Category Archives: Casey Ellis

Taking a Neighborhood Watch Approach to Retail Cybersecurity

Posted on by

Bugcrowd CTO Casey Ellis covers new cybersecurity challenges for online retailers. Continue reading Taking a Neighborhood Watch Approach to Retail Cybersecurity

How the Pandemic is Reshaping the Bug-Bounty Landscape

Posted on by

Bugcrowd Founder Casey Ellis talks about COVID-19’s impact on bug bounty hunters, bug bounty program adoption and more. Continue reading How the Pandemic is Reshaping the Bug-Bounty Landscape

Apple’s $1 million bug bounty makes a lot more sense after that iOS hacking spree

Posted on by

Say what you will about Apple, but the company certainly knows how to get the security community fired up. Ivan Kristic, Apple’s head of security engineering, announced Aug. 8 at the Black Hat security conference that the company would offer up to $1 million, or $1.5 million under specific conditions, to hackers who disclosed new ways of infiltrating the iPhone’s operating system. That million-dollar promise instantly earned praise as the highest bug bounty offer from a technology company, and seemed to indicate the notoriously inaccessible company was becoming more transparent. The weeks since, though, have demonstrated that the stakes are higher for Apple than initially understood. The company’s stellar security reputation took a hit when Google’s Project Zero announced that hackers had spent two years targeting thousands of iPhones by combining 14 vulnerabilities into five exploit chains that allowed them to spy victims with few limitations. Now, researchers and bug bounty participants […]

The post Apple’s $1 million bug bounty makes a lot more sense after that iOS hacking spree appeared first on CyberScoop.

Continue reading Apple’s $1 million bug bounty makes a lot more sense after that iOS hacking spree

Tesla offers ‘goodwill’ to security researchers hacking its cars

Posted on by

Go ahead and hack that car in peace. In a move greeted happily by cybersecurity researchers around the world, the electric-automobile company Tesla announced that hacking the company’s software as part of “good-faith security research” will not void your warranty. The announcement is part of a “goodwill” revamping of Tesla’s vulnerability disclosure program to allow research without risking legal action, a voided warranty or a broken car — as long as hackers play by the rules. As long as your work complies with our bug bounty policy, Tesla will not void your warranty if you hack our software https://t.co/HhibE1UpRC https://t.co/NIISSrrViD — Tesla (@Tesla) September 5, 2018 “Tesla values the work done by security researchers in improving the security of our products and service offerings,” the company’s vulnerability disclosure page reads. “We are committed to working with this community to verify, reproduce, and respond to legitimate reported vulnerabilities. We encourage the community […]

The post Tesla offers ‘goodwill’ to security researchers hacking its cars appeared first on Cyberscoop.

Continue reading Tesla offers ‘goodwill’ to security researchers hacking its cars

Bugcrowd raises $26 million in latest funding round

Posted on by

The expansion of the bug-bounty industry continues as Bugcrowd announced Thursday that it is bringing in $26 million in its latest round of venture capital funding. The San Francisco-based company has seen consistent growth since its inception in 2012. It says that in the last quarter alone, it grew its base of commercial and Fortune 500 customers, opened new offices in London and Sydney and added to its leadership team. Bugcrowd has now raised about $50 million in venture capital funding. The Series C funding was led by Triangle Peak Partners, a venture capital firm that focuses on software and security. Triangle Peak’s president and co-founder, Dain DeGroff, will also be joining Bugcrowd’s board of directors. “Bugcrowd has built a successful business model addressing a growing and critical need,” DeGroff said in a press release. “Their deep relationships with the researcher community and expertise managing crowdsourced programs make Bugcrowd a strategic asset […]

The post Bugcrowd raises $26 million in latest funding round appeared first on Cyberscoop.

Continue reading Bugcrowd raises $26 million in latest funding round

DOJ examines controversial new ‘hack back’ bill

Posted on by

Washington is waiting and watching for the Department of Justice to weigh in on the newly introduced Active Cyber Defence Certainty (ACDC) Act, a controversial proposal to legalize companies’ ability to “hack back” after being targeted in cyberattacks. Speaking at CyberTalks in Washington, D.C., on Wednesday, DOJ special counsel Leonard Bailey said the department is still looking at the House bill, and he commended co-sponsors Tom Graves, R-Ga. and Kyrsten Sinema, D-Ariz. for taking a years-long discussion “and actually producing legislative text.” “We look forward to thinking about that and figuring out what that balance looks like,” Bailey said. The DOJ’s position on ACDC is crucial because the bill would amend the Computer Fraud and Abuse Act (CFAA) as well as requiring law enforcement oversight and reports to the government by “entities that use active-defense techniques,” Graves explained last week when the newest version of the bill was introduced. NSA Director Adm. Mike Rogers warned Congress in May […]

The post DOJ examines controversial new ‘hack back’ bill appeared first on Cyberscoop.

Continue reading DOJ examines controversial new ‘hack back’ bill

WikiLeaks Dumps Docs on CIA’s Hacking Tools

Posted on by

WikiLeaks on Tuesday dropped one of its most explosive word bombs ever: A secret trove of documents apparently stolen from the U.S. Central Intelligence Agency (CIA) detailing methods of hacking everything from smart phones and TVs to compromising Internet routers and computers. KrebsOnSecurity is still digesting much of this fascinating data cache, but here are some first impressions based on what I’ve seen so far. Continue reading WikiLeaks Dumps Docs on CIA’s Hacking Tools