Collaborate Disseminate
Guardicore Infection Monkey now maps its actions to MITRE ATT&CK knowledge base The latest version of Guardicore Infection Monkey now maps its actions to the MITRE ATT&CK knowledge base, providing a new report with the utilized techniques and… Continue reading New infosec products of the week: May 1, 2020
Leveraging Bugcrowd’s global network of uniquely-skilled and proven pen testers, Bugcrowd Classic Pen Test adds to the company’s Pen Test Portfolio, helping organizations reduce testing timelines while meeting critical compliance requirements and adher… Continue reading Bugcrowd Classic Pen Test: Increase pen testing speed, scale and quality
In order to help global organizations of all sizes address cybersecurity during the COVID-19 pandemic, a number of vendors provide free (time-limited) access to their solutions. All of the offers below are available immediately, and they cover a number… Continue reading Cybersecurity during the pandemic: Try these security solutions for free!
Overall, across all retail programs, more than 18 percent of all bug bounty submissions are critical in severity, a new Bugcrowd report found. Continue reading ThreatList: Most Retail Hardware Bug Bounty Flaws Are Critical
While much of the attention around California’s recently passed Assembly Bill 5 (AB5) has focused on the future for Uber and Lyft drivers, bug bounty contractors working in California could also argue they’re covered under the law when it goes into effect next year. California Gov. Gavin Newsom on Sept. 18 signed AB5, which changes how employers can classify independent contractors and employees. Bug bounty firms rely on freelance hackers to use their platforms and identify or help mitigate software vulnerabilities. Many government agencies and Fortune 500 companies use the platforms — and the cheap labor that comes with it — as a way to close a portion of their cybersecurity gaps. The extent to which the law, which goes into effect Jan. 1, is applicable to bug bounty freelancers will hinge on an individual’s specific professional situation, employment attorneys told CyberScoop. Yet, the grey area in which these freelance […]
The post California’s new labor law is going to impact bug bounty companies. By how much is unknown. appeared first on CyberScoop.
Say what you will about Apple, but the company certainly knows how to get the security community fired up. Ivan Kristic, Apple’s head of security engineering, announced Aug. 8 at the Black Hat security conference that the company would offer up to $1 million, or $1.5 million under specific conditions, to hackers who disclosed new ways of infiltrating the iPhone’s operating system. That million-dollar promise instantly earned praise as the highest bug bounty offer from a technology company, and seemed to indicate the notoriously inaccessible company was becoming more transparent. The weeks since, though, have demonstrated that the stakes are higher for Apple than initially understood. The company’s stellar security reputation took a hit when Google’s Project Zero announced that hackers had spent two years targeting thousands of iPhones by combining 14 vulnerabilities into five exploit chains that allowed them to spy victims with few limitations. Now, researchers and bug bounty participants […]
The post Apple’s $1 million bug bounty makes a lot more sense after that iOS hacking spree appeared first on CyberScoop.
Continue reading Apple’s $1 million bug bounty makes a lot more sense after that iOS hacking spree
The first-ever aviation “village” at the DEF CON security conference has an F-35 fighter jet simulator among its hacking targets, but that’s not the only reason the Defense Digital Service’s newly minted chief, Brett Goldstein, is hanging around this corner of the convention hall in Las Vegas. The agency sees it as a recruiting opportunity, too. “In this room and throughout the convention is some of the best security talent in the world,” Goldstein tells CyberScoop. “This is a win for me if I can spark the imagination of this community, get them to understand we want to collaborate with them, that the problem space is fascinating, and this is something they should think about.” Right now the DDS, which ran its first bug bounty program in 2016, has approximately 70 employees, some of which are civilians and some of which are active-duty military. But they rotate in and out approximately […]
The post At DEF CON’s aviation village, the military is interested in more than just the hacks appeared first on CyberScoop.
Black Hat USA 2019 is underway in Las Vegas. Here are a few photos from the Business Hall and the Arsenal. Featured companies: Bugcrowd, Sumo Logic, Devo Technology, Akamai, Rapid7, Qualys, Irdeto.
The post Photo gallery: Black Hat USA 2019, part two a… Continue reading Photo gallery: Black Hat USA 2019, part two
Arkose Labs, the leading provider of advanced fraud prevention technology for the world’s most targeted enterprises, announced an exclusive private bug bounty program with Bugcrowd, the #1 crowdsourced security platform. The program will enable a conti… Continue reading Arkose Labs unveils private bug bounty program with Bugcrowd, enabling fraud prevention system strenght
Threatpost catches up with David Baker, the chief security officer at Bugcrowd, about the future of bug bounty programs. Continue reading Implementing Bug Bounty Programs: The Right and Wrong Approaches