Hacking, AppSec, and Bug Bounty newsletter
2017-09-19 | CCleaner malware payload, Vevo data breach, and Cracking MtGox
Tuesday, September 19
CCleaner 5.33 being distributed by Avast contained a multi-stage malware payload that rode on top of the installation of CCleaner says Cisco’s Talos in recently published research, CCleanup: A Vast Number of Machines at Risk
[www.zomato.com] Union SQLi + Waf Bypass [8 upvotes] - $1,000 bounty for this report to Zomato by @gerben_javado. SQL Injection vulnerability in an end point that allowed bypass of WAF.
Stored XSS on member post feed [18 upvotes] - $1,000 bounty for this report to Rockstar Games by @0x0luke. Stored XSS vulnerability in Profile Feeds.
You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity
OTHER ARTICLES WE’RE READING
Cost of User Security Training Tops $290K Per Year according to Bromium.
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
Get this email forwarded to you? Click here to subscribe to the Zero Daily
Equifax’s data security and privacy measures have proved insufficient in mitigating data breach events.