Category Archives: bug bounty

TikTok unveils bug bounty program, scraps with US government in court over looming ban

Posted on by

TikTok announced a global bug bounty program Thursday amid an ongoing court battle to continue operating in the U.S. The program, a partnership with HackerOne, is an expansion of a more limited vulnerability disclosure program for the popular video-sharing app. “This partnership will help us to gain insight from the world’s top security researchers, academic scholars and independent experts to better uncover potential threats and make our security defenses even stronger,” TikTok wrote in a blog post. Researchers who uncover vulnerabilities can make between $50 and $14,800, depending on the severity of the flaw. TikTok has previously worked with security research companies to fix flaws they found. A range of high profile companies have relied on bug bounty programs to solicit reports about vulnerabilities for which internal security personnel failed to account. Often, success depends on the firms’ ability to fix those flaws, and reward outside researchers in a way that doesn’t […]

The post TikTok unveils bug bounty program, scraps with US government in court over looming ban appeared first on CyberScoop.

Continue reading TikTok unveils bug bounty program, scraps with US government in court over looming ban

Are Bug Bounty Programs Worth It?

Posted on by

Bug bounty programs are on the rise, and participating security researchers earned big bucks as a result. According to a report released by HackerOne in February 2020, hackers had collectively earned approximately $40 million from those programs in 2019. This amount is nearly equal to the bounty totals hackers received for all preceding years combined. […]

The post Are Bug Bounty Programs Worth It? appeared first on Security Intelligence.

Continue reading Are Bug Bounty Programs Worth It?

Researchers’ experience with Apple offers peek at ‘confusing’ vulnerability award process

Posted on by

Five researchers who found 55 vulnerabilities in Apple’s online services and assets, some of which were critical vulnerabilities, received nearly $300,000 from the Silicon Valley giant Thursday – but it was a journey to get there. At first, the researchers were only paid a fraction of that, and the road to a larger payment — which appears to align more with typical Apple vulnerability research rewards — has been frustrating and confusing, according to one of the researchers involved. The experience offered a window into Apple’s relatively nascent bug bounty initiative, in its infancy compared to other major tech companies’ programs after just fully opening to the public just last year. The vulnerabilities, which the researchers investigated over the last three months, included 11 critical and 29 high-severity flaws. One would allow attackers to compromise victims’ iCloud accounts without any user interaction. Another would allow remote code execution via authorization and authentication bypass. Apple said it does not appear that […]

The post Researchers’ experience with Apple offers peek at ‘confusing’ vulnerability award process appeared first on CyberScoop.

Continue reading Researchers’ experience with Apple offers peek at ‘confusing’ vulnerability award process

55 Apple vulnerabilities risked iCloud account takeover, data theft

Posted on by

By Sudais Asif
These critical vulnerabilities were reported to Apple by a team of young cyber security researchers.
This is a post from HackRead.com Read the original post: 55 Apple vulnerabilities risked iCloud account takeover, data theft
Continue reading 55 Apple vulnerabilities risked iCloud account takeover, data theft

Wormable Apple iCloud Bug Allows Automatic Photo Theft

Posted on by

Ethical hackers so far have earned nearly $300K in payouts from the Apple bug-bounty program for discovering 55 bugs, 11 of them critical, during a three-month hack. Continue reading Wormable Apple iCloud Bug Allows Automatic Photo Theft

Grindr’s Bug Bounty Pledge Doesn’t Translate to Security

Posted on by

At SAS@Home, Luta Security CEO Katie Moussouris stressed that bug bounty programs aren’t a ‘silver bullet’ for security teams. Continue reading Grindr’s Bug Bounty Pledge Doesn’t Translate to Security

305 CVEs and Counting: Bug-Hunting Stories From a Security Engineer

Posted on by

Larry Cashdollar, senior security response engineer at Akamai, talks about the craziest stories he’s faced, reporting CVEs since 1994. Continue reading 305 CVEs and Counting: Bug-Hunting Stories From a Security Engineer

HP expands its Bug Bounty Program to focus on office-class print cartridge security vulnerabilities

Posted on by

HP has expanded its Bug Bounty Program to focus specifically on office-class print cartridge security vulnerabilities. The program underscores HP’s commitment to delivering defense- in-depth across all aspects of printing—including supply chain, cartri… Continue reading HP expands its Bug Bounty Program to focus on office-class print cartridge security vulnerabilities