Search results for: bug bounties

HackerOne updates Internet Bug Bounty program to improve the security of open source software

HackerOne announced the next evolution of the Internet Bug Bounty (IBB) program at the company’s annual Security conference. The IBB’s mission is to secure open source by pooling funding and incentivizing security researchers to report vulnerabilities within open source software. The updated program builds upon this mission by providing a new pooled funding model so more organizations can leverage the IBB to secure open source dependencies within their software supply chains. Along with HackerOne, participating … More

Microsoft Teams

Bug hunters asked to probe Microsoft Teams mobile apps, can earn up to $30k

Microsoft’s Applications Bounty Program has been extended to cover Microsoft Teams mobile apps, and bug hunters can earn up to $30,000 for reports about specific vulnerabilities. Microsoft Teams: A popular business solution Microsoft Teams is an enterprise communication and collaboration platform that provides workspace one-on-one and group chat, videoconferencing, VoIP, file sharing and storage, and meetings. Its popularity and use soared in the wake of the COVID-19 pandemic and, as of April 2021, it has … More

The Pentester Blueprint

Review: The Pentester Blueprint: Starting a Career as an Ethical Hacker

Brough to you by cybersecurity researcher Kim Crawley and pentester and author Phillip L. Wylie, The Pentester Blueprint gives insights into the most common hurdles encountered by aspiring penetration testers, as well as tips on how to overcome them. The Pentester Blueprint: Starting a Career as an Ethical Hacker The book starts by explaining what a pentester is, why they are beneficial to a company, and describes common pentesting methodologies. A pentester needs to have … More

Offensive Security

Offensive Security announces bounty program for user generated content

Offensive Security announced a new bounty program for user generated content. Members of the infosecurity community can now receive cash bounties for submitting vulnerable virtual machines to Offensive Security (OffSec) that are eligible to be incorporated into the Proving Grounds training labs. OffSec is the only security training provider to offer bounty payments for content submissions, providing tangible rewards to the infosec community and expanding the content available in OffSec’s training labs. “No matter how … More

vulnerability

Companies rely on crowdsourced security to boost security efforts

61% of organizations perform attack surface discovery to offset frequently changing assets in their attack surface and attack surface expansion, yet 40% of companies perform continuous attack surface management, a Bugcrowd survey reveals. Only one out of five organizations surveyed qualified as a “leader” in how they execute attack surface and vulnerability management, while 49% ranked in the second tier as “fast-followers” and 39% ranked in the bottom tier as “emerging organizations.” The survey discovered … More

shield

With database attacks on the rise, how can companies protect themselves?

Misconfigured or unsecured databases exposed on the open web are a fact of life. We hear about some of them because security researchers tell us how they discovered them, pinpointed their owners and alerted them, but many others are found by attackers first. It used to take months to scan the Internet looking for open systems, but attackers now have access to free and easy-to-use scanning tools that can find them in less than an … More

money

Hackers awarded $100 million in bug bounties on the HackerOne platform

HackerOne announced that hackers have earned $100 million in bug bounties on the HackerOne platform. From $30,000 paid to hackers across the globe in October 2013 — the first month of bounty payments on HackerOne — to $5.9 million paid to hackers in April 2020, working with hackers has proven to be both a powerful way to pinpoint vulnerabilities across digital assets and more than just a past-time. It’s a career. “We started out as … More

Zoom

Zoom in crisis: How to respond and manage product security incidents

Zoom is in crisis mode, facing grave and very public concerns regarding the trust in management’s commitment for secure products, the respect for user privacy, the honesty of its marketing, and the design decisions that preserve a positive user experience. Managing the crisis will be a major factor in determining Zoom’s future. The company has recently skyrocketed to new heights and plummeted to new lows. It is one of the few communications applications that is … More

bug hunting

Full-time bug hunting: Pros and cons of an emerging career

Being a bug hunter who discloses their discoveries to vendors (as opposed to selling the information to the highest bidder) has been and is an ambition of many ethical hackers. Before vendors started paying for the info, the best they could hope for was a lucrative job offer, though an entry in the company’s Hall of Fame was a good enough incentive for most. These days many vendors and service providers have an official vulnerability … More

Hands

Hacking has become a viable career, according to HackerOne

HackerOne announced findings from the 2020 Hacker Report, which reveals that the concept of hacking as a viable career has become a reality, with 18% describing themselves as full-time hackers, searching for vulnerabilities and making the internet safer for everyone. Not only are more hackers spending a higher percentage of their time hacking, they’re also earning a living doing it. The annual report is a study of the bug bounty and vulnerability disclosure ecosystem, detailing … More

binary

Week in review: Windows crypto flaw, API security risks, exploits for Citrix security hole abound

Here’s an overview of some of last week’s most interesting news and articles: Cable Haunt: Unknown millions of Broadcom-based cable modems open to hijacking A vulnerability (CVE-2019-19494) in Broadcom‘s cable modem firmware can open unknown millions of broadband modems by various manufacturers to attackers, a group of Danish researchers has warned. High-risk Google account owners can now use their iPhone as a security key Google users who opt for the Advanced Protection Program (APP) to … More

52 hackers participate in ninth U.S. Department of Defense and HackerOne bug bounty program

Through partnership with the Defense Digital Service, the U.S. Department of Defense (DoD) and HackerOne, the number one hacker-powered pentesting and bug bounty platform, announced the results of the second Army bug bounty program, ‘Hack the Army 2.0’. The bug bounty challenge ran from October 9, 2019 to November 15, 2019 with more than 60 publicly accessible web assets, including *.army.mil, *.goarmy.mil, and the Arlington Cemetery website for the first time. Bug bounties are monetary … More