Hacking, AppSec, and Bug Bounty newsletter
2018-02-27 | Memory segmentation cheat sheet, Cellebrite’s iPhone magic trick, and 2018 Global Threat Report by Crowdstrike
Tuesday, February 27
Crowdstrike’s 2018 Global Threat Report, Tim Starks opines that it’s all bad news. CyberWire says: Among the findings are the rise of supply chain compromise and cryptocurrency related fraud as significantly expanded attack vectors. Another interesting finding is the speed with which successful attackers are able to pivot laterally from an initial compromise: just under two hours.
RCE using bash command injection on /system/images (toimitilat.lahitapiola.fi) [48 upvotes] - $6,300 bounty for this report to Local Tapiola by @yonm13.
POODLE SSLv3 bug on multiple twitter smtp servers [22 upvotes] - $280 bounty for this report to Twitter by @omespino.
You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity
OTHER ARTICLES WE’RE READING
FTC’s VPN basics blog: Shopping for a VPN? Read this
Cellebrite claims ability to unlock pretty much every iPhone on the market
Global Engagement Center: counter propaganda and disinformation from foreign nations.
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
Get this email forwarded to you? Click here to subscribe to the Zero Daily
When writing about this kind of research, it’s important for us to properly contextualize it and make clear that while a lot of these techniques are indeed cutting edge and cool, most of them are unlikely to ever be deployed against the average consumer; unless you just want to create a piece of hack porn.
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.