Collaborate Disseminate
An unnamed firm is paying up to $250,000 for vulnerabilities related to its virtualization platform. Continue reading Mystery Company Offers $250,000 Bounty for VM Escape Vulnerabilities
Thousands of security researchers will be incentivized to identify critical software vulnerabilities within Dash’s code and present them to the Dash Core Team for remediation. Commencing in August, Dash will employ a private bug bounty program through Bugcrowd, tapping into a curated, invite-only crowd to find Dash vulnerabilities, and then, in line with the rollout of Evolution, expand to a public program with over 60,000 registered security experts. The Dash bug bounty Jim Bursch, director … More → Continue reading Dash invites researchers to hack their blockchain
It’s basic economics: When supply drops but demand keeps rising, price goes up. It’s no different for pieces of information that give cyberattackers big advantages. The number of zero day exploits revealed in the wild fell for a third straight year in 2016, pushing the prices for them skyward and driving attackers to use alternative tactics, according to new research from Symantec. The total number of zero days exploited — a “zero day” is a software vulnerability that hasn’t been disclosed to the vendor and thus hasn’t been patched — dropped to 3,986 in 2016, Symantec said. That number was as high as 4,985 in 2014. Meanwhile, demand for zero days is as high as it’s ever been. Zero days discovered by security researchers are purchased by a wide variety of parties including militaries, intelligence agencies, law enforcement, software vendors, cybercriminals and military contractors. Their intentions also vary widely: Some buyers want to fix and defend software, others want to mount […]
The post Zero day exploits are rarer and more expensive than ever, Symantec says appeared first on Cyberscoop.
Continue reading Zero day exploits are rarer and more expensive than ever, Symantec says
WikiLeaks on Tuesday dropped one of its most explosive word bombs ever: A secret trove of documents apparently stolen from the U.S. Central Intelligence Agency (CIA) detailing methods of hacking everything from smart phones and TVs to compromising Internet routers and computers. KrebsOnSecurity is still digesting much of this fascinating data cache, but here are some first impressions based on what I’ve seen so far. Continue reading WikiLeaks Dumps Docs on CIA’s Hacking Tools
WikiLeaks on Tuesday dropped one of its most explosive word bombs ever: A secret trove of documents apparently stolen from the U.S. Central Intelligence Agency (CIA) detailing methods of hacking everything from smart phones and TVs to compromising Internet routers and computers. KrebsOnSecurity is still digesting much of this fascinating data cache, but here are some first impressions based on what I’ve seen so far. Continue reading WikiLeaks Dumps Docs on CIA’s Hacking Tools
Good news is rare in cybersecurity, but here’s some: Coordinated, responsible disclosure of software security gaps is increasingly the norm — and manufacturers are more and more willing to work with white-hat hackers who find bugs or flaws in their products. It’s a virtuous cycle — researchers and manufacturers working together to make products more secure — that government wonks […]
The post How Netgear and Trustwave built a virtuous cycle of vulnerability disclosure appeared first on Cyberscoop.
Continue reading How Netgear and Trustwave built a virtuous cycle of vulnerability disclosure
At RSA Conference 2017, Qualys and Bugcrowd announced joint development integrations allowing joint customers the ability to share vulnerability data across automated web application scanning and crowdsourced bug bounty programs. Many organizations’ security strategies have changed to a proactive approach, which includes both automation and human expertise to discover vulnerabilities. To reduce the escalating cost and effort of implementing multiple tools or programs, this joint integration between Bugcrowd Crowdcontrol and Qualys Cloud Platform brings together … More → Continue reading Qualys and Bugcrowd bring automation, crowdsourcing to web app security
Ransomware, insecure connected devices, bug bounties and governments buying bugs: All four ceased to be novelties in 2016; they’re all new normals for cybersecurity. Continue reading Four New Normals for 2017
Hackers of all stripes looking to test their mettle can now legally hone their cyber skills, tools and weaponry against any Web property operated by the U.S. Department of Defense, according to a new military-wide policy for reporting and fixing security vulnerabilities.
Security researchers are often reluctant to report programming flaws or security holes they’ve stumbled upon for fear that the vulnerable organization might instead decide to shoot the messenger and pursue hacking charges. But on Nov. 21, the DoD aimed to clear up any ambiguity on that front for the military’s substantial online presence, creating both a centralized place to report cybersecurity flaws across the dot-mil space as well as a legal safe harbor (and the prospect of public recognition) for researchers who abide by a few ground rules. Continue reading DoD Opens .Mil to Legal Hacking, Within Limits
Facebook quickly resolved a vulnerability in its Business Manager late last month that could have let an attacker take over any Facebook page.
Continue reading Facebook Fixes Vulnerability That Led to Account Takeover, Pays Researcher $16K