Monday, September 11
TOP STORY
Equifax breach news from the past weekend: It might be Apache Struts (Zack Whittaker isn’t convinced yet). NYT says Equifax hack exposes regulatory gaps. Equifax says, come back on 9/13 to see if you were breached. And what about those credit freeze pins?
HACKTIVITY
Object Injection in Woocommerce / Handle PDT Responses from PayPal [3 upvotes] - $300 bounty for this report to Automattic by @slavco.
Stored XSS Deleting Menu Links in the Shopify Admin [22 upvotes] - $1,000 bounty for this report to Shopify by @azizs3curity.
You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity
OTHER ARTICLES WE’RE READING
Technical debt is a bear, just ask Equifax
Just say no to paperless voting machines: Virginia says adios DREs.
Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump Vulnerabilities
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: zerodaily@hackerone.com
Get this email forwarded to you? Click here to subscribe to the Zero Daily
I love the concept here of hitting an attack surface (a voice interface) right in front of us without our knowledge, but it's important to note that you should only be able to access commands that are already allowed. So it's not a matter of too much access, it's a matter of unknown access.
Daniel Miessler on the Alexa + Siri hack
2017-09-08 | Chaining vulns, Equifax breach, and Walruss election hack tools has been updated.