2018-04-06 | Third-party risk is your risk, Rank on Google for free, and DNS over Twitter

Friday, April 6

Amazing readers, we want to hear from you! Take this quick survey and let us know how we can improve #zerodaily (you may get lucky - like swag pack sent to your front door lucky :)

TOP STORY

3rd party risk anyone? Chatbot provider [24]7.ai reported a breach affecting Delta and Sears and others? But curiously waited a while to report it to them. Delta says it was a "small subset" of customers affected. More from Gizmodo on the breach and CNet says Best Buy was affected too.

HACKTIVITY

Check out: @wongmjane's Facebook bug reports

Automattic, Adobe, Yahoo, Node.js and others disclosed reports in the past 24-hours.

You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity

TWEET OF THE DAY

Local news had a segment on the Delta hack and interviewed a local security company. Two of the employees at the company were showing how hacking is done! - @Maliciouslink

OTHER ARTICLES WE’RE READING

Moxa industrial wireless networking gear vulnerabilities: In one case, attackers could potentially send commands to a device's operating system by using them as a username in a login attempt. In another, the private key for a Web server used to manage network devices could be retrieved through an HTTP GET request. Moxa reportedly patched these issues on 2018-04-03.
Exploiting XML sitemap & ping mechanism in Google search results
DNS over Twitter complements of Cloudflare
Russia seeking to block use of encrypted messaging app Telegram due to the company resisting to share encryption keys
500 miles of #lawyerhumor

ABOUT ZERO DAILY

Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.

Friends don't keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?

Have a news tip / story to highlight? We'd love to hear about it. Email: zerodaily@hackerone.com

Get this email forwarded to you? Click here to subscribe to the Zero Daily

I spent $12 setting up my experiment and was ranking on the first page for high monetizable search terms, with a newly registered domain that had no inbound links.

Tom Anthony

HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.