Hacking, AppSec, and Bug Bounty newsletter
2017-04-17 | Fuzzbunch Shadow Brokers, IDF interview, and hack yourself first
Monday, April 17
Apparently holiday weekends bring big data dumps and big bug disclosures. Enjoy and make it a great week!
TODAY’S TOP STORY
What you need to know about Shadow Brokers latest dump: They’re (probably) Russian, the exploits have been fixed or denied by all companies, Fuzzbunch is NSA’s metasploit, and Shadow Brokers is likely in reference to a character from the Mass Effect series.
Remote Code Execution on Git.imgur-dev.com [50 upvotes] - $2,500 bounty for this report to Imgur by @orange. Rails static key leads to RCE vulnerability.
You can see all the latest and greatest disclosures and bounties on hackerone.com/hacktivity.
TWEET OF THE DAY
FUZZBUNCH IS NSA METASPLOIT!!!! I LOVE IT! THANK YOU @shadowbrokerss - @hackerfantastic
OTHER ARTICLES WE’RE READING
Motherboard asks, Why Did Microsoft Wait Six Months To Patch a Critical Word Zero-Day?
Q&A with the head of the Israel Defense Forces Cyber Division, his first interview according to Politico.
You can stop the engine of a moving vehicle by hacking into Bosch Drivelog ODB-II dongle.
Publicity stunt or a security test? Popular YouTubers pwned.
Githup repo with the files from Shadow Brokers exploit: EQGRP_Lost_in_Translation
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
Exclusive zero-days don't exist.