Hacking, AppSec, and Bug Bounty newsletter
2017-06-01 | Snowden’s ghost, Crypto ponzi schemes, and Gov squad
Thursday, June 1
New month, start it off right!
Chris Vickery from UpGuard found something. Dan O’Sullivan writes about the discovery of a cache of 60K top secret documents that were found on an unencrypted AWS server. Did Snowden teach you nothing, Booz?
XSS at in instacart.com/store/partner_recipe [10 upvotes] - $150 bounty for this repor to Instacart by @ak1t4. Hacker called out fellow researcher, Karel Origin, referencing their report as inspiration.
Remote Code Execution (RCE) in a DoD website [3 upvotes] - no bounty for this report to U.S. Dept Of Defense by @0daystolive. No public vuln details but DoD called it a “clever demonstration”.
You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity.
OTHER ARTICLES WE’RE READING
The economics of security vulnerabilities: It’s about more than just the benjamin’s, says Alex Rice
The Nintendo Switch is a beast
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
Get this email forwarded to you? Click here to subscribe to the Zero Daily
If you can’t hack it, you don’t own it.
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty solutions encompass vulnerability assessment, crowdsourced security testing and responsible disclosure management. Discover more about our hacker powered security testing solutions or Contact Us today.