Hacking, AppSec, and Bug Bounty newsletter
2018-04-13 | Operation Parliament, Encryption Games, and Spectrum from Cloudflare
Friday, April 13
We want to hear from you, our amazing readers: Take this quick survey on how we can improve Zero Daily. You may get lucky - like swag pack sent to your front door lucky. Survey ends 2018-04-13 at 12pm PST.
Intel is teaming up with Center for Cybersecurity Policy and Law to engage other tech co’s to examine coordinated hardware-specific vulnerability disclosure policy and processes. Multi-party CVD anyone?
Order notifications being sent for a deactivated staff account [7 upvotes] - $500 bounty for this report to Shopify by @newbie_101.
Blind stored xss in demo form [16 upvotes] - $500 bounty for this report to Upserve by @paresh_parmar.
You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity
TWEET OF THE DAY
After receiving many recent requests here related to hiring, I have decided to start a thread. If you/your company is currently hiring for FT positions and/or internships in #DFIR / #infosec then please reply to this tweet with info/URLs.
OTHER ARTICLES WE’RE READING
Scott Helme is securing DNS across all of his devices with Pi-Hole + DNS-over-HTTPS + 188.8.131.52
What one person intends for good, another intends for evil: Have I Been Pwned database was copied and the site (in addition to mining cryptocurrency in the background) will reveal your password in plaintext – unless you pay up a cryptocurrency ransom.
Encryption games: Motherboard investigates which law enforcement agencies have purchased software to bypass encryption on iPhones and also how the FBI is seeking backdoors.
Kaspersky reports on a new group operating a series of cyber espionage campaigns in what they’re calling Operation Parliament
Cloudflare: how abusing Linux’s firewall led them to build Spectrum: a new Cloudflare feature that brings DDoS protection, load balancing, and content acceleration to any TCP-based protocol
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
Get this email forwarded to you? Click here to subscribe to the Zero Daily
Novice techies want permissions. Senior techies want to get rid of them.
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.