Hacking, AppSec, and Bug Bounty newsletter
2018-03-19 | DFIR tales, Stored XSS on Facebook, and How to hijack RDS
Monday, March 19
The Cambridge Analytica Files: Psyops and informational dominance. Lots swirling around this, including social graph math: how 270K facebook users could allow access to up to 50M+ individuals. Of note, Facbook’s CSO Alex Stamos deleted his CA-related tweets, read why.
DOM Based XSS in mycrypto.com [19 upvotes] - no bounty for this report to MyCrypto by @bigshaq.
Gaining access to private topics using quoting feature [13 upvotes] - $256 bounty for this report to Discourse by @mishre.
You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity
OTHER ARTICLES WE’RE READING
Following the AMT / CTS scenario, a good reminder from Daniel Miessler: Responsible Disclosure? How About Responsible Behavior?
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne. \
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
Get this email forwarded to you? Click here to subscribe to the Zero Daily
Fundamentally, information warfare is not conducive to democracy.
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.