The vulnerability disclosure platform HackerOne has revealed that one of their staff members had improperly accessed security reports for personal gain. The—now former—staff member approached HackerOne customers with vulnerabilities that belonged to users of the platform. HackerOne HackerOne acts as a mediator between white hat hackers that find sof

Apple paid +$100K bounty for a macOS series of flaws that can allow threat actors to take over the microphone and camera. Apple last year addressed multiple macOS vulnerabilities discovered by the security researcher Ryan Pickren in the Safari browser that could allow threat actors to access users’ online accounts, microphone, and webcam. Pickren

On September 29, HackerOne announced the latest version of its Internet Bug Bounty (IBB) program. This initiative helped to coordinate the discovery of more than 1,000 security weaknesses in open-source software between 2013 and 2021. HackerOne’s latest version aims to expand the reach of the program even further by pooling defenses from existing bug

The DHS has announced that it is expanding the ‘Hack DHS’ bug bounty program to report for Log4J impacting its systems. The Department of Homeland Security (DHS) announced that white hat hackers can now report the impact of the Log4J on its systems as part of the ‘Hack DHS‘ bug bounty program. Below is the announcement of DHS S

The United States Department of Homeland Security (DHS) is inviting security researchers to uncover vulnerabilities and hack into its systems, in an attempt to better protect itself from malicious attacks.The DHS says that it is launching the “Hack DHS” bug bounty program to “identify potential cybersecurity vulnerabilities within certain D

Google is going to increase the bounty for finding and exploiting privilege escalation vulnerabilities in the Linux kernel. Good news for white hat hackers, Google is going to increase the bounty for demonstrating privilege escalation vulnerabilities in the Linux kernel. The payouts for privilege escalation exploits using a known vulnerability will be

Nearly one year after the exclusive app Clubhouse launched on the iOS store, its popularity skyrocketed. The app, which is now out of beta, lets users drop into spontaneous audio conversations that, once they are over, are over. With COVID lockdown procedures separating many people around the world last year, Clubhouse offered its users immediate, unplanned,

Last week on Malwarebytes Labs: RDP brute force attacks explainedThe 3 biggest threats reaching for your antivirus software’s off switchZoom and gloom? Video comms org agrees to settle for $85mCOVID-19 vaccine appointment system attacked in ItalyChrome casts away the padlock – is it good riddance or farewell?NSA issues advice for securing wireless d

Code repository hosting service GitHub announced that it has paid out more than $1.5 million through its bug bounty program since 2016. Code repository hosting service GitHub announced that it has paid $524,250 through its bug bounty program for 203 vulnerabilities affecting its products and services in 2020. The company revealed that it paid more than $1

With cybersecurity attacks on the rise, companies must explore new ways to stay one step ahead of threat actors. IDG Research Services found that 78% of IT leaders are not confident in their companies’ security postures, which lead 91% of organizations to increase cybersecurity funding for 2021. As part of this increased focus, many companie

Last week on Malwarebytes Labs, we interviewed Youssef Sammouda, a 21-year-old bug bounty hunter who is focused on finding vulnerabilities on Facebook. We looked into the CodeCov supply-chain attack, the vulnerabilities in Pulse Secure VPN that are being actively exploited by attackers, and the discovery of SUPERNOVA malware found on a SolarWinds Orion se

Behind the scenes there are many people working in cyber-security that make the internet a safer place. Youssef Sammouda is one of these people. He has submitted at least a hundred reports to Facebook which have been resolved, making Facebook a safer platform along the way. Generally speaking, people may refer to this work as being a bug bounty hunter, but t

The Pwn2Own 2021 hacking competition has begun and white hat hackers participants earned more than $500000 on the first day. The Pwn2Own 2021 has begun, this year the formula for the popular hacking competition sees the distribution of the participants amongst various locations. The competition’s organizer, Trend Micro’s Zero Day Initiative (ZDI), describ

byPaul DucklinWe’re all appalled at scammers who take advantage of people’s fears to sell them products they don’t need, or worse still products that don’t exist and never arrive.Worst of all, perhaps, are the scammers who offer products and services that do exactly the opposite of what they claim – making their victims pay up s

A duo of white hat hackers claims to have earned $50,000 from Apple for reporting serious flaws that allowed them to company’s servers. The Indian white hat hackers Harsh Jaiswal and Rahul Maini claim to have discovered multiple flaws that allowed them to access Apple servers. The duo started focusing on Apple’s infrastructure in an attemp