Hacking, AppSec, and Bug Bounty newsletter
2017-05-22 | Mismorphism, h1-3120, and OWASP needs you
Monday, May 22
Good day here in Groningen, Netherlands. Make it a great week!
Story time from Mudge. What was life like working as a Unix admin for on USG system? For the expanded deep dive, read Mismorphism: a Semiotic Model of Computer Security Circumvention
Java Deserialization RCE via JBoss on card.starbucks.in [11 upvotes] - no bounty revealed for this report to Starbucks by @joaomatosf. CVE-2017-7504
Login with Google Not Authenticated on iOS App [6 upvotes] - $100 bounty for this report to Instacart by @bhavukjain1. Not authenticating a user properly and it can lead to access to user accounts.
You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity.
TWEET OF THE DAY
I have this Win10 Enterprise vm that I was using to test out various privacy settings. Here's some of the stuff I found out so far… @m8urnett
OTHER ARTICLES WE’RE READING
OWASP needs you: contribute to the mobile security testing guide
State trojans in Germany
Kids these days: Boy pranks dad with WannaCry ransomware screenshot
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
Get this email forwarded to you? Click here to subscribe to the Zero Daily
All IT jobs are cybersecurity jobs now.