Hacking, AppSec, and Bug Bounty newsletter
2018-01-23 | Norton insights report, Attacker silver bullet, and Cyber nuke brochures
Tuesday, January 23
Kaspersky researchers found an undocumented feature that can be used for remote access in industrial automation systems.
[augustine] Static Web Server Directory Traversal via Crafted GET Request [2 upvotes] - no bounty for this report to Node.js by @ysx.
[stagecafrstore.starbucks.com] CRLF Injection, XSS [14 upvotes] - no bounty for this report to Starbucks by @bobrov.
You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity
TWEET OF THE DAY
OTHER ARTICLES WE’RE READING
Norton’s cyber security insights report for 2017. Highlights: Almost 1 billion people in 20 countries directly lost money due to cybercrime last year. Total theft was tagged at $172B.
Kroll also published a business survey showing fraud and security incidents higher than ever in 2017
Intel posted updated guidance on Metldown/Spectre patches
agent rpc auth mechanism vulnerable to dns rebinding
Cyber nukes - there’s a brochure for that
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
Get this email forwarded to you? Click here to subscribe to the Zero Daily
Businesses suffered significant economic damage from fraud, with nearly one in four respondents (23%) reporting losses of 7% or more of company revenues…