Hacking, AppSec, and Bug Bounty newsletter
2018-05-18 | Telegrab malware, Bitcoin is an electricity hog, and How to read privacy policies
Friday, May 18
Talos reports on the emergence of a malware that collects cache and key files from end-to-end encrypted instant messaging service Telegram. Discovered by Cisco’s Talos, the malware is dubbed “Telegrab”.
Highly wormable clickjacking in player card [43 upvotes] - $5,040 bounty for this report to Twitter by @filedescriptor.
Leaking sensitive files on Github leads to internal files (python scripts,SQL files) [36 upvotes] - $4,000 bounty for this report to Starbucks by @samidrif.
You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity
OTHER ARTICLES WE’RE READING
North Korea’s Sun Team is still actively trying to implant spyware on defecting citizens devices per new McAfee report.
How to read privacy policies: Read the headlines and search the keywords. Advice by WSJ's Joanna Stern.
Bitcoin power use has doubled in the past 6-months, using about 2.55 gigawatts, or about as much as the entire country of Ireland per recent research. At this rate, researchers estimate cryptocurrencies could account for 5% of the world’s electricity.
Ari Schwartz & John Banghart (former top officials with the Obama administration) are working on a plan to disclose vulnerabilities in hardware.
Customers of tracking firm LocationSmart had their data leaked without their consent (in real time via the companies website) Krebs reports.
What will you buy at the quantum computing algorithm store?
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
Get this email forwarded to you? Click here to subscribe to the Zero Daily
Do you have cloud, distributed environments, laptops, mobile? All those things create what we call an attack surface… It’s just portfolio management -- you’re choosing where you’re going to make your investments.
Rich Baich, CISO, Wells Fargo
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.