Hacking, AppSec, and Bug Bounty newsletter
2017-10-16 | KRACK, G-7 Cybersecurity Elements for Financial Sector, and AppSec USA videos
Monday, October 16
It’s KRACK coordinated disclosure day. Flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping discovered by Mathy Vanhoef and Frank Piessens of Belgian university KU Leuven (go #teambelgium). So what now? - Alex Hudson shares some thoughts.
[mercantile.wordpress.org] Reflected XSS via AngularJS Template Injection [22 upvotes] - $300 bounty for this report to WordPress by @ysx.
A user with restricted privileges is able to view Phone Number + Billing Email of account owner [11 upvotes] - no bounty for this report to New Relic by @jon_bottarini.
You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity
OTHER ARTICLES WE’RE READING
Ars on the KRACK attack
No laughing matter. NYT looks at North Korea’s cyber power
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
Get this email forwarded to you? Click here to subscribe to the Zero Daily
Amid all the attention on Pyongyang’s progress in developing a nuclear weapon capable of striking the continental United States, the North Koreans have also quietly developed a cyberprogram that is stealing hundreds of millions of dollars and proving capable of unleashing global havoc.