2017-12-05 | Commonspeak, Leakbase goes dark, and New America contesting “cyber”

Tuesday, December 5

TOP STORY

• Commonspeak: Content discovery wordlists built with BigQuery by @shubs and the pentester.io team.  

HACKTIVITY

• Multiple Subdomain takeovers via unclaimed instances [47 upvotes] - $8,000 bounty for this report to Starbucks by @benoculars.

• Stored Cross-Site scripting in the infographics using Data Objects links [5 upvotes] - no bounty for this report to Infogram by @sp1d3rs.

You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity

TWEET OF THE DAY

• In the 1980’s the CIA caught a contractor stealing information because a secretary notice the last login time for her terminal was not what it should be.
  
  Last Login Time may be one of the best bang for your buck security controls you can implement, but so few people do. - @chrissanders88

OTHER ARTICLES WE’RE READING

• ecdsa-key-recovery

• TIO PayPal data breach update

• European Parliament has approved budget for VLC bug bounty program

• FBI and Europol take down Andromeda botnet

• NEA is contesting the use of “cyber”.

• Leakbase goes dark

ABOUT ZERO DAILY

Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.

Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?

Have a news tip / story to highlight? We’d love to hear about it. Email: zerodaily@hackerone.com

Get this email forwarded to you? Click here to subscribe to the Zero Daily

The attachment of the prefix “cyber” to various nouns has left cyber-related concepts with a variety of underlying normative connotations.

Max Smeets and James Shires, New America

 

---

HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.