HackDig : Dig high-quality web security articles

HackerOne insider fired for trying to claim other people’s bounties

The vulnerability disclosure platform HackerOne has revealed that one of their staff members had improperly accessed security reports for personal gain. The—now former—staff member approached HackerOne customers with vulnerabilities that belonged to users of the platform. HackerOne HackerOne acts as a mediator between white hat hackers that find sof
Publish At:2022-07-04 20:00 | Read:491 | Comments:0 | Tags:Reports bug bounty disclosure HackerOne insider threat rzlr

Expert earned $100,500 bounty to hack Apple MacBook webcam and microphone

Apple paid +$100K bounty for a macOS series of flaws that can allow threat actors to take over the microphone and camera. Apple last year addressed multiple macOS vulnerabilities discovered by the security researcher Ryan Pickren in the Safari browser that could allow threat actors to access users’ online accounts, microphone, and webcam. Pickren
Publish At:2022-01-31 10:20 | Read:1126 | Comments:0 | Tags:Breaking News Hacking Apple Bug Bounty information security

5 Things New with Bug Bounty Programs

On September 29, HackerOne announced the latest version of its Internet Bug Bounty (IBB) program. This initiative helped to coordinate the discovery of more than 1,000 security weaknesses in open-source software between 2013 and 2021. HackerOne’s latest version aims to expand the reach of the program even further by pooling defenses from existing bug
Publish At:2022-01-07 14:02 | Read:3618 | Comments:0 | Tags:Incident Response Risk Management Threat Hunting vulnerabili

HackDHS bug bounty program accepts reports of Log4j-related flaws in DHS systems

The DHS has announced that it is expanding the ‘Hack DHS’ bug bounty program to report for Log4J impacting its systems. The Department of Homeland Security (DHS) announced that white hat hackers can now report the impact of the Log4J on its systems as part of the ‘Hack DHS‘ bug bounty program. Below is the announcement of DHS S
Publish At:2021-12-23 06:23 | Read:2879 | Comments:0 | Tags:Breaking News Hacking Security Bug Bounty Hack DHS hacking n

The DHS is inviting hackers to break into its systems, but there are rules of engagement

The United States Department of Homeland Security (DHS) is inviting security researchers to uncover vulnerabilities and hack into its systems, in an attempt to better protect itself from malicious attacks.The DHS says that it is launching the “Hack DHS” bug bounty program to “identify potential cybersecurity vulnerabilities within certain D
Publish At:2021-12-16 09:57 | Read:1178 | Comments:0 | Tags:Government Bug Bounty bug bounty program DHS hack vulnerabil

Google triples bounty for new Linux Kernel exploitation techniques

Google is going to increase the bounty for finding and exploiting privilege escalation vulnerabilities in the Linux kernel. Good news for white hat hackers, Google is going to increase the bounty for demonstrating privilege escalation vulnerabilities in the Linux kernel. The payouts for privilege escalation exploits using a known vulnerability will be
Publish At:2021-11-02 12:19 | Read:1148 | Comments:0 | Tags:Breaking News Hacking Bug Bounty Google hacking news informa

Katie Moussouris hacked Clubhouse. Her emails went unanswered for weeks: Lock and Code S02E15

Nearly one year after the exclusive app Clubhouse launched on the iOS store, its popularity skyrocketed. The app, which is now out of beta, lets users drop into spontaneous audio conversations that, once they are over, are over. With COVID lockdown procedures separating many people around the world last year, Clubhouse offered its users immediate, unplanned,
Publish At:2021-08-16 13:53 | Read:2103 | Comments:0 | Tags:Podcast bug bounty bug bounty program clubhouse clubhouse ap

A week in security (August 2 – August 8)

Last week on Malwarebytes Labs: RDP brute force attacks explainedThe 3 biggest threats reaching for your antivirus software’s off switchZoom and gloom? Video comms org agrees to settle for $85mCOVID-19 vaccine appointment system attacked in ItalyChrome casts away the padlock – is it good riddance or farewell?NSA issues advice for securing wireless d
Publish At:2021-08-09 08:49 | Read:4072 | Comments:0 | Tags:A week in security a week in security amazon awis blog recap

GitHub paid out over $500K through its bug bounty program for 203 flaws in 2020

Code repository hosting service GitHub announced that it has paid out more than $1.5 million through its bug bounty program since 2016. Code repository hosting service GitHub announced that it has paid $524,250 through its bug bounty program for 203 vulnerabilities affecting its products and services in 2020. The company revealed that it paid more than $1
Publish At:2021-06-29 03:36 | Read:1900 | Comments:0 | Tags:Breaking News Security Bug Bounty Cybersecurity GitHub Hacki

Strike First: The Benefits of Working With an Ethical Hacker

With cybersecurity attacks on the rise, companies must explore new ways to stay one step ahead of threat actors. IDG Research Services found that 78% of IT leaders are not confident in their companies’ security postures, which lead 91% of organizations to increase cybersecurity funding for 2021. As part of this increased focus, many companie
Publish At:2021-05-31 13:58 | Read:1940 | Comments:0 | Tags:Risk Management Security Services Threat Hunting Bug Bounty

A week in security (April 19 – 25)

Last week on Malwarebytes Labs, we interviewed Youssef Sammouda, a 21-year-old bug bounty hunter who is focused on finding vulnerabilities on Facebook. We looked into the CodeCov supply-chain attack, the vulnerabilities in Pulse Secure VPN that are being actively exploited by attackers, and the discovery of SUPERNOVA malware found on a SolarWinds Orion se
Publish At:2021-04-26 07:15 | Read:2405 | Comments:0 | Tags:A week in security AI AI ban AirDrop artificial intelligence

Interview with a bug bounty hunter: Youssef Sammouda

Behind the scenes there are many people working in cyber-security that make the internet a safer place. Youssef Sammouda is one of these people. He has submitted at least a hundred reports to Facebook which have been resolved, making Facebook a safer platform along the way. Generally speaking, people may refer to this work as being a bug bounty hunter, but t
Publish At:2021-04-20 13:09 | Read:1734 | Comments:0 | Tags:Hacking Security world bug bounty facebook Youssef Sammouda

Pwn2Own 2021 Day 1 – participants earned more than $500k

The Pwn2Own 2021 hacking competition has begun and white hat hackers participants earned more than $500000 on the first day. The Pwn2Own 2021 has begun, this year the formula for the popular hacking competition sees the distribution of the participants amongst various locations. The competition’s organizer, Trend Micro’s Zero Day Initiative (ZDI), describ
Publish At:2021-04-07 13:35 | Read:1763 | Comments:0 | Tags:Breaking News Hacking Bug Bounty information security news I

Beware of technical “experts” bombarding you with bug reports

byPaul DucklinWe’re all appalled at scammers who take advantage of people’s fears to sell them products they don’t need, or worse still products that don’t exist and never arrive.Worst of all, perhaps, are the scammers who offer products and services that do exactly the opposite of what they claim – making their victims pay up s
Publish At:2021-02-09 13:07 | Read:2123 | Comments:0 | Tags:Security leadership Vulnerability bug bounty fake support ca

Apple paid a $50,000 bounty to two bug bounty hunters for hacking its hosts

A duo of white hat hackers claims to have earned $50,000 from Apple for reporting serious flaws that allowed them to company’s servers. The Indian white hat hackers Harsh Jaiswal and Rahul Maini claim to have discovered multiple flaws that allowed them to access Apple servers. The duo started focusing on Apple’s infrastructure in an attemp
Publish At:2021-01-18 13:54 | Read:5379 | Comments:0 | Tags:Breaking News Hacking Apple Bug Bounty information security


Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud