Wednesday, November 8
TOP STORY
HACKTIVITY
application/x-brave-tab should not be readable. [7 upvotes] - $250 bounty for this report to Brave Software by @qab.
[www.threatcrowd.org] - SSRF : AWS private key disclosure [19 upvotes] - no bounty for this report to AlienVault by @ramsexy.
You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity
TWEET OF THE DAY
How @albinowax perforated DoD networks in "Cracking the Lens: Targeting HTTP's Hidden Attack-Surface" - @BlackHatEvents
OTHER ARTICLES WE’RE READING
Ethereum: Vulnerability in Parity Wallet
USG making big strides in DMARC implementation says the Global Cyber Alliance
Tool: LightBulb Framework
Scripts to test if clients are affected by the WPA2 #KRACK attack
A special kind of evil: “Fancy Bear” used NYC terror attack news to lure targets into loading malware
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: zerodaily@hackerone.com
Get this email forwarded to you? Click here to subscribe to the Zero Daily
“When the average breach has been there for 221 days — on average — the game’s over.”
Lisa Donnan at Cyber SAT Summit
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.