Hacking, AppSec, and Bug Bounty newsletter
2017-08-30 | 711M Records Spambot Dump, Down by the Docker, and XSS Challenge
Wednesday, August 30
Troy Hunt runs haveibeenpwned.com. He just added 711 million new records. Read about it: Inside the Massive 711 Million Record Onliner Spambot Dump
Stealing contact form data on www.hackerone.com using Marketo Forms XSS with postMessage frame-jumping and jQuery-JSONP [72 upvotes] - $1,500 bounty for this report to HackerOne by @fransrosen.
You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity
TWEET OF THE DAY
Peak ICO - @mikko
OTHER ARTICLES WE’RE READING
Securing Cyber Assets: Addressing Urgent Cyber Threats to Critical Infrastructure report by The President’s National Infrastructure Advisory Council (NIAC)
Down by the Docker - VM CTF from NotSoSecure
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: email@example.com
Get this email forwarded to you? Click here to subscribe to the Zero Daily
We believe the U.S. government and private sector collectively have the tremendous cyber capabilities and resources needed to defend critical private systems from aggressive cyber attacks—provided they are properly organized, harnessed, and focused. Today, we’re falling short.