Hacking, AppSec, and Bug Bounty newsletter
2018-03-23 | Who is Guccifer 2.0, Facebook’s expanded bug bounty scope, and Drupal 7 and 8 core critical updates
Friday, March 23
Guccifer 2.0 is GRU, the Daily Beast reports. Here’s a bit more context from the Daily Beast Executive Editor. And Joe Uchill from Axios reported a few weeks ago on The Illinois Republican who catfished Guccifer 2.0. In other news, Hollywood firms are scrambling to secure the film rights.
XSS vulnerability in sanitize-method when parsing link's href [10 upvotes] - $1,500 bounty for this report to Ruby on Rails by @kaarloh.
Snapchat, Adobe, Automattic, Yahoo, Uber and others disclosed bugs on hacktivity in the past 24-hours.
You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity
OTHER ARTICLES WE’RE READING
Facebook plans to expand its bug bounty scope to include misuse of data in third-party apps
Drupal 7 and 8 core critical updates, psa-2018-001
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
Get this email forwarded to you? Click here to subscribe to the Zero Daily
Facebook says additional changes will be announced in the “coming weeks,” and that it intends to accelerate other data protection efforts it was already working on. Some of those, it says, were in response to forthcoming data protection rules in the European Union.
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.