Hacking, AppSec, and Bug Bounty newsletter
2017-10-10 | Breach blame game, Cyber victims clueless, and POC for CVE-2017-12617
Tuesday, October 10
Nearly half of business owners were victims of cyber attack and didn’t know it says a recent Nationwide survey.
XSS in biz.mail.ru/error [25 upvotes] - $x bounty for this report to Mail.Ru by @ruvlol.
CSRF-Token leak by request forgery [3 upvotes] - swag awarded for this report to GitLab by @naure.
Twitter, Yahoo, Spotify, VK, and others have disclosed bugs on hacktivity in the past 24-hours (several paying out bounties over $1K)!
You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity
TWEET OF THE DAY
Google allows 37,000 Chrome users to be tricked with a fake extension by fraudulent developer who clones popular name and spams keywords. - @SwiftOnSecurity
OTHER ARTICLES WE’RE READING
Bitcoin mining command from one of the Kubernetes containers
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
Get this email forwarded to you? Click here to subscribe to the Zero Daily
Ultimately, the question of liability should not be about assigning blame, but how liability can be used in the interest of positive outcomes.