Thursday, August 16
TOP STORY
Google opens up its VRP to include abuse-related vulnerabilities. From the post: “This expansion is intended to reward research that helps us mitigate potential abuse methods. A few examples of potentially valid reports for this program could include bypassing our account recovery systems at scale, identifying services vulnerable to brute force attacks, circumventing restrictions on content use and sharing, or purchasing items from Google without paying.”
TWEET OF THE DAY
If you've got an LFI on a box already, there are phar bigger issues - @nnwakelam
OTHER ARTICLES WE’RE READING
Def Con publicly addressed some of the complaints from con attendees regarding Caesar’s Palace security
Adam Shostack’s threat modeling in 2018 slides presented at Black Hat
Microsoft patches IE zero day similar to CVE-2018-8174 found by Trend Micro’s Elliot Cao
The Intercept published a new article in the “Snowden archives” showing that the NSA cracked Al Jazeera’s VPN back in 2006 as well as other “high potential” networks.
@stealthsploit analyzes CVE-2018-13417 for files, hashes and shells on the in.security blog
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: zerodaily@hackerone.com
Nine out of ten companies will have some part of their applications or infrastructure in the cloud by 2019, and the rest expect to follow by 2021.
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.