2018-07-13 | The 12,000 dollar intersection between clickjacking, XSS, and Denial of Service, RFID Thief v2.0, and Law firm secrets for sale

Friday, July 13

HACKTIVITY AND POC COVERAGE

The $12,000 Intersection between Clickjacking, XSS, and Denial of Service by @samcurry
Chaining Multiple Vulnerabilities to Gain Admin Access by @nahamsec
H1-3120: MVH! (H1 Event Guide for Newbies) by @MrTuxracer
Bug Bounty: Tumblr reCAPTCHA vulnerability write up by @Leigh-Anne Galloway
Internal SSRF bypass using slash commands at api.slack.com [34 upvotes] - $500 bounty for this report to Slack by @albatraoz
Stored XSS in "post last edited" option [19 upvotes] - $256 bounty for this report to Discourse by @luigigubello

TWEET OF THE DAY

Metasploit now has module ms17_010_eternalblue_win8, which works against Windows 8, 8.1, 10 and 2012 without having valid creds. #EternalBlue #MS17-010 - @GossiTheDog

OTHER ARTICLES WE’RE READING

Would Asking People To Hack America’s Election Systems Make Them More Safe? By FiveThirtyEight
RFID Thief v2.0 - Build & Tutorial for Long Range RFID Clonin by Alex Dib
NTIA kicks off their new security initiative on Software Component Transparency next week
Law firm secrets for sale on dark web (surprise, surprise) reports CNBC

ABOUT ZERO DAILY

Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.

Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?

Have a news tip / story to highlight? We’d love to hear about it. Email: zerodaily@hackerone.com

Get this email forwarded to you? Click here to subscribe to the Zero Daily

NATO leaders recognized the changing challenges facing member nations, especially “hybrid” threats that include cyber attacks, disinformation, and propaganda. Allied leaders maintained that NATO’s Article 5 common defense obligation can be triggered in the case of a hybrid attack, and announced the launch of Counter Hybrid Support Teams. These teams will provide allies with assistance when targeted by hybrid activities.

Atlantic Council review of NATO’s Brussels summit

HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.