Most Orgs Would Take Security Bugs Over Ethical Hacking Help
A new survey suggests that security is becoming more important for enterprises, but they’re still falling back on old "security by obscurity" ways. [...]
Showing only posts tagged Bug Bounty. Show all posts.
Public Exploit Released for Windows 10 Bug
The vulnerability affects all unpatched Windows 10 versions following a messy Microsoft January update. [...]
Apple Pays $100.5K Bug Bounty for Mac Webcam Hack
The researcher found that he could gain unauthorized camera access via a shared iCloud document that could also "hack every website you've ever visited." [...]
Zerodium Spikes Payout for Zero-Click Outlook Zero-Days
The sweetened deal came on the same day that Trustwave SpiderLabs published a new way to bypass Outlook security to deliver malicious links to victims. [...]
Organizations Face a ‘Losing Battle’ Against Vulnerabilities
Companies must take more ‘innovative and proactive’ approaches to security in 2022 to combat threats that emerged last year, researchers said. [...]
U.S. Ban on Sales of Cyberattack Tools Is Anemic, Experts Warn
Meanwhile, Zerodium's quest to buy VPN exploits is problematic, researchers said. [...]
Researcher refuses Telegram’s bounty award, discloses auto-delete bug
Enlarge (credit: Joshua Sortino ) Telegram patched another image self-destruction bug in its app earlier this year. This flaw was a different issue from the one reported in 2019. But the researcher who reported the bug isn't pleased with Telegram's months-long turnaround time—and an offered $1,159 (€1,000 …
Pair of Google Chrome Zero-Day Bugs Actively Exploited
The security vulnerabilities bring the web behemoth up to 10 browser zero-days found so far this year. [...]
Microsoft Translation Bugs Open Edge Browser to Trivial UXSS Attacks
The bug in Edge's auto-translate could have let remote attackers pull off RCE on any foreign-language website just by sending a message with an XSS payload. [...]
How to Get into the Bug-Bounty Biz: The Good, Bad and Ugly
Experts from Intel, GitHub and KnowBe4 weigh in on what you need to succeed at security bug-hunting. [...]
Google Project Zero Cuts Bug Disclosure Timeline to a 30-Day Grace Period
The zero-day flaw research group has revised its disclosure of the technical details of vulnerabilities in the hopes of speeding up the release and adoption of fixes. [...]
Microsoft Offers Up To $30K For Teams Bugs
A bug-bounty program launched for the Teams desktop videoconferencing and collaboration application has big payouts for finding security holes. [...]
MangaDex Site Offline Following Hacking Incident
A cyberattacker taunted the site about open security vulnerabilities, prompting a code review. [...]
Cybersecurity Bug-Hunting Sparks Enterprise Confidence
A survey from Intel shows that most organizations prefer tech providers to have proactive security, but few meet security expectations. [...]
Supply-Chain Hack Breaches 35 Companies, Including PayPal, Microsoft, Apple
Ethical hacker Alex Birsan developed a way to inject malicious code into open-source developer tools to exploit dependencies in organizations internal applications. [...]
Bugs in Firefox, Chrome, Edge Allow Remote System Hijacking
Major browsers get an update to fix separate bugs that both allow for remote attacks, which could potentially allow hackers to takeover targeted devices. [...]