Hacking, AppSec, and Bug Bounty newsletter
2017-05-22 | Mismorphism, h1-3120, and OWASP needs you
Monday, May 22
Good day here in Groningen, Netherlands. Make it a great week!
Story time from Mudge. What was life like working as a Unix admin for on USG system? For the expanded deep dive, read Mismorphism: a Semiotic Model of Computer Security Circumvention
Java Deserialization RCE via JBoss on card.starbucks.in [11 upvotes] - no bounty revealed for this report to Starbucks by @joaomatosf. CVE-2017-7504
Login with Google Not Authenticated on iOS App [6 upvotes] - $100 bounty for this report to Instacart by @bhavukjain1. Not authenticating a user properly and it can lead to access to user accounts.
You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity.
TWEET OF THE DAY
I have this Win10 Enterprise vm that I was using to test out various privacy settings. Here's some of the stuff I found out so far… @m8urnett
OTHER ARTICLES WE’RE READING
OWASP needs you: contribute to the mobile security testing guide
State trojans in Germany
Kids these days: Boy pranks dad with WannaCry ransomware screenshot
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: email@example.com
Get this email forwarded to you? Click here to subscribe to the Zero Daily
All IT jobs are cybersecurity jobs now.
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty solutions encompass vulnerability assessment, crowdsourced security testing and responsible disclosure management. Discover more about our hacker powered security testing solutions or Contact Us today.