Hacking, AppSec, and Bug Bounty newsletter
2017-05-16 | The $10K killswitch bounty, Bell breach, and HACK
Tuesday, May 16
Yesterday was cyber attack Monday, today is killswitch Tuesday.
Internet Bug Bounty and HackerOne (that’s us) awarded the researcher responsible for discovering the WannaCry “killswitch” $10K and he’s donating it to charity. Read more in The Telegraph and Business Insider.
WannaCrypt “Killswitch” [154 upvotes] - $10,000 for this report to the Internet Bug Bounty by @MalwareTech. Nuff said.
Persistent CSRF in /GiftCert-AddToBasket prevents purchases on eCommerce sites [13 upvotes] - $750 bounty for this report to Starbucks by @inhibitor181. Exploit to permanently lock a user's possibility of ever buying anything from teavana.com by removing the credit card payment method.
You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity.
TWEET OF THE DAY
So @Hacker0x01 have awarded me a $10,000 bounty for the "kill-switch". I plan on splitting it between to-be-decided charities and education. - @MalwareTechBlog
OTHER ARTICLES WE’RE READING
Patrick Gray isn’t so sure that Brad Smith’s NSA-blasting blog isn’t just a big distraction
Latest data breach, Bell.
NSE (nmap) script to detect the vulnerability ms17-010 used by WannaCry
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
Get this email forwarded to you? Click here to subscribe to the Zero Daily
I don't do what I do for money or fame.
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty solutions encompass vulnerability assessment, crowdsourced security testing and responsible disclosure management. Discover more about our hacker powered security testing solutions or Contact Us today.