Polish police shut down hacker super-group involved in bomb threats, ransomware, SIM swapping
The hackers also distributed Windows and Android malware, and even ran 50 fake online stores where they defrauded buyers.
https://www.zdnet.com/article/polish-police-shut-down-hacker-super-group-involved-in-bomb-threats-ransomware-sim-swapping/#ftag=RSSbaffb68
Partager : LinkedIn / Twitter / Facebook / View
BlackBerry's Q2 benefits from security demand amid remote work shifts
BlackBerry CEO John Chen has his reservations about productivity and innovation if everyone worked from home, but the trend is helping his business.
https://www.zdnet.com/article/blackberrys-q2-benefits-from-security-demand-amid-remote-work-shifts/#ftag=RSSbaffb68
Partager : LinkedIn / Twitter / Facebook / View
Mobile security: These seven malicious apps have been downloaded by 2.4m Android and iPhone users
Researchers at Avast detail adware being distributed via official app stores - with users being encouraged to download them via posts on TikTok and Instagram.
https://www.zdnet.com/article/mobile-security-these-seven-malicious-apps-have-been-downloaded-by-2-4m-android-and-iphone-users/#ftag=RSSbaffb68
Partager : LinkedIn / Twitter / Facebook / View
ICO fines profiteering UK firm for touting coronavirus products over spam texts
The UK company sent cold texts offering products “effective against coronavirus.”
https://www.zdnet.com/article/ico-fines-profiteering-uk-firm-for-touting-coronavirus-products-over-spam-texts/#ftag=RSSbaffb68
Partager : LinkedIn / Twitter / Facebook / View
Next-generation police dogs now sniff out your electronics
Drugs and weapons are not the only criminal evidence police dogs are on the hunt for.
https://www.zdnet.com/article/the-next-generation-of-police-dogs-will-sniff-out-your-electronics/#ftag=RSSbaffb68
Partager : LinkedIn / Twitter / Facebook / View
Microsoft: Azure-based Sentinel security gets new analytics to spot threats in odd behavior
The new feature gives enterprise cloud customers another reason to send more security logs and data to Azure.
https://www.zdnet.com/article/microsoft-azure-based-sentinel-security-gets-new-analytics-to-spot-threats-in-odd-behavior/#ftag=RSSbaffb68
Partager : LinkedIn / Twitter / Facebook / View
Instagram bug opened a path for hackers to hijack app, turn smartphones into spies
The RCE vulnerability, now patched, took nothing more than an image file to trigger.
https://www.zdnet.com/article/instagram-bug-opened-a-path-for-hackers-to-hijack-app-turn-smartphones-into-spies/#ftag=RSSbaffb68
Partager : LinkedIn / Twitter / Facebook / View
Cybersecurity: Your supply chain is now your weakest link
"Criminals don't just give up, they look for easier ways in," ex-GCHQ boss Robert Hannigan tells ZDNet - and that easy way in is via your third-party suppliers.
https://www.zdnet.com/article/cybersecurity-your-supply-chain-is-now-your-weakest-link/#ftag=RSSbaffb68
Partager : LinkedIn / Twitter / Facebook / View
Microsoft says it detected active attacks leveraging Zerologon vulnerability
Zerologon patching window is slowly closing as Microsoft warns of attacks in the wild.
https://www.zdnet.com/article/microsoft-says-it-detected-active-attacks-leveraging-zerologon-vulnerability/#ftag=RSSbaffb68
Partager : LinkedIn / Twitter / Facebook / View
New 'Alien' malware can steal passwords from 226 Android apps
Most targets are banking apps, but Alien can also show phishing pages for social, instant messaging, and cryptocurrency apps.
https://www.zdnet.com/article/new-alien-malware-can-steal-passwords-from-226-android-apps/#ftag=RSSbaffb68
Partager : LinkedIn / Twitter / Facebook / View
Facebook removes fake accounts linked to Philippine military, police
Social media platform removes more than 200 accounts for breaching its foreign or government interference policies, including 57 with links to the Philippine military and police.
https://www.zdnet.com/article/facebook-removes-fake-accounts-linked-to-philippine-military-police/#ftag=RSSbaffb68
Partager : LinkedIn / Twitter / Facebook / View
Australians are caring more about data privacy but don't know how to protect themselves
In a survey conducted by the OAIC, 70% of respondents consider the protection of their personal information to be a major concern in their lives.
https://www.zdnet.com/article/australians-are-caring-more-about-data-privacy-but-dont-know-how-to-protect-themselves/#ftag=RSSbaffb68
Partager : LinkedIn / Twitter / Facebook / View
Microsoft Leaked Bing Data Online Through An Unsecured Server
While data leak incidents via exposed servers aren't uncommon, this time, the ignorant firm is a tech giant. Reportedly, Microsoft
Microsoft Leaked Bing Data Online Through An Unsecured Server on Latest Hacking News.
https://latesthackingnews.com/2020/09/24/microsoft-leaked-bing-data-online-through-an-unsecured-server/
Partager : LinkedIn / Twitter / Facebook / View
Firefox 81 Rolls Out With High-Severity Bug Fixes
Mozilla Firefox browser's latest version is out. With Firefox 81, Mozilla has released numerous bug fixes including patches for code-execution
Firefox 81 Rolls Out With High-Severity Bug Fixes on Latest Hacking News.
https://latesthackingnews.com/2020/09/24/firefox-81-rolls-out-with-high-severity-bug-fixes/
Partager : LinkedIn / Twitter / Facebook / View
Major Instagram App Bug Could've Given Hackers Remote Access to Your Phone
Ever wonder how hackers can hack your smartphone remotely?
In a report shared with The Hacker News today, Check Point researchers disclosed details about a critical vulnerability in Instagram's Android app that could have allowed remote attackers to take control over a targeted device just by sending victims a specially crafted image.
What's more worrisome is that the flaw not only lets attackers
https://thehackernews.com/2020/09/instagram-android-hack.html
Partager : LinkedIn / Twitter / Facebook / View
How to Create Your Own Collectable Token on RSK Network using Truffle And Open Zeppelin
RSK is an open source platform for Ethereum compatible smart contracts based on the Bitcoin network. Read the full story
https://hackernoon.com/how-to-create-your-own-collectable-token-on-rsk-network-using-truffle-and-open-zeppelin-pkm3tzc?source=rss
Partager : LinkedIn / Twitter / Facebook / View
What I Learned Working 6 Weeks on a Sh*tty Side Project
About a month ago, I started working on Unfluence! It was going to be the perfect side project. In fact, Here is a list of things why it was going to be a perfect side project.Read the full story
https://hackernoon.com/what-i-learned-working-6-weeks-on-a-shtty-side-project-gh3m3t3x?source=rss
Partager : LinkedIn / Twitter / Facebook / View
Writing a Slack Bot that Responds to Action Commands
I recently wrote a slack bot that responds to action commands (like /ech yolo ) but I ran into some trouble finding exactly how to do this, so I'm documenting it here for other peeps to find. The exact error I hit was /echo failed with the error "dispatch_failed" .Read the full story
https://hackernoon.com/writing-a-slack-bot-that-responds-to-action-commands-v73b3tba?source=rss
Partager : LinkedIn / Twitter / Facebook / View
A Guide to Virtual Town Hall Meetings
As we step ahead, virtual events and virtual conferences are gaining momentum and becoming immensely popular. Hosting recurring day to day internal virtual meetings and conferences have become an integral part of businesses today. A sudden boost in web conferencing platforms has been witnessed on the internet that offers interactive & engaging online meeting solutions.Read the full story
https://hackernoon.com/a-guide-to-virtual-town-hall-meetings-zv1v3tga?source=rss
Partager : LinkedIn / Twitter / Facebook / View
Five Predictions for The New Normal
The virtual world is going to be where we LIVE. How will this change the economic dynamics, gravity, and equilibrium in the physical world? In search of the answers, I shaped these predictions for investing and living. Read the full story
https://hackernoon.com/five-predictions-for-the-new-normal-r21u3tv5?source=rss
Partager : LinkedIn / Twitter / Facebook / View
5 Tips To Build A Cost-Effective Online Marketplace Solution
What do you think are the primary reasons for an online business to not make as much as it was intended to? Lack of a market need, an unsustainable business model, inappropriate software choices, no strategic marketing, and so on. In this context, one factor that looms large in the product development scene is cost. Read the full story
https://hackernoon.com/5-tips-to-build-a-cost-effective-online-marketplace-solution-3h1k3tuv?source=rss
Partager : LinkedIn / Twitter / Facebook / View
Kubernetes in the Cloud: Strategies for Effective Multi Cloud Implementations
Kubernetes is a highly popular container orchestration platform. Multi cloud is a strategy that leverages cloud resources from multiple vendors. Multi cloud strategies have become popular because they help prevent vendor lock-in and enable you to leverage a wide variety of cloud resources. However, multi cloud ecosystems are notoriously difficult to configure and maintain. Read the full story
https://hackernoon.com/kubernetes-in-the-cloud-strategies-for-effective-multi-cloud-implementations-m81b3tzs?source=rss
Partager : LinkedIn / Twitter / Facebook / View
3 Best DVD Ripper Software for Windows and Mac
We all know that a DVD ripping software works by transferring a video into DVDs, back up or edit a DVD content, as well as to convert a DVD video into the media player and mobile devices playback. Read the full story
https://hackernoon.com/3-best-dvd-ripper-software-for-windows-and-mac-xf323ti0?source=rss
Partager : LinkedIn / Twitter / Facebook / View
Public ASX100 APIs: The Essential List
We've conducted some initial research into the public APIs of the ASX100 because we regularly have conversations about what others are doing with their APIs and what best practices look like. Being able to point to good local examples and explain what is happening in Australia is a key part of this conversation.Read the full story
https://hackernoon.com/public-asx100-apis-the-essential-list-hw153t11?source=rss
Partager : LinkedIn / Twitter / Facebook / View
How to Hack WhatsApp Chats
If you've come across this article, you probably need to read somebody's messages on WhatsApp or view shared media files. In this article, you'll find the best 7 ways to hack WhatsApp chats. I recommend you to look through all of them and choose the one that meets your technical skills and monitoring needs. Read the full story
https://hackernoon.com/how-to-hack-whatsapp-chats-9f203tq0?source=rss
Partager : LinkedIn / Twitter / Facebook / View
Top 5 Serverless Trends in 2020
Happy Serverless September 2020! We at Coding Sans love working with serverless technology. This is why we decided to publish a report with the latest serverless trends this year. We partnered up with nine other companies who share our love to make it happen.Read the full story
https://hackernoon.com/top-5-serverless-trends-in-2020-wd1m3t8g?source=rss
Partager : LinkedIn / Twitter / Facebook / View
How to sample AppSync resolver logs[Arthur]
AppSync has built-in logging integration with CloudWatch Logs (see here for more details on the logging options).Read the full story
https://hackernoon.com/how-to-sample-appsync-resolver-logsarthur-qtn3tb9?source=rss
Partager : LinkedIn / Twitter / Facebook / View
Precious Tips To Protect Your Microsoft Account Password From Phishing
This month security researcher bohops demonstrated a credential harvesting trick that uses Windows theme files. Setting a Windows wallpaper location to a file present at a remote location, for example, a password-protected HTTP(s) page, instead of a locally present image, can be abused for phishing.Read the full story
https://hackernoon.com/precious-tips-to-protect-your-microsoft-account-password-from-phishing-nun3tyk?source=rss
Partager : LinkedIn / Twitter / Facebook / View
Overwelming Formula For Goal Achievement As a Tech Lead In 90 Days
Recently, I read a blog post titled "VPE and CTO — The first 90 days". It's a brief article in which James Turnbull shows a mind map with four areas that “every new technical leader needs to, at least, think about and explore when starting at a new organization.”Read the full story
https://hackernoon.com/overwelming-formula-for-goal-achievement-as-a-tech-lead-in-90-days-fh123t1g?source=rss
Partager : LinkedIn / Twitter / Facebook / View
4 Skills You Need to Become a Distinguished Developer
Excellence in Software Engineering has never been a stationary destination where one can arrive sooner or later. It has always been a lifelong journey and learning process which demands consistency and commitment in order for someone to progress rapidly and to stay relevant over the next few years because of the ever-changing tech scenario. This element of uncertainty and demand for consistency has intrigued me since forever and hence compelled me to choose this a full-time career and what I'd like to do, at least for the foreseeable near future. Read the full story
https://hackernoon.com/4-skills-you-need-to-become-a-distinguished-developer-ly2d3tjl?source=rss
Partager : LinkedIn / Twitter / Facebook / View
Genius Tool To Predict Number Of Covid Cases: Leading Time-Series Multi-Step Models
Predict Number of Active Cases by Covid-19 Pandemic based on Medical Facilities (Volume of Testing, ICU beds, Ventilators, Isolation Units, etc) using Multi-variate LSTM based Multi-Step Forecasting ModelsRead the full story
https://hackernoon.com/genius-tool-to-predict-number-of-covid-cases-leading-time-series-multi-step-models-xe133t9k?source=rss
Partager : LinkedIn / Twitter / Facebook / View
SitRep - Extensible, Configurable Host Triage
SitRep is intended to provide a lightweight, extensible host triage alternative. Checks are loaded dynamically at runtime from stand-alone files. This allows operators to quickly modify existing checks, or add new checks as required. Checks are grouped by category and can be marked as OpSec safe/unsafe. unsafe checks are only loaded if the /AllowUnsafe flag is provided. Interesting results are highlighted with a "[*]" Checks Checks are separated into categories. This allows them to be displayed in appropriate groups. The following checks are currently available: Environment CurrentUser.cs - the current user DomainName.cs - the domain name HostName.cs - the hostname LoggedOnUsers.cs - List all logged on users OSVersion.cs - OS version information VirtualEnvironment.cs - Checks if we are operating in a virtualised environment userEnvironmentVariables.cs - Grabs the environment variables applied to the current process SystemEnvironmentVariables.cs - Grabs system environment variables from the registry (HKLM) NameServers.cs - Gets the DNS servers for each network interface Defences AVProcesses.cs - Checks if any known AV processes are running Permissions Integrity.cs - Get the integrity level of the current process LocalAdmin.cs - Check if we are a local admin Privileges.cs - List our current privileges. UACLevel.cs - Get the UAC level UserDomainGroups.cs - Gets the users domain group memberships ComputerDomainGroups.cs - Gets the domain groups the computer is a member of Software InstalledBrowsers.cs - Lists the browsers installed on the endpoint Credentials CredentialManager.cs - Retrieve credentials stored in Windows Credential Manager for the current user The following checks are currently marked as being not OpSec safe: CredentialManager.cs ComputerDomainGroups.cs UserDomainGroups.cs You should review this configuration and update the OpSec tags as required. Disabling Checks All checks are enabled by default. However, as checks are loaded dynamically, it is possible to disable them. Disabling a check CheckBase includes a boolean "Enabled" property, which defaults to true. This can be set in the derived class by adding a constructor. The example below disables the CurrentUser check (CurrentUser.cs): public CurrentUser(){ base.Enabled = false;} Excluding checks from the build As checks are loaded dynamically, it is possible to exclude a check from the build without other modifications. The easiest way to do this is to right-click on the check class in Visual Studio and select "exclude from project". The check can be re-added by selecting "include in project" from the same context menu. This approach has the advantage of removing the code from the compiled artifact. Example Usage Run all checks SitRep.exe /AllowUnsafe Run only OpSec safe checks (default) SitRep.exe SitRep is designed to be executed via execute-assembly (or equivalent) Adding Checks Checks inherit from CheckBase and implement the ICheck interface. This enforces the patterns needed for the dynamic check loading. Other methods and classes can be added as required. The ICheck interface exposes the following properties and methods: IsOpsecSafe (bool) - Indicates if the check is considered OpSec safe or not DisplayOrder (int) - The order in which to display the result of this check within its display group Check() - The method called to run the actual check Derived classes must override the "ToString()" method defined in CheckBase. This method is called when displaying the output of each check. Access to native methods is provided via classes in the "NativeMethods" folder. Each class is named after the dll it interacts with. Checks are responsible for providing their own error handling. Current checks wrap the entire "check" method in a try-catch block, the use of this pattern is encouraged. An example, empty check is shown below using SitRep.Interfaces;using System;namespace SitRep.Checks.Software{ class ExampleCheck : CheckBase, ICheck { public bool IsOpsecSafe => true; public int DisplayOrder => 1; public Enums.Enums.CheckType CheckType => Enums.Enums.CheckType.Credential; public void Check() { try { throw new NotImplementedException(); } catch { Message = "Check failed [*]"; } } public override string ToString() { throw new NotImplementedException(); } }} Contributing PRs welcome. Please ensure checks are stand-alone (i.e. not dependent on the output of other checks). As far as possible, checks should be self-contained, with all single-use code present within the check class. Why no unit tests? Have you ever tried mocking a domain-joined Windows endpoint? That's why. Thanks SitRep makes use of code from Seatbelt, SharpUp and random StackOverflow posts. Credits have been added where appropriate. Download Sitrep
http://www.kitploit.com/2020/09/sitrep-extensible-configurable-host.html
Partager : LinkedIn / Twitter / Facebook / View
Instagram Hacked – Critical Vulnerability Let Attackers Take Complete Control over Account
A critical security vulnerability with the Instagram app lets attackers take over the victim's Instagram account and can change their phone as a spying tool. All the attackers need is a malicious image, once the image file opened in the Instagram app it would give the hacker full access to the Instagram account. Instagram is […]
The post Instagram Hacked – Critical Vulnerability Let Attackers Take Complete Control over Account appeared first on GBHackers On Security.
https://gbhackers.com/instagram-hacked-vulnerability/
Partager : LinkedIn / Twitter / Facebook / View
Shopify Data Breach – Two Rogue Employees Stole Customer Data
The Online e-commerce platform Shopify announced a data breach after two of their rogue employees of the support team engaged in accessing the transactional records of certain customers. Shopify Inc. is a Canadian multinational e-commerce company founded in 2006, the company has more than 1,000,000 customers in approximately 175 countries. The company said that, once […]
The post Shopify Data Breach – Two Rogue Employees Stole Customer Data appeared first on GBHackers On Security.
https://gbhackers.com/shopify-data-breach/
Partager : LinkedIn / Twitter / Facebook / View
Arrested: 4 most active hackers involved in SIM Swap, malware attacks
By Deeba Ahmed
These hackers were involved in malware attacks, sim swapping scams, and e-commerce fraud.
This is a post from HackRead.com Read the original post: Arrested: 4 most active hackers involved in SIM Swap, malware attacks
https://www.hackread.com/arrested-4-most-active-hackers-sim-swap-malware-attacks/
Partager : LinkedIn / Twitter / Facebook / View
179 Dark Web vendors arrested, 500kg worth of drugs seized
By Waqas
Operation DisrupTor was a global sting operation against illegal goods and drug trafficking on the Dark Web.
