Search results for: bug bounties

HackerOne concludes its bug bounty challenge with the National University of Singapore

HackerOne, the number one hacker-powered pentesting and bug bounty platform, announced the successful conclusion of its bug bounty challenge with the National University of Singapore (NUS). NUS is the first university in Singapore to actively incentivize its own students to hone their hacking skills through a bug bounty challenge. A bug bounty challenge is used by organizations to incentivize ethical hackers to look for software vulnerabilities in exchange for a monetary rewards or ‘bounties’ in … More

HackerOne h1-702

Hackers earn nearly $2 million in bounties during HackerOne’s live hacking event

HackerOne, a hacker-powered pentesting and bug bounty platform, announced hackers earned more than $1.9 million in bounties during Las Vegas live hacking event, dubbed h1-702. Hackers found and reported 1,000 security flaws for participating companies. Amidst Black Hat USA and DEF CON security conferences in Las Vegas, 100 hackers and 75 hackers-in-training from around the world gathered for three days to search for vulnerabilities in organizations including Verizon Media and GitHub, among others. At the … More

Google Play

Google will pay for data abuse reports related to popular Android apps, Chrome extensions

Google is expanding the Google Play Security Reward Program (GPSRP) to include all apps in Google Play with 100 million or more installs, and is launching a new Developer Data Protection Reward Program (DDPRP) and asking for information about data abuse issues in Android apps, OAuth projects, and Chrome extensions. “The [DDPRP] program aims to reward anyone who can provide verifiably and unambiguous evidence of data abuse, in a similar model as Google’s other vulnerability … More

VLC users urged to implement latest security update

VLC, the popular cross-platform media player, has reached version 3.0.8, which fixes over a dozen security vulnerabilities, some of which could be exploited by attackers to achieve code execution on victims’ machines. About VLC VLC is an extremely popular piece of software that started as an academic project. It’s free and open-source and is available for Windows, macOS, Linux, Android, Chrome OS, iOS, Apple TV, and Windows Phone. It is currently maintained by the VideoLAN … More


Apple expands bug bounty program, opens it to all researchers, raises rewards

Three years ago at the Black Hat conference, Apple announced its first bug bounty program, which was invite-only and limited to iOS. At this year’s edition of the con, Ivan Krstić, Apple’s head of security engineering and architecture, announced changes to it. Wider scope, higher bug bounties Starting this fall, the program will be open to all researchers. Apple Bug Bounty. — mikeb (@mikebdotorg) August 8, 2019 The bug bounty program has been widened … More


Google increases bounties for Chrome, Google Play bugs

Bug hunters searching for security flaws in Google’s offerings are now vying for higher bounties. Microsoft has launched a new bug bounty program. Google’s changes Since 2010, when Google started the Chrome Vulnerability Reward Program to reward security researchers who invest their time and effort to discover bugs in Chrome and Chrome OS, the company has raised the offered bounty amounts a number of times. Nine years ago, the rewards ranged from $500 to $1337 … More

HackerOne and Singapore Government tapping the skilled hacker community to approach security testing

HackerOne, the leading hacker-powered security platform, announced it will partner with the Government Technology Agency of Singapore (GovTech) and the Cyber Security Agency of Singapore (CSA), to work with hackers from all over the world to further protect Singapore citizens by testing public-facing government systems. This is HackerOne’s third bug bounty initiative with the Singapore Government, following successful prior programs with GovTech and MINDEF Singapore. The bug bounty initiative will invite a select group of … More


Trust nothing: A life in infosec is a life of suspicion

Like many before him, Amit Serper started his cybersecurity career in one of Israel’s intelligence agencies. Nine years later, he left for the private sector: he joined Cybereason, a cyber security company started by former colleagues which specializes in endpoint (EDR) and managed detection and response (MDR). When he started there as a senior security researcher, then progressed to different research roles. Today, he’s the company’s head of security research, leading Nocturnus, its advanced global … More


Meet the new generation of white hats

The past two years have seen an explosion in the number of software vulnerabilities being published, jumping from 6,447 in 2016 to 14,714 in 2017. Seeing as 2018 beat out the previous year with 16,521 CVEs reported, we should prepare ourselves for plenty of patching ahead in 2019. While factors like the adoption of automated Application Security Testing (AST) tools by more vendors and the absolute growth of code are definitely playing a bigger role … More


Week in review: How data becomes intelligence, email security predictions, EU bug bounties

Here’s an overview of some of last week’s most interesting news and articles: The attack surface is growing faster than it has at any other point in the history of technology Avast launched its annual Threat Landscape Report, detailing the biggest security trends facing consumers in 2019 as collected by the Avast Threat Labs team. Four cybersecurity trends every CIO should know The cybersecurity landscape in 2019 will likely bolster bigger, more complex threats and … More

bug bounties

EU launches bug bounties on free and open source software

After setting up a bug bounty program for VLC Media Player in late 2017, the European Commission (EC) has announced the launch of 14 new ones that will cover other free and open source software used by European Union institutions. The list of target software is as follows: Filezilla (FTP app) Apache Kafka (stream-processing software platform) Notepad++ (text/source code editor) PuTTY (terminal emulator, network file transfer app) VLC Media Player FLUX TL (the Transportation Layer … More

HackerOne expands Hacker101 web training platform with HackEDU partnership

HackerOne has expanded its online hacker training program, Hacker101 through a partnership with cybersecurity training company HackEDU. Hacker101 is giving away the sandboxed training environments, modeled after five real-world vulnerability reports. HackerOne and HackEDU are committed to empowering the hacker community by providing access to training materials. The new HackEDU-developed vulnerability sandboxes are the latest in their interactive coursework available to hackers and join existing Hacker101 interactive content, coursework and capture the flag (CTF) challenges. … More