Collaborate Disseminate
The alleged, now indicted ringleader paid more than $1m in bribes to insiders who planted malware and hardware for remote unlocking. Continue reading More than 2m AT&T phones illegally unlocked by bribed insiders
HackerOne, the global leader in hacker-powered security, announced that it has achieved ISO/IEC 27001:2013 certification, the most widely recognized international standard outlining best practices for information security management systems. The ISO 27… Continue reading HackerOne attains ISO/IEC 27001:2013 certification
HackerOne, the leading hacker-powered security platform, announced it will partner with the Government Technology Agency of Singapore (GovTech) and the Cyber Security Agency of Singapore (CSA), to work with hackers from all over the world to further pr… Continue reading HackerOne and Singapore Government tapping the skilled hacker community to approach security testing
Web analytics firm plugs a hole in its platform that allowed attackers to open a reverse shell that could be used to attack the service. Continue reading SEMrush Plugs Remote Code Execution Bug in Its SaaS Platform
Amidst the PR glitz and popularity of bug bounty programs, experts worry that actual smart security strategy is being left behind. Continue reading Amid Bug Bounty Hype, Sometimes Security is Left in the Dust
Revive Adserver patches two vulnerability, one of which may have been used to allow hackers to deliver malware to third-party websites. Continue reading Ad Server Patched to Stop Possible Malware Distribution
A popular form of crowdsourcing might have a problem with the size of its crowd. Most of the high-value digital security vulnerabilities reported to bug-bounty programs are found by just a fraction of the freelance researchers who participate in those contests, recent reports show, suggesting that there are not enough skilled bounty hunters to handle the available work. The trend has big implications for an industry that has come to expect regular growth over the past half-decade. For the companies, it means their customers — corporations such as Fiat Chrysler, LinkedIn, Starbucks and others — are paying to hear about lots of low-severity bugs while more critical problems potentially remain undiscovered. The latest numbers come from the 2019 Hacker Report by HackerOne, one of the leading bug bounty platforms along with Bugcrowd and Synack. Seventy-two percent of the hackers polled by HackerOne said they preferred to probe for vulnerabilities in websites. Compare that to the 3.5 percent who […]
The post Why bug bounty firms want to be penetration testing companies appeared first on CyberScoop.
Continue reading Why bug bounty firms want to be penetration testing companies
An Argentinian has garnered $1m in bug bounties, while a German researcher has given up on getting any bounty at all from Apple. Continue reading Apple gets bug for free, while world sees first $1m bug hunter
He is also the all-time top-ranked hacker on HackerOne’s leaderboard, out of more than 330,000 hackers competing for the top spot. Continue reading Teen Becomes First to Earn $1M in Bug Bounties with HackerOne
By Carolina
Argentina’s Santiago Lopez is now a millionaire due to his prowess on identifying flaws in online services as well as software. The ethical hacker who uses the moniker @try_to_hack became part of HackerOne’s bug bounty program in 2015 and s… Continue reading 19-year-old ethical hacker is a millionaire now; thanks to his skills