ZERO DAILY

Hacking, AppSec, and Bug Bounty newsletter

2017-06-14 | Hidden Cobra, Cybering Up, and DMA attack software

Wednesday, June 14

Hump day is here - make it a great one!

TOP STORY

  • Hidden Cobra is North Korea’s DDoS Botnet Infrastructure. In a joint technical alert (TA17-164A) the DHS and FBI describe the tools and infrastructure used by cyber actors of the North Korean government and include solutions and mitigation strategies. They steer clear of the APT tag, however.

HACKTIVITY

  • Unsecured DB instance [34 upvotes] - $5,000 bounty for this report to Pornhub by @cyber-guard. Vulnerable OrientDB server instances were found to be vulnerable to script based remote code execution leading to privilege escalation.

  • DOM Based XSS In mercantile.wordpress.org [6 upvotes] - no bounty for this report to WordPress by @pabster. Good example of great communication: Triager: “this is a duplicate”, Hacker: “em, no it’s not and here’s why”, Triager: “doh, you’re right, sorry I missed that!”

Notables and interesting partially disclosed bugs: @fildescriptor nabbed a $7K+ bounty from Twitter, @wplus got $1K for their report to Snapchat, and Shopify-Scripts awarded over $4,000 in bounties yesterday.

You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity 

TWEET OF THE DAY

  • The Mother of All Skimmers #infosec #carders - @x0rz

OTHER ARTICLES WE’RE READING

ABOUT ZERO DAILY

Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.

Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?

Have a news tip / story to highlight? We’d love to hear about it. Email: zerodaily@hackerone.com

Get this email forwarded to you? Click here to subscribe to the Zero Daily

 

Due to the malware’s capability to act autonomously through time bombs, passive defenses such as air gapping will not prevent the malware from being activated once in the network.

NERC Advisory