This is a post from HackRead.com Read the original post: 179 Dark Web vendors arrested, 500kg worth of drugs seized
https://www.hackread.com/179-dark-web-vendors-arrested-drugs-seized/
Partager : LinkedIn / Twitter / Facebook / View
Threat landscape for industrial automation systems. H1 2020 highlights
Beginning in H2 2019 we have observed a tendency for decreases in the percentages of attacked computers, both in the ICS and in the corporate and personal environments. The internet, removable media and email continue to be the main sources of threats in the ICS environment.
https://securelist.com/threat-landscape-for-industrial-automation-systems-h1-2020-highlights/98427/
Partager : LinkedIn / Twitter / Facebook / View
Winshark - Wireshark plugin to work with Event Tracing for Windows
Wireshark plugin to work with Event Tracing for Windows Microsoft Message Analyzer is being retired and its download packages were …
The post Winshark - Wireshark plugin to work with Event Tracing for Windows appeared first on Hakin9 - IT Security Magazine.
https://hakin9.org/winshark-wireshark-plugin-to-work-with-event-tracing-for-windows/?utm_source=rss&utm_medium=rss&utm_campaign=winshark-wireshark-plugin-to-work-with-event-tracing-for-windows
Partager : LinkedIn / Twitter / Facebook / View
List of Free Python Resources [Updated September 2020]
Python is considered as a beginner-friendly programming language and its community provides many free resources for beginners and more advanced …
The post List of Free Python Resources [Updated September 2020] appeared first on Hakin9 - IT Security Magazine.
https://hakin9.org/list-of-free-python-resources/?utm_source=rss&utm_medium=rss&utm_campaign=list-of-free-python-resources
Partager : LinkedIn / Twitter / Facebook / View
Gamer Alert: More than 10 Billion Attacks On Gaming Industry In 2 Years
According to cybersecurity firm Akamai's recent report titled "State of the Internet/Security," the gaming sector has suffered a big hit in the previous two years. Experts have reported around 10 Billion cyberattacks on the gaming industry between June 2018 and June 2020.Akamai recorded 100 Billion credential stuffing attacks during this period, out of which 10 Billion amount to attacks on the gaming sector. Besides credential stuffing, Akamai also recorded web application attacks. Hackers targeted around 150 Million web application attacks on the gaming sector."This report was planned and mostly written during the COVID-19 lockdown, and if there is one thing that's kept our team san; it is constant social interaction and the knowledge that we're not alone in our anxieties and concerns," says the report. Web application attacks mostly deployed SQL injections and LFI ( Local File Inclusion ) attacks as per the latest published report. It is because hackers can sensitive information of users on the game server using SQL and LFI.The data can include usernames, account info, passwords, etc. Besides this, experts say that the gaming sector is also a primary target for DDoS (distributed denial-of-service) attacks. Between July 2019 and July 2020, Akamai identified 5,600 DDoS attacks, out of which hackers targeted 3000 attacks on the gaming sector. The increase in the attacks can be because most gamers don't pay much attention to cybersecurity.According to data, 55% of gamers experienced suspicious activity in their accounts. However, just 20% of these gamers expressed concern about the compromise. Around 50% of hacked players feel that security is a mutual responsibility between gamers and gaming companies. Akamai emphasized their concern over the gaming sector becoming an easy target for the hackers. According to Akamai's report, "Web attacks are constant. Credential stuffing attacks can turn data breaches from the days of old (meaning last week) into new incidents that impact thousands (sometimes millions) of people and organizations of all sizes. DDoS attacks disrupt the world of instant communication and connection. These are problems that gamers, consumers, and business leaders face daily. This year, these issues have only gotten worse, and the stress caused by them was compounded by an invisible, deadly threat known as COVID-19."
https://www.ehackingnews.com/2020/09/gamer-alert-more-than-10-billion.html
Partager : LinkedIn / Twitter / Facebook / View
179 Dark Net Vendors Arrested in a Massive International Sting; 500 kg Drugs Seized
Global police agencies have confiscated over .5m both in cash and virtual currencies, 64 firearms, and 1,100 pounds of drugs - arresting 179 vendors across 6 countries including the U.S and Europe in one of the biggest raid on dark web marketplaces. The international sting operation saw considerable co-operation from Law enforcement agencies all over the world including the US, UK, Germany, Europe, Canada, Europe, Sweden, Austria, and the Netherlands. The 500kg of drugs recovered by investigators during the operation included fentanyl, methamphetamine, oxycodone, ecstasy, cocaine, hydrocodone, MDMA, and several other medicines containing addictive substances, as per the findings. The authorities dubbed the global sting operation as 'DisrupTor' and while announcing it, they claimed in a press release that the "golden age of the dark web marketplace is over." The roots of the operation go back to May 3, 2019; the day German authorities seized the dark web drug market, "Wallstreet market" and arrested its operators."Operations such as these highlight the capability of law enforcement to counter encryption and anonymity of dark web market places. Police no longer only take down such illegal marketplaces – they also chase down the criminals buying and selling illegal goods through such sites." The press release further read. According to the Justice Department, it was the largest international law enforcement operation that targeted opioid traffickers on the dark web. The investigation witnessed an extensive range of investigators ranging from the FBI, ICE, DEA, Customs and Border Protection (CBP), to the Defense Department. Commenting on the success of the operation, the head of Europol's European Cybercrime Centre (EC3), Edvardas Šileris said, “Law enforcement is most effective when working together, and today's announcement sends a strong message to criminals selling or buying illicit goods on the dark web: the hidden internet is no longer hidden, and your anonymous activity is not anonymous. Law enforcement is committed to tracking down criminals, no matter where they operate – be it on the streets or behind a computer screen.” “With the spike in opioid-related overdose deaths during the Covid-19 pandemic, we recognize that today's announcement is important and timely,” said Christopher Wray, FBI director. “The FBI wants to assure the American public, and the world, that we are committed to identifying dark net drug dealers and bringing them to justice.” He further added.
https://www.ehackingnews.com/2020/09/179-dark-net-vendors-arrested-in.html
Partager : LinkedIn / Twitter / Facebook / View
Russian-speaking hackers attacked Russian companies and demanded ransom
Group-IB recorded a successful attack by the criminal group OldGremlin on a Russian medical company. The attackers completely encrypted its corporate network and demanded a ransom of ,000.Russian-speaking hackers from the OldGremlin group attacked several Russian companies, despite the ban: among cybercriminals, there is an unspoken rule "do not work on RU".According to experts, since the spring of 2020, hackers from OldGremlin have conducted at least nine attacks on Russian companies. It is noted that they send malicious emails allegedly on behalf of the Russian media holding RBC, the Russian metallurgical holding, the Minsk Tractor Plant, the Union of microfinance organizations and other individuals and enterprises. Under various pretexts, attackers are asked to click on the link and download the file. After trying to open it on the victim's computer, the backdoor malware TinyPosh runs.This time a large Russian medical company became the victim of the criminals. After gaining access to the computer of one of the employees, they deleted the organization's backups, and also spread the TinyCrypton ransomware virus on the computers of the employees. As a result of their actions, the work of regional branches of the medical company was stopped. Then the hackers demanded a ransom: they wanted to get 50 thousand dollars in cryptocurrency for restoring access."The lack of a strong communication channel between organizations that resist cybercrime, as well as the difficult political situation, lead to the emergence of new criminal groups that feel safe," said Rustam Mirkasymov, head of the dynamic analysis of malicious code at Group-IB. The expert also stressed that businesses often underestimate the threats posed by cybercriminals, and do not use the necessary means of protection.
https://www.ehackingnews.com/2020/09/russian-speaking-hackers-attacked.html
Partager : LinkedIn / Twitter / Facebook / View
A major Ukrainian IT company has revealed details of the hacker attack
Ukrainian IT company SoftServe has issued an official statement about the recent hacker attack, in which it gave details of the incident and said that its investigation is still ongoing.As a reminder, in early September SoftServe underwent a hacker attack during which client data, including the source code of a number of developments, were stolen. Later, another confidential data appeared on the network, including scanned copies of internal and foreign passports of company employees."As we reported earlier, SoftServe experienced a cybersecurity incident on Tuesday, September 1. It was a complex, multi-step and targeted attack against our company. As a result of the attack, the company's mail server was damaged, a number of corporate services were disabled, and the internal file server was compromised,” noted SoftServe.The attackers managed to download fragments of various information, and in order to put pressure on the company, they made them publicly available. SoftServe expects new incidents and declares its readiness for them."We expect that new data can be published again and are ready for it. Such actions of attackers, as well as various kinds of provocations and the spread of fakes to escalate the situation are a common tactic in hacker attacks. As noted earlier, SoftServe managed to localize the attack within a few hours after the attack and our team quickly restored the operation of corporate systems that function normally,” noted the company on its Facebook page.The company also said that SoftServe is currently operating normally and has a "clear plan to deal with the consequences" of the incident. The company promises technical, legal, financial, and other assistance to anyone who suffered from the attack.SoftServe has engaged one of the world's cybersecurity experts to independently investigate the incident.
https://www.ehackingnews.com/2020/09/a-major-ukrainian-it-company-has.html
Partager : LinkedIn / Twitter / Facebook / View
L'Actu des jours précédents
CrowdStrike to acquire Preempt Security for million
The company said it plans to use the deal to bolster its Falcon platform with conditional access technology.
https://www.zdnet.com/article/crowdstrike-to-acquire-preempt-security-for-96-million/#ftag=RSSbaffb68
Partager : LinkedIn / Twitter / Facebook / View
Microsoft, Italy, and the Netherlands warn of increased Emotet activity
New alerts about a spike in Emotet activity come after France, Japan, New Zealand issued similar warnings at the start of the month.
https://www.zdnet.com/article/microsoft-italy-and-the-netherlands-warn-of-increased-emotet-activity/#ftag=RSSbaffb68
Partager : LinkedIn / Twitter / Facebook / View
Google unveils new real-time threat detection tool from Chronicle
The tool is the culmination of Chronicle's efforts to build a rules engine that can handle complex analytic events, flesh out a new threat detection language tuned for modern attacks and take advantage of the security advantages offered by Google's scale.
https://www.zdnet.com/article/google-unveils-new-real-time-threat-detection-tool-from-chronicle/#ftag=RSSbaffb68
Partager : LinkedIn / Twitter / Facebook / View
Microsoft Ignite 2020: All the news from Redmond's IT Pro conference
From Project Cortex and Azure resiliency to Teams and Edge on Linux, here's everything you need to know about the news out of Microsoft's Ignite conference.
https://www.zdnet.com/article/microsoft-ignite-2020/#ftag=RSSbaffb68
Partager : LinkedIn / Twitter / Facebook / View
Facebook wipes out Chinese, Filipino misinformation campaigns
Facebook has removed two separate networks flooding the platform with inauthentic content and spam.
https://www.zdnet.com/article/facebook-wipes-out-chinese-operation-designed-to-spread-political-propaganda/#ftag=RSSbaffb68
Partager : LinkedIn / Twitter / Facebook / View
Cyberwarfare fears add to security headaches for businesses
Security professionals worry about being targeted by state-backed hackers; or more likely getting caught in the crossfire.
https://www.zdnet.com/article/cyberwarfare-fears-add-to-security-headaches-for-businesses/#ftag=RSSbaffb68
Partager : LinkedIn / Twitter / Facebook / View
Netgear's BR200 small-business router offers built-in site-to-site VPN
Looking for a high-performance security router for your business? The new Netgear BR200 gives you full control over your network.
https://www.zdnet.com/article/netgear-br200-small-business-router-with-built-in-site-to-site-vpn/#ftag=RSSbaffb68
Partager : LinkedIn / Twitter / Facebook / View
Netgear BR200 small-business router
The Netgear BR200 Insight Managed Business Router has been designed to be easy to set up, and features a built-in firewall, VLAN management, and remote cloud monitoring, and can be managed from anywhere you have an internet connection.
https://www.zdnet.com/pictures/netgear-br200-small-business-router/#ftag=RSSbaffb68
Partager : LinkedIn / Twitter / Facebook / View
Activision Data Breach Leaves 500,000 Call Of Duty Players' Accounts At Risk
Another day, another breach. This time, it's the gamers' community that may suffer. According to reports, Activision has faced a
Activision Data Breach Leaves 500,000 Call Of Duty Players' Accounts At Risk on Latest Hacking News.
https://latesthackingnews.com/2020/09/23/activision-data-breach-leaves-500000-call-of-duty-players-accounts-at-risk/
Partager : LinkedIn / Twitter / Facebook / View
New Phishing Campaign Evades Security Checks With Hexadecimal IP Addresses
A new phishing campaign has emerged. As observed, this phishing campaign makes use of hexadecimal IP addresses instead of the
New Phishing Campaign Evades Security Checks With Hexadecimal IP Addresses on Latest Hacking News.
https://latesthackingnews.com/2020/09/23/new-phishing-campaign-evades-security-checks-with-hexadecimal-ip-addresses/
Partager : LinkedIn / Twitter / Facebook / View
How MMORPGs Work
There are several ways to create a data flow needed for MMORPG but usually, it requires a server and a
How MMORPGs Work on Latest Hacking News.
https://latesthackingnews.com/2020/09/23/how-mmorpgs-work/
Partager : LinkedIn / Twitter / Facebook / View
More Bugs Discovered In Discount Rules for WooCommerce Plugin
It hasn't been long since we heard of multiple security bugs in the Discount Rules for WooCommerce Plugin. Yet, recently,
More Bugs Discovered In Discount Rules for WooCommerce Plugin on Latest Hacking News.
https://latesthackingnews.com/2020/09/23/more-bugs-discovered-in-discount-rules-for-woocommerce-plugin/
Partager : LinkedIn / Twitter / Facebook / View
11 Essential Tips for Loan App Development in 2021
So you are planning to create a loan app? But not sure where to get started? If your answer is
11 Essential Tips for Loan App Development in 2021 on Latest Hacking News.
https://latesthackingnews.com/2020/09/23/11-essential-tips-for-loan-app-development-in-2021/
Partager : LinkedIn / Twitter / Facebook / View
10 ways to make your smartphone an impregnable gadget
Currently, almost all of our life depends on smartphones. They control purchases, paying bills, communication, searching for something, have the
10 ways to make your smartphone an impregnable gadget on Latest Hacking News.
https://latesthackingnews.com/2020/09/23/10-ways-to-make-your-smartphone-an-impregnable-gadget/
Partager : LinkedIn / Twitter / Facebook / View
Most Popular Crowdfunding Platforms
Because of the clear benefits of crowdfunding, there are a ton of options in the market to choose from. There
Most Popular Crowdfunding Platforms on Latest Hacking News.
https://latesthackingnews.com/2020/09/23/most-popular-crowdfunding-platforms/
Partager : LinkedIn / Twitter / Facebook / View
Firefox for Android Bug Allows Hijacking Other Phones' Browsers Over WiFi
A serious bug exists in Firefox for Android browsers that allows hijacking other phones' browsers connected on the WiFi. Upgrade
Firefox for Android Bug Allows Hijacking Other Phones' Browsers Over WiFi on Latest Hacking News.
https://latesthackingnews.com/2020/09/23/firefox-for-android-bug-allows-hijacking-other-phones-browsers-over-wifi/
Partager : LinkedIn / Twitter / Facebook / View
Detecting and Preventing Critical ZeroLogon Windows Server Vulnerability
If you're administrating Windows Server, make sure it's up to date with all recent patches issued by Microsoft, especially the one that fixes a recently patched critical vulnerability that could allow unauthenticated attackers to compromise the domain controller.
Dubbed 'Zerologon' (CVE-2020-1472) and discovered by Tom Tervoort of Secura, the privilege escalation vulnerability exists due to the
https://thehackernews.com/2020/09/detecting-and-preventing-critical.html
Partager : LinkedIn / Twitter / Facebook / View
A New Hacking Group Hitting Russian Companies With Ransomware
As ransomware attacks against critical infrastructure continue to spike in recent months, cybersecurity researchers have uncovered a new entrant that has been actively trying to conduct multistage attacks on large corporate networks of medical labs, banks, manufacturers, and software developers in Russia.
The ransomware gang, codenamed "OldGremlin" and believed to be a Russian-speaking threat
https://thehackernews.com/2020/09/russian-ransomware-hack.html
Partager : LinkedIn / Twitter / Facebook / View
Unsecured Microsoft Bing Server Exposed Users' Search Queries and Location
A back-end server associated with Microsoft Bing exposed sensitive data of the search engine's mobile application users, including search queries, device details, and GPS coordinates, among others.
The logging database, however, doesn't include any personal details such as names or addresses.
The data leak, discovered by Ata Hakcil of WizCase on September 12, is a massive 6.5TB cache of log
https://thehackernews.com/2020/09/bing-search-hacking.html
Partager : LinkedIn / Twitter / Facebook / View
British Hacker Sentenced to 5 Years for Blackmailing U.S. Companies
A UK man who threatened to publicly release stolen confidential information unless the victims agreed to fulfill his digital extortion demands has finally pleaded guilty on Monday at U.S. federal district court in St. Louis, Missouri.
Nathan Francis Wyatt , 39, who is a key member of the infamous international hacking group 'The Dark Overlord,' has been sentenced to five years in prison and
https://thehackernews.com/2020/09/british-hacker-jailed.html
Partager : LinkedIn / Twitter / Facebook / View
A Patient Dies After Ransomware Attack Paralyzes German Hospital Systems
German authorities last week disclosed that a ransomware attack on the University Hospital of Düsseldorf (UKD) caused a failure of IT systems, resulting in the death of a woman who had to be sent to another hospital that was 20 miles away.
The incident marks the first recorded casualty as a consequence of cyberattacks on critical healthcare facilities, which has ramped up in recent months.
The
https://thehackernews.com/2020/09/a-patient-dies-after-ransomware-attack.html
Partager : LinkedIn / Twitter / Facebook / View
A Bug Could Let Attackers Hijack Firefox for Android via Wi-Fi Network
Dear Android users, if you use the Firefox web browser on your smartphones, make sure it has been updated to version 80 or the latest available version on the Google Play Store.
ESET security researcher Lukas Stefanko yesterday tweeted an alert demonstrating the exploitation of a recently disclosed high-risk remote command execution vulnerability affecting the Firefox app for Android.
Discovered
https://thehackernews.com/2020/09/firefox-android-wifi-hacking.html
Partager : LinkedIn / Twitter / Facebook / View
Researchers Uncover 6-Year Cyber Espionage Campaign Targeting Iranian Dissidents
Capping off a busy week of charges and sanctions against Iranian hackers, a new research offers insight into what's a six-year-long ongoing surveillance campaign targeting Iranian expats and dissidents with an intention to pilfer sensitive information.
The threat actor, suspected to be of Iranian origin, is said to have orchestrated the campaign with at least two different moving parts — one for
https://thehackernews.com/2020/09/iran-hacking-dissidents.html
Partager : LinkedIn / Twitter / Facebook / View
U.S. Treasury Sanctions Hacking Group Backed by Iranian Intelligence
The U.S. government on Thursday imposed sweeping sanctions against an Iranian threat actor backed by the country's Ministry of Intelligence and Security (MOIS) for carrying out malware campaigns targeting Iranian dissidents, journalists, and international companies in the telecom and travel sectors.
