ZERO DAILY

Hacking, AppSec, and Bug Bounty newsletter

2018-03-05 | Memcached DDoS method adds extortion, The malicious use of AI, and my weird path to #infosec

Monday, March 5

TOP STORY

HACKTIVITY

You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity  

TWEET OF THE DAY

  • Great advice from @fransrosen on how to write a report title today: the title should answer the "WHAT", "WHERE", "WHY", and "HOW". Example: instead of "XSS", use "Reflected XSS on http://site.com/page  due to unsanitized fragment redirect using javascript protocol" instead. - @jobertabma

OTHER ARTICLES WE’RE READING

ABOUT ZERO DAILY

Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.

Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?

Have a news tip / story to highlight? We’d love to hear about it. Email: zerodaily@hackerone.com

Get this email forwarded to you? Click here to subscribe to the Zero Daily


A Birst employee placed a copy of certain non-production components of the Birst software in a publicly-available S3 bucket to provide a prospective customer in the financial services industry non-production, read-only access to the software (a proof-of-concept). These components were not populated with data; no data from the financial institution was ever present in the test environment at any time, although the filename contained the name of the financial institution.

iTWire