Hacking, AppSec, and Bug Bounty newsletter
2018-01-05 | 1.2 B UIDAI records sold for $8, RCE bonus from Google Play, and CERT’s Spectre solution update
Friday, January 5
Aadhaar, India's National ID Database (UIDAI) with private information of nearly 1.2 Billion people was reportedly breached (and the data sold “repeatedly” for a whopping $8). Originally reported by Tribune India, Aadhaar claimed it was fake news, but now admits it appears to be an “instance of misuse”. When every admin is a super admin, there’s ripe chance for “misuse”.
SQL Injection on careers.razerzone.com within the Admin interface without any access credentials [12 upvotes] - no bounty for this report to Razer by @surfrdan.
You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity
OTHER ARTICLES WE’RE READING
Let’s get along: banks and retailers co-sign letter to congress in support federal legislation to protect personal information, including details of what Congress should enact legislation encompassing.
Re: Spectre. CERT updated VU#584653 Solution section to say “Apply Updates” rather than “Replace CPU hardware”. There is a new hope in the galaxy.
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: email@example.com
Get this email forwarded to you? Click here to subscribe to the Zero Daily
There will always be new threats…