Search results for: bug bounties
HackerOne, the number one hacker-powered pentesting and bug bounty platform, announced the successful conclusion of its bug bounty challenge with the National University of Singapore (NUS). NUS is the first university in Singapore to actively incentivize its own students to hone their hacking skills through a bug bounty challenge. A bug bounty challenge is used by organizations to incentivize ethical hackers to look for software vulnerabilities in exchange for a monetary rewards or ‘bounties’ in … More →
HackerOne, a hacker-powered pentesting and bug bounty platform, announced hackers earned more than $1.9 million in bounties during Las Vegas live hacking event, dubbed h1-702. Hackers found and reported 1,000 security flaws for participating companies. Amidst Black Hat USA and DEF CON security conferences in Las Vegas, 100 hackers and 75 hackers-in-training from around the world gathered for three days to search for vulnerabilities in organizations including Verizon Media and GitHub, among others. At the … More →
Google is expanding the Google Play Security Reward Program (GPSRP) to include all apps in Google Play with 100 million or more installs, and is launching a new Developer Data Protection Reward Program (DDPRP) and asking for information about data abuse issues in Android apps, OAuth projects, and Chrome extensions. “The [DDPRP] program aims to reward anyone who can provide verifiably and unambiguous evidence of data abuse, in a similar model as Google’s other vulnerability … More →
VLC, the popular cross-platform media player, has reached version 3.0.8, which fixes over a dozen security vulnerabilities, some of which could be exploited by attackers to achieve code execution on victims’ machines. About VLC VLC is an extremely popular piece of software that started as an academic project. It’s free and open-source and is available for Windows, macOS, Linux, Android, Chrome OS, iOS, Apple TV, and Windows Phone. It is currently maintained by the VideoLAN … More →
Three years ago at the Black Hat conference, Apple announced its first bug bounty program, which was invite-only and limited to iOS. At this year’s edition of the con, Ivan Krstić, Apple’s head of security engineering and architecture, announced changes to it. Wider scope, higher bug bounties Starting this fall, the program will be open to all researchers. Apple Bug Bounty. pic.twitter.com/jyD9UwU9pI — mikeb (@mikebdotorg) August 8, 2019 The bug bounty program has been widened … More →
Bug hunters searching for security flaws in Google’s offerings are now vying for higher bounties. Microsoft has launched a new bug bounty program. Google’s changes Since 2010, when Google started the Chrome Vulnerability Reward Program to reward security researchers who invest their time and effort to discover bugs in Chrome and Chrome OS, the company has raised the offered bounty amounts a number of times. Nine years ago, the rewards ranged from $500 to $1337 … More →
HackerOne, the leading hacker-powered security platform, announced it will partner with the Government Technology Agency of Singapore (GovTech) and the Cyber Security Agency of Singapore (CSA), to work with hackers from all over the world to further protect Singapore citizens by testing public-facing government systems. This is HackerOne’s third bug bounty initiative with the Singapore Government, following successful prior programs with GovTech and MINDEF Singapore. The bug bounty initiative will invite a select group of … More →
Like many before him, Amit Serper started his cybersecurity career in one of Israel’s intelligence agencies. Nine years later, he left for the private sector: he joined Cybereason, a cyber security company started by former colleagues which specializes in endpoint (EDR) and managed detection and response (MDR). When he started there as a senior security researcher, then progressed to different research roles. Today, he’s the company’s head of security research, leading Nocturnus, its advanced global … More →
The past two years have seen an explosion in the number of software vulnerabilities being published, jumping from 6,447 in 2016 to 14,714 in 2017. Seeing as 2018 beat out the previous year with 16,521 CVEs reported, we should prepare ourselves for plenty of patching ahead in 2019. While factors like the adoption of automated Application Security Testing (AST) tools by more vendors and the absolute growth of code are definitely playing a bigger role … More →
Here’s an overview of some of last week’s most interesting news and articles: The attack surface is growing faster than it has at any other point in the history of technology Avast launched its annual Threat Landscape Report, detailing the biggest security trends facing consumers in 2019 as collected by the Avast Threat Labs team. Four cybersecurity trends every CIO should know The cybersecurity landscape in 2019 will likely bolster bigger, more complex threats and … More →
After setting up a bug bounty program for VLC Media Player in late 2017, the European Commission (EC) has announced the launch of 14 new ones that will cover other free and open source software used by European Union institutions. The list of target software is as follows: Filezilla (FTP app) Apache Kafka (stream-processing software platform) Notepad++ (text/source code editor) PuTTY (terminal emulator, network file transfer app) VLC Media Player FLUX TL (the Transportation Layer … More →
HackerOne has expanded its online hacker training program, Hacker101 through a partnership with cybersecurity training company HackEDU. Hacker101 is giving away the sandboxed training environments, modeled after five real-world vulnerability reports. HackerOne and HackEDU are committed to empowering the hacker community by providing access to training materials. The new HackEDU-developed vulnerability sandboxes are the latest in their interactive coursework available to hackers and join existing Hacker101 interactive content, coursework and capture the flag (CTF) challenges. … More →
