Hacking, AppSec, and Bug Bounty newsletter
2019-05-08 | Verizon’s 2019 DBIR report, ChatOps Fail, and How to analyze firmware
Wednesday, May 8
Verizon’s latest 2019 data breach report is out. See the full summary of findings top read more. I liked Tim Stark’s quick review in today’s Politico, the heading aptly titled “Into the Breaches”: “Criminals (Tim says “hackers”, I modified as appropriate) are increasingly targeting corporate executives; cryptomining isn’t as common as news reports suggest; social-based attacks are declining, possibly because more-direct business email compromise attacks are rising; and the health care sector is the only industry where insider attacks are more common than outsiders. Some things remained the same: Financial motives are still No. 1 and espionage No. 2, and ransomware is going strong."
TWEET LINKEDIN POST OF THE DAY
CISO post Red Team report. - Gunter Ollmann
OTHER ARTICLES WE’RE READING
The future is now: Azure PowerShell access from your smartphone
ChatOps! Integrate everything! Err, maybe not
How to analyze firmware, educational resource from the PenTestPartners blog
Meissler notes: “It's worse to force users to change their passwords often because they'll start using stupid schemes that are easy to break.” referencing a recent RiskyBiz podcast
Firefox says “no to the [obfuscated] code”
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: email@example.com
A lot of cybersecurity reports driven by vendors go after the data and write about whatever they wanted to write about even if the data isn't substantiated