Hacking, AppSec, and Bug Bounty newsletter
2017-12-04 | Common ports cheat sheet, The Cosmo Case, and Crypto Kitties
Monday, December 4
Get all instacart emails - missing rate limit on /accounts/register [7 upvotes] - $100 bounty for this report to Instacart by @003random.
Content Spoofing @ [redacted] [14 upvotes] - swag awarded for this report to WordPress by @hackerwahab.
Twitter and GitHub paid out > $10K bounties and Google Play awarded a bonus of $1k to a reporter for an RCE on an Android app.
You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity
TWEET OF THE DAY
Sometimes I wonder what it’s like to be on the receiving end of a RCE bug report. Shock? Panic? Impressed? Grateful? Need more coffee? - @seanmeals
OTHER ARTICLES WE’RE READING
Playback: Cisco patches critical bugs in webex
Persistent drive-by cryptomining coming to a browser near you - Malwayrebytes
Crypto Kitties: cats on the blockchain
This is why we can’t have nice things: “My staff log onto my computer on my desk with my login everyday...” @NadineDorries
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
Get this email forwarded to you? Click here to subscribe to the Zero Daily
If malvertising wasn’t bad enough as is, now it has a new weapon that works on all platforms and browsers.