Hacking, AppSec, and Bug Bounty newsletter
2018-01-23 | Norton insights report, Attacker silver bullet, and Cyber nuke brochures
Tuesday, January 23
Kaspersky researchers found an undocumented feature that can be used for remote access in industrial automation systems.
[augustine] Static Web Server Directory Traversal via Crafted GET Request [2 upvotes] - no bounty for this report to Node.js by @ysx.
[stagecafrstore.starbucks.com] CRLF Injection, XSS [14 upvotes] - no bounty for this report to Starbucks by @bobrov.
You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity
TWEET OF THE DAY
OTHER ARTICLES WE’RE READING
Norton’s cyber security insights report for 2017. Highlights: Almost 1 billion people in 20 countries directly lost money due to cybercrime last year. Total theft was tagged at $172B.
Kroll also published a business survey showing fraud and security incidents higher than ever in 2017
Intel posted updated guidance on Metldown/Spectre patches
agent rpc auth mechanism vulnerable to dns rebinding
Cyber nukes - there’s a brochure for that
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
Get this email forwarded to you? Click here to subscribe to the Zero Daily
Businesses suffered significant economic damage from fraud, with nearly one in four respondents (23%) reporting losses of 7% or more of company revenues…
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.