Hacking, AppSec, and Bug Bounty newsletter
2017-12-01 | Google Caja bypass PoC’s, Bucket Stream, and Clarkson cyber attack
Friday, December 1
Department of Energy gets a grade on cyber security from the Inspector General: Progress was made but more to do.
Improper markup sanitization [10 upvotes] - $150 bounty for this report to Automattic by @edio.
Stored XSS using SVG on subdomain infra.mail.ru [2 upvotes] - no bounty for this report to Mail.Ru by @whitesector.
You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity
TWEET OF THE DAY
What is your favorite security news sources? How do you configure Twitter to be more organized? Anyone use other browser apps for news? - @missmalware
OTHER ARTICLES WE’RE READING
New Senate bill includes jail time for executives who conceal data breaches
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
Get this email forwarded to you? Click here to subscribe to the Zero Daily
This malspam campaign cannot be very effective, yet it occurs practically every day. That's a testament to how cheap and easy it is to establish these campaigns.
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.