Hacking, AppSec, and Bug Bounty newsletter
2018-03-09 | Operation bayonet, Cyberattacks at top of Global Risks Landscape, and Netlab details Memcache DDoS attacks
Friday, March 9
World Economic Forum’s Global Risks Landscape 2018 puts cyberattacks right up there with natural disasters and global warming as top risks to the world economy.
XSS through `__e2e_action_id` delivered by JSONP [34 upvotes] - $200 bounty + $400 bonus for this report to Quora by @0xnan.
CVE-2017-15277 on Profile page [8 upvotes] - no bounty for this report to Twitter by @emitrani.
You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity
TWEET OF THE DAY
Pitch: Kitchen Nightmares, but for security programs.
“Why do you have a bug bounty? You don’t even have an SDL!!”
“Your entire production system was out-of-scope for the last pen-test?!”
“Dark Web Threat Intelligence?! You don’t even have a bloody SIEM!” - @geoffbelknap
OTHER ARTICLES WE’RE READING
Chinese Qihoo 360's Netlab details the volume of recent Memcache DDoS attacks
Operation bayonet: Takeover, not takedown
Vuln prioritization is critical. Why?
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
Get this email forwarded to you? Click here to subscribe to the Zero Daily
If you run an ice cream shop, or a hospital, or a large multinational corporation, there isn’t much you’re going to be able to do about the next Category 5 hurricane or the Arctic melting. You’re also not in a position to do much about the increasingly likely prospect of a nuclear conflagration. But cybersecurity? You can do something about that. And that’s an important distinction.
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.