Search results for: bug bounties

WordPress

WordPress announces bug bounty program

WordPress Foundation is the latest organization to publicly announce a bug bounty program set up on the HackerOne platform. What’s in scope of the WordPress bug bounty program? Bounties will be offered to security researchers who flag bugs in: WordPress (content management system) BuddyPress (social networking plugin suite) bbPress (forum software) GlotPress (collaborative translation tool) WP-CLI (command line interface for WordPress) WordPress.org, bbPress.org, WordCamp.org, BuddyPress.org, GlotPress.org, and api.wordpress.org. In general, all *.WordPress.org are in scope. … More

Week in review: Apache servers under attack, machine leaning in infosec

Here’s an overview of some of last week’s most interesting news, podcasts and articles: The six stages of a cyber attack lifecycle High-impact cyber incidents can be avoided if you detect and respond quickly with end-to-end threat management processes. StoneDrill: New wiper targets Middle East, shows interest in Europe Just like another infamous wiper, Shamoon, it destroys everything on the infected computer. Google, Microsoft increase bug bounties Bug hunters, rejoice: both Google and Microsoft have … More

Money

Google, Microsoft increase bug bounties

Bug hunters, rejoice: both Google and Microsoft have announced a considerable increase of the amount they will pay out for information about bugs in their products. Google ups bug bounties for most severe bugs Google has upped the rewards for “Remote Code Execution” and “Unrestricted file system or database access” to $31,337 (from $20,000) and $13,337 (from $10,000), respectively. The “Remote Code Execution” category includes command injection flaws, deserialization bugs, sandbox escapes, and more, while … More

users

Qualys and Bugcrowd bring automation, crowdsourcing to web app security

At RSA Conference 2017, Qualys and Bugcrowd announced joint development integrations allowing joint customers the ability to share vulnerability data across automated web application scanning and crowdsourced bug bounty programs. Many organizations’ security strategies have changed to a proactive approach, which includes both automation and human expertise to discover vulnerabilities. To reduce the escalating cost and effort of implementing multiple tools or programs, this joint integration between Bugcrowd Crowdcontrol and Qualys Cloud Platform brings together … More

facepalm

Millions of job seekers’ info exposed via easily accessible database backups

A data leak has exposed sensitive information about millions of job seekers that used global recruitment firm Michael Page. The leak has once again been revealed to the leaking company through Troy Hunt, the creator and administrator of the Have I Been Pwned (HIBP) online service. “It was the same individual who located the Red Cross data and the same story in terms of discovery an underlying risk on the server end; publicly exposed website, … More

Yelp

Yelp makes its bug bounty program public

After two years of keeping their bug bounty program private and relatively secret, Yelp is opening it up and has invited bug hunters to probe its sites, apps, and infrastructure. “Our vulnerability reward payouts will go up to $15,000 USD for the most impactful exploits. If we accept your report, our minimum bounty is $100,” the company says. Apparently, they have already paid bug bounties to dozens of bug hunters, who throughout the years helped … More

tunnel

Kaspersky Lab launches public bug bounty program

Kaspersky Lab is asking researchers to look under the hood of two of its flagship security solutions and to report any bugs they might find. Kaspersky’s bug bounty program, which was in private beta for months, will be now be opened to all outside researchers for a period of six months. The move was announced at Black Hat USA 2016. Researchers are invited to look for security issues only in “Kaspersky Internet Security 2017 and … More

bug

Bug bounty report card: Industry diversification and growth

With a global rise in cyberattacks and a critical deficit of security talent to combat adversaries, bug bounty programs congruently grew in both volume and scope in the last 12 months, according to Bugcrowd. Company industries represented in public data of all known public bug bounty programs Moving beyond technology companies, more than 25 percent of public and private programs are now run in more “traditional” industry sectors – with particular traction across retail & … More

0patch

0patch: Microscopic cures for big security holes

Software vulnerabilities are one of today’s most significant information security issues. Disclosing high profile vulnerabilities has become tremendously rewarding, to the point that some vendors are devising marketing campaigns that include a logo and a catchy name, regardless of the seriousness of the flaw. While vendors from different industries are starting to realize the impact of software vulnerabilities, and many run their bug bounties through platforms like HackerOne, some highly skilled security researchers still opt … More

Twitter paid out $322,420 in bug bounties

Researchers have proven that bug bounties are a cheaper way for discovering vulnerabilities than hiring full-time bug hunters would be and, in the last few years, many Internet and tech companies have instituted such programs. The security community has praised those who have, and the companies themselves are satisfied with the results. Take for example Twitter. Its bug bounty program, started in May 2014, has lead to 5,171 submissions and the discovery of an unspecified … More

digital pentagon

Hack the Pentagon: Hackers asked to help secure public-facing systems

The US Department of Defense (DoD) has invited hackers participate in “Hack the Pentagon”, a program aimed at finding vulnerabilities in some of the Department’s websites. The project is an alternative to the usual testing performed by the Department’s red teams, and is a way to get the tech industry involved. Ash Carter, the Defense Secretary, is currently on a West Coast tour that’s “part of efforts to strengthen ties with the tech community, expand … More

Malwarebytes

Revelation of security bugs jumpstarts launch of Malwarebytes’ bug bounty program

Malwarebytes CEO Marcin Kleczynski has announced that the company has launched a bug bounty program in an effort to make its software more secure. “The Coordinated Vulnerability Disclosure program incentivizes external researchers who work with us responsibly by promoting an open communication channel with our engineering division, awarding bug bounties and duly crediting the effort from leading researchers in our Hall of Fame and other hotfix release notes,” he explained. Bug reporters will receive between … More