Tuesday, May 8
TOP STORY
Kaspersky Labs reports on SynAck ransomware, the first ransomware employing the Process Doppelgänging technique that KL’s Tal Liberman and Eugene Kogan presented at Black Hat Europe last December.
HACKTIVITY
MySQL username and password leaked in developer.valvesoftware.com via source code disclosure [31 upvotes] - $1,000 bounty for this report to Valve by @nahamsec.
You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity
TWEET OF THE DAY
There has never been a truer Dilbert than this one - @troyhunt
OTHER ARTICLES WE’RE READING
Threat9 launches Routersploit 3.0, with a switch to Python 3.0 and more autopwning tooling.
While we are talking routers, since Zerodium has added routers to its bounty program, they have received at least one pre-auth RCE #0day exploit for every major router.
Alex Stamos chimes in “Why ditch Exchange”?
Accessnow pens letter to Congress asking them to pressure Google and Amazon on their domain fronting decision
Asset discovery and doing recon the hard way by Patrik Hudak
Wei Dude, Letters Bro, and Snail Shell: A thread of Chinese internet nicknames for NBA players. Highly entertaining.
Maybe you can relate to Scott.
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: zerodaily@hackerone.com
Get this email forwarded to you? Click here to subscribe to the Zero Daily
Yup, it’s still the Wild West. There aren’t enough skilled defenders in the world to protect everybody’s on-prem IT, so you can either join the well-guarded townships and follow their rules or enjoy the freedom of your own homestead until the bandits come for you.
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.