Hacking, AppSec, and Bug Bounty newsletter
2017-09-21 | Auto Triage Bot, Equifax links to fake phishing site, and SEC Edgar breach
Thursday, September 21
Access to GitLab's Slack by abusing issue creation from e-mail [12 upvotes] - no bounty for this report to GitLab by @intidc.
Homograph Attack Bypass [Tested on Linux & Windows] [9 upvotes] - $100 bounty for this report to Brave Software by @apapedulimu.
Hacktivity was on fire yesterday. Dropbox, Uber, TTS, DoD, Yahoo, Shopify, Twitter, WordPress, and others all posting bugs and bounties.
You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity
TWEET OF THE DAY
Equifax just linked customers to my fake phishing version of their site by accident. https://twitter.com/Equifax/status/910265181976104960 … - @thesquashSH
OTHER ARTICLES WE’RE READING
Aurora operation still active per Intezers Jay Rosenberg after digging into CCleaner.
Dropbox tripling bounties for RCE and awarding bonuses, bonuses, bonuses
Auto Triage Bot by @ddworken
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: email@example.com
Get this email forwarded to you? Click here to subscribe to the Zero Daily
“Rather than spending tons and tons of money on technology, put a little bit of money on talent and have them do nothing but patching.”