Hacking, AppSec, and Bug Bounty newsletter
2017-11-16 | White House VEP details, RCE in CouchDB, and Threat predictions for 2018
Thursday, November 16
The White House published: Vulnerabilities Equities Policy and Process (VEP) for departments and agencies of the United States Government (USG) adding some transparency to the VEP not seen before. Read the Wired review and the MIT Technology Review brings up a good point: should the gov stockpile bugs at all?
LOTS of bugs partially disclosed in the past 24-hours from Slack, Adobe, GitHub, Lyst, Automattic, GrabTaxi and more. You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity
CTF Hint: guess the virtual host on http://220.127.116.11/ to complete the first step
TWEET OF THE DAY
Tesla Semi Truck unveil to be webcast live on Thursday at 8pm! This will blow your mind clear out of your skull and into an alternate dimension. Just need to find my portal gun … - @elonmusk
OTHER ARTICLES WE’RE READING
Exploring the relationship between video game expertise and fluid intelligence. TL;DR, skilled gamers have high IQ scores :).
Threat predictions for 2018 by Kaspersky
Consumer watchdog firm Which?, published their toy safety alert for the holidays. It says what we all know: don’t buy connected toys for your kids.
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
Get this email forwarded to you? Click here to subscribe to the Zero Daily
It’s probably a bad idea to use more than one parser to process the same data.
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.