your Security Posture

Reduce your company’s risk of security vulnerabilities and tap into the world’s largest community of security hackers. Contact us today to see which program is the right fit.