Friday, June 21, 2019
TOP STORY
Dan Goodin broke a story about Firefox 0-days featuring research from Patrick Wardle and Philip Martin. In Dan’s words: This campaign used 2 Firefox 0days to install 2 different backdoors on Macs. Neither backdoor is well detected, and at least 1 completely bypasses Gatekeeper and XProtect. The attackers have a previous history of nasty exploits of unknown vulnerabilities. A little more context from @SecurityGuyPhil.
TWEET OF THE DAY
I found an SSRF today without access to the code, burp, or the asset; just talked with someone and found it via discussion :) - @d0nut
OTHER ARTICLES WE’RE READING
Imagine that an army of lemmings just jumped the queue at McDonald’s in front of you – and each is ordering a whopper…. Telegram’s tweet thread about a DDoS attack is quite entertaining and educational
$550k USD in 365 days on 187 bugs. Tell Naffy what you want to know.
RCE blog from @mrtuxracer. Good stuff on the bug, not so good stuff on the lack of responsiveness from the company.
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: zerodaily@hackerone.com
Only Immanuel Kant’s famously difficult “Critique of Pure Reason” registers a more challenging readability score than Facebook’s privacy policy.