Hacking, AppSec, and Bug Bounty newsletter
2018-04-23 | FDAs medical device action plan, IP whitelisting with Amazon API Gateway, and The problem with ICOs
Monday, April 23
FDA announced the Medical Device Safety Action Plan including the proposed establishment of CyberMed Safety (Expert) Analysis Board, “a public-private partnership that would complement existing device vulnerability coordination and response mechanisms and serve as a resource for device makers and FDA”, quick summary and thread by Beau Woods.
Stored XSS in Snapmatic + Editor comments [78 upvotes] - $1,000 bounty for this report to Rockstar Games by @europa.
[pdfinfojs] Command Injection on filename parameter [14 upvotes] - no bounty for this report to Node.js third-party modules by @caioluders.
You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity
TWEET OF THE DAY
OTHER ARTICLES WE’RE READING
BSidesLV needs your help to write an epic slogan
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
Get this email forwarded to you? Click here to subscribe to the Zero Daily
As much as I consciously made the decisions I did, I never meant for it to get as bad as it did.
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.