Hacking, AppSec, and Bug Bounty newsletter
2017-06-15 | Muni bond cyber risks, Vine bug, and XSS-radar
Thursday, June 15
Have a great day!
Reuters digs into how the U.S. municipal bond market is slowly starting to pay heed to cyber risks. Even S&P Global has begun to quiz states, cities and towns about their cyber defenses. Some credit analysts are starting to factor cyber security when they look at bonds but Fitch Ratings still does not consider cyber security in its ratings, and many investors still are not concerned enough to ask for details - yet.
Vine - overwrite account associated with email via android application [16 upvotes] - $280 bounty for this report to Twitter by @mishre. A logic issue in the Vine signup flow allowed a user to create a new account that would be associated with a user’s email, which could result in the user being unable to access their original account.
Open redirect / Reflected XSS payload in root that affects all your sites (store.starbucks.* / shop.starbucks.* / teavana.com) [9 upvotes] - $375 bounty for this report to Starbucks by @inhibitor181.
You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity
OTHER ARTICLES WE’RE READING
XSS-radar by Bug Bounty Forum. Fuzz away.
How-To: Server Side Request Forgery (SSRF) by H1 co-founder Jobert Abma
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
Get this email forwarded to you? Click here to subscribe to the Zero Daily
We're trying to get sense of who has their head in the sand and who doesn't.