Hacking, AppSec, and Bug Bounty newsletter
2018-04-06 | Third-party risk is your risk, Rank on Google for free, and DNS over Twitter
Friday, April 6
Amazing readers, we want to hear from you! Take this quick survey and let us know how we can improve #zerodaily (you may get lucky - like swag pack sent to your front door lucky :)
3rd party risk anyone? Chatbot provider 7.ai reported a breach affecting Delta and Sears and others? But curiously waited a while to report it to them. Delta says it was a "small subset" of customers affected. More from Gizmodo on the breach and CNet says Best Buy was affected too.
Check out: @wongmjane's Facebook bug reports
Automattic, Adobe, Yahoo, Node.js and others disclosed reports in the past 24-hours.
You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity
TWEET OF THE DAY
Local news had a segment on the Delta hack and interviewed a local security company. Two of the employees at the company were showing how hacking is done! - @Maliciouslink
OTHER ARTICLES WE’RE READING
Moxa industrial wireless networking gear vulnerabilities: In one case, attackers could potentially send commands to a device's operating system by using them as a username in a login attempt. In another, the private key for a Web server used to manage network devices could be retrieved through an HTTP GET request. Moxa reportedly patched these issues on 2018-04-03.
DNS over Twitter complements of Cloudflare
Russia seeking to block use of encrypted messaging app Telegram due to the company resisting to share encryption keys
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don't keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We'd love to hear about it. Email: email@example.com
Get this email forwarded to you? Click here to subscribe to the Zero Daily
I spent $12 setting up my experiment and was ranking on the first page for high monetizable search terms, with a newly registered domain that had no inbound links.
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.