Tuesday, January 23
TOP STORY
Kaspersky researchers found an undocumented feature that can be used for remote access in industrial automation systems.
HACKTIVITY
[augustine] Static Web Server Directory Traversal via Crafted GET Request [2 upvotes] - no bounty for this report to Node.js by @ysx.
[stagecafrstore.starbucks.com] CRLF Injection, XSS [14 upvotes] - no bounty for this report to Starbucks by @bobrov.
You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity
TWEET OF THE DAY
Information on my first CVE of 2018 is now public
#bugbounty https://moodle.org/mod/forum/discuss.php?d=364381 - @dawgyg
OTHER ARTICLES WE’RE READING
Norton’s cyber security insights report for 2017. Highlights: Almost 1 billion people in 20 countries directly lost money due to cybercrime last year. Total theft was tagged at $172B.
Kroll also published a business survey showing fraud and security incidents higher than ever in 2017
Intel posted updated guidance on Metldown/Spectre patches
agent rpc auth mechanism vulnerable to dns rebinding
Cyber nukes - there’s a brochure for that
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: zerodaily@hackerone.com
Get this email forwarded to you? Click here to subscribe to the Zero Daily
Businesses suffered significant economic damage from fraud, with nearly one in four respondents (23%) reporting losses of 7% or more of company revenues…
Kroll Annual Global Fraud & Risk Report
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.