Hacking, AppSec, and Bug Bounty newsletter
2017-11-13 | Verizon’s DBIR 2017, IcedID, and Analysis of the S8 data line locator
Monday, November 13
Command injection on Phabricator instance with an evil hg branch name [31 upvotes] - $1,000 bounty for this report to Phabricator by @pnig0s.
Opportunity to obtain private tweets through search widget preview caches [43 upvotes] - $1,120 bounty for this report to Twitter by @csanuragjain.
You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity
TWEET OF THE DAY
Bank websites don’t need to be secure. You heard it here first! - @troyhunt
OTHER ARTICLES WE’RE READING
Analysis of the S8 data line locator: Inside a low budget consumer hardware espionage implant
Amazon added 5 new S3 encryption & security features
IcedID: new banking trojan discovered by IBM X-Force Research
NYT reports on the NSA and Shadow Brokers: security breaches and spilled secrets
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
Get this email forwarded to you? Click here to subscribe to the Zero Daily
The S3 Console now displays a prominent indicator next to each S3 bucket that is publicly accessible.
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.