According to the U.S. Treasury and the Federal Bureau of Investigation (FBI), the sanctions target
https://thehackernews.com/2020/09/iranian-hackers-sanctioned.html
Partager : LinkedIn / Twitter / Facebook / View
Android 11 — 5 New Security and Privacy Features You Need to Know
After a long wait and months of beta testing, Google last week finally released Android 11, the latest version of the Android mobile operating system—with features offering billions of its users more control over their data security and privacy.
Android security is always a hot topic and almost always for the wrong reason, including Google's failure to prevent malicious apps from being
https://thehackernews.com/2020/09/android-11-security-privacy.html
Partager : LinkedIn / Twitter / Facebook / View
Zenscrape: A Simple Web Scraping Solution for Penetration Testers
Did you ever try extracting any information from any website? Well, if you have then you have surely enacted web scraping functions without even knowing it!
To put in simpler terms, Web scraping, or also known as web data extraction, is the process of recouping or sweeping data from web-pages. It is a much faster and easier process of retrieving data without undergoing the time-consuming
https://thehackernews.com/2020/09/zenscrape-simple-web-scraping-solution.html
Partager : LinkedIn / Twitter / Facebook / View
U.S. Announces Charges Against 2 Russian and 2 Iranian Hackers
Immediately after revealing criminal charges against 5 Chinese and 2 Malaysian hackers, the United States government yesterday also made two separate announcements charging two Iranian and two Russian hackers and added them to the FBI's most-wanted list.
The two Russian nationals—Danil Potekhin and Dmitrii Karasavidi—are accused of stealing .8 million worth of cryptocurrencies in a series of
https://thehackernews.com/2020/09/us-announces-charges-against-2-russian.html
Partager : LinkedIn / Twitter / Facebook / View
FBI adds 5 Chinese APT41 hackers to its Cyber's Most Wanted List
The United States government today announced charges against 5 alleged members of a Chinese state-sponsored hacking group and 2 Malaysian hackers that are responsible for hacking more than 100 companies throughout the world.
Named as APT41 and also known as 'Barium,' 'Winnti, 'Wicked Panda,' and 'Wicked Spider,' the cyber-espionage group has been operating since at least 2012 and is not just
https://thehackernews.com/2020/09/apt41-hackers-wanted-by-fbi.html
Partager : LinkedIn / Twitter / Facebook / View
2 Hackers Charged for Defacing Sites after U.S. Airstrike Killed Iranian General
The US Department of Justice (DoJ) on Tuesday indicted two hackers for their alleged involvement in defacing several websites in the country following the assassination of Iranian major general Qasem Soleimani earlier this January.
Behzad Mohammadzadeh (aka Mrb3hz4d), 19, and Marwan Abusrour (aka Mrwn007), 25, have been charged with conspiracy to commit intentional damage to a protected
https://thehackernews.com/2020/09/soleimani-website-hacking.html
Partager : LinkedIn / Twitter / Facebook / View
New Report Explains COVID-19's Impact on Cyber Security
Most cybersecurity professionals fully anticipated that cybercriminals would leverage the fear and confusion surrounding the Covid-19 pandemic in their cyberattacks.
Of course, malicious emails would contain subjects relating to Covid-19, and malicious downloads would be Covid-19 related. This is how cybercriminals operate. Any opportunity to maximize effectiveness, no matter how contemptible
https://thehackernews.com/2020/09/covid-cybersecurity-report.html
Partager : LinkedIn / Twitter / Facebook / View
Report: 97% of Cybersecurity Companies Have Leaked Data on the Dark Web
In a new report into the global cybersecurity industry's exposure on the Dark Web this year, global application security company, ImmuniWeb, uncovered that 97% of leading cybersecurity companies have data leaks or other security incidents exposed on the Dark Web, while on average, there are over 4,000 stolen credentials and other sensitive data exposed per cybersecurity company.
Even the
https://thehackernews.com/2020/09/dark-web-cybersecurity-report.html
Partager : LinkedIn / Twitter / Facebook / View
CISA: Chinese Hackers Exploiting Unpatched Devices to Target U.S. Agencies
The US Cybersecurity and Infrastructure Security Agency (CISA) issued a new advisory on Monday about a wave of cyberattacks carried by Chinese nation-state actors targeting US government agencies and private entities.
"CISA has observed Chinese [Ministry of State Security]-affiliated cyber threat actors operating from the People's Republic of China using commercially available information
https://thehackernews.com/2020/09/chinese-hackers-agencies.html
Partager : LinkedIn / Twitter / Facebook / View
New Linux Malware Steals Call Details from VoIP Softswitch Systems
Cybersecurity researchers have discovered an entirely new kind of Linux malware dubbed "CDRThief" that targets voice over IP (VoIP) softswitches in an attempt to steal phone call metadata.
"The primary goal of the malware is to exfiltrate various private data from a compromised softswitch, including call detail records (CDR)," ESET researchers said in a Thursday analysis.
"To steal this
https://thehackernews.com/2020/09/linux-voip-softswitch-malware.html
Partager : LinkedIn / Twitter / Facebook / View
New Unpatched Bluetooth Flaw Lets Hackers Easily Target Nearby Devices
Bluetooth SIG—an organization that oversees the development of Bluetooth standards—today issued a statement informing users and vendors of a newly reported unpatched vulnerability that potentially affects hundreds of millions of devices worldwide.
Discovered independently by two separate teams of academic researchers, the flaw resides in the Cross-Transport Key Derivation (CTKD) of devices
https://thehackernews.com/2020/09/new-bluetooth-vulnerability.html
Partager : LinkedIn / Twitter / Facebook / View
Hackers Stole .4 Million From Eterbase Cryptocurrency Exchange
Cybercriminals successfully plundered another digital cryptocurrency exchange.
European cryptocurrency exchange Eterbase this week disclosed a massive breach of its network by an unknown group of hackers who stole cryptocurrencies worth 5.4 million dollars.
Eterbase, which has now entered maintenance mode until the security issue is resolved, described itself as Europe's Premier Digital Asset
https://thehackernews.com/2020/09/hackers-stole-cryptocurrencies.html
Partager : LinkedIn / Twitter / Facebook / View
A Successful Self-Service Password Reset (SSPR) Project Requires User Adoption
IT help desks everywhere are having to adjust to the 'new normal' of supporting mainly remote workers. This is a major shift away from visiting desks across the office and helping ones with traditional IT support processes.
Many reasons end-users may contact the helpdesk. However, password related issues are arguably the most common.
Since the onset of the global pandemic that began earlier
https://thehackernews.com/2020/09/self-service-password-reset.html
Partager : LinkedIn / Twitter / Facebook / View
New Raccoon Attack Could Let Attackers Break SSL/TLS Encryption
A group of researchers has detailed a new timing vulnerability in Transport Layer Security (TLS) protocol that could potentially allow an attacker to break the encryption and read sensitive communication under specific conditions.
Dubbed "Raccoon Attack," the server-side attack exploits a side-channel in the cryptographic protocol (versions 1.2 and lower) to extract the shared secret key used
https://thehackernews.com/2020/09/raccoon-ssl-tls-encryption.html
Partager : LinkedIn / Twitter / Facebook / View
Cynet Takes Cyber Threat Protection Automation to the Next Level with Incident Engine
We have all heard of the "cybersecurity skills gap" — firms' inability to hire and retain high-level cybersecurity talent.
I see this gap manifesting in two ways. First, companies that want to hire cybersecurity talent simply cannot find candidates with sufficient skills. Second, companies that cannot afford specialized cybersecurity talent and therefore lack the necessary skills to
https://thehackernews.com/2020/09/cynet-cybersecurity-software.html
Partager : LinkedIn / Twitter / Facebook / View
Cybercriminals Are Using Legit Cloud Monitoring Tools As Backdoor
A cybercrime group that has previously struck Docker and Kubernetes cloud environments has evolved to repurpose genuine cloud monitoring tools as a backdoor to carry out malicious attacks, according to new research.
"To our knowledge, this is the first time attackers have been caught using legitimate third party software to target cloud infrastructure," Israeli cybersecurity firm Intezer said
https://thehackernews.com/2020/09/cloud-monitoring.html
Partager : LinkedIn / Twitter / Facebook / View
Microsoft Releases September 2020 Security Patches For 129 Flaws
As part of this month's Patch Tuesday, Microsoft today released a fresh batch of security updates to fix a total of 129 newly discovered security vulnerabilities affecting various versions of its Windows operating systems and related software.
Of the 129 bugs spanning its various products — Microsoft Windows, Edge browser, Internet Explorer, ChakraCore, SQL Server, Exchange Server, Office,
https://thehackernews.com/2020/09/patch-tuesday-september.html
Partager : LinkedIn / Twitter / Facebook / View
179 arrested in massive dark web bust
The sting is said to be the US Government's largest operation targeting crime in the internet's seedy underbelly
The post 179 arrested in massive dark web bust appeared first on WeLiveSecurity
https://www.welivesecurity.com/2020/09/23/179-arrested-massive-dark-web-bust/
Partager : LinkedIn / Twitter / Facebook / View
New tool helps companies assess why employees click on phishing emails
NIST's tool can help organizations improve the testing of their employees' phish-spotting prowess
The post New tool helps companies assess why employees click on phishing emails appeared first on WeLiveSecurity
https://www.welivesecurity.com/2020/09/22/new-tool-helps-companies-assess-why-employees-click-phishing-emails/
Partager : LinkedIn / Twitter / Facebook / View
Mozilla fixes flaw that let attackers hijack Firefox for Android via Wi‑Fi
Attackers could have exploited the flaw to steal victims' login credentials or install malware on their devices
The post Mozilla fixes flaw that let attackers hijack Firefox for Android via Wi‑Fi appeared first on WeLiveSecurity
https://www.welivesecurity.com/2020/09/21/mozilla-fixes-flaw-let-attackers-hijack-firefox-android-wifi/
Partager : LinkedIn / Twitter / Facebook / View
Week in security with Tony Anscombe
Zoom now supports two-factor authentication – A cyber attack hits 14 inboxes belonging to Quebec's Department of Justice
The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
https://www.welivesecurity.com/videos/week-security-tony-anscombe-92/
Partager : LinkedIn / Twitter / Facebook / View
5 ways cybercriminals can try to extort you
What are some common strategies cybercriminals employ in extortion schemes and how can you mitigate the chances of falling victim to a cyber-shakedown?
The post 5 ways cybercriminals can try to extort you appeared first on WeLiveSecurity
https://www.welivesecurity.com/2020/09/18/five-cybercriminals-extortion-schemes/
Partager : LinkedIn / Twitter / Facebook / View
Plugging in a strange USB drive – What could possibly go wrong?
While wanting to return a found USB flash drive is commendable, you should avoid taking unnecessary risks, lest your device get infested and your data compromised
The post Plugging in a strange USB drive – What could possibly go wrong? appeared first on WeLiveSecurity
https://www.welivesecurity.com/2020/09/17/plugging-in-strange-usb-drive/
Partager : LinkedIn / Twitter / Facebook / View
Emotet strikes Quebec's Department of Justice: An ESET Analysis
The cyber attack, which affected 14 inboxes belonging to the Department of Justice, was confirmed by ESET researchers
The post Emotet strikes Quebec's Department of Justice: An ESET Analysis appeared first on WeLiveSecurity
https://www.welivesecurity.com/2020/09/16/emotet-quebec-department-justice-eset/
Partager : LinkedIn / Twitter / Facebook / View
Sports data for ransom – it's not all just fun and games anymore
Sports and training data are more sophisticated and affordable than ever. With the democratization of (sports) performance data, is your personal information safe?
The post Sports data for ransom – it's not all just fun and games anymore appeared first on WeLiveSecurity
https://www.welivesecurity.com/2020/09/16/sports-data-ransom/
Partager : LinkedIn / Twitter / Facebook / View
Zoom makes 2FA available for all its users
Zoom now supports phone calls, text messages and authentication apps as forms of two-factor authentication
The post Zoom makes 2FA available for all its users appeared first on WeLiveSecurity
https://www.welivesecurity.com/2020/09/15/zoom-2fa-available-users/
Partager : LinkedIn / Twitter / Facebook / View
Week in security with Tony Anscombe
ESET researchers discover and analyze CDRThief, malware that targets Voice over IP (VoIP) softswitches
The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
https://www.welivesecurity.com/videos/week-security-tony-anscombe-91/
Partager : LinkedIn / Twitter / Facebook / View
Portland passes the strictest facial recognition technology ban in the US yet
Oregon's largest city aims to be a trailblazer when it comes to facial recognition legislation
The post Portland passes the strictest facial recognition technology ban in the US yet appeared first on WeLiveSecurity
https://www.welivesecurity.com/2020/09/10/portland-facial-recognition-ban/
Partager : LinkedIn / Twitter / Facebook / View
Who is calling? CDRThief targets Linux VoIP softswitches
ESET researchers have discovered and analyzed malware that targets Voice over IP (VoIP) softswitches
The post Who is calling? CDRThief targets Linux VoIP softswitches appeared first on WeLiveSecurity
https://www.welivesecurity.com/2020/09/10/who-callin-cdrthief-linux-voip-softswitches/
Partager : LinkedIn / Twitter / Facebook / View
UK University suffers cyberattack, ransomware gang claims responsibility
The cyber-incident has taken most of Newcastle University's systems offline and officials estimates it will take weeks to recover.
The post UK University suffers cyberattack, ransomware gang claims responsibility appeared first on WeLiveSecurity
https://www.welivesecurity.com/2020/09/09/newcaste-university-uk-cyberattack/
Partager : LinkedIn / Twitter / Facebook / View
Lead‑offering business booming as usual!
…but there are no conferences or exhibitions???
The post Lead‑offering business booming as usual! appeared first on WeLiveSecurity
https://www.welivesecurity.com/2020/09/08/lead-offering-business-booming-as-usual/
Partager : LinkedIn / Twitter / Facebook / View
TikTok Family Pairing: Curate your children's content and more
With TikTok being all the rage especially with teens, we look at a feature that gives parents greater control over how their children interact with the app
The post TikTok Family Pairing: Curate your children’s content and more appeared first on WeLiveSecurity
https://www.welivesecurity.com/2020/09/07/tiktok-family-pairing-curate-your-childrens-content-and-more/
Partager : LinkedIn / Twitter / Facebook / View
Week in security with Tony Anscombe
ESET research dissects KryptoCibule malware family – Why close unused accounts rather than just remove apps – Microsoft's new deepfake detector
The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
https://www.welivesecurity.com/videos/week-security-tony-anscombe-90/
Partager : LinkedIn / Twitter / Facebook / View
Microsoft debuts deepfake detection tool
As the US presidential election nears, the company's new tech should also help assure people that an image or video is authentic
The post Microsoft debuts deepfake detection tool appeared first on WeLiveSecurity
https://www.welivesecurity.com/2020/09/03/microsoft-debuts-deepfake-detection-tool/
Partager : LinkedIn / Twitter / Facebook / View
Houseparty – should I stay or should I go now?
What's the benefit of deleting your Houseparty – or any other unused – account, rather than just uninstalling the app?
The post Houseparty – should I stay or should I go now? appeared first on WeLiveSecurity
https://www.welivesecurity.com/2020/09/03/houseparty-should-i-stay-or-should-i-go-now/
Partager : LinkedIn / Twitter / Facebook / View
Norway's parliament struck by hackers
Unknown threat actors were able to exfiltrate information from the email accounts of several parliamentarians
The post Norway's parliament struck by hackers appeared first on WeLiveSecurity
https://www.welivesecurity.com/2020/09/02/norway-parliament-struck-by-hackers/
Partager : LinkedIn / Twitter / Facebook / View
KryptoCibule: The multitasking multicurrency cryptostealer
ESET researchers analyze a previously undocumented trojan that is spread via malicious torrents and uses multiple tricks to squeeze cryptocoins from its victims while staying under the radar
The post KryptoCibule: The multitasking multicurrency cryptostealer appeared first on WeLiveSecurity
https://www.welivesecurity.com/2020/09/02/kryptocibule-multitasking-multicurrency-cryptostealer/
Partager : LinkedIn / Twitter / Facebook / View
Security flaw allows bypassing PIN verification on Visa contactless payments
The vulnerability could allow criminals to rack up fraudulent charges on the cards without needing to know the PINs
The post Security flaw allows bypassing PIN verification on Visa contactless payments appeared first on WeLiveSecurity
https://www.welivesecurity.com/2020/08/31/security-flaw-allows-bypassing-pin-verification-visa-contactless-cards/
Partager : LinkedIn / Twitter / Facebook / View
Week in security with Tony Anscombe
Canada's government services hit by cyberattacks – Vishing attacks surge amid COVID-19 pandemic – DDoS extortionists strike again
The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
https://www.welivesecurity.com/videos/week-security-tony-anscombe-89/
Partager : LinkedIn / Twitter / Facebook / View
DDoS extortion campaign targets financial firms, retailers
The extortionists attempt to scare the targets into paying by claiming to represent some of the world's most notorious APT groups
The post DDoS extortion campaign targets financial firms, retailers appeared first on WeLiveSecurity
https://www.welivesecurity.com/2020/08/27/ddos-extortion-campaign-targets-financial-firms-retailers/
Partager : LinkedIn / Twitter / Facebook / View
New Chrome, Firefox versions fix security bugs, bring productivity features
Chrome gets a new way of managing tabs while Firefox now features a new add-ons blocklist
The post New Chrome, Firefox versions fix security bugs, bring productivity features appeared first on WeLiveSecurity
https://www.welivesecurity.com/2020/08/26/new-chrome-firefox-versions-fix-security-bugs-bring-productivity-tools/
Partager : LinkedIn / Twitter / Facebook / View
FBI, CISA warn of spike in vishing attacks
Cybercriminals take aim at teleworkers, setting up malicious duplicates of companies' internal VPN login pages
The post FBI, CISA warn of spike in vishing attacks appeared first on WeLiveSecurity
https://www.welivesecurity.com/2020/08/25/fbi-cisa-warn-spike-vishing-attacks/
Partager : LinkedIn / Twitter / Facebook / View
Cyber attacks: Several Canadian government services disrupted
Several services, including the national revenue agency, had to be shut down following a series of credential-stuffing attacks
The post Cyber attacks: Several Canadian government services disrupted appeared first on WeLiveSecurity
https://www.welivesecurity.com/2020/08/24/cyber-attacks-canada-revenue-agency-government/
Partager : LinkedIn / Twitter / Facebook / View
How to secure your TikTok account
From keeping your account safe to curating who can view your liked content, we look at how you can increase your security and privacy on TikTok
The post How to secure your TikTok account appeared first on WeLiveSecurity
https://www.welivesecurity.com/2020/08/24/how-to-secure-your-tiktok-account/
Partager : LinkedIn / Twitter / Facebook / View
Week in security with Tony Anscombe
Grandoreiro takes aim at Spanish taxpayers – Dangers posed by cloned social media accounts – How to prepare your digital estate plan
The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
https://www.welivesecurity.com/videos/week-security-tony-anscombe-88/
Partager : LinkedIn / Twitter / Facebook / View
Grandoreiro banking trojan impersonates Spain's tax agency
Beware the tax bogeyman – there are tax scams aplenty
The post Grandoreiro banking trojan impersonates Spain's tax agency appeared first on WeLiveSecurity
https://www.welivesecurity.com/2020/08/21/grandoreiro-banking-trojan-impersonates-spain-tax-agency/
Partager : LinkedIn / Twitter / Facebook / View
How to prepare and protect your digital legacy
It's never too soon to plan for what will happen to your digital presence after you pass away
The post How to prepare and protect your digital legacy appeared first on WeLiveSecurity
https://www.welivesecurity.com/2020/08/19/how-to-prepare-and-protect-your-digital-legacy/
Partager : LinkedIn / Twitter / Facebook / View
Ritz London clients scammed after apparent data breach
Armed with personal data stolen from the hotel's dining reservation system, fraudsters trick guests into handing over their credit card details
The post Ritz London clients scammed after apparent data breach appeared first on WeLiveSecurity
https://www.welivesecurity.com/2020/08/18/ritz-london-clients-scammed-apparent-data-breach/
Partager : LinkedIn / Twitter / Facebook / View
Attack of the Instagram clones
Could your social media account be spoofed, why would anybody do it, and what can you do to avoid having a doppelgänger?
