Hacking, AppSec, and Bug Bounty newsletter
2018-04-26 | Ray Ozzie’s proposed encryption backdoor, Daniel Miesslers strong words on asset management, and It’s all about that entropy, entropy, entropy
Thursday, April 26
Abusing LocalParams to Inject Code [12 upvotes] - $750 for this report to Zomato by @bigshaq.
[cloudcmd] Stored XSS in the filename when directories listing [2 upvotes] - no bounty for this report to Node.js third-party modules by @tungpun.
You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity
OTHER ARTICLES WE’RE READING
With Steve Markgraf’s new tool, for a few bucks, you can create a device to spoof cellular networks and GPS signals.
Daniel Miessler has some strong words on asset management
Deadbolts, door chains and safes are your friend in hotel rooms. FSecure published a blog on vulnerabilities in Assa Abloy locks
43% of UK-based businesses say they’ve suffered a breach or attack in the past 12-months according to the Cyber Security Breaches Survey 2018
Fun fact of the day: There are 6.7 billion email accounts in use around the world and 75% support DMARC enforcement. Read more in Valimail’s Email Fraud Landscape Report, Q1 2018
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: email@example.com
Get this email forwarded to you? Click here to subscribe to the Zero Daily
Few things in security are as powerful as knowing your true attack surface.
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.