Hacking, AppSec, and Bug Bounty newsletter
2018-04-04 | The good, bad, and ugly of the 2018 IBM X-Force report, Why cyber is the 5th domain of warfare, and The Roadrunner RCE
Wednesday, April 4
The 2018 IBM X-Force report is out. There’s a mix of good, bad, and ugly. The good: Top targeted industries experienced a decline in attacks and security incidents — down 18 percent and 22 percent, respectively; The bad: WannaCry spread to 150 countries and was responsible for USD8 Billion in damages; and The Ugly: Inadvertent insiders leaked millions of records including a 424% increase in records compromised as a result of misconfigured cloud servers.
[redcated] CRLF Injection [13 upvotes] - $2,500 bounty for this report to Airbnb by @bobrov.
XSS on "[redacted]" via "stripping" attribute and "shop" parameter [20 upvotes] - $1,000 bounty for this report to Shopify by @bored-engineer.
You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity
TWEET OF THE DAY
please know that i have replied to your email in my heart. - @ameliargh
OTHER ARTICLES WE’RE READING
Badly-configured ISP equipment blocking access to 220.127.116.11 for some.
WordPress 4.9.5 is out and it's a Security and Maintenance Release
Intel’s microcode update guidance, including “Stopped” CPUs that will not get updates
When plans go a-rye. Feast on these stale infosec puns.
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: email@example.com
Get this email forwarded to you? Click here to subscribe to the Zero Daily
Do nothing- "You should have done something"
Do too little- "You should have done more"
Do the same as is being done to you- "You did too much"