The post Attack of the Instagram clones appeared first on WeLiveSecurity
https://www.welivesecurity.com/2020/08/17/attack-instagram-clones/
Partager : LinkedIn / Twitter / Facebook / View
Week in security with Tony Anscombe
A deep dive into Mekotio – The financial fallout from data breaches – Fixing election security issues
The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
https://www.welivesecurity.com/videos/week-security-tony-anscombe-87/
Partager : LinkedIn / Twitter / Facebook / View
Google will test new feature in Chrome to curb phishing
The web browser will only display domain names as a way to help people recognize impostor websites
The post Google will test new feature in Chrome to curb phishing appeared first on WeLiveSecurity
https://www.welivesecurity.com/2020/08/14/google-test-new-feature-chrome-phishing/
Partager : LinkedIn / Twitter / Facebook / View
Mekotio: These aren't the security updates you're looking for…
Another in our occasional series demystifying Latin American banking trojans
The post Mekotio: These aren't the security updates you're looking for… appeared first on WeLiveSecurity
https://www.welivesecurity.com/2020/08/13/mekotio-these-arent-the-security-updates-youre-looking-for/
Partager : LinkedIn / Twitter / Facebook / View
What is the cost of a data breach?
The price tag is higher if the incident exposed customer data or was the result of a malicious attack, an annual IBM study finds
The post What is the cost of a data breach? appeared first on WeLiveSecurity
https://www.welivesecurity.com/2020/08/12/what-is-cost-data-breach/
Partager : LinkedIn / Twitter / Facebook / View
Twitter working to fix issue with 2FA feature
An apparent glitch is preventing a number of users from signing in to their accounts
The post Twitter working to fix issue with 2FA feature appeared first on WeLiveSecurity
https://www.welivesecurity.com/2020/08/11/twitter-working-fix-issue-2fa-feature/
Partager : LinkedIn / Twitter / Facebook / View
Black Hat 2020: Fixing voting issues – boiling the ocean?
With the big voting day rapidly approaching, can the security of the election still be shored up? If so, how?
The post Black Hat 2020: Fixing voting issues – boiling the ocean? appeared first on WeLiveSecurity
https://www.welivesecurity.com/2020/08/10/black-hat-2020-fixing-voting-boiling-ocean/
Partager : LinkedIn / Twitter / Facebook / View
Week in security with Tony Anscombe
ESET highlights new research at Black Hat 2020 – What to if your data was stolen in the Blackbaud breach
The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
https://www.welivesecurity.com/videos/week-security-tony-anscombe-86/
Partager : LinkedIn / Twitter / Facebook / View
Stadeo: Deobfuscating Stantinko and more
We introduce Stadeo – a set of scripts that can help fellow threat researchers and reverse engineers to deobfuscate the code of Stantinko and other malware
The post Stadeo: Deobfuscating Stantinko and more appeared first on WeLiveSecurity
https://www.welivesecurity.com/2020/08/07/stadeo-deobfuscating-stantinko-and-more/
Partager : LinkedIn / Twitter / Facebook / View
Small and medium‑sized businesses: Big targets for ransomware attacks
Why are SMBs a target for ransomware-wielding gangs and what can they do to protect themselves against cyber-extortion?
The post Small and medium‑sized businesses: Big targets for ransomware attacks appeared first on WeLiveSecurity
https://www.welivesecurity.com/2020/08/07/small-medium-sized-businesses-big-targets-ransomware-attacks/
Partager : LinkedIn / Twitter / Facebook / View
Beyond KrØØk: Even more Wi‑Fi chips vulnerable to eavesdropping
At Black Hat USA 2020, ESET researchers delved into details about the KrØØk vulnerability in Wi-Fi chips and revealed that similar bugs affect more chip brands than previously thought
The post Beyond KrØØk: Even more Wi‑Fi chips vulnerable to eavesdropping appeared first on WeLiveSecurity
https://www.welivesecurity.com/2020/08/06/beyond-kr00k-even-more-wifi-chips-vulnerable-eavesdropping/
Partager : LinkedIn / Twitter / Facebook / View
Blackbaud data breach: What you should know
Here's what to be aware of if your personal data was compromised in the breach at the cloud software provider
The post Blackbaud data breach: What you should know appeared first on WeLiveSecurity
https://www.welivesecurity.com/2020/08/06/blackbaud-data-breach-what-you-should-know/
Partager : LinkedIn / Twitter / Facebook / View
NSA shares advice on how to limit location tracking
The intelligence agency warns of location tracking risks and offers tips for how to reduce the amount of data shared
The post NSA shares advice on how to limit location tracking appeared first on WeLiveSecurity
https://www.welivesecurity.com/2020/08/05/nsa-guidance-limit-location-tracking/
Partager : LinkedIn / Twitter / Facebook / View
FBI warns of surge in online shopping scams
In one scheme, shoppers ordering gadgets or gym equipment are in for a rude surprise – they receive disposable face masks instead
The post FBI warns of surge in online shopping scams appeared first on WeLiveSecurity
https://www.welivesecurity.com/2020/08/04/fbi-warns-surge-online-shopping-scams/
Partager : LinkedIn / Twitter / Facebook / View
How much is your personal data worth on the dark web?
The going prices are lower than you probably think – your credit card details, for example, can sell for a few bucks
The post How much is your personal data worth on the dark web? appeared first on WeLiveSecurity
https://www.welivesecurity.com/2020/08/03/how-much-is-your-personal-data-worth-dark-web/
Partager : LinkedIn / Twitter / Facebook / View
Week in security with Tony Anscombe
New ESET Threat Report is out – Defending against Thunderspy attacks – Thousands of databases wiped in Meow attacks
The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
https://www.welivesecurity.com/videos/week-security-tony-anscombe-85/
Partager : LinkedIn / Twitter / Facebook / View
Twitter breach: Staff tricked by ‘phone spear phishing'
The attackers exploited the human factor to gain access to Twitter's internal systems and the accounts of some of the world's most prominent figures
The post Twitter breach: Staff tricked by ‘phone spear phishing' appeared first on WeLiveSecurity
https://www.welivesecurity.com/2020/07/31/twitter-breach-staff-tricked-phone-spear-phishing/
Partager : LinkedIn / Twitter / Facebook / View
10 billion records exposed in unsecured databases, study says
The databases contain personal information that could be used for phishing attacks and identity theft schemes
The post 10 billion records exposed in unsecured databases, study says appeared first on WeLiveSecurity
https://www.welivesecurity.com/2020/07/30/10-billion-records-exposed-unsecured-databases/
Partager : LinkedIn / Twitter / Facebook / View
Thunderspy attacks: What they are, who's at greatest risk and how to stay safe
All you need to know about preventing adversaries from exploiting the recently disclosed vulnerabilities in the Thunderbolt interface
The post Thunderspy attacks: What they are, who's at greatest risk and how to stay safe appeared first on WeLiveSecurity
https://www.welivesecurity.com/2020/07/30/thunderspy-attacks-what-they-are-whos-at-greatest-risk-how-to-stay-safe/
Partager : LinkedIn / Twitter / Facebook / View
Introducing the 4th Annual Hacker-Powered Security Report
https://www.hackerone.com/blog/introducing-4th-annual-hacker-powered-security-report
Partager : LinkedIn / Twitter / Facebook / View
H1-2010 FAQ's
FAQ's from HackerOne's biggest virtual live hacking event with The Paranoids from Verizon Media, H1-2010.
https://www.hackerone.com/blog/h1-2010-faqs
Partager : LinkedIn / Twitter / Facebook / View
Hacker Spotlight: Interview with bitK
Puzzle master and bug bounty hunter @bitK is featured on this week's Hacker Spotlight to share his story.
https://www.hackerone.com/blog/hacker-spotlight-interview-bitk
Partager : LinkedIn / Twitter / Facebook / View
Federal Agencies Directed to Quickly Publish VDPs—5 Steps to Make it Happen
https://www.hackerone.com/blog/federal-agencies-directed-quickly-publish-vdps-5-steps-make-it-happen-1
Partager : LinkedIn / Twitter / Facebook / View
Smartsheet Celebrates One Year with HackerOne
To mark Smartsheet's one-year anniversary with HackerOne, we sat down with Nolan Gibb, Information Security Engineer at Smartsheet, to discuss how bug bounties enable his team to scale and collaborate with software developers to create more secure products.
https://www.hackerone.com/blog/smartsheet-celebrates-one-year-hackerone-1
Partager : LinkedIn / Twitter / Facebook / View
HackerOne Rolls Out Pentest Review System for Customers and Pentesters
https://www.hackerone.com/blog/hackerone-rolls-out-pentest-review-system-customers-and-pentesters
Partager : LinkedIn / Twitter / Facebook / View
Hacker Spotlight: Interview with honoki
Bug bounty hunter and security consultant Pieter or @honoki is featured on this week's Hacker Spotlight to talk about programs and what makes them exciting.
https://www.hackerone.com/blog/hacker-spotlight-interview-honoki
Partager : LinkedIn / Twitter / Facebook / View
Are Election Hacking Fears Driving Voters To The Polls?
If people fear that the American electoral infrastructure could be hacked, will they withhold their votes in November? Not according to research commissioned by HackerOne.
https://www.hackerone.com/blog/are-election-hacking-fears-driving-voters-polls
Partager : LinkedIn / Twitter / Facebook / View
Hacker Spotlight: Interview with dki
Mobile security research engineer and bug bounty hacker Dawn Isabel is featured in this week's Hacker Spotlight.
https://www.hackerone.com/blog/hacker-spotlight-interview-dki
Partager : LinkedIn / Twitter / Facebook / View
Hacker Spotlight: Interview with mayonaise
@mayonaise is the embodiment of our rallying cry to hack for good. Read this week's Hacker Spotlight AMA blog post about Jon Colston's impact on the world of bug bounties.
https://www.hackerone.com/blog/hacker-spotlight-interview-mayonaise
Partager : LinkedIn / Twitter / Facebook / View
Become a HackerOne Brand Ambassador
Announcing the Hacker Brand Ambassador Program: lead hackers in your city, get exclusive perks, further your career.
https://www.hackerone.com/blog/become-hackerone-brand-ambassador
Partager : LinkedIn / Twitter / Facebook / View
National University of Singapore Taps Students to Hack for Good
In an inaugural InterUni Bug Bounty Challenge jointly organized by the National University of Singapore (NUS) and Singapore Management University (SMU) from 12 August to 9 September 2020, students and staff from the two universities will get to hone their hacking skills by looking for vulnerabilities (or ‘bugs') across the digital assets of their respective universities in exchange for monetary rewards, or bounties.
To kick off the InterUni Bug Bounty Challenge, we sat down with NUS Chief Information Technology Officers Tommy Hor to learn more about the Challenge, why cybersecurity is so important to educational institutions like NUS, and more.
https://www.hackerone.com/blog/national-university-singapore-taps-students-hack-good
Partager : LinkedIn / Twitter / Facebook / View
Recap of h@cktivitycon 2020
HackerOne's first-ever hacker conference, h@cktivitycon streamed from Twitch on Friday, July 31st - August 1st, 2020 recapped in this blog post.
https://www.hackerone.com/blog/recap-hcktivitycon-2020
Partager : LinkedIn / Twitter / Facebook / View
Hacker Spotlight: Interview with todayisnew
Hear from the top hacker ranked number 1 on the all-time HackerOne leaderboard, @todayisnew in this week's Hacker Spotlight AMA Blog Post.
https://www.hackerone.com/blog/hacker-spotlight-interview-todayisnew
Partager : LinkedIn / Twitter / Facebook / View
Hacker Spotlight: Interview with dawgyg
Million dollar hacker, @dawgyg answers this week's Q&A on his thoughts behind bug bounties.
https://www.hackerone.com/blog/hacker-spotlight-interview-dawgyg
Partager : LinkedIn / Twitter / Facebook / View
Adobe and HackerOne Celebrate Five Years of Continued Collaboration
To celebrate five years with HackerOne, we sat down with Adobe's Senior Security Program Manager Pieter Ockers to discuss how their program has evolved over the last five years and the role that hacker-powered security, both bug bounties and response programs, plays into their overall security strategy.
https://www.hackerone.com/blog/adobe-and-hackerone-celebrate-five-years-continued-collaboration
Partager : LinkedIn / Twitter / Facebook / View
COVID Confessions of a CISO
The COVID-19 crisis has shifted life online. As companies rush to meet remote work requirements and customer demands for digital services, attack surfaces have dramatically expanded, leaving security teams stretched thin and not staffed to cope. HackerOne dug into this concept to identify COVID-19 impacts on security and business. Read on for our findings.
https://www.hackerone.com/blog/covid-confessions-ciso
Partager : LinkedIn / Twitter / Facebook / View
Security Engineers by Day, Hackers by Night – An Interview with Two of Singapore's Top Ethical Hackers
https://www.hackerone.com/blog/security-engineers-day-hackers-night-interview-two-singapores-top-ethical-hackers
Partager : LinkedIn / Twitter / Facebook / View
Hacker Spotlight: Interview with Ziot
Challenge and puzzle connoisseur is on this week's Hacker Spotlights. Read his story on this AMA blog post.
https://www.hackerone.com/blog/hacker-spotlight-interview-ziot
Partager : LinkedIn / Twitter / Facebook / View
Human vs. Machine: Three-Part Virtual Series on the Human Element of AppSec
https://www.hackerone.com/blog/man-vs-machine-three-part-virtual-series-human-element-appsec
Partager : LinkedIn / Twitter / Facebook / View
Securing video streaming in sub-Saharan Africa
Maintaining a video streaming service across the whole of Africa is challenge enough, without the added pressure of potential security issues. Showmax turns to hackers to secure their customer data and protect the security of their shows and movies.
https://www.hackerone.com/blog/securing-video-streaming-sub-saharan-africa
Partager : LinkedIn / Twitter / Facebook / View
Hacker Spotlight: Interview with cdl
cdl: student, researcher, bug hunter and founder. Read this week's Hacker Spotlight AMA on why and how cdl hacks for good.
https://www.hackerone.com/blog/hacker-spotlight-interview-cdl
Partager : LinkedIn / Twitter / Facebook / View
Security@ 2020 Call for Speakers is Open
HackerOne's global hacker-powered security conference, Security@, is back for its fourth year. This year's virtual event will take place October 20-22, 2020. The call for speakers is now open! You have until August 21, 2020, to submit your talk.
https://www.hackerone.com/blog/security-2020-call-speakers-open
Partager : LinkedIn / Twitter / Facebook / View
Costa Coffee prepares for global expansion with bug bounty program
As the coffee chain prepares for global expansion, Costa Coffee joins the likes of Hyatt, Deliveroo, and Zomato in launching its first private bug bounty program. Costa Coffee will shore up its digital defenses using the combined expertise and experience of HackerOne's hacker community.
https://www.hackerone.com/blog/costa-coffee-prepares-global-expansion-bug-bounty-program
Partager : LinkedIn / Twitter / Facebook / View
A Warm Welcome To Our New SVP of Customer Success
We are delighted to announce that Amanda Berger — former Chief Customer Officer at Lucidworks — has joined HackerOne as our new SVP of Customer Success. In this article, Amanda introduces herself and shares what she hopes to achieve at HackerOne.
https://www.hackerone.com/blog/warm-welcome-our-new-svp-customer-success
Partager : LinkedIn / Twitter / Facebook / View
Hacker Spotlight: Interview with zlz
This week's Hacker Spotlight on zlz, the hacker who started at 12 years old and is now a successful security consultant and professional.
https://www.hackerone.com/blog/hacker-spotlight-interview-zlz
Partager : LinkedIn / Twitter / Facebook / View
Pentesting basics video series launched on Hacker101
Learn the basics of pentesting to further your career and develop core competencies required in one of the hottest job markets in cybersecurity: Penetration testing.
https://www.hackerone.com/blog/pentesting-basics-video-series-launched-hacker101
Partager : LinkedIn / Twitter / Facebook / View
Cybersecurity Vendor Consolidation: Securing More with Less
Discover how hacker-powered security solutions can help identify the gaps and consolidate point-solution tools into a single platform for easier management and measured ROI.
https://www.hackerone.com/blog/cybersecurity-vendor-consolidation-securing-more-less
Partager : LinkedIn / Twitter / Facebook / View
Visma's Ioana Piroska on Securing the Development Lifecycle Through Bug Bounties
Having recently taken their bug bounty program public, we caught up with Visma Security Analyst Ioana Piroska about the program's results so far and Visma's plans for the future.
https://www.hackerone.com/blog/vismas-ioana-piroska-securing-development-lifecycle-through-bug-bounties
Partager : LinkedIn / Twitter / Facebook / View
Hacker Spotlight: Interview with hogarth45
From a bug hunting hobby to a security engineer, hogarth45 has hacked his way into a career in cybersecurity. Read this week's hacker spotlight blog post with hogarth45.
https://www.hackerone.com/blog/hacker-spotlight-interview-hogarth45
Partager : LinkedIn / Twitter / Facebook / View
Pentesting Beyond Compliance: A Tool to Improve Your Security Posture
https://www.hackerone.com/blog/pentesting-beyond-compliance-tool-improve-your-security-posture
Partager : LinkedIn / Twitter / Facebook / View
Meet APAC Hacker @jin0ne: A Next Generation Cyber Defender
Meet @jin0ne, 20-year old hacker from Asia Pacific, a region experiencing a cybersecurity talent shortfall of 2.6 million. Thanks to the rise of bug bounty programs, ethical hackers like @jin0ne are helping to fill the gap.
https://www.hackerone.com/blog/meet-apac-hacker-jin0ne-next-generation-cyber-defender
Partager : LinkedIn / Twitter / Facebook / View
Hacker Spotlight: Interview with rijalrojan
This week's Hacker Spotlight is rijalrojan, a California State University Fullerton student with an extensive background in hacking. He shares his perspective on programs
https://www.hackerone.com/blog/hacker-spotlight-interview-rijalrojan
Partager : LinkedIn / Twitter / Facebook / View
Hacker Spotlight: Interview with meals
Hacker Spotlight is a weekly AMA with a new hacker. This week, we hear from meals on his career and hobby in hacking.
