Friday, September 14
HACKTIVITY HIGHLIGHTS
Leaking sensitive information on Github lead full access to all Grab Slack channels [72 upvotes] - $7,000 bounty for this report to Grab by @xsam.
Zomato.com SQLi [111 upvotes] - $2,000 bounty for this report to Zomato by @gerben_javado
Public Jenkins instance with /script enabled [39 upvotes] - $2,500 bounty for this report to Ubiquiti Networks by @smiegles.
Exposed Git Repo [26 upvotes] $1,024 bounty for this report to Dropbox by @todayisnew.
TWEET OF THE DAY
Question: if your account was in a list of credentials that had been successfully tested against a service you use but that service had not been breached, would you want to know? This would be due to password reuse and credential stuffing, not a breach of the service in question. - @troyhunt
OTHER ARTICLES WE’RE READING
Story time with Frans in Stockholm, “A story of the passive aggressive sysadmin of AEM”
Cyber crime costing German manufacturers $50bn with SMEs worst hit reports The Telegraph
Zseano has got some bug bounty notes. All hunters invited.
Weaponized stuxnet virus? You don’t say.
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: zerodaily@hackerone.com
A vulnerability disclosure policy is an open hand of friendship to the hacker community.... These are the good guys.
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.