Hacking, AppSec, and Bug Bounty newsletter
2018-05-23 | AWS privilege escalation, Xfinity customer data leak, and Infosec resume no-nos
Wednesday, May 23
TWEET OF THE DAY
Heading from Boston to Capitol Hill to revisit the L0pht hearing from 20 years ago. 1st time we drove down in a rented van. This time I’m flying and just got bumped to 1st class. #l0pht20 - @WeldPond
OTHER ARTICLES WE’RE READING
$36,337 awarded by Google for a Google App Engine RCE discovery by an 18-year-old student from Uruguay's University of the Republic
Motherboard asks, “Who’s afraid of Kaspersky”?
Comcast website bug leaks Xfinity customer data reported by ZDNet
Metasploit module for CVE-2018-8174, the latest Office/IE VBScript Memory Corruption.
The Verge Hack, explained, by Dan Goldman on Medium.com
Infosec Resume No-Nos [video] by @hacks4pancakes
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
Get this email forwarded to you? Click here to subscribe to the Zero Daily
We started off as curious outsiders...
Then went legit as red teamers...
Then as insider blue teamers...
Now the best of us are on the “yellow team,” helping to engineer more secure products in the world around us.
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.