https://www.hackerone.com/blog/hacker-spotlight-interview-meals
Partager : LinkedIn / Twitter / Facebook / View
What Juneteenth Means at HackerOne
https://www.hackerone.com/blog/what-juneteenth-means-hackerone
Partager : LinkedIn / Twitter / Facebook / View
Reputation, Signal & Impact Calculation Enhancements
Reputation, Signal and Impact changes and how this will affect hacker stats going forward.
https://www.hackerone.com/blog/reputation-signal-impact-enhancements-whats-changing-and-why-it-matters
Partager : LinkedIn / Twitter / Facebook / View
Mail.ru Group pays out over million in bounties
https://www.hackerone.com/blog/mailru-group-pays-out-over-1-million-bounties
Partager : LinkedIn / Twitter / Facebook / View
Mayonaise Joins The Ranks of The Seven-Figure-Earning Hackers
Congratulations to @mayonaise, the ninth hacker to earn Million hacking for good on the HackerOne platform! Read on for more about his unique approach, focus, and journey to being one of the top hackers in the world.
https://www.hackerone.com/blog/mayonaise-joins-ranks-seven-figure-earning-hackers
Partager : LinkedIn / Twitter / Facebook / View
Hacker Spotlight: Interview with randomdeduction
Hacker Spotlight is a weekly AMA with a new hacker. This week, randomdeduction takes the spotlight to share her journey.
https://www.hackerone.com/blog/hacker-spotlight-interview-randomdeduction
Partager : LinkedIn / Twitter / Facebook / View
Celebrating Pride at HackerOne
https://www.hackerone.com/blog/celebrating-pride-hackerone
Partager : LinkedIn / Twitter / Facebook / View
What to Look For in a Penetration Testing Company
Penetration testing is one of the most widely used techniques to comply with security regulations and protect network and computing systems and users. Hacker-powered penetration tests are emerging as a more cost-effective way to harden applications. With HackerOne Challenge, selected hackers from our community are invited to find vulnerabilities in your systems, and you only pay for the verified vulnerabilities found.
https://www.hackerone.com/blog/What-Look-Penetration-Testing-Company-0
Partager : LinkedIn / Twitter / Facebook / View
Announcing the PlayStation Bug Bounty Program
Today, PlayStation launched a public bug bounty program on HackerOne because the security of their products is a fundamental part of creating amazing experiences for the PlayStation community. Read on to learn more about their program, bounties, and more.
https://www.hackerone.com/blog/announcing-playstation-bug-bounty-program-0
Partager : LinkedIn / Twitter / Facebook / View
Hacker Spotlight: Interview with Corb3nik
Hacker Spotlight is a weekly AMA with a new hacker. Corb3nik takes the spotlight to share his journey.
https://www.hackerone.com/blog/hacker-spotlight-interview-corb3nik
Partager : LinkedIn / Twitter / Facebook / View
Juneteenth: HackerOne's Day for Action
https://www.hackerone.com/blog/juneteenth-hackerones-day-action
Partager : LinkedIn / Twitter / Facebook / View
Scaling & Prioritizing Product Security with Zendesk
In a recent virtual roundtable, we sat down with Scott Reed, Senior Manager of Product Security at Zendesk, to discuss how they incorporate bug bounties throughout their product security strategy and scaling security at a high-growth organization. Take a look at some of the highlights of our conversation below.
https://www.hackerone.com/blog/scaling-prioritizing-product-security-zendesk
Partager : LinkedIn / Twitter / Facebook / View
Q & A With Singaporean Hacker @Kactros_n
Meet @kactros_n, a Singaporean hacker and top 3 on the recent GovTech bug bounty program. He is known for his rare bug findings, including a side channel timing attack.
https://www.hackerone.com/blog/q-singaporean-hacker-kactrosn
Partager : LinkedIn / Twitter / Facebook / View
Hacking the Singapore Government: Q&A with Hacker Personality Samuel Eng
Meet @samengmg, a Singaporean hacker and top 3 on the recent GovTech Bug Bounty program. In this blog, he discusses how ethical hacking is gaining recognition as a viable career choice that is both niche and desirable.
https://www.hackerone.com/blog/hacking-singapore-government-qa-hacker-personality-samuel-eng-singapore
Partager : LinkedIn / Twitter / Facebook / View
How does Pentesting fit into your overall security strategy?
As digital technologies and data transform the way business gets done, a cybersecurity strategy is fundamental in helping your company save time and money while protecting your brand. How should organizations think about penetration testing within their overall security strategy?
https://www.hackerone.com/blog/how-does-pentesting-fit-your-overall-security-strategy
Partager : LinkedIn / Twitter / Facebook / View
Hacker Spotlight: Interview with Cache-Money
Hacker Spotlight is a weekly AMA with a new hacker. This week we hear from cache-money!
https://www.hackerone.com/blog/hacker-spotlight-interview-cache-money
Partager : LinkedIn / Twitter / Facebook / View
h1-2006 CTF
h1-2006 CTF Winner Announcement
https://www.hackerone.com/blog/h1-2006-ctf
Partager : LinkedIn / Twitter / Facebook / View
Hacker Spotlight: Interview with alyssa_herrera
Hacker Spotlight is a weekly AMA with a new hacker. This week we hear from alyssa_herrera on her journey and perspective!
https://www.hackerone.com/blog/hacker-spotlight-interview-alyssaherrera
Partager : LinkedIn / Twitter / Facebook / View
Crowdsourcing Racial Justice and Equality
https://www.hackerone.com/blog/crowdsourcing-racial-justice-and-equality
Partager : LinkedIn / Twitter / Facebook / View
There is no room for racism or inequality here.
At HackerOne we say No to racism. We are here to democratize opportunity across the world. We believe in the aspirations and possibilities of every human being. Hacker-powered security is proof that by working together across all boundaries we accomplish what otherwise would remain unachievable.
https://www.hackerone.com/blog/there-no-room-racism-or-inequality-here
Partager : LinkedIn / Twitter / Facebook / View
100 Hacking Tools and Resources
As part of our 0 Million in bounties celebration, we want to share a list of 100 tools and resources that will help hackers continue hacking!
https://www.hackerone.com/blog/100-hacking-tools-and-resources
Partager : LinkedIn / Twitter / Facebook / View
The Journey in Data: HackerOne Hits 100 Million Dollars in Bounties
Yesterday, hackers on HackerOne hit a major milestone: they have earned a total of 0 million in bounties over the past 8 years, with nearly half in the past year alone! Let's take a look at some of the numbers that have taken us to the 0 million milestone.
https://www.hackerone.com/blog/journey-data-hackerone-hits-100-million-dollars-bounties
Partager : LinkedIn / Twitter / Facebook / View
Thanks For Being Part Of The Journey to 0 Million in Bounties!
Reaching 0 Million in bounties is a reason to celebrate what this community has achieved. It also gave us a chance to reflect on the journey to this point and the enduring values that will get us to the next milestone.
https://www.hackerone.com/blog/thanks-being-part-journey-100-million-bounties
Partager : LinkedIn / Twitter / Facebook / View
0 Million Paid - One Billion in Sight for Hackers
Today we celebrate with all our hackers the phenomenal milestone of a hundred million dollars in bounties. Hack for Good! Yet we should know that we are only getting going. The digital world is not safe and secure yet. Much more work awaits us. We have one hundred million more bugs to find.
https://www.hackerone.com/blog/100-million-paid-one-billion-sight-hackers
Partager : LinkedIn / Twitter / Facebook / View
10 Ways to Hack Your “New Normal” Workweek
As a company inspired by hackers, HackerOne is taking this unique time to hack our programs to provide our people with additional support to ensure the wellbeing of all Hackeronies and their families. Here's a peek at the fun programs and perks we've implemented at HackerOne based on input from our people.
https://www.hackerone.com/blog/10-ways-hack-your-new-normal-workweek
Partager : LinkedIn / Twitter / Facebook / View
How Federal Agencies Use Vulnerability Disclosure Policies to Level Up Security
https://www.hackerone.com/blog/how-federal-agencies-use-vulnerability-disclosure-policies-level-security
Partager : LinkedIn / Twitter / Facebook / View
Security by the People: Announcing HackerOne's FedRAMP Authorization
Since 2016, we've been proud to help secure critical U.S. Department of Defense and GSA applications. As we achieve FedRAMP Tailored Authorization, we are excited to expand this important work.
https://www.hackerone.com/blog/security-people-announcing-hackerones-fedramp-authorization
Partager : LinkedIn / Twitter / Facebook / View
Stay Ahead of Threats With Hacker-Powered Retesting
Introducing Hacker-Powered Retesting! Retesting is designed to scale with capabilities to keep your critical assets safe from increasingly sophisticated attacks.
https://www.hackerone.com/blog/stay-ahead-threats-hacker-powered-retesting
Partager : LinkedIn / Twitter / Facebook / View
PayPal on Creating Strong Relationships with Security Researchers
https://www.hackerone.com/blog/paypal-creating-strong-relationships-security-researchers
Partager : LinkedIn / Twitter / Facebook / View
Hackers take on San Francisco for the 4th Year in a Row
HackerOne hosted its first flagship event of the year with Verizon Media in San Francisco.
https://www.hackerone.com/blog/hackers-take-san-francisco-4th-year-row
Partager : LinkedIn / Twitter / Facebook / View
Shopify Celebrates 5 Years on HackerOne
https://www.hackerone.com/blog/shopify-celebrates-5-years-hackerone
Partager : LinkedIn / Twitter / Facebook / View
Hackweek: An insider's look at HackerOne culture
https://www.hackerone.com/blog/hackweek-insiders-look-hackerone-culture
Partager : LinkedIn / Twitter / Facebook / View
Slack Increases Bounty Minimums For the Next 90 Days
https://www.hackerone.com/blog/slack-increases-bounty-minimums-next-90-days
Partager : LinkedIn / Twitter / Facebook / View
Live Hacking Goes Virtual
https://www.hackerone.com/blog/live-hacking-goes-virtual
Partager : LinkedIn / Twitter / Facebook / View
Hack for Good: Easily Donate Bounties to WHO's COVID-19 Response Fund
Collaboration and bounty splitting have been possible for years, and now you can easily donate bounties by adding the user “hackforgood” as a collaborator to a report submission on HackerOne.
https://www.hackerone.com/blog/hack-good-easily-donate-bounties-whos-covid-19-response-fund
Partager : LinkedIn / Twitter / Facebook / View
Six years of the GitHub Security Bug Bounty program
https://www.hackerone.com/blog/six-years-github-security-bug-bounty-program
Partager : LinkedIn / Twitter / Facebook / View
Live hacking the U.S. Air Force, UK Ministry of Defence and Verizon Media in Los Angeles at h1-213
HackerOne hosted its final flagship live hacking event of 2019 in Los Angeles, CA
https://www.hackerone.com/blog/live-hacking-us-air-force-uk-ministry-defence-and-verizon-media-los-angeles-h1-213
Partager : LinkedIn / Twitter / Facebook / View
My Career Just Got Hacked: Rana Robillard Joins HackerOne
https://www.hackerone.com/blog/my-career-just-got-hacked-rana-robillard-joins-hackerone
Partager : LinkedIn / Twitter / Facebook / View
Live Hacking Events | 2019 Recap and the Road Ahead
A look at where we've been and where we're going in 2020...
https://www.hackerone.com/blog/live-hacking-events-2019-recap-and-road-ahead
Partager : LinkedIn / Twitter / Facebook / View
Q&A with Hacker Personality Shivam Vashisht
https://www.hackerone.com/blog/qa-hacker-personality-shivam-vashisht
Partager : LinkedIn / Twitter / Facebook / View
Confessions of European CISOs
Ever wondered what's been keeping your CISO up at night? Well, wonder no more. We did some research to find out what worries European CISOs who are tasked with shoring up their digital infrastructure.
https://www.hackerone.com/blog/confessions-european-cisos
Partager : LinkedIn / Twitter / Facebook / View
LINE Security Bug Bounty Program Report 2019
https://www.hackerone.com/blog/line-security-bug-bounty-program-report-2019-1
Partager : LinkedIn / Twitter / Facebook / View
#AndroidHackingMonth Q&A With Android Hacker bagipro
Mobile hacking has become an essential part of the bug bounty hunter's tool belt, and no one knows the space better than Android hacker bagipro.
https://www.hackerone.com/blog/AndroidHackingMonth-qa-with-bagipro
Partager : LinkedIn / Twitter / Facebook / View
Todayisnew Crosses M in Bounties at h1-415 in San Francisco
This past Friday at h1-415 — HackerOne's first live hacking event of the year — todayisnew became the eighth hacker to join the ranks of seven-figure-earning hackers.
https://www.hackerone.com/blog/todayisnew-crosses-1m-bounties-h1-415-san-francisco
Partager : LinkedIn / Twitter / Facebook / View
Congratulations, Cosmin! The world's seventh million-dollar bug bounty hacker
The ranks of seven-figure-earning hackers have now risen to eight. Meet @inhibitor181 — the world's seventh million-dollar bug bounty hacker.
https://www.hackerone.com/blog/congratulations-cosmin-worlds-seventh-million-dollar-bug-bounty-hacker
Partager : LinkedIn / Twitter / Facebook / View
Dropbox bug bounty program has paid out over ,000,000
https://www.hackerone.com/blog/dropbox-bug-bounty-program-has-paid-out-over-1000000
Partager : LinkedIn / Twitter / Facebook / View
Hyatt Celebrates its First Anniversary on HackerOne
https://www.hackerone.com/blog/hyatt-celebrates-its-first-anniversary-hackerone
Partager : LinkedIn / Twitter / Facebook / View
#AndroidHackingMonth: Introduction to Android Hacking by @0xteknogeek
https://www.hackerone.com/blog/androidhackingmonth-intro-to-android-hacking
Partager : LinkedIn / Twitter / Facebook / View
Guess what's coming!? #AndroidHackingMonth on @Hacker0x01
February is Android Hacking Month! That means new resources, new CTFs, and, of course, swag. Learn more about how to get involved.
https://www.hackerone.com/blog/AndroidHackingMonth
Partager : LinkedIn / Twitter / Facebook / View
h1-415 CTF Winners Announced!
Thanks to all who participated in our #h1415 CTF, and congratulations to our winners @p4fg and @manoelt! Here's how it went down.
https://www.hackerone.com/blog/h1-415-ctf-winners-announced
Partager : LinkedIn / Twitter / Facebook / View
Meet InnoGames' Top Hacker
https://www.hackerone.com/blog/meet-innogames-top-hacker
Partager : LinkedIn / Twitter / Facebook / View
InnoGames Models Avatar After Top Ethical Hacker
Kevin Heseler, Security Engineer at InnoGames, tells us about how InnoGames leverages their bug bounty program to secure their games and the unique approach they have taken to awarding their most valuable hacker with their very own avatar in the ‘Forge of Empires' game
https://www.hackerone.com/blog/innogames-models-avatar-after-top-ethical-hacker-0
Partager : LinkedIn / Twitter / Facebook / View
Why Every Federal Agency Needs a VDP
https://www.hackerone.com/blog/why-every-federal-agency-needs-vdp
Partager : LinkedIn / Twitter / Facebook / View
GitLab Celebrates Awarding Million in Bounties to Hackers on HackerOne
Today, GitLab announced that they have awarded million in bounties to hackers on HackerOne. To learn more about the open-source tool's security strategy and commitment to transparency, we sat down with security managers James Ritchey and Ethan Strike. Read on for a glimpse into our conversation.
https://www.hackerone.com/blog/gitlab-celebrates-awarding-1-million-bounties-hackers-hackerone
Partager : LinkedIn / Twitter / Facebook / View
HackerOne Launches Bug Bounty Program for Kubernetes
The Cloud Native Computing Foundation (CNCF) today launched the Kubernetes bug bounty program on HackerOne. The Kubernetes bug bounty program is yet another layer of security assurance that will reward researchers who find vulnerabilities in the container orchestration system. Bounties will range from 0 to ,000. All reports will be thoroughly investigated by the Kubernetes Product Security Committee, a set of security-minded Kubernetes community volunteers.
https://www.hackerone.com/blog/hackerone-launches-bug-bounty-program-kubernetes
Partager : LinkedIn / Twitter / Facebook / View
Hacking for Good
https://www.hackerone.com/blog/hacking-good
Partager : LinkedIn / Twitter / Facebook / View
This Season, Give the Gift of Data-Driven Insight
https://www.hackerone.com/blog/season-give-gift-data-driven-insight
Partager : LinkedIn / Twitter / Facebook / View
GitLab's Public Bug Bounty Program Turns One
The GitLab security team reflects on the past year of their public bug bounty program. Now, 1378 vulnerability reports more secure thanks to 513 talented hackers, GitLab has paid out 5,650 in bounties through the public program. The program kept GitLab engineers on their toes, challenged and surprised the security team and helped keep GitLab more secure. To celebrate, GitLab announced the winners of the one year anniversary promotion, as well as the special piece of swag they are gifting the winners. Check it out!
https://www.hackerone.com/blog/gitlabs-public-bug-bounty-program-turns-one
Partager : LinkedIn / Twitter / Facebook / View
Using Bug Bounty Talent Pools to Attract and Maintain Top Talent
https://www.hackerone.com/blog/using-bug-bounty-talent-pools-attract-and-maintain-top-talent
Partager : LinkedIn / Twitter / Facebook / View
Transparency Builds Trust
Someone called it a “breach,” and the world took notice. Here is the story.
https://www.hackerone.com/blog/transparency-builds-trust
Partager : LinkedIn / Twitter / Facebook / View
How Bug Bounties Help You Shift Left
https://www.hackerone.com/blog/how-bug-bounties-help-you-shift-left
Partager : LinkedIn / Twitter / Facebook / View
HackerOne is a 2019 Cyber Catalyst Designated Cybersecurity Solution
https://www.hackerone.com/blog/hackerone-2019-cyber-catalyst-designated-cybersecurity-solution
Partager : LinkedIn / Twitter / Facebook / View
8 High-impact Bugs and How HackerOne Customers Avoided a Breach: SQL Injection
https://www.hackerone.com/blog/8-high-impact-bugs-and-how-hackerone-customers-avoided-breach-sql-injection
Partager : LinkedIn / Twitter / Facebook / View
How the Risk-Averse DoD Learned to Stop Worrying and Love the Hackers
https://www.hackerone.com/blog/how-risk-averse-dod-learned-stop-worrying-and-love-hackers
Partager : LinkedIn / Twitter / Facebook / View
The World's Elite Hackers Share Tips and Insights
https://www.hackerone.com/blog/conversation-three-elite-hackers
Partager : LinkedIn / Twitter / Facebook / View
LINE Launches Public Bug Bounty Program: Q&A with Security Engineer Robin Lunde
Today, after three successful years running an independent bug bounty program, LINE launched a public bug bounty program on HackerOne. To learn more about the popular messaging app's security strategy and commitment to the hacker community, we sat down with security engineers Robin Lunde, Koh You Liang and Keitaro Yamazaki. Read on for a glimpse into our conversation.
