Hacking, AppSec, and Bug Bounty newsletter
2017-06-26 | Ru5514, 32TB of MSFT core (maybe), and Brutal Kangaroo
Monday, June 26
Make it a great week!
Russia has been busy, suspected of UK Parliament cyber-attack, well-documented US Election meddling, and of course there’s Ukraine. In other Russia-related cyber news, FSTEC is getting source code access to Cisco, IBM and SAP and Washington says goodbye to Mr Kislyak.
local file disclosure via FFmpeg hls processing [53 upvotes] - $1,000 bounty for this report to VK.com by @neex. Continuing with our Russia-theme today, ironically the top disclosed report on hacktivity over the weekend was this report by @neex. This issue was disclosed among others at Phdays conference 2017 (slides).
Lots of new reports this weekend including bounties from Slack, Dashlane, Badoo, Rockstar, and Shopify.
You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity
OTHER ARTICLES WE’RE READING
Brutal Kangaroo, a stuxnet clone
VA fails cyber audit (no biggie, it always fails)
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
Get this email forwarded to you? Click here to subscribe to the Zero Daily
Good day to be an attorney, or a Maserati salesman
*Note, earlier version incorrectly stated that it was 1.2TB of data. This error has been corrected to reflect the actual claim of 1.2GB. Thank you to @it2o12 for pointing out the mistake.