Splunk, White Hat, and Palo Alto – Enterprise Security Weekly #110

Splunk unveils first IoT platform for customers, Palo Alto Networks acquires RedLock to build out Cloud Security Tech, KnowBe4 boosts security awareness training with Virtual Risk Officer, Symantec brings workload assurance security to the Cloud, and m… Continue reading Splunk, White Hat, and Palo Alto – Enterprise Security Weekly #110

What is the responsible thing to do when I care about a vulnerability more than the team behind the system? [duplicate]

I’ve encountered a security vulnerability in a website. The website is that of a leading brand in it’s industry. There are user accounts etc. and this website is very popular.

I’ve contact multiple people from their development/IT team, but no reply (they’ve read the message).

Do I leave it as it is? Knowing that the public are potentially at risk by using a site that is less than secure?

Is this what filing a CVS/CVE issue is for? Or does that not fit into this at all and I should leave things as they are?

Continue reading What is the responsible thing to do when I care about a vulnerability more than the team behind the system? [duplicate]

Uber updates bug bounty program, adds bonus for proof-of-concept (POC)

Ridesharing service Uber has announced some changes to its bug bounty program, including a new set of terms and conditions, as well as new monetization opportunities for white hatters. First off, some stats. Since August 2017, Uber has rewarded ethical… Continue reading Uber updates bug bounty program, adds bonus for proof-of-concept (POC)

Bug bounty program offers $100 million for ‘ethical hackers’ to earn by 2020

HackerOne has put $100 million up for grabs in bug bounty rewards for “ethical hackers” over the next two years, the bug bounty platform said in a press release announcing the results of its 2018 Hacker Report. Many other programs are also … Continue reading Bug bounty program offers $100 million for ‘ethical hackers’ to earn by 2020

Bug bounty program offers $100 million for ‘ethical hackers’ to earn by 2020

HackerOne has put $100 million up for grabs in bug bounty rewards for “ethical hackers” over the next two years, the bug bounty platform said in a press release announcing the results of its 2018 Hacker Report. Many other programs are also … Continue reading Bug bounty program offers $100 million for ‘ethical hackers’ to earn by 2020

Is demanding a "donation" before disclosing vulnerabilities black hat behavior? [on hold]

We have been contacted by an “independent security researcher” through the Open Bug Bounty project. First communications were quite OK, and he disclosed the vulnerability found. We patched the hole and said “thank you”, but d… Continue reading Is demanding a "donation" before disclosing vulnerabilities black hat behavior? [on hold]

Printer Vulnerabilites Almost as Bad as IoT

Recently ZDNet and Gizmodo published articles outlining a critical flaw in a large array of personal printers. While the number of printers with this flaw is staggering, the ramifications are even more impressive. Ultimately, any of these printers could have documents sent to them stolen even if the document was only intended to be printed as a hard copy.

Luckily the people responsible for this discovery are white-hat in nature, and the release of this information has been made public so the responsible parties can fix the security flaws. Whether or not the “responsible party” is the manufacturer of the …read more

Continue reading Printer Vulnerabilites Almost as Bad as IoT