Hacking, AppSec, and Bug Bounty newsletter
2018-04-13 | Operation Parliament, Encryption Games, and Spectrum from Cloudflare
Friday, April 13
We want to hear from you, our amazing readers: Take this quick survey on how we can improve Zero Daily. You may get lucky - like swag pack sent to your front door lucky. Survey ends 2018-04-13 at 12pm PST.
Intel is teaming up with Center for Cybersecurity Policy and Law to engage other tech co’s to examine coordinated hardware-specific vulnerability disclosure policy and processes. Multi-party CVD anyone?
Order notifications being sent for a deactivated staff account [7 upvotes] - $500 bounty for this report to Shopify by @newbie_101.
Blind stored xss in demo form [16 upvotes] - $500 bounty for this report to Upserve by @paresh_parmar.
You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity
TWEET OF THE DAY
After receiving many recent requests here related to hiring, I have decided to start a thread. If you/your company is currently hiring for FT positions and/or internships in #DFIR / #infosec then please reply to this tweet with info/URLs.
OTHER ARTICLES WE’RE READING
Scott Helme is securing DNS across all of his devices with Pi-Hole + DNS-over-HTTPS + 22.214.171.124
What one person intends for good, another intends for evil: Have I Been Pwned database was copied and the site (in addition to mining cryptocurrency in the background) will reveal your password in plaintext – unless you pay up a cryptocurrency ransom.
Encryption games: Motherboard investigates which law enforcement agencies have purchased software to bypass encryption on iPhones and also how the FBI is seeking backdoors.
Kaspersky reports on a new group operating a series of cyber espionage campaigns in what they’re calling Operation Parliament
Cloudflare: how abusing Linux’s firewall led them to build Spectrum: a new Cloudflare feature that brings DDoS protection, load balancing, and content acceleration to any TCP-based protocol
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
Get this email forwarded to you? Click here to subscribe to the Zero Daily
Novice techies want permissions. Senior techies want to get rid of them.