Search results for: bug bounties

shield

With database attacks on the rise, how can companies protect themselves?

Misconfigured or unsecured databases exposed on the open web are a fact of life. We hear about some of them because security researchers tell us how they discovered them, pinpointed their owners and alerted them, but many others are found by attackers first. It used to take months to scan the Internet looking for open systems, but attackers now have access to free and easy-to-use scanning tools that can find them in less than an … More

money

Hackers awarded $100 million in bug bounties on the HackerOne platform

HackerOne announced that hackers have earned $100 million in bug bounties on the HackerOne platform. From $30,000 paid to hackers across the globe in October 2013 — the first month of bounty payments on HackerOne — to $5.9 million paid to hackers in April 2020, working with hackers has proven to be both a powerful way to pinpoint vulnerabilities across digital assets and more than just a past-time. It’s a career. “We started out as … More

Zoom

Zoom in crisis: How to respond and manage product security incidents

Zoom is in crisis mode, facing grave and very public concerns regarding the trust in management’s commitment for secure products, the respect for user privacy, the honesty of its marketing, and the design decisions that preserve a positive user experience. Managing the crisis will be a major factor in determining Zoom’s future. The company has recently skyrocketed to new heights and plummeted to new lows. It is one of the few communications applications that is … More

bug hunting

Full-time bug hunting: Pros and cons of an emerging career

Being a bug hunter who discloses their discoveries to vendors (as opposed to selling the information to the highest bidder) has been and is an ambition of many ethical hackers. Before vendors started paying for the info, the best they could hope for was a lucrative job offer, though an entry in the company’s Hall of Fame was a good enough incentive for most. These days many vendors and service providers have an official vulnerability … More

Hands

Hacking has become a viable career, according to HackerOne

HackerOne announced findings from the 2020 Hacker Report, which reveals that the concept of hacking as a viable career has become a reality, with 18% describing themselves as full-time hackers, searching for vulnerabilities and making the internet safer for everyone. Not only are more hackers spending a higher percentage of their time hacking, they’re also earning a living doing it. The annual report is a study of the bug bounty and vulnerability disclosure ecosystem, detailing … More

binary

Week in review: Windows crypto flaw, API security risks, exploits for Citrix security hole abound

Here’s an overview of some of last week’s most interesting news and articles: Cable Haunt: Unknown millions of Broadcom-based cable modems open to hijacking A vulnerability (CVE-2019-19494) in Broadcom‘s cable modem firmware can open unknown millions of broadband modems by various manufacturers to attackers, a group of Danish researchers has warned. High-risk Google account owners can now use their iPhone as a security key Google users who opt for the Advanced Protection Program (APP) to … More

52 hackers participate in ninth U.S. Department of Defense and HackerOne bug bounty program

Through partnership with the Defense Digital Service, the U.S. Department of Defense (DoD) and HackerOne, the number one hacker-powered pentesting and bug bounty platform, announced the results of the second Army bug bounty program, ‘Hack the Army 2.0’. The bug bounty challenge ran from October 9, 2019 to November 15, 2019 with more than 60 publicly accessible web assets, including *.army.mil, *.goarmy.mil, and the Arlington Cemetery website for the first time. Bug bounties are monetary … More

Kubernetes

Kubernetes bug bounty program open to anyone, rewards up to $10,000

The Cloud Native Computing Foundation is inviting bug hunters to search for and report vulnerabilities affecting Kubernetes. Offered bug bounties range between $100 to $10,000. What is Kubernetes? Kubernetes is an open-source container-orchestration system for automating application deployment, scaling, and management. It was designed by Google but has been open sourced and handed over to the Cloud Native Computing Foundation to continue its maintenance and has become a community project. The Kubernetes bug bounty program … More

Android

Google ups bug bounties for Android flaws, exploits

Google has expanded the Android Security Rewards (ASR) program and increased the bug bounties it’s willing to award for certain kinds of exploits. About the Android Security Rewards Program ASR covers security vulnerabilities discovered in the latest available Android versions for Pixel phones and tablets, which are currently Pixel 4, Pixel 3a and Pixel 3a XL, and Pixel 3 and Pixel 3 XL. “Eligible bugs include those in AOSP code, OEM code (libraries and drivers), … More

GitHub

GitHub Security Lab aims to make open source software more secure

GitHub, the world’s largest open source code repository and leading software development platform, has launched GitHub Security Lab. “Our team will lead by example, dedicating full-time resources to finding and reporting vulnerabilities in critical open source projects,” said Jamie Cool, VP of Product Management, Security at GitHub. GitHub Security Lab GitHub Security Lab is a program aimed at researchers, maintainers, and companies that want to contribute to the overall security of open source software. Current … More

bug

Disclosing vulnerabilities to improve software security is good for everyone

Today, software companies and security researchers are near universal in their belief that disclosing vulnerabilities to improve software security is good for everyone, according to a Veracode report. 451 Research conducted survey from December 2018 to January 2019 using a representative sample of 1,000 respondents across a range of industries and organization sizes in the US, Germany, France, Italy and the UK. Survey respondents reported enterprise roles such as application development, infrastructure and information security, … More

HackerOne raises $36.4M to expand global market reach

HackerOne, the leading hacker-powered pentest and bug bounty platform, announced $36.4M in Series D financing, bringing the company’s total funding amount to over $110M to-date. This new round of funding occurs against the backdrop of international acknowledgment for the power of hackers. Legislators and thought leaders in cybersecurity are making the point that actionable insights from hackers are useful for everyone. The financing round includes participation from existing investors, including Benchmark, New Enterprise Associates, Dragoneer … More