Collaborate Disseminate
The move is a distinct change in direction for the app, which has been criticized and even banned for its security practices. Continue reading TikTok Launches Bug Bounty Program Amid Security Snafus
TikTok announced a global bug bounty program Thursday amid an ongoing court battle to continue operating in the U.S. The program, a partnership with HackerOne, is an expansion of a more limited vulnerability disclosure program for the popular video-sharing app. “This partnership will help us to gain insight from the world’s top security researchers, academic scholars and independent experts to better uncover potential threats and make our security defenses even stronger,” TikTok wrote in a blog post. Researchers who uncover vulnerabilities can make between $50 and $14,800, depending on the severity of the flaw. TikTok has previously worked with security research companies to fix flaws they found. A range of high profile companies have relied on bug bounty programs to solicit reports about vulnerabilities for which internal security personnel failed to account. Often, success depends on the firms’ ability to fix those flaws, and reward outside researchers in a way that doesn’t […]
The post TikTok unveils bug bounty program, scraps with US government in court over looming ban appeared first on CyberScoop.
At SAS@Home, Luta Security CEO Katie Moussouris stressed that bug bounty programs aren’t a ‘silver bullet’ for security teams. Continue reading Grindr’s Bug Bounty Pledge Doesn’t Translate to Security
A group of high-profile cybersecurity specialists doesn’t want mobile voting firm Voatz to have the last word before the Supreme Court takes up a case with major implications for computer research. The security practitioners, including computer scientists and vulnerability disclosure experts, on Monday criticized Voatz’s argument that a federal anti-hacking law should only authorize researchers with clear permission to probe computer systems for vulnerabilities. An amicus brief filed by Voatz earlier this month, the security specialists charged, “fundamentally misrepresents widely accepted practices in security research and vulnerability disclosure.” At issue is the Computer Fraud and Abuse Act (CFAA), a more than 30-year-old law that legal experts say could be abused to target good-faith researchers who break systems while trying to them more secure. The Supreme Court is set to consider whether corporate terms of service can be considered an inviolable boundary under the CFAA when it resumes in October. Legal experts and technologists see the […]
The post Security researchers slam Voatz brief to the Supreme Court on anti-hacking law appeared first on CyberScoop.
Continue reading Security researchers slam Voatz brief to the Supreme Court on anti-hacking law
If the mobile voting firm Voatz actually is interested in working with security researchers who can examine their technology, the company sure has an odd way of showing it. Massachusetts-based Voatz on Thursday filed an amicus brief to the Supreme Court, arguing that only security researchers with clear permission should be authorized to probe systems for vulnerabilities. The filing came as part of a Supreme Court case in which justices are poised to reconsider the Computer Fraud and Abuse Act, a 1986 federal law that prohibits access to computers without the owner’s consent. Researchers have said the anti-hacking law is overly vague, and could criminalize activities ranging from innocuous internet habits, like sharing passwords, to important anti-discrimination research. A group of law scholars previously asked the court to allow ethical security tests. Voatz, which advertises an internet-based voting platform in a market dominated by more established voting machine manufacturers, has […]
The post Voatz urges Supreme Court to not protect ethical research from prosecution appeared first on CyberScoop.
Continue reading Voatz urges Supreme Court to not protect ethical research from prosecution
The RCE bug affects versions below 4.4 of the Slack desktop app. Continue reading Critical Slack Bug Allows Access to Private Channels, Conversations
30% of businesses globally have seen an increase in attacks on their IT systems as a result of the pandemic, HackerOne reveals. This is according to C-Level IT and security execs at global businesses, 64% of which believe their organization is more lik… Continue reading Expanding attack surfaces leave security teams stretched thin
Verizon Media has paid nearly $10 million to ethical hackers via HackerOne’s platform. Continue reading Verizon Media, PayPal, Twitter Top Bug-Bounty Rankings
By Deeba Ahmed
With 94 million active users, the PlayStation bug bounty program a necessity.
This is a post from HackRead.com Read the original post: Sony Announces PlayStation Bug Bounty Program
Continue reading Sony Announces PlayStation Bug Bounty Program
HackerOne announced the expansion of its penetration testing solution in Europe. This latest product from HackerOne compliments its existing offerings dedicated to helping organizations find and fix vulnerabilities before they can be exploited. HackerO… Continue reading HackerOne expands pentesting solution in Europe to help orgs find and fix vulnerabilities