Hacking, AppSec, and Bug Bounty newsletter
2018-03-30 | Cloud Inquisitor, KLara, and CFP submission tips
Friday, March 30
MyFitnessPal breached. Notable due to large number of users exposed, 150 million. It appears the company has responded admirably “Four days after learning of the issue, the company began notifying the MyFitnessPal community”... Tell your friends and family to update their passwords if they re-used their MFP credentials across other online services.
controlled buffer under-read in pack_unpack_internal() [6 upvotes] - $500 bounty for this report to Ruby by @aerodudrizzt.
Blind XSS - Report review - Admin panel [20 upvotes] - $350 bounty for this report to Zomato by @gerben_javado.
You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity
TWEET OF THE DAY
So Georgia just passed a bill making unauthorized, but well meaning (no damage or theft) access to a computer illegal, meaning anybody noticing a vuln on a website can be sent to jail for up to a year. - @ErrataRob
OTHER ARTICLES WE’RE READING
Cloud Inquisitor by Riot Games will help you with preventing subdomain takeovers
KLara: Scan multiple YARA rules
Thinking about submitting to a CFP? Joe Fitz has some tips
CVE-2018-7160 - Pwning (NodeJS) Developers
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
Get this email forwarded to you? Click here to subscribe to the Zero Daily
Rockstars hacking the planet live onstage get lots of attention, but it's all the other types of presentations that actually convey information that can be directly applicable and most useful to attendees.
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.