Hacking, AppSec, and Bug Bounty newsletter
2018-01-24 | Nuclear red team exercises, Hide N Seek IoT botnet, and Facebook’s $100K Secure the Internet Grant
Wednesday, January 24
What is the ultimate cyber threat to society? Hard to argue with a nuclear system breaches and exploitation. The Verge reports on International Atomic Energy Agency (IAEA) red team exercises. The margin of error is razor thin.
Claiming ownership of GitHub handles via forked GitHub gists [43 upvotes] - $1,000 bounty for this report to Keybase by @edio.
[serve] Directory index of arbitrary folder available due to lack of sanitization of %2e and %2f characters in url [7 upvotes] - no bounty for this report to Node.js third-party modules by @bl4de.
You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity
OTHER ARTICLES WE’RE READING
Facebook offering grants up to $100k to "Secure the Internet"
TinderDrift: Those swipes are using HTTP.
Vulns in Apple products: Safari, watchOS, iOS, High Sierra, Sierra, El Capitan, and tvOS could allow for arbitrary code execution.
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: email@example.com
Get this email forwarded to you? Click here to subscribe to the Zero Daily
It's the combination of two simple vulnerabilities that create a major privacy issue.