Hacking, AppSec, and Bug Bounty newsletter
2017-10-09 | GCHQ and NCSC, PureVPN’s FBI assist, and Flickr mass upload bug
Monday, October 9
Did you miss us?
A lot happened over the past 2-weeks…Deloitte was breached, Showtime mining crypto coins, 702 has more than one meaning, The Chamber of Commerce (yep) has a cybersecurity summit and said cyber crime costs $450B per year, that high Sierra rarified bug air, but do update, please. Over The Air - Vol. 2 was published by Project Zero, Shopify paid a $20K bounty, Whole Foods was breached, Equifax’s former CEO blamed an IT worker for failing to patch - classy. Bloomberg said it was China (re: Equifax), my oh my yahoo, U.S. Senators want the DHS to have a bug bounty program, Senator Ron Wyden says SSA needs U2F, and the NSA was breached by Russian hackers.
GCHQ’s Director writes about the marriage between NCSC and GCHQ
FBI gets an assist from PureVPN to arrest cyberstalker
Exposed API-key allows to control nightly builds of firmwares (█████████ & ████████) [9 upvotes] - $1,250 bounty for this report to Ubiquiti Networks by @tripwire.
Subdomain Takeover via Unclaimed WordPress site [27 upvotes] - $250 bounty for this report to Snapchat by @ysx.
You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity
TWEET OF THE DAY
This… - @ch33r10
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
Get this email forwarded to you? Click here to subscribe to the Zero Daily
"'Country-1 has disabled auto-updates on software from Country-2' is the new 'Country-1 has recalled their ambassadors from Country-2'"
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.