https://www.hackerone.com/blog/line-launches-public-bug-bounty-program-qa-security-engineer-robin-lunde
Partager : LinkedIn / Twitter / Facebook / View
Supporting the Source: Why HackerOne is Upgrading its Free Tools for Open Source
Open source software powers HackerOne. As part of our mission to make the internet safer, we want to make it easier for your open source project to remain secure, so we're joining GitHub Security Lab. Read on for more on why we're joining, new free offerings for open source projects from HackerOne, and new open source targets for hackers from GitHub and HackerOne.
https://www.hackerone.com/blog/supporting-source-why-hackerone-upgrading-its-free-tools-open-source
Partager : LinkedIn / Twitter / Facebook / View
Announcing Program Audit Log
As our customers' security teams grow, it's important for us to sustain their growth with new features. Today we're announcing the Program Audit Log. It enables customers to audit important actions that were taken in their program, such as permission updates, new members, bounty rewards, and program settings. Read on for more!
https://www.hackerone.com/blog/announcing-program-audit-log
Partager : LinkedIn / Twitter / Facebook / View
Reducing Risk With a Bug Bounty Program
https://www.hackerone.com/blog/reducing-risk-bug-bounty-program
Partager : LinkedIn / Twitter / Facebook / View
U.S. Department of Defense VDP Wins Prestigious 2019 DoD Chief Information Officer Award
On Nov. 3, 2019 in the Pentagon Auditorium, the DoD Cyber Crime Center (DC3) Vulnerability Disclosure Program (VDP) was awarded the 2019 DoD Chief Information Officer (CIO) award for Cybersecurity. Over the past three years, the VDP on HackerOne has processed more than 11,000 vulnerabilities discovered by researchers within DoD's public facing websites.
https://www.hackerone.com/blog/us-department-defense-vdp-wins-prestigious-2019-dod-chief-information-officer-award-0
Partager : LinkedIn / Twitter / Facebook / View
Hacking the Singapore Government: A Q&A With A Top Hacker & MINDEF 2.0 Results
On Friday, HackerOne announced the results of the second bug bounty challenge with the Ministry of Defence, Singapore (MINDEF). The three-week challenge ran from September 30, 2019 to October 21, 2019, and saw participation from over 300 trusted hackers from around the world — 134 local Singaporean-hackers and 171 international ethical hackers. HackerOne sat down with @SpaceRacoon to chat MINDEF Singapore's bug bounty challenge, what it takes to be a top hacker, the future of bug bounty, and more. Read on to hear more!
https://www.hackerone.com/blog/hacking-singapore-government-qa-top-hacker-mindef-20-results
Partager : LinkedIn / Twitter / Facebook / View
8 High-Impact Bugs and How HackerOne Customers Avoided a Breach: Information Disclosure
https://www.hackerone.com/blog/8-high-impact-bugs-and-how-hackerone-customers-avoided-breach-information-disclosure
Partager : LinkedIn / Twitter / Facebook / View
Scaling Security: From Startup to Unicorn
https://www.hackerone.com/blog/scaling-security-startup-unicorn
Partager : LinkedIn / Twitter / Facebook / View
Why Laurie Mercer Became a Security Engineer at HackerOne
https://www.hackerone.com/blog/why-laurie-mercer-became-security-engineer-hackerone
Partager : LinkedIn / Twitter / Facebook / View
Security@ Fireside Chat: Insights from Phil Venables of Goldman Sachs
https://www.hackerone.com/blog/security-fireside-chat-insights-phil-venables-goldman-sachs
Partager : LinkedIn / Twitter / Facebook / View
Keynote with Phil Venables of Goldman Sachs
https://www.hackerone.com/blog/keynote-phil-venables-goldman-sachs
Partager : LinkedIn / Twitter / Facebook / View
Q&A with HackerOne's New Vice President, APAC, Attley Ng
https://www.hackerone.com/blog/qa-hackerones-new-vice-president-apac-attley-ng
Partager : LinkedIn / Twitter / Facebook / View
Lowering Your Pentesting Fees with HackerOne
https://www.hackerone.com/blog/lowering-your-pentesting-fees-hackerone-challenge
Partager : LinkedIn / Twitter / Facebook / View
Slack Increases Minimum Bounties for High and Critical Bugs for 30 Days
Over the past five years, Slack and HackerOne have established a partnership and commitment to ensure Slack's platform is secure for its over 12 million daily active users. To build on this momentum and engage top researchers from the HackerOne community, Slack is increasing its minimum bounties for High and Critical findings to 00 and 00 respectively for a limited time. Read on to learn more!
https://www.hackerone.com/blog/slack-increases-minimum-bounties-high-and-critical-bugs-30-days
Partager : LinkedIn / Twitter / Facebook / View
8 High-Impact Bugs and How HackerOne Customers Avoided a Breach: Privilege Escalation
https://www.hackerone.com/blog/8-high-impact-bugs-and-how-hackerone-customers-avoided-breach-privilege-escalation
Partager : LinkedIn / Twitter / Facebook / View
HackerOne Congratulates the Department of Defense on 11K Vulnerability Reports
https://www.hackerone.com/blog/hackerone-congratulates-department-defense-11k-vulnerability-reports
Partager : LinkedIn / Twitter / Facebook / View
Through a Hacker's Eyes: Recapping h1-604
For the first time ever, a hacker writes a live hacking recap blog, highlighting what it is like to attend a live event. Katie (@InsiderPhD) gives a first-person narrative of h1-604. From seeing a bear for the first time to collaborating closely with peers, Katie covers all the adventures of heading to Vancouver, Canada to hunt bugs.
https://www.hackerone.com/blog/through-hackers-eyes-recapping-h1-604
Partager : LinkedIn / Twitter / Facebook / View
Tell Your Hacker Story with the Redesigned Profile Pages
https://www.hackerone.com/blog/tell-your-hacker-story-redesigned-profile-pages
Partager : LinkedIn / Twitter / Facebook / View
3 Ways Hacker-Powered Security Helps the Agile CISO
https://www.hackerone.com/blog/3-ways-hacker-powered-security-helps-agile-ciso
Partager : LinkedIn / Twitter / Facebook / View
More Than Bounty: Beating Burnout with Hacker-Powered Security
https://www.hackerone.com/blog/more-bounty-beating-burnout-hacker-powered-security
Partager : LinkedIn / Twitter / Facebook / View
Breaking Down the Benefits of Hacker-Powered Pentests
https://www.hackerone.com/blog/breaking-down-benefits-hacker-powered-pentests
Partager : LinkedIn / Twitter / Facebook / View
PayPal Celebrates Its First Anniversary on HackerOne
It's been a year since PayPal transitioned its Bug Bounty program to HackerOne. During that time, PayPal has paid out more than .5 million in bounties to the hacker community. In this post Ray Duran, manager of PayPal's Bug Bounty team, reflects on PayPal's journey, shares some exciting changes to the program and discusses what's to come.
https://www.hackerone.com/blog/paypal-celebrates-its-first-anniversary-hackerone
Partager : LinkedIn / Twitter / Facebook / View
GitLab: Reducing the time to payout and a bug bounty anniversary contest
In just nine months since going public GitLab's bug bounty program has seen substantial contributions from the HackerOne community. Since going public, researchers have submitted 1016 reports and GitLab has paid out 5,000 in bounties. Leading up to the one year anniversary of GitLab's public program, they've changed their bounty payout timeline based on hacker feedback, are spotlighting some of their top contributors, and launched a contest open for all! Check it out.
https://www.hackerone.com/blog/gitlab-reducing-time-payout-and-bug-bounty-anniversary-contest
Partager : LinkedIn / Twitter / Facebook / View
Announcing the Security@ San Francisco 2019 Agenda
The agenda for the third annual hacker-powered security conference, Security@ San Francisco, is live! Security@ is the only conference dedicated to the booming hacker-powered security industry, where hackers and leaders come together to build a safer internet. The conference takes place on October 15, 2019 at the Palace of Fine Arts and will include talks by security leaders from some of the most innovative security teams. In addition, hackers from all over the world will discuss lessons learned from defending the front lines, scaling security teams, and addressing the talent gap. 2019 promises to be our largest event yet!
https://www.hackerone.com/blog/announcing-security-san-francisco-2019-agenda
Partager : LinkedIn / Twitter / Facebook / View
How HackerOne Fits into the Dev Tools You Know and Love
https://www.hackerone.com/blog/how-hackerone-fits-dev-tools-you-know-and-love
Partager : LinkedIn / Twitter / Facebook / View
How Companies Like Facebook Find the Bugs that Matter
https://www.hackerone.com/blog/how-companies-facebook-find-bugs-matter
Partager : LinkedIn / Twitter / Facebook / View
Hacking with Valor: Why We Raised .4M with Valor Equity Partners
Our civilization is going digital. That's fantastic. Unfortunately, our software is not secure enough to carry a digital and connected civilization. When systems get breached, people can't trust the digital world. In a way, we try to do too much. Our innovation is outpacing security and privacy. Something must be done. This is the HackerOne commitment: As long as our digital world is plagued by vulnerabilities, we will continue to hack for the good of our connected society.
https://www.hackerone.com/blog/investors-love-hackers-why-we-raised-364m-valor-equity-partners
Partager : LinkedIn / Twitter / Facebook / View
Upserve Resolves Over 85 Bugs in Two Years Thanks to Hackers
It's been two years since Upserve launched its public bug bounty program on HackerOne. During that time, Upserve's security team has resolved over 85 valid vulnerabilities thanks to hackers, paying ,000 in bounties along the way. To celebrate the milestone, we sat down with Upserve's Information Security Officer Bryan Brannigan to look back on humble beginnings, learn more about how they incorporate hackers in their security initiatives, and discuss how they've increase engagement through public disclosures. Take a look!
https://www.hackerone.com/blog/upserve-resolves-over-85-bugs-two-years-thanks-hackers
Partager : LinkedIn / Twitter / Facebook / View
Bringing the Heat to Vegas: Recapping record-breaking h1-702
HackerOne hosted their largest live hacking event to date in Las Vegas Nevada. With Hacker Summer Camp in the background, h1-702 broke several records. This included paying out nearly two million in bounties to hackers over the three days.
https://www.hackerone.com/blog/bringing-heat-vegas-recapping-record-breaking-h1-702
Partager : LinkedIn / Twitter / Facebook / View
HackerOne Praised By An Original Hacker
Steve Gibson, a security researcher who started hacking technology as a child, recently gave HackerOne high praise for helping to secure companies with bug bounty programs. We're proud when our dedicated team gets the praise they deserve from those in the industry.
https://www.hackerone.com/blog/hackerone-praised-original-hacker
Partager : LinkedIn / Twitter / Facebook / View
Meet Six Hackers Making Seven Figures
A mere five months after 19-year-old Argentinian Santiago Lopez crossed the million bounty mark, five more hackers from across the globe have now each earned over million in bounties with HackerOne.
https://www.hackerone.com/blog/meet-six-hackers-making-seven-figures
Partager : LinkedIn / Twitter / Facebook / View
Hacker-Powered Data - Security Weaknesses and Embracing Risk with HackerOne
Vulnerabilities are a fact of life; risk comes with it. Today, companies, enterprises, & governments are embracing collaboration with hackers to find vulnerabilities before criminals have a chance to exploit them. Using 7 years of data from 1,400 bug bounty programs & 360,000+ valid vulnerabilities, this post offers a new analysis of the most common vulnerabilities not found on the OWASP top 10.
https://www.hackerone.com/blog/hacker-powered-data-security-weaknesses-and-embracing-risk-hackerone
Partager : LinkedIn / Twitter / Facebook / View
Don't Believe These 4 Bug Bounty Myths
https://www.hackerone.com/blog/dont-believe-these-4-bug-bounty-myths
Partager : LinkedIn / Twitter / Facebook / View
Black Hat 2019: Highlights from the Biggest and Best Yet
Black Hat 2019 was the biggest and best yet. Over 20,000 attendees heated up Las Vegas with provocative training sessions, innovative presentations, and record-breaking live hacking events.
https://www.hackerone.com/blog/black-hat-2019-highlights-biggest-and-best-yet
Partager : LinkedIn / Twitter / Facebook / View
The Security Vendors Startups like Lob Can't Live Without
https://www.hackerone.com/blog/security-vendors-startups-lob-cant-live-without
Partager : LinkedIn / Twitter / Facebook / View
GraphQL Week on The Hacker101 Capture the Flag Challenges
Recently we rolled out 3 separate GraphQL-basd Hacker101 Capture the Flag challenges. These are valuable educational resources for hackers and developers alike, improving bug hunting capability and helping developers prevent security missteps when implementing GraphQL.
https://www.hackerone.com/blog/graphql-week-hacker101-capture-flag-challenges
Partager : LinkedIn / Twitter / Facebook / View
Live Hacking Events: Stats, invitations, and what's next
Live hacking events are an experience unlike any other. This post is about how you can increase your chances of being invited to hack. We dive into the history of live hacking events and some of the criteria that's taken into consideration
https://www.hackerone.com/blog/live-hacking-events-stats-invitations-and-whats-next
Partager : LinkedIn / Twitter / Facebook / View
London Called, Hackers Answered: Recapping h1-4420
Uber partnered with us for their third live hacking event in London, paying out over 5,000 in bounties to hackers who found more than 150 unique vulnerabilities across Uber, Uber Restaurants and Uber Freight.
https://www.hackerone.com/blog/london-called-hackers-answered-recapping-h1-4420
Partager : LinkedIn / Twitter / Facebook / View
Verizon Media Webinar Recap: Attack Surface Visibility & Reducing Risk
Bug bounty tips from a Paranoid: hackers as an extension of your security team, honoring the security page as a contract with hackers, investing in the community through things like Live Hacking events, and using the outside perspective from the hacker community to strengthen their entire SDLC.
https://www.hackerone.com/blog/verizon-media-webinar-recap-attack-surface-visibility-reducing-risk
Partager : LinkedIn / Twitter / Facebook / View
Breaking Down the Benefits of Hacker-Powered Pen Tests
Breaking down the benefits of hacker-powered pen tests from the recent Forrester report. The most important benefit was finding more vulnerabilities, both in terms of numbers and criticality, in order to remediate them and create better system security.
https://www.hackerone.com/blog/breaking-down-benefits-hacker-powered-pen-tests
Partager : LinkedIn / Twitter / Facebook / View
The HackerOne Top 10 Most Impactful and Rewarded Vulnerability Types
We've put together a list of the most impactful vulnerabilities on the HackerOne platform so you can see where to aim your security efforts and how to better align your security team to today's biggest risks. Learn which vulnerabilities aren't in the OWASP Top 10 and see the top vulnerabilities submitted by volume, bounty awards, and more.
https://www.hackerone.com/blog/hackerone-top-10-most-impactful-and-rewarded-vulnerability-types
Partager : LinkedIn / Twitter / Facebook / View
Improving Your Workflows and Analysis with Custom Fields
HackerOne is thrilled to release Custom Fields, the latest way to sharpen security workflows and software development cycles. Custom Fields empowers teams to gain new insights into data by adding details such as ownership, risk category and root cause to vulnerability reports.
https://www.hackerone.com/blog/improving-your-workflows-and-analysis-custom-fields
Partager : LinkedIn / Twitter / Facebook / View
Cloud Security Alliance Webinar Recap: Avoid the Breach with Shopify's Andrew Dunbar
Security is a top priority for e-commerce giant Shopify, with over 600,000 businesses in 175 countries trusting them to sell online and everywhere in the world. Shopify's Vice President of Security Engineering and IT, Andrew Dunbar and HackerOne's Luke Tucker discuss best practices for testing and securing cloud-based web applications.
https://www.hackerone.com/blog/cloud-security-alliance-webinar-recap-avoid-breach-shopifys-andrew-dunbar
Partager : LinkedIn / Twitter / Facebook / View
When Moving To the Cloud, Don't Leave Basic Security Behind
How to break into a serverless application, a TestLabs blog review. We'll also discuss why changes in technology don't change security best practices.
https://www.hackerone.com/blog/when-moving-cloud-dont-leave-basic-security-behind
Partager : LinkedIn / Twitter / Facebook / View
Grand Rounds VP InfoSec: Achieving SOC 2 Type II Compliance with Hacker-Powered Security
Grand Rounds is an innovative new healthcare company using hacker-powered security for better, more effective pen tests. Learn how HackerOne Compliance meets HIPPA, SOC2, and other security testing needs.
https://www.hackerone.com/blog/grand-rounds-vp-infosec-achieving-soc-2-type-ii-compliance-hacker-powered-security
Partager : LinkedIn / Twitter / Facebook / View
Automate Workflows with Enhanced Jira Integration
Integrating with Jira has always been an important piece of integrating HackerOne into the SDLC of our customers. HackerOne's bi-directional Jira integration is currently in use by many of our customers and today we're announcing how it's getting even better.
https://www.hackerone.com/blog/automate-workflows-enhanced-jira-integration
Partager : LinkedIn / Twitter / Facebook / View
Taking The Guesswork Out of Vulnerability Reporting
To make vulnerability disclosure easier on open source maintainers, GitHub and HackerOne are collaborating to help close the gap between the hacker community and software engineers.
https://www.hackerone.com/blog/taking-guesswork-out-of-vulnerability-reporting
Partager : LinkedIn / Twitter / Facebook / View
See Your Success In Real Time with the new Program Dashboard
Effective security programs are more efficient when backed with clear reports that both technical and business teams understand. The HackerOne program dashboard delivers real-time insights into the program metrics that matter most to your programs, such as submission status, bounty spent, exploit severity, asset weaknesses, program health, and more.
https://www.hackerone.com/blog/see-your-success-in-real-time-with-the-new-program-dashboard
Partager : LinkedIn / Twitter / Facebook / View
Inside the GitLab public bug bounty program
Since launching GitLab's public bug bounty program in December 2018, their team has resolved 95 security findings, awarded more than 0,000 in bounties and rewarded over 35 hackers for those findings. The overarching goal of their bug bounty program is to make their products and services more secure. In this guest post, Senior Director of Security Kathy Wang shares the early success they've seen to date.
https://www.hackerone.com/blog/inside-gitlab-public-bug-bounty-program
Partager : LinkedIn / Twitter / Facebook / View
Hacking Dropbox Live in the Heart of Singapore at h1-65
Dropbox joined us as the participating company, paying out over 0,000 in bounties to hackers who found 264 vulnerabilities across Dropbox, Dropbox Paper, newly-acquired HelloSign, and third-party vendors that work with Dropbox.
https://www.hackerone.com/blog/hacking-dropbox-live-heart-singapore-h1-65
Partager : LinkedIn / Twitter / Facebook / View
PayPal Thanks Hackers with Million in 7 Months on HackerOne
Since launching an independently run bug bounty program in 2012, PayPal's program has evolved several times over, including transitioning to a platform, HackerOne, in 2018 to expand participation from 2,000 hackers to over 300,000 hackers on the platform. In just 6 months, we're proud to announce that PayPal has paid over million to hackers through HackerOne. It's quite a milestone for us, and so much more the a dollar figure.
https://www.hackerone.com/blog/paypal-thanks-hackers-1-million-7-months-hackerone-0
Partager : LinkedIn / Twitter / Facebook / View
Priceline Launches Public Bug Bounty Program: Q&A with Matt Southworth
Today, Priceline launched its public bug bounty program on HackerOne, including Priceline's e-commerce site, Priceline.com, PPN affiliate sites and mobile apps. We sat down with Matt to learn more about their program, prioritizing customer trust, what it's like working with hackers, and more. Check it out!
https://www.hackerone.com/blog/priceline-launches-public-bug-bounty-program-qa-matt-southworth
Partager : LinkedIn / Twitter / Facebook / View
Announcing the Community T-shirt Winner(s)
Hackers submitted amazing designs for the first ever community t-shirt contest! @akaash2397 received the most votes among the three finalists for his Bug Hunter design.
https://www.hackerone.com/blog/announcing-community-t-shirt-winners-0
Partager : LinkedIn / Twitter / Facebook / View
Learn How HackerOne Can Help You Crawl, Walk, or Run Your Way to a Bug Bounty Program
No matter your company size or security team bandwidth, learn how to get a bug bounty program started with advice from those who've launched hundreds of new programs. This webinar explains how to get a program started at your own pace, what you need to think about before you start, and how you can control the program's impact on your existing infrastructure. It's only 25 minutes, so grab a coffee, take a break, and watch it now.
https://www.hackerone.com/blog/learn-how-hackerone-can-help-you-crawl-walk-or-run-your-way-bug-bounty-program
Partager : LinkedIn / Twitter / Facebook / View
What the California Consumer Privacy Act Means For You
The collection of personal data and the privacy issues surrounding it have been a hot topic the past several years, especially in the security industry. Governments are taking notice and new regulations are appearing. The new California Consumer Privacy Act (CCPA) is a regulation requiring certain organizations to protect the personal data and privacy of California consumers. HackerOne can help you.
https://www.hackerone.com/blog/What-CCPA-Means-You
Partager : LinkedIn / Twitter / Facebook / View
Hackers have earned more than M in bug bounty cash on HackerOne: Time to celebrate!
