Hacking, AppSec, and Bug Bounty newsletter
2017-12-12 | Road to Exim RCE, The ROBOT attack, and 4iQ discovers 1.4B clear text credentials
Tuesday, December 12
4iQ discovered a single file with a database of 1.4 billion clear text credentials — the largest aggregate database found in the dark web to date according to the researchers.
Content Security Policy not applied to error pages at multiple HackerOne endpoints [27 upvotes] - $500 bounty for this report to HackerOne by @wh47.
You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity
TWEET OF THE DAY
Put together a simple search for conferences, I'll keep adding as I go. Feel free to add. https://securedorg.github.io/community/search.html - @malwareunicorn
OTHER ARTICLES WE’RE READING
Road to Exim RCE - Abusing Unsafe Memory Allocator in the Most Popular MTA
Return Of Bleichenbacher's Oracle Threat: The ROBOT Attack
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
Get this email forwarded to you? Click here to subscribe to the Zero Daily
Is this vuln really serious enough to deserve a name, a logo and a web page?
We had considerable disagreement in our team about this. Juraj agreed only under protest. All complaints about this issue need to go to Hanno.