Hacking, AppSec, and Bug Bounty newsletter
2017-06-26 | Ru5514, 32TB of MSFT core (maybe), and Brutal Kangaroo
Monday, June 26
Make it a great week!
Russia has been busy, suspected of UK Parliament cyber-attack, well-documented US Election meddling, and of course there’s Ukraine. In other Russia-related cyber news, FSTEC is getting source code access to Cisco, IBM and SAP and Washington says goodbye to Mr Kislyak.
local file disclosure via FFmpeg hls processing [53 upvotes] - $1,000 bounty for this report to VK.com by @neex. Continuing with our Russia-theme today, ironically the top disclosed report on hacktivity over the weekend was this report by @neex. This issue was disclosed among others at Phdays conference 2017 (slides).
Lots of new reports this weekend including bounties from Slack, Dashlane, Badoo, Rockstar, and Shopify.
You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity
OTHER ARTICLES WE’RE READING
Brutal Kangaroo, a stuxnet clone
VA fails cyber audit (no biggie, it always fails)
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: email@example.com
Get this email forwarded to you? Click here to subscribe to the Zero Daily
Good day to be an attorney, or a Maserati salesman
*Note, earlier version incorrectly stated that it was 1.2TB of data. This error has been corrected to reflect the actual claim of 1.2GB. Thank you to @it2o12 for pointing out the mistake.
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty solutions encompass vulnerability assessment, crowdsourced security testing and responsible disclosure management. Discover more about our hacker powered security testing solutions or Contact Us today.