Hackers, congratulate yourselves on an incredible milestone, earning M+ for your contributions to a safer internet. HackerOne's mission is to empower the world to build a safer internet, and you are the heroic individuals making that mission a day-to-day reality. Thank you for inspiring us with your creativity and talents. Keep pursuing the flags, squashing the bugs, and sharing the knowledge. Together. We. Hit. Harder. Happy hacking one and all!
https://www.hackerone.com/blog/Hackers-have-earned-more-50M-bug-bounty-cash-HackerOne-Time-celebrate
Partager : LinkedIn / Twitter / Facebook / View
How Hackers Define “Hacker”
Dictionary definitions tend to conflate “hacker” with “criminal”. We know that's definitely not the case, but we wanted to know what hackers think. We combed through more than three dozen interviews to determine and share the true definition of “hacker” from hackers themselves.
https://www.hackerone.com/blog/How-Hackers-Define-Hacker
Partager : LinkedIn / Twitter / Facebook / View
Hacker-Powered Security, Government Support Needed to Protect Financial Services Consumers from Application Vulnerabilities
What is the current state of security in the financial sector? How can governments contribute to this security? These questions were addressed by Christopher Parsons in his testimony before the Standing Committee on Public Safety and National Security (SECU) in Canada. His testimony shines a light on some major issues facing the security community in Canada and across the world.
https://www.hackerone.com/blog/Hacker-Powered-Security-Government-Support-Needed-Protect-Financial-Services-Consumers
Partager : LinkedIn / Twitter / Facebook / View
Product Updates and Enhancements
https://www.hackerone.com/blog/Product-Update-Q1-2019
Partager : LinkedIn / Twitter / Facebook / View
Airbnb and Verizon Media participate in 3rd annual h1-415 live hacking event including a cybersecurity mentorship program
The power of collaboration came through full-force in our first live hacking event of 2019. Hosted over three days, we partnered with Airbnb and Verizon Media for hacking, mentoring, and celebrating the community.
https://www.hackerone.com/blog/Airbnb-and-Verizon-Media-participate-3rd-annual-h1-415-live-hacking-event-including
Partager : LinkedIn / Twitter / Facebook / View
Xiaomi Security Center Welcomes Security Research with HackerOne Partnership
Please welcome the Xiaomi Security Center to HackerOne! Xiaomi, one of the world's largest consumer electronics manufacturers, is launching a vulnerability disclosure program (VDP) on April 1, 2019, welcoming vulnerability submissions for products and services under the brands of Xiaomi, Mijia, Mitu, and Redmi. Check it out!
https://www.hackerone.com/blog/Xiaomi-Security-Center-Welcomes-Security-Research-HackerOne-Partnership
Partager : LinkedIn / Twitter / Facebook / View
Security at Startup Speed: Enterprise Grade Security from the Start
Startups today must adapt to a rapidly changing environment, completing security tasks along with code deploys and automating security scans as much as possible. But even with these measures, security vulnerabilities find a way to slip through the cracks. That's where hacker-powered security can put out the embers of the fire you may have missed. Learn how hacker-powered security allows startups to launch smart.
https://www.hackerone.com/blog/Security-Startup-Speed-Enterprise-Grade-Security-Start
Partager : LinkedIn / Twitter / Facebook / View
Q&A with Brian Neely, CIO & CISO of AMERICAN SYSTEMS
As a defense contractor, AMERICAN SYSTEMS provides IT and engineering solutions for complex national priority programs for the U.S. government. As you can imagine, the sensitive programs and data they hold makes them heavily targeted by sophisticated, determined, highly resourced nation-state threat actors. Losing data would mean losing a competitive advantage on the battlefield. In short, lives could be at stake. That's not your average security breach. We sat down with CIO and CISO Brian Neely to learn a bit more about how he's seen the industry evolve, what's next and how hacker-powered security fits into the matrix.
https://www.hackerone.com/blog/QA-Brian-Neely-CIO-CISO-AMERICAN-SYSTEMS
Partager : LinkedIn / Twitter / Facebook / View
The 2019 Hacker Report: Celebrating The World's Largest Community of Hackers
The third annual Hacker Report includes the largest survey conducted to date of the ethical hacking community with hackers participating from over 100 countries and territories. Hackers are heroes, they are in it for the good and there is more opportunity than ever before. The 2019 Hacker Report shares the stories and celebrates the impact of the hacker community.
https://www.hackerone.com/blog/2019-Hacker-Report-Celebrating-Worlds-Largest-Community-Hackers
Partager : LinkedIn / Twitter / Facebook / View
@try_to_hack Makes History as First Bug Bounty Hacker to Earn over Million
19-year-old Argentinian @try_to_hack just made history as the first to earn over ,000,000 in bounty awards on HackerOne. We connect with him to learn more about how he reached this impressive milestone. We hope you are just inspired as we are!
https://www.hackerone.com/blog/trytohack-Makes-History-First-Bug-Bounty-Hacker-Earn-over-1-Million
Partager : LinkedIn / Twitter / Facebook / View
Q&A with HackerOne's VP of Customer Success Jeff McBride
We sat down with HackerOne's VP of Customer Success, Jeff McBride, to get more acquainted with his style of leadership, what customer success means to him, and his view of hacker-powered program management. Take a look at our conversation.
https://www.hackerone.com/blog/QA-HackerOnes-VP-Customer-Success-Jeff-McBride
Partager : LinkedIn / Twitter / Facebook / View
Program Insights from the PayPal Security Team
PayPal's security team is tasked with helping to protect personal financial information for millions of account holders every day. We sat down with PayPal Information Security Engineers Ray Duran, Sonal Shrivastava, and Pax Whitmore, and Project Manager Rebecca Francom to learn more about how PayPal works with researchers, what the journey of a bug looks like once it gets reported, and what findings are most impactful.
https://www.hackerone.com/blog/Program-Insights-QA-PayPal-Security-Team
Partager : LinkedIn / Twitter / Facebook / View
Introducing Hacker Task Manager and Statistics
We're proud to announce the latest iteration of Hacker Dashboard today- Hacker Task Manager and Statistics! The Hacker Task Manager underlines our focus on helping new and upcoming hackers to onboard themselves on our platform. With the help of the Task Manager, hackers can educate themselves with help from Hacker101 and other educational resources to get closer to the goal of submitting a valid vulnerability report.
https://www.hackerone.com/blog/Introducing-Hacker-Task-Manager-and-Statistics
Partager : LinkedIn / Twitter / Facebook / View
Design the next HackerOne T-Shirt
We are very excited to open the first ever HackerOne community T-shirt design contest. Like crafting a creative exploit or spinning up photoshop to create a perfect meme, we know you've got some amazing ideas and we want to see them. We are looking for designs that reflect the spirit of our community. This can include ingenuity, diversity and the collaborative forces that make #TogetherWeHitHarder.
https://www.hackerone.com/blog/Design-next-HackerOne-T-Shirt
Partager : LinkedIn / Twitter / Facebook / View
Five years of the GitHub Bug Bounty program
Over the past five years, GitHub has been continuously impressed by the hard work and ingenuity of the hacker community. Last year was no different. GitHub paid out 5,000 to researchers through their public bug bounty program in 2018. They decided to share some of their highlights from the past year and introduce some big changes in 2019: full legal protection for researchers, more GitHub properties eligible for rewards, and increased reward amounts.
https://www.hackerone.com/blog/Five-years-GitHub-Bug-Bounty-program
Partager : LinkedIn / Twitter / Facebook / View
HackerOne Hosts Rails Girls in Groningen
Following months of preparation, the day was finally here. HackerOne's office in Groningen was hosting a Rails Girls global coding event. Born in Finland, Rails Girls is a global, non-profit volunteer community that aims to provide the right tools and a community for women to understand technology and to build their ideas. I am Stuti Srivastava, a senior product engineer at HackerOne and one of the organisers for the event, and this was my first experience at a Rails Girls event.
https://www.hackerone.com/blog/HackerOne-Hosts-Rails-Girls-Groningen
Partager : LinkedIn / Twitter / Facebook / View
FanDuel's Liam Somerville on Prioritising Researchers as an Extension of the Security Team
FanDuel, the web-based fantasy sports game with traditional season-long fantasy sports leagues compressed into daily or weekly games of skill, is used by over 8 million members across the globe. With hundreds of millions of dollars being exchanged through weekly games, the small but mighty FanDuel security is tasked with defending enormous amounts of sensitive data all while meeting rigorous state and national regulations. Over the course of their bug bounty program, FanDuel has resolved about 85 vulnerabilities and paid out over ,000 in gratitude to researchers. We dove a little deeper with Liam to learn more about how his security team of seven works with the researcher community to boost security and how researchers can maximize their earnings by being creative.
https://www.hackerone.com/blog/FanDuels-Liam-Somerville-Prioritising-Researchers-Extension-Security-Team
Partager : LinkedIn / Twitter / Facebook / View
How Hacker-Powered Security Protects Your Data, Even When Third Parties Don't
Providing third parties with access to privileged sites and information can expose companies to greater risk of data theft, with all the financial and reputational costs such breaches bring. Hacker-powered security programs like HackerOne Bounty let you focus tens to thousands of security researchers on the precise systems you care about most. Through careful design of the program page and bounty table, which tells hackers how much they will be paid to find different types of vulnerabilities in different systems, you can concentrate the HackerOne community on hardening the applications, authentication, and access control systems that third parties use.
https://www.hackerone.com/blog/How-Hacker-Powered-Security-Protects-Your-Data-Even-When-Third-Parties-Dont
Partager : LinkedIn / Twitter / Facebook / View
Alibaba and HackerOne Join Forces in Global Vulnerability Testing Program
Alibaba, one of the world's largest Internet companies is joining HackerOne to tap into the technical expertise of the world's best cybersecurity experts to implement a global vulnerability disclosure program (VDP) to help boost security and better protect customers, transactions, and the Alibaba ecosystem. Today, Alibaba has announced that all participating cybersecurity researchers who submit valid vulnerabilities will receive a limited production physical challenge coin issued by Alibaba and HackerOne — a “metal medal of honor” – to recognize their contributions. The coin is awarded in addition to the incentives researchers receive as active members of the HackerOne community.
https://www.hackerone.com/blog/Alibaba-and-HackerOne-Join-Forces-Global-Vulnerability-Testing-Program
Partager : LinkedIn / Twitter / Facebook / View
Introducing My Programs
We're proud to announce the release of My Programs, the next iteration of Hacker Dashboard. My Programs is a completely new page in the dashboard that replaces the old “accepted invitations” page. In addition to the accepted invitations, My Programs now lists all public programs you have previously submitted a report to.
https://www.hackerone.com/blog/Introducing-My-Programs
Partager : LinkedIn / Twitter / Facebook / View
Brace yourself: Million in Bounties is Coming—and we are celebrating the whole way there!
A huge milestone towards a safer internet, better lives, and communities for hackers, HackerOne is celebrating hackers and the path to M in bounties!
https://www.hackerone.com/blog/Brace-yourself-50-Million-Bounties-Coming-and-we-are-celebrating-whole-way-there
Partager : LinkedIn / Twitter / Facebook / View
Launching the Hacker Calendar, Never Miss a Challenge Again
Hacker Calendar is a small but useful feature to track important dates and events via your calendar app. You can easily see all running challenges that you're part of and know their respective start and end dates.
https://www.hackerone.com/blog/Launching-Hacker-Calendar-Never-miss-challenge-again
Partager : LinkedIn / Twitter / Facebook / View
EU-FOSSA 2 Open Source Bug Bounty Programme Series | Q&A
Following the success of the European Commission's pilot bug bounty programme with HackerOne last year, they are announcing the launch of a new bug bounty initiative involving open source software on a much larger scale. This bug bounty programme run by the EU-Free and Open Source Software Auditing (EU-FOSSA 2) project, aims to help EU institutions better protect their critical software. We recently chatted separately with Marek Przybyszewski and Saranjit Arora who are leading the EU-FOSSA 2 project.
https://www.hackerone.com/blog/EU-FOSSA-2-Open-Source-Bug-Bounty-Programme-Series-QA
Partager : LinkedIn / Twitter / Facebook / View
Riot Games Surpasses 1,000 Valid Reports: Q&A
At the end of 2018, Riot Games surpassed one of the biggest milestones of its bug bounty program to-date: 1,000 valid vulnerabilities reported to the program. Today, the League of Legends maker celebrates 1,000 issues fixed and 1,000 opportunities to better protect their over 80 million players worldwide. We connected with Riot Games Security Engineer Diarmaid McManus to learn more about what the milestone means to him and the team, as well as the greater impact HackerOne's community has had on their security practice.
https://www.hackerone.com/blog/Riot-Games-Surpasses-1000-Valid-Reports-QA
Partager : LinkedIn / Twitter / Facebook / View
Open-Xchange Approaches 3 Years of Bug Bounties & 250 Valid Vulnerabilities
Just shy of their third anniversary of bug bounties, web-based communication, collaboration and office productivity software company Open-Xchange (OX) is sharing the results of their program to-date. OX has seen nearly 250 valid vulnerabilities reported through the program and paid out over ,000. Looking back, Security Officer Martin Heiland says bugs surfaced on HackerOne have cost about a tenth of what traditional pen testing has surfaced over the years.
https://www.hackerone.com/blog/Open-Xchange-Approaches-3-Years-Bug-Bounties-250-Valid-Vulnerabilities
Partager : LinkedIn / Twitter / Facebook / View
5 Tips for an Effective AppSec Testing Strategy
Applications have become the lifeblood of businesses in today's connected world. Software is now the “front door” into your business for many people around the world. Caution is required, though. Applications exposed to the internet are also exposed to shady characters out to exploit your systems for their benefit, often at the expense of your customers and your business. This blog shares 5 tips for an effective application security testing strategy.
https://www.hackerone.com/blog/5-Tips-Effective-AppSec-Testing-Strategy
Partager : LinkedIn / Twitter / Facebook / View
Your First 90 Days as Security Lead, Part 2: Developing a Plan and Getting to Work
You've just been named the new security lead for your organization. You probably have many projects swirling through your mind, like addressing a critical issue, benchmarking your organization against peers, or developing a broad plan. This two-part blog series details best practices for developing your program and the key steps to take during the first three months in your new role.
https://www.hackerone.com/blog/Your-First-90-Days-Security-Lead-Part-2-Developing-Plan-and-Getting-Work
Partager : LinkedIn / Twitter / Facebook / View
Hyatt Launches Public Bug Bounty Program: Q&A with CISO Benjamin Vaughn
Today, Hyatt is launching its first public bug bounty program at HackerOne. To learn more about Hyatt's program, their commitment to security and the hacker community, we sat down with Chief Information Security Officer Benjamin Vaughn.
https://www.hackerone.com/blog/Hyatt-Launches-Public-Bug-Bounty-Program-QA-CISO-Benjamin-Vaughn
Partager : LinkedIn / Twitter / Facebook / View
Introducing Indian Rupee payments: Cheaper and faster bank transfers
We're proud to announce that HackerOne now supports payments in Indian Rupees. The addition of Indian Rupees means we can now eliminate the roughly 5% conversion fee per bounty by using the “mid-market rate” to convert your bounties directly to Indian Rupees before sending them to your bank account.
https://www.hackerone.com/blog/Introducing-Indian-Rupee-payments-Cheaper-and-faster-bank-transfers
Partager : LinkedIn / Twitter / Facebook / View
Your First 90 Days as Security Lead, Part 1: Building Your Security Foundation
You've just been named the new security lead for your organization. You probably have many projects swirling through your mind, like addressing a critical issue, benchmarking your organization against peers, or developing a broad plan. This two-part blog series details best practices for developing your program and the key steps to take during the first three months in your new role.
https://www.hackerone.com/blog/Your-First-90-Days-Security-Lead-Part-1-Building-Your-Security-Foundation
Partager : LinkedIn / Twitter / Facebook / View
More Hackers Means Less To Worry About
With enough hackers, all security vulnerabilities are shallow. There is no better way to know the security of your systems than inviting a diverse community to report your weaknesses. On behalf of grateful customers, we have awarded over M in rewards to the do-gooders — the hackers. We will end 2018 with a business that has grown 10X in just 3 years.
https://www.hackerone.com/blog/More-Hackers-Means-Less-Worry-About-0
Partager : LinkedIn / Twitter / Facebook / View
Oath's Big Year of Bug Bounties Capped off with NYC Live Hacking Event
In 2018, Oath has received over 1,900 valid vulnerabilities through its private bug bounty program, over 300 of which were high or critical severity. Big numbers mean big rewards — Oath has paid million in bounties in 2018. It's been a record year, including four live hacking events all over the world — Goa, San Francisco, Argentina, and a 2018 finale live hacking event in New York City on November 27-29.
