Friday, June 22
TOP STORY
Amazon employees are calling on the company to stop selling Rekognition to law enforcement and to boot Palantir from AWS reports Gizmodo’s Kate Conger. Google engineers also refused to work on security tool for US government.
HACKTIVITY
Top vulnerability report disclosures from the past week.
User able to access company details in yrityspalvelu without proper permissions [25 upvotes] - $2,000 bounty for this report to Local Tapiola by @billy_blaze.
Subdomain Takeover on competition.shopify.com [38 upvotes] - $750 bounty for this report to Shopify by @llt4l.
[Zomato Android/iOS] Theft of user session [27 upvotes] - $650 bounty for this report to Zomato by @bagipro.
A user can comment in private discussions without having permission to access the discussion [9 upvotes] - $150 bounty for this report to Vanilla by @samux.
You can read all disclosed reports on Hacktivity with filter: disclosed.
OTHER ARTICLES WE’RE READING
State election officials found out about election interference in their districts when they saw it on the news says The Intercept
Nine European Union states are to create rapid response teams to counter cyber attacks within the framework of a new EU defense pact
Detecting Kernel Memory Disclosure with x86 Emulation and Taint Tracking: Bypassing KASLR and StackGuard using Bochs (x86 emulator).
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: zerodaily@hackerone.com
Get this email forwarded to you? Click here to subscribe to the Zero Daily
Bug bounty tip: JavaScript files are a great way to gain insight into hidden/inaccessible functionality of a website, but minified files are a pain. Chrome reconstruct original source code files using source maps which makes reading code much more efficient.
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.