Collaborate Disseminate
GitHub, the world’s largest open source code repository and leading software development platform, has launched GitHub Security Lab. “Our team will lead by example, dedicating full-time resources to finding and reporting vulnerabilities in … Continue reading GitHub Security Lab aims to make open source software more secure
Ethical hackers have found nine “high severity” vulnerabilities and one “critical” vulnerability across Department of Defense proxies, virtual private networks, and virtual desktops through the “Hack the Proxy,” bug bounty program, the Department of Defense’s Defense Digital Service and HackerOne announced Monday. In addition to the high severity and critical vulnerabilities uncovered, “Hack the Proxy” found 21 “medium” or “low severity” vulnerabilities. Defense Digital Service and HackerOne spokespeople did not immediately return requests for comment on what kinds of vulnerabilities constitute as “high severity,” “critical,” or “medium/low severity.” The bug bounty program, sponsored by U.S. Cyber Command, zeroed in on finding vulnerabilities external to the Department of Defense Information Network that could enable foreign hackers to watch internal affairs at the Pentagon. This comes just a week after the National Security Agency issued an alert warning that multiple nation-state adversaries have been exploiting VPN vulnerabilities in Pulse Secure and Fortinet products, products which Chinese hackers known as “Manganese” or […]
The post Cyber Command’s bug bounty program uncovers more than 30 vulnerabilities appeared first on CyberScoop.
Continue reading Cyber Command’s bug bounty program uncovers more than 30 vulnerabilities
While much of the attention around California’s recently passed Assembly Bill 5 (AB5) has focused on the future for Uber and Lyft drivers, bug bounty contractors working in California could also argue they’re covered under the law when it goes into effect next year. California Gov. Gavin Newsom on Sept. 18 signed AB5, which changes how employers can classify independent contractors and employees. Bug bounty firms rely on freelance hackers to use their platforms and identify or help mitigate software vulnerabilities. Many government agencies and Fortune 500 companies use the platforms — and the cheap labor that comes with it — as a way to close a portion of their cybersecurity gaps. The extent to which the law, which goes into effect Jan. 1, is applicable to bug bounty freelancers will hinge on an individual’s specific professional situation, employment attorneys told CyberScoop. Yet, the grey area in which these freelance […]
The post California’s new labor law is going to impact bug bounty companies. By how much is unknown. appeared first on CyberScoop.
HackerOne, the leading hacker-powered pentest and bug bounty platform, announced $36.4M in Series D financing, bringing the company’s total funding amount to over $110M to-date. This new round of funding occurs against the backdrop of international ack… Continue reading HackerOne raises $36.4M to expand global market reach
HackerOne, the number one hacker-powered pentesting and bug bounty platform, announced the successful conclusion of its bug bounty challenge with the National University of Singapore (NUS). NUS is the first university in Singapore to actively incentivi… Continue reading HackerOne concludes its bug bounty challenge with the National University of Singapore
HackerOne, a hacker-powered pentesting and bug bounty platform, announced hackers earned more than $1.9 million in bounties during Las Vegas live hacking event, dubbed h1-702. Hackers found and reported 1,000 security flaws for participating companies…. Continue reading Hackers earn nearly $2 million in bounties during HackerOne’s live hacking event
If an app has more than 100 million installs, Google will pay for bugs, even if the app makers already have their own bounty programs. Continue reading Google throws bug bounty bucks at mega-popular third-party apps
Up to 25 percent of valid vulnerabilities found in bug bounty programs are classified as being of high or critical severity. Continue reading Six Hackers Have Now Pocketed $1M From Bug Bounty Programs
An elevation-of-privilege bug allows attackers to run any program on a target machine with high privileges. Continue reading Gamers Beware: Zero-Day in Steam Client Affects All Windows Users
It formalizes the reality: “pre-jailbroken” iPhones were already on the black market. Continue reading Apple will hand out unlocked iPhones to vetted researchers