Hacking, AppSec, and Bug Bounty newsletter
2017-11-08 | ChromeOS $100K bounty, LightBulb Framework, and Parity Wallet vuln
Wednesday, November 8
application/x-brave-tab should not be readable. [7 upvotes] - $250 bounty for this report to Brave Software by @qab.
[www.threatcrowd.org] - SSRF : AWS private key disclosure [19 upvotes] - no bounty for this report to AlienVault by @ramsexy.
You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity
TWEET OF THE DAY
How @albinowax perforated DoD networks in "Cracking the Lens: Targeting HTTP's Hidden Attack-Surface" - @BlackHatEvents
OTHER ARTICLES WE’RE READING
Ethereum: Vulnerability in Parity Wallet
USG making big strides in DMARC implementation says the Global Cyber Alliance
Tool: LightBulb Framework
A special kind of evil: “Fancy Bear” used NYC terror attack news to lure targets into loading malware
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
Get this email forwarded to you? Click here to subscribe to the Zero Daily
“When the average breach has been there for 221 days — on average — the game’s over.”