Hacking, AppSec, and Bug Bounty newsletter
2017-07-20 | Fragging leads to RCE, SecuSUITE, and CTIA vs DHS
Thursday, July 20
Hack’s on! #HackTor
Telecom lobby group (CTIA) dispute SS7 protocol vulnerabilities documented by DHS in their 125-page report on government mobile device security. Motherboard has the white paper sent to members of Congress and DHS. Full story: Telecom Lobbyists Downplayed ‘Theoretical’ Security Flaws in Mobile Data Backbone
SQL Injection, exploitable in boolean mode [19 upvotes] - $300 bounty for this report to Zomato by @kuroi-sh.
Token leakage by referrer [5 upvotes] - $60 bounty for this report to Legal Robot by @mostafamamdoh.
You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity
OTHER ARTICLES WE’RE READING
SecuSUITE for Government by Blackberry
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
Get this email forwarded to you? Click here to subscribe to the Zero Daily
When I was young the fear was nuclear war. Now, a small piece of malicious software can bring down a power grid. Investing in cybersecurity is a matter of national security. We must invest in programs that can create the next generation of cyber warriors. If we don’t invest in these programs now, we will never catch up.