Hacking, AppSec, and Bug Bounty newsletter
2017-08-21 | Maersk’s $300M impairment, RETGUARD, and Distro for pentesting IoT devices
Monday, August 21
Holy solar eclipse Monday, Batman! Not in the path? You can watch the eclipse live (compliments of NASA).
NotPetya cost Maersk $300M. BBC also investigates how cyber criminals are targeting the shipping industry and Digital Journal digs a bit deeper. When in doubt, revert to celestial navigation and WWII tech.
Open prod Jenkins instance [273 upvotes] - $15,000 bounty for this report to Snapchat by @preben_ve. Holy IDOR. See also @nahamsec’s $5K bounty for RCE on a test Jenkins instance due to improper authentication flow.
You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity
TWEET OF THE DAY
#OAST makes #TOAST of vulnerable apps. - @portswigger
OTHER ARTICLES WE’RE READING
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: email@example.com
Get this email forwarded to you? Click here to subscribe to the Zero Daily
The threat of a ransomware attack, either targeted or random, is goading companies to take real security steps because the risk of a cyber security failure is no longer limited to reputation, or borne by customers, but is an existential risk to the company itself.