Hacking, AppSec, and Bug Bounty newsletter
2017-09-19 | CCleaner malware payload, Vevo data breach, and Cracking MtGox
Tuesday, September 19
CCleaner 5.33 being distributed by Avast contained a multi-stage malware payload that rode on top of the installation of CCleaner says Cisco’s Talos in recently published research, CCleanup: A Vast Number of Machines at Risk
[www.zomato.com] Union SQLi + Waf Bypass [8 upvotes] - $1,000 bounty for this report to Zomato by @gerben_javado. SQL Injection vulnerability in an end point that allowed bypass of WAF.
Stored XSS on member post feed [18 upvotes] - $1,000 bounty for this report to Rockstar Games by @0x0luke. Stored XSS vulnerability in Profile Feeds.
You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity
OTHER ARTICLES WE’RE READING
Cost of User Security Training Tops $290K Per Year according to Bromium.
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
Get this email forwarded to you? Click here to subscribe to the Zero Daily
Equifax’s data security and privacy measures have proved insufficient in mitigating data breach events.
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.