Hacking, AppSec, and Bug Bounty newsletter
2018-02-08 | Fancy bears’ focus, Google’s $12M in bounty payouts, and Cyber Bureau to the rescue
Thursday, February 8
‘Fancy Bear’ hackers took aim at US defense contractors, and BREAKING NEWS (not really), Russians hacked voter registration rolls in several states prior to 2016 election.
Ability to bypass partner email confirmation to take over any store given an employee email [92 upvotes] - $15,000 bounty + $250 bonus for this report to Shopify by @itscachemoney.
Unsafe Query Generation (CVE-2012-2660, CVE-2012-2694 and CVE-2013-0155) mitigation bypass [3 upvotes] - $1,500 bounty for this report to Ruby on Rails by @joernchen.
You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity
OTHER ARTICLES WE’RE READING
2017 saw a record number of exposed records (7.8 billion to be exact)
And it shall be called “Cyber Bureau” Secretary of State Rex Tillerson’s re-org plan
Google vulnerability reward program has paid out $12M to date ($2.9M in 2017)
Active Cyber Defence: one year on: paper written by Dr Ian Levy, Technical Director of the NCSC, following a year of the Active Cyber Defence programme.
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
Get this email forwarded to you? Click here to subscribe to the Zero Daily
We’ve almost gone back in time to use stand-alone systems if we’re processing client proprietary data — we’re FedEx’ing hard drives around.