Hacking, AppSec, and Bug Bounty newsletter
2018-07-27 | Blind XXE via Powerpoint files, ERPs being targeted by APTs says CERT, and Read Arbitrary Memory over Network
Friday, July 27
Blind XXE via Powerpoint files [59 upvotes] - $2,000 bounty for this report to Open-Xchange by @mishre
HackerOne customer submitted sensitive link to VirusTotal, exposing confidential information [20 upvotes] - $350 bonus for this report to HackerOne by @hackerone_007
Yuki Chen has made $197,500 in bounties during the past quarter.
TWEET OF THE DAY
We put a man on the moon because of: Math.
We can’t put secure backdoors into encryption because of: Math.
It’s precisely because of our understanding of Math that we can both put a man on the moon and not put secure backdoors into encryption.
OTHER ARTICLES WE’RE READING
Daily Beast reports Russian intelligence agency is targeting U.S. Democratic Senator Claire McCaskill during her 2018 re-election campaign
Hammer from Dow Jones, an open source DevSecOps tool that lets you identify and proactively fix misconfigurations in cloud workloads.
CERT to corporations: Enterprise Resource Planning apps are being targeted by APTs
Forbes reports on Apple vs. GreyLock and the routes law enforcement agencies are attempting to bypass USB restricted mode and other features in iOS, 11.4.1.
NetSpectre: Read Arbitrary Memory over Network
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
There are now around 9000 known vulnerabilities in SAP and Oracle apps, which have seen a 100% increase in the number of publicly-available exploits over the past three years.
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.