Monday, March 19
TOP STORY
The Cambridge Analytica Files: Psyops and informational dominance. Lots swirling around this, including social graph math: how 270K facebook users could allow access to up to 50M+ individuals. Of note, Facbook’s CSO Alex Stamos deleted his CA-related tweets, read why.
HACKTIVITY
DOM Based XSS in mycrypto.com [19 upvotes] - no bounty for this report to MyCrypto by @bigshaq.
Gaining access to private topics using quoting feature [13 upvotes] - $256 bounty for this report to Discourse by @mishre.
You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity
OTHER ARTICLES WE’RE READING
DFIR tales: Ryan Benson says “always review search engine queries in #DFIR investigations”, and Nick Carr praises “the quiet hero who patiently reconstructed this evidence from RDP bitmap cache”.
Following the AMT / CTS scenario, a good reminder from Daniel Miessler: Responsible Disclosure? How About Responsible Behavior?
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne. \
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: zerodaily@hackerone.com
Get this email forwarded to you? Click here to subscribe to the Zero Daily
Fundamentally, information warfare is not conducive to democracy.
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.