Collaborate Disseminate
I noticed a lot of companies do not have social engineering as in-scope of bug bounties/responsible disclosure guidelines, even though it is often used in real-world attacks. I understand that for popular bug bounty programs the amount of … Continue reading Why is social engineering often excluded from bug bounties?
By Sudais Asif
The researcher hacked Facebook after identifying and exploiting Unauthenticated RCE on MobileIron’s Mobile Device Management (MDM).
This is a post from HackRead.com Read the original post: Researcher hacked Facebook by exploiting flaws i… Continue reading Researcher hacked Facebook by exploiting flaws in MobileIron MDM
Vulnerability-disclosure policies (VDPs), if done right, can help provide clarity and clear guidelines to both bug-hunters and vendors when it comes to going public with security flaws. Continue reading It’s No ‘Giggle’: Managing Expectations for Vulnerability Disclosure
The most concerning of the disclosed bugs would allow an attacker to take over Microsoft Exchange just by sending an email. Continue reading Microsoft’s Patch Tuesday Packed with Critical RCE Bugs
A researcher discovered a cross-site scripting flaw in Google Map’s export function, which earned him $10,000 in bug bounty rewards. Continue reading Bug in Google Maps Opened Door to Cross-Site Scripting Attacks
Cybersecurity researchers Brian Gorenc and Dustin Childs talk about the biggest vulnerability disclosure challenges in IoT and the industrial vertical. Continue reading Vulnerability Disclosure: Ethical Hackers Seek Best Practices
If the social-media behemoth finds a bug in another platform’s code, the project has 90 days to remediate before Facebook goes public. Continue reading Facebook Debuts Third-Party Vulnerability Disclosure Policy
The top award for flaws that allow cybercriminals to abuse legitimate services has increased by 166 percent. Continue reading Google Ups Product-Abuse Bug Bounties
Google announced its decision to increase the reward amounts for product abuse risks reported through its bug bounty program. On September 1, Google employees Marc Henson and Anna Hupa announced that researchers could now receive up to $13,337 for repo… Continue reading Google Ups Bug Bounty Reward Amounts for Product Abuse Risks
U.S. agencies must implement vulnerability-disclosure policies by March 2021, according to a new CISA mandate. Continue reading U.S. Agencies Must Adopt Vulnerability-Disclosure Policies by March 2021