Hacking, AppSec, and Bug Bounty newsletter
2017-08-23 | Cobots, Peripheral pwnage, and RB466
Wednesday, August 23
Exploiting Industrial Collaborative Robots. How an attacker can chain multiple vulnerabilities to remotely modify safety settings, causing physical harm to the robot’s surroundings by moving it arbitrarily.
Ability to login as any user without authentication if █████████ is empty [22 upvotes] - $6,000 bounty for this report to Ubiquiti Networks by @thenickdude.
SSRF in alerts.newrelic.com exposes entire internal network [20 upvotes] - no bounty for this report to New Relic by @albinowax.
You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity
TWEET OF THE DAY
A Wilson's Algorithm maze laid out as its spanning tree. - @rvosa
OTHER ARTICLES WE’RE READING
Peripheral pwnage: mousejacking over hostile airwaves
MSFT’s recent security intelligence report
Cyber39, UK startup accelerator’s cyber security initiative
RB466, featuring James Kettle from Portswigger
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
Get this email forwarded to you? Click here to subscribe to the Zero Daily
My iPad restarted, my phone restarted and my computer restarted, and that’s when I got the cold sweat and was like, ‘O.K., this is really serious