Collaborate Disseminate
In the news, Apple macOS Bug Reveals Passwords for APFS Encrypted Volumes in Plaintext, Windows 7 Meltdown patch opens worse vulnerability, Atlanta Hit by Ransomware Attack Impacting Multiple Services, and more on this episode of Paul’s Security Weekly… Continue reading Apple, Meltdown, & Atlanta Hackers – Paul’s Security Weekly #553
Netflix announced a public bug bounty program through Bugcrowd on Thursday, the latest win for an industry and a company that’s growing at an insane clip. Last month, Bugcrowd took in a $26 million round of funding after opening new offices in London and Sydney. Netflix has had a vulnerability disclosure program since 2013. Over the past five years, the program expanded in both scope and bounty size, including a $15,000 payout on an unspecified critical vulnerability. That amount continues to be the monetary ceiling for bounties under the public program. The decision to go public opens up the service to any vulnerability hunter signed up with Bugcrowd. That means the California-based streaming service joins everyone from the U.S. military to Mastercard and Twilio in launching a public bug bounty program. Merely having a program is rarely enough. In a climate where security researchers and journalists have been targeted by litigious tech firms, […]
The post Netflix launches a public bug bounty program appeared first on Cyberscoop.
Continue reading Netflix launches a public bug bounty program
Netflix opens up bug bounty program to all white hat hackers and ups the ante for bugs to as much as $15,000. Continue reading Netflix Opens Public Bug Bounty Program with $15K Payout Cap
The expansion of the bug-bounty industry continues as Bugcrowd announced Thursday that it is bringing in $26 million in its latest round of venture capital funding. The San Francisco-based company has seen consistent growth since its inception in 2012. It says that in the last quarter alone, it grew its base of commercial and Fortune 500 customers, opened new offices in London and Sydney and added to its leadership team. Bugcrowd has now raised about $50 million in venture capital funding. The Series C funding was led by Triangle Peak Partners, a venture capital firm that focuses on software and security. Triangle Peak’s president and co-founder, Dain DeGroff, will also be joining Bugcrowd’s board of directors. “Bugcrowd has built a successful business model addressing a growing and critical need,” DeGroff said in a press release. “Their deep relationships with the researcher community and expertise managing crowdsourced programs make Bugcrowd a strategic asset […]
The post Bugcrowd raises $26 million in latest funding round appeared first on Cyberscoop.
Continue reading Bugcrowd raises $26 million in latest funding round
A software vulnerability disclosure program recently launched by popular drone maker DJI has turned into a messy public relations battle pitting several security researchers against the growing Chinese technology firm. After DJI recently launched a bug bounty program, two researchers — Sean Malia and Kevin Finisterre — publicly disclosed vulnerabilities in DJI products. The revelations resulted in the company challenging each researcher’s findings and seemingly threatening one with a lawsuit tied to the Computer Fraud and Abuse Act. For researchers who have been poking and prodding DJI’s digital properties and products for about three months, Malia and Finisterre stories strike a familiar tone. Several researchers who approached DJI with information about evident vulnerabilities say the outcome has been less than satisfactory. DJI disputes aspects of some of these accounts, but experts say the firm has gone too far. “Many companies mistake a bug bounty program for a penetration test, in which the […]
The post How DJI fumbled its bug bounty program and created a PR nightmare appeared first on Cyberscoop.
Continue reading How DJI fumbled its bug bounty program and created a PR nightmare
Crowdsourced security penetration testing outfit Bugcrowd has released its second annual “Mind of a Hacker” report, to provide insight into bug hunters’ motivations and preferences, and help companies tailor their bug bounty initiatives so they can lead to better results for everyone. The most interesting insights gleaned from the answers of the 500 or so bug hunters who participated in the survey are as follows: They come from all over the world (216 countries), but … More → Continue reading What motivates bug hunters?
Washington is waiting and watching for the Department of Justice to weigh in on the newly introduced Active Cyber Defence Certainty (ACDC) Act, a controversial proposal to legalize companies’ ability to “hack back” after being targeted in cyberattacks. Speaking at CyberTalks in Washington, D.C., on Wednesday, DOJ special counsel Leonard Bailey said the department is still looking at the House bill, and he commended co-sponsors Tom Graves, R-Ga. and Kyrsten Sinema, D-Ariz. for taking a years-long discussion “and actually producing legislative text.” “We look forward to thinking about that and figuring out what that balance looks like,” Bailey said. The DOJ’s position on ACDC is crucial because the bill would amend the Computer Fraud and Abuse Act (CFAA) as well as requiring law enforcement oversight and reports to the government by “entities that use active-defense techniques,” Graves explained last week when the newest version of the bill was introduced. NSA Director Adm. Mike Rogers warned Congress in May […]
The post DOJ examines controversial new ‘hack back’ bill appeared first on Cyberscoop.
Continue reading DOJ examines controversial new ‘hack back’ bill
The operator of one of the leading bug bounty platforms, California-based Bugcrowd, announced Monday that it will be taking a new direction with a leadership change. Chief Executive Officer Casey Ellis is stepping down to become chairman and chief technology officer of the company, which he helped launch in 2012 and now employs more than 100 people. Bugcrowd has experienced rapid growth over the last several years, having secured a number of contracts with the U.S. government and multiple Fortune 500 companies. Bug bounty companies pool the services of independent security researchers. Under the niche industry’s unique crowdsourcing model, those freelance hackers are paid for finding bugs in clients’ systems. In an interview with CyberScoop, Ellis said he made the decision to bring in a experienced and successful businessman in Ashish Gupta, a former chief marketing officer and executive vice president with cybersecurity firm Infoblox, to run day-to-day operations because he believed that […]
The post Rapidly growing bug bounty company Bugcrowd names new CEO appeared first on Cyberscoop.
Continue reading Rapidly growing bug bounty company Bugcrowd names new CEO
Chinese drone maker Daijiang Innovation Corporation (DJI) launched a bug bounty program on Monday after the company’s products were banned by the U.S. Army about one month ago due to unspecified “cyber vulnerabilities.” DJI owns 70 percent of the global drone market, according to a 2016 analysis by Goldman Sachs and Oppenheimer. Analysts predict that the market will expand to $100 billion in five years. DJI also released several security updates and removed third-party plugins that did not meet security standards on Monday, based on a press release issued by the company. The Army ban pushed DJI to launch several additional security updates over the last month, including one patch that added the ability to disconnect a drone from the internet while it is flight. Customer concerns were ultimately the motivating factor that caused DJI to make changes to its software, Reuters previously reported. The newly announced bug bounty program offers rewards from […]
The post Chinese drone maker DJI launches bug bounty program after U.S. Army ban appeared first on Cyberscoop.
Continue reading Chinese drone maker DJI launches bug bounty program after U.S. Army ban
Mike Mimoso and Chris Brook discuss the news of the week including the return of the Mamba ransomware, APT trends, a mystery company’s 250K bug bounty, and a high schooler’s $10K bug bounty from Google. Continue reading Threatpost News Wrap, August 11, 2017