Monday, April 23
TOP STORY
FDA announced the Medical Device Safety Action Plan including the proposed establishment of CyberMed Safety (Expert) Analysis Board, “a public-private partnership that would complement existing device vulnerability coordination and response mechanisms and serve as a resource for device makers and FDA”, quick summary and thread by Beau Woods.
HACKTIVITY
Stored XSS in Snapmatic + Editor comments [78 upvotes] - $1,000 bounty for this report to Rockstar Games by @europa.
[pdfinfojs] Command Injection on filename parameter [14 upvotes] - no bounty for this report to Node.js third-party modules by @caioluders.
You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity
TWEET OF THE DAY
Fighting Pop-Under Tricks While Creating Videos... This time I tried to analyse the obfuscated JavaScript by printf() logging native JavaScript calls with a custom Chromium build. - @LiveOverflow
OTHER ARTICLES WE’RE READING
RSA’s event app data leak discovered but fixed pretty quick
BSidesLV needs your help to write an epic slogan
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: zerodaily@hackerone.com
Get this email forwarded to you? Click here to subscribe to the Zero Daily
As much as I consciously made the decisions I did, I never meant for it to get as bad as it did.
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.