Synack – Page 2 – WindowsTechs.com

Why bug bounty firms want to be penetration testing companies

Posted on April 12, 2019 by Jeff Stone

A popular form of crowdsourcing might have a problem with the size of its crowd. Most of the high-value digital security vulnerabilities reported to bug-bounty programs are found by just a fraction of the freelance researchers who participate in those contests, recent reports show, suggesting that there are not enough skilled bounty hunters to handle the available work. The trend has big implications for an industry that has come to expect regular growth over the past half-decade. For the companies, it means their customers — corporations such as Fiat Chrysler, LinkedIn, Starbucks and others — are paying to hear about lots of low-severity bugs while more critical problems potentially remain undiscovered. The latest numbers come from the 2019 Hacker Report by HackerOne, one of the leading bug bounty platforms along with Bugcrowd and Synack. Seventy-two percent of the hackers polled by HackerOne said they preferred to probe for vulnerabilities in websites. Compare that to the 3.5 percent who […]

The post Why bug bounty firms want to be penetration testing companies appeared first on CyberScoop.

Continue reading Why bug bounty firms want to be penetration testing companies→

Tech companies offered free products to help secure the election. Now what?

Posted on November 6, 2018 by Zaid Shoorbajee

The unprecedented foreign hacking and misinformation campaigns that were reported around the 2016 U.S. election cast a cloak of doubt over the integrity of the country’s democratic process. The threat sent government officials on the federal, state and local level scrambling to ensure that the country’s voting machines, voter registration systems, pollbooks, results-reporting websites and other election technology is ready for the midterm elections. Over the past few months, about a dozen technology companies have announced programs offering state and local election offices or political organizations free services to help them fend off looming threats, including email protection, extra security for cloud applications, basic antivirus coverage, multi-factor authentication tools and several other types of products. As elections in the U.S. are run by the states, securing a federal election requires a massive coordinated effort. The federal government has been playing a greater role to this end since 2016, but can only do so much without […]

The post Tech companies offered free products to help secure the election. Now what? appeared first on Cyberscoop.

Continue reading Tech companies offered free products to help secure the election. Now what?→

Pentagon Expands Bug-Bounty Program to Include Physical Systems

Posted on October 25, 2018 by Tara Seals

The news comes shortly after the DoD was called out for having rampant bugs in its weapons systems. Continue reading Pentagon Expands Bug-Bounty Program to Include Physical Systems→

Spurred by security incidents, DOT goes looking for its software flaws

Posted on September 7, 2018 by Sean Lyngaas

The Department of Transportation has recently completed a set of thorough security tests on software used in the Transportation Secretary’s office, yielding surprising results about the software’s vulnerabilities. The testing program, which was partly motivated by three cybersecurity incidents at the department in the last year, began with software “we thought was pretty rock-solid,” DOT CIO Vicki Hildebrand said. “[W]e were pretty sure we wouldn’t find vulnerabilities. And we did.” A team of researchers from security-testing company Synack carried out the assessment of the DOT software, which uncovered flaws in commercial products and networked systems. DOT’s security team worked with Synack to promptly fix the vulnerabilities, according to Mark Kuhr, Synack’s co-founder and CTO. Hildebrand, a former executive at Hewlett Packard Enterprise, said she wanted to expand the testing program to other parts of DOT’s vast IT enterprise. “There’s going to be a team approach to whacking these [vulnerabilities] as […]

The post Spurred by security incidents, DOT goes looking for its software flaws appeared first on Cyberscoop.

Continue reading Spurred by security incidents, DOT goes looking for its software flaws→

Here are all of the election security offerings from private companies

Posted on August 20, 2018 by Zaid Shoorbajee

With time running out before the midterm elections in November, many of the state and local election offices charged with running the polls are scrambling to secure their systems and protect them from cyberthreats. Much of their efforts are supported or guided by the Department of Homeland Security. The agency is providing jurisdictions with cybersecurity assessments, live exercises, penetration testing and facilitating information sharing, among other things. States also have a collective $380 million fund from Congress that they can use for election security and other improvements. Meanwhile, a number of technology companies have taken notice of the election security issue and are offering assistance to election-related entities. Some of the offerings are free, while others are discounted. Some of companies, like DHS, focus on helping the state and local offices that run the country’s elections. Others are offering their services to political organizations, like campaigns and political action committees […]

The post Here are all of the election security offerings from private companies appeared first on Cyberscoop.

Continue reading Here are all of the election security offerings from private companies→

Synack offers free penetration testing for election systems ahead of 2018 midterms

Posted on June 5, 2018 by Chris Bing

One of the largest bug bounty firms in the business has launched an initiative that will allow any Secretary of State to test the security of election systems ahead of the 2018 midterm elections. Redwood City, Calif.-based Synack announced Tuesday its offering free crowdsourced remote penetration testing services to state and local governments until November. Synack co-founder Jay Kaplan told CyberScoop the idea came together after a series of meetings with government officials, including top executives at the Department of Homeland Security, that discussed how the private sector could be doing more to ward off digital meddling. After Synack’s services are completed, states and localities can harden their systems based on the test’s results. In a letter written to all 50 Secretaries of State, which was provided to CyberScoop, Kaplan wrote: “Staying one step ahead of the adversary is critical to success. Our pro bono services look for vulnerabilities in […]

The post Synack offers free penetration testing for election systems ahead of 2018 midterms appeared first on Cyberscoop.

Continue reading Synack offers free penetration testing for election systems ahead of 2018 midterms→

How To Remove SynAck Virus Infections and Restore Your PC

Posted on May 9, 2018 by Martin Beltov

SynAck virus is an advanced ransomware threat that has been identified in a targeted attack. The security analysis reveals that it contains potent features making it a one of the most dangerous new viruses. We anticipate that future versions of…Read … Continue reading How To Remove SynAck Virus Infections and Restore Your PC→

Variant of SynAck Malware Adopts Doppelgänging Technique

Posted on May 7, 2018 by Tom Spring

Ransomware adopts Process Doppelgänging technique to avoid antivirus researchers and avoid detection in a newly identified malware double threat targeting users in the U.S., Kuwait and Germany. Continue reading Variant of SynAck Malware Adopts Doppelgänging Technique→

Threatpost News Wrap, September 29, 2017

Posted on September 29, 2017 by Chris Brook

The macOS Keychain attack, Signal’s new private contact discovery service, the Deloitte hack, and a handful of mobile stock trading app vulnerabilities are discussed. Continue reading Threatpost News Wrap, September 29, 2017→

Gatekeeper Alone Won’t Mitigate Apple Keychain Attack

Posted on September 27, 2017 by Michael Mimoso

Apple said that macOS’ native Gatekeeper security feature would protect against a Keychain attack disclosed this week, but researcher Patrick Wardle said that won’t help against Mac malware signed with an Apple certificate. Continue reading Gatekeeper Alone Won’t Mitigate Apple Keychain Attack→