https://www.hackerone.com/blog/Oaths-Big-Year-Bug-Bounties-Capped-NYC-Live-Hacking-Event
Partager : LinkedIn / Twitter / Facebook / View
GitLab's Public Bug Bounty Program Kicks Off: Q&A with GitLab's Kathy Wang & James Ritchey
Today, GitLab is launching their first public bug bounty program. After running a private bug bounty program and public vulnerability disclosure program (VDP) on HackerOne for over a year, the company resolved nearly 250 vulnerabilities thanks to the over 100 participating hackers. We sat down with GitLab's Director of Security Kathy Wang and Senior Application Security Engineer James Ritchey to dive into the evolution of GitLab's program over time, their decision to go public with their program, and how leveraging HackerOne's community has helped to find and fix security issues quickly.
https://www.hackerone.com/blog/GitLabs-Public-Bug-Bounty-Program-Kicks-QA-GitLabs-Kathy-Wang-James-Ritchey
Partager : LinkedIn / Twitter / Facebook / View
Grammarly's Bug Bounty Program Goes Public: Q&A with VP of Engineering Joe Xavier
It's been over a year since Grammarly launched its first bug bounty program on HackerOne. It's been a private, invite-only program ever since. That is, until today! We sat down with the company's VP of Engineering Joe Xavier to learn more about how the newly public bug bounty program fits into the team's overall security strategy, what it's like working with hackers, and any advice for other organizations considering the bug bounty model.
https://www.hackerone.com/blog/Grammarlys-Bug-Bounty-Program-Goes-Public-QA-VP-Engineering-Joe-Xavier
Partager : LinkedIn / Twitter / Facebook / View
Hacktivity Disclosure for Private Programs
With over 6,000 reports that have been disclosed on Hacktivity, we're proud to announce that we're launching Disclosure for Private Programs. Vulnerability reports can now be disclosed within a private program.
https://www.hackerone.com/blog/Hacktivity-Disclosure-Private-Programs
Partager : LinkedIn / Twitter / Facebook / View
Q&A with Flickr's Senior Engineering Manager Alex Seville
As of November 2018, Flickr has been running its first independent bug bounty program, maintaining an average resolution time of just 4 days in the first month. We sat down with Flickr Senior Engineering Manager Alex Seville to learn more about his team's commitment to working with the hacker community, how it fits into Flickr's larger cybersecurity strategy, and what's to come.
https://www.hackerone.com/blog/QA-Flickrs-Senior-Engineering-Manager-Alex-Seville
Partager : LinkedIn / Twitter / Facebook / View
Easy and secure Credential Management
The new credential management functionality enables program owners to share credentials with hackers in the program easily. It's as simple as uploading a CSV with credentials, and a new button will appear on your program page from where hackers can download the credentials. When uploading the credentials, you can also give the hacker instructions on how to use them. This can be helpful in case the setup isn't straightforward.
https://www.hackerone.com/blog/Easy-and-secure-Credential-Management
Partager : LinkedIn / Twitter / Facebook / View
Test your hacking skills on real-world simulated bugs
Five sandbox environments of recently disclosed hacktivity reports available for anyone to test their hacking skills and see if they can replicate the same bug that was discovered. #hackon
https://www.hackerone.com/blog/Test-your-hacking-skills-real-world-simulated-bugs
Partager : LinkedIn / Twitter / Facebook / View
Introducing Hacker Dashboard: Your personalized HackerOne overview
Earlier this month, we introduced the all-new Program Directory with fresh metrics and better filtering. Now, we're taking it a step further with the introduction of the Hacker Dashboard. Check it out!
https://www.hackerone.com/blog/Introducing-Hacker-Dashboard-Your-personalized-HackerOne-overview
Partager : LinkedIn / Twitter / Facebook / View
Hacker101 CTF++: Find flags, get private bug bounty program invitations
Get rewarded with private invitations and work through the CTF as a group with our new release.
https://www.hackerone.com/blog/Hacker101-CTF-Find-flags-get-private-bug-bounty-program-invitations
Partager : LinkedIn / Twitter / Facebook / View
Shopify Awards 6,000 to Hackers in Canada: h1-514 Recap
Forty top hackers met in Montréal over the weekend to hack Canada-based Shopify. The commerce platform helps more than a half-million merchants spread across 90% of the world's countries design, set-up, and manage their stores. During the live hacking event, dubbed h1-514, Shopify paid over 6,000 in bounties to hackers who helped surface 55 valid vulnerabilities to the program.
https://www.hackerone.com/blog/Shopify-Awards-116000-Hackers-Canada-h1-514-Recap
Partager : LinkedIn / Twitter / Facebook / View
Integrate HackerOne directly into your website with Embedded Submissions
Receiving vulnerabilities has never been easier with the release of our newest integration: Embedded Submissions! The form will be embedded directly on your website by simply adding one line of JavaScript on your web page.
https://www.hackerone.com/blog/Integrate-HackerOne-directly-your-website-Embedded-Submissions
Partager : LinkedIn / Twitter / Facebook / View
Security@ 2018: Oath, DoD Highlight Value in Bringing Bug Bounties to Life
Most hacker-powered security happens remotely, with digital messaging being the typical communication channel. There's no brainstorming together with a whiteboard, no chats over coffee, no conversations during the walk across the street for lunch. One of the many benefits of Security@ is the chance to bring hackers, developers, and security teams together to meet in real life.
https://www.hackerone.com/blog/Security-2018-Oath-DoD-Highlight-Value-Bringing-Bug-Bounties-Life
Partager : LinkedIn / Twitter / Facebook / View
Security@ 2018: Sumo Logic's CSO On Transparency and Using Hacker-Powered Pen Tests for Better Security and Complete Compliance
At Security@ 2018, held in San Francisco in late October, Gerchow took the stage to share how Sumo Logic works with HackerOne to take a decidedly modern approach to security, using bug bounties as a tool in the arsenal and transparency as the common thread. Transparency, according to Gerchow, means that organizations must admit not only that bugs will always exist, but that the best ways to reduce vulnerabilities is to share learnings and best practices with the broader community.
https://www.hackerone.com/blog/Security-2018-Sumo-Logics-CSO-Transparency-and-Using-Hacker-Powered-Pen-Tests-Better-Security
Partager : LinkedIn / Twitter / Facebook / View
Discovering programs is easier than ever with the new and improved Program Directory
Today, we're excited to announce a complete overhaul of our Program Directory! The new directory features a fresh design and more granular filters to find programs faster than ever. Let us know what you think!
https://www.hackerone.com/blog/Discovering-programs-easier-ever-new-and-improved-Program-Directory
Partager : LinkedIn / Twitter / Facebook / View
What To Do When You're Stuck Hacking
Hacking can be tedious work. Sometimes you're looking for hours, perhaps days, and you're unable to find a security vulnerability. It can be demotivating at times. This blog will give you multiple tips to power through it and regain that sweet, sweet feeling of submitting a security vulnerability.
https://www.hackerone.com/blog/What-To-Do-When-You-Are-Stuck-Hacking
Partager : LinkedIn / Twitter / Facebook / View
Financial Services: Tips for Bug Bounty Success
Jason Pubal is an appsec director at a large financial services firm. Over the past 2 years, he's prepared for and rolled out a successful bug bounty program with HackerOne. Here's what he's learned in the process and how you can prepare to launch your own bug bounty program.
https://www.hackerone.com/blog/Financial-Services-Tips-Bug-Bounty-Success
Partager : LinkedIn / Twitter / Facebook / View
The Best is Yet To Come: DOD Awards New Hack the Pentagon Contract to HackerOne
Today we celebrate cyber defense. The U.S. Department of Defense's Defense Digital Service (DDS) announced expansion of the Hack the Pentagon crowdsourced security program and partnership with HackerOne. HackerOne is one of three vendors to be awarded a contract as part of the Hack the Pentagon expansion to run private assessments against sensitive, internal systems.
https://www.hackerone.com/blog/Best-Yet-Come-DOD-Awards-New-Hack-Pentagon-Contract-HackerOne
Partager : LinkedIn / Twitter / Facebook / View
The Paranoids at Oath Take Bug Bounties to Argentina: h1-5411 Recap
HackerOne kicked off its first South America live hacking event in Buenos Aires, Argentina! Oath, a media and tech company, under which Yahoo, AOL, Verizon Digital Media Services, TechCrunch and many more dynamic brands fall, opened up their assets to 53 hackers in their second live hacking event in 2018. Eight hours later, Oath had paid out over 0,000 in bounties to hackers for their contributions. Thank you to our hackers that literally weathered a storm to join us in Argentina for the first time.
https://www.hackerone.com/blog/Paranoids-Oath-Take-Bug-Bounties-Argentina-h1-5411-Recap
Partager : LinkedIn / Twitter / Facebook / View
Say Yes To Cyber Help
We are seeing tremendous growth at HackerOne. Bug bounty programs, vulnerability disclosure policies, and crowdsourced pentests are needed by anyone entrusted with protecting customer data. To serve our rapidly expanding customer base, we have tripled our headcount in the past 12 months and opened new offices in New York, Washington D.C. and Singapore, in addition to our San Francisco, London and Netherlands offices.
https://www.hackerone.com/blog/Say-Yes-Cyber-Help
Partager : LinkedIn / Twitter / Facebook / View
The U.S. Marine Corps Resolves Nearly 150 Vulnerabilities Thanks to Hackers
Hack the Marine Corps, the U.S. Depart of Defense's (DoD) six public bug bounty challenge, officially concluded and the results are in! Over 100 ethical hackers tested public-facing Marine Corps websites and services in an effort to harden the defenses of the Marine Corps Enterprise Network (MCEN). Over the 20 days of the hacking challenge, hackers reported nearly 150 unique valid vulnerabilities to the U.S. Marine Corps Cyberspace Command (MARFORCYBER) team and were awarded over 0,000 for their findings.
https://www.hackerone.com/blog/US-Marine-Corps-Resolves-Nearly-150-Vulnerabilities-Thanks-Hackers-2
Partager : LinkedIn / Twitter / Facebook / View
The AWS Shared Responsibility Model: 3 Areas of Improvement to Make Today Part 3: Logging, Monitoring, and Alerting in AWS
Migrating to the cloud means sharing responsibility for security with the cloud provider. Read about one important part of the shared responsibility model: logging, monitoring, and alerting in an AWS environment. Discover the tools available to help you always know what is happening in your environment.
https://www.hackerone.com/blog/AWS-Shared-Responsibility-Model-3-Areas-Improvement-Make-Today-Part-3
Partager : LinkedIn / Twitter / Facebook / View
How Hacktivity Can Save Your Company: Experts Weigh In
Hacktivity can save your company. Take help from hackers. You can't do it alone. Approach hackers with an assumption of benevolence, and develop relationships with them. Don't find out about a vulnerability for the first time on Twitter. How do you defend yourself against people who get up in the morning, put on their flip flops (or military uniform) and do nothing but think about how to attack you? These were themes at the Atlantic Council's panel on coordinated vulnerability disclosure (CVD) on September 18 in Washington, D.C.
https://www.hackerone.com/blog/How-Hacktivity-Can-Save-Your-Company-Experts-Weigh-In
Partager : LinkedIn / Twitter / Facebook / View
Hacker Q&A with André Baptista: From CTF Champ to h1-202 MVH
From CTF Champ to H1-202 MVH. André applied the creativity of CTFs to find and escalate bugs in the wild and hack his way to to the Championship Belt less than a month after finding his first bug in the wild.
https://www.hackerone.com/blog/Hacker-QA-Andre-Baptista-CTF-Champ-h1-202-MVH
Partager : LinkedIn / Twitter / Facebook / View
Streamline Every Aspect of Your Responsible Disclosure Policy with HackerOne Response
HackerOne Response is our turnkey solution offering enterprise-grade security and conformance with ISO-29147 (vulnerability disclosure) and ISO-30111 (vulnerability handling). It allows vulnerability management teams to work directly with external third-parties to resolve critical security vulnerabilities before they can be exploited.
https://www.hackerone.com/blog/Streamline-Every-Aspect-Your-VDP-HackerOne-Response
Partager : LinkedIn / Twitter / Facebook / View
Top Firewall Misconfigurations that Lead to Easy Exploitations by Attackers
Migrating to the cloud means sharing responsibility for security with the cloud provider. Read about one important part of the shared responsibility model: keeping your cloud network secure. Discover how to protect your cloud networks from attackers.
https://www.hackerone.com/blog/Top-Firewall-Misconfigurations-that-Lead-to-Easy-Exploitations
Partager : LinkedIn / Twitter / Facebook / View
The AWS Shared Responsibility Model: 3 Areas of Improvement to Make Today, Part 1
Migrating to the cloud means sharing responsibility for security with the cloud provider. Read about one important part of the shared responsibility model: keeping your private keys private. Discover how to prevent your secrets from escaping the cloud.
https://www.hackerone.com/blog/AWS-Shared-Responsibility-Model-3-Areas-Improvement-Make-Today-Part-1-Keep-Your-Private-Keys
Partager : LinkedIn / Twitter / Facebook / View
Introducing the Hacker101 CTF
Capture flags all day and night in our newly launched CTF, available 24/7 at ctf.hacker101.com.
https://www.hackerone.com/blog/Introducing-Hacker101-CTF
Partager : LinkedIn / Twitter / Facebook / View
Highlights of New York's Cybersecurity Regulation 23 NYCRR Part 500
Effective March 1, 2017, the New York State Department of Financial Services (NYDFS) promulgated 23 NYCRR Part 500, a regulation establishing cybersecurity requirements for financial services companies. Beginning today, September 4, 2018, Sections 500.06, 500.08, 500.13, 500.14(a) and 500.15 of 23 NYCRR Part 500 will be enforceable.
https://www.hackerone.com/blog/Highlights-New-Yorks-Cybersecurity-Regulation-23-NYCRR-Part-500
Partager : LinkedIn / Twitter / Facebook / View
H1-702 2018 makes history with over 0K in bounties paid!
Five straight nights of hacking with over 75 hackers representing 20+ countries hacked five targets earning over 0,000. It was the largest and most successful live hacking event ever.
https://www.hackerone.com/blog/H1-702-2018-makes-history-over-500K-bounties-paid
Partager : LinkedIn / Twitter / Facebook / View
Hacker Q&A with Matthew Bryant: Good Artists Copy, Great Artists Steal
“Seeing an exploit without understanding how any of it works felt like witnessing someone doing actual magic.” In his search to understand new-to-him security vulnerabilities, Matthew Bryant (@iammandatory) has found some iconic bugs. He chatted with us about those finds, collaboration, and the tools he builds as a modern-day security magician.
https://www.hackerone.com/blog/Hacker-QA-Matthew-Bryant-1
Partager : LinkedIn / Twitter / Facebook / View
What is a Responsible Disclosure Policy and Why You Need One
This article will answer the simple question of what a vulnerability disclosure policy is, what's included in a good policy, which organizations have a VDP today, and which government agencies have published guidance on VDPs.
https://www.hackerone.com/blog/What-Vulnerability-Disclosure-Policy-and-Why-You-Need-One
Partager : LinkedIn / Twitter / Facebook / View
7 Common Security Pitfalls to Avoid When Migrating to the Cloud
Read about the seven common security pitfalls to avoid when considering a migration to the cloud. Get actionable steps you should take now to ensure the best security possible for your customers.
https://www.hackerone.com/blog/7-Common-Security-Pitfalls-Avoid-When-Migrating-Cloud
Partager : LinkedIn / Twitter / Facebook / View
118 Fascinating Facts from HackerOne's Hacker-Powered Security Report 2018
Read 118 of the most intriguing data points from HackerOne's Hacker-Powered Security Report 2018. Get the facts to learn how security teams are working with hackers to crush more bugs and make the internet safer for everyone.
https://www.hackerone.com/blog/118-Fascinating-Facts-HackerOnes-Hacker-Powered-Security-Report-2018
Partager : LinkedIn / Twitter / Facebook / View
Oath Bug Bounty Program Update: M in payouts and expansion of the program
Oath has surpassed over ,000,000 bounties paid to hackers for their help to significantly decrease risk and reduce Oath's attack surface. However, bugs aren't all Oath received from the security community. They also heard a ton of feedback that they've accounted for in five changes to their program policy. Check them out!
https://www.hackerone.com/blog/Oath-Bug-Bounty-Program-Update-1M-payouts-and-expansion-program
Partager : LinkedIn / Twitter / Facebook / View
Improve Credential Sharing with Hacker Email Aliases
New hacker email aliases feature makes credential sharing, and whitelisting domains simple for programs
https://www.hackerone.com/blog/Improve-Credential-Sharing-Hacker-Email-Aliases
Partager : LinkedIn / Twitter / Facebook / View
A Guide To Subdomain Takeovers
Technical guide on how to understand, find, exploit, and report subdomain misconfigurations by EdOverflow
https://www.hackerone.com/blog/Guide-Subdomain-Takeovers
Partager : LinkedIn / Twitter / Facebook / View
Software Vulnerability Disclosure in Europe: Summary and Key Highlights of the European Parliament CEPS Task Force Report
HackerOne's summary review of the Software Vulnerability Disclosure in Europe Technology, Policies and Legal Challenges report.
https://www.hackerone.com/blog/Software-Vulnerability-Disclosure-Europe-Summary-and-Key-Highlights-European-Parliament-CEPS
Partager : LinkedIn / Twitter / Facebook / View
Sumo Logic Looks to Hacker-Powered Pen Testing for Security and Compliance
In late 2017, Sumo Logic CSO George Gerchow faced a challenge most only dream of — pen testing reports kept coming back clean. While this seems like good knews, it meant Sumo Logic's attack surface was hardening, Gerchow knew nothing is bulletproof. Three bug bounty challenges later, Sumo Logic is sharing the results and inner workings of its open line of communication with the hacker community for the first time.
https://www.hackerone.com/blog/Sumo-Logic-Looks-Hacker-Powered-Pen-Testing-Security-and-Compliance
Partager : LinkedIn / Twitter / Facebook / View
Zomato's First Anniversary with Bug Bounties: Q&A with Security Lead, Prateek Tiwari
This month, Zomato is celebrating the first anniversary of its bug bounty program. Since launching in July 2017, the company has paid out over 0,000 to over 350 hackers for their efforts, all while maintaining an average response time of 4 hours. We recently caught up with Prateek to celebrate the milestone and give you a chance to learn more about Zomato's approach to bug bounties and security.
https://www.hackerone.com/blog/Zomatos-First-Anniversary-Bug-Bounties-QA-Security-Lead-Prateek-Tiwari
Partager : LinkedIn / Twitter / Facebook / View
The Hacker-Powered Security Report 2018
The Hacker-Powered Security Report 2018 is the most comprehensive report on hacker-powered security. Analysis of 78,275 security vulnerability reports received in the past year from ethical hackers that reported them to over 1,000 organizations through HackerOne.
https://www.hackerone.com/blog/Hacker-Powered-Security-Report-2018
Partager : LinkedIn / Twitter / Facebook / View
H1-702 CTF Winners Announced!
Thanks to all the hackers who participated in the H1-702 2018 CTF! For the first time ever, we had both web and mobile challenges. Our six winners were selected from a pool of 750 registered participants and over 30 submissions received. Congratulations on winning your way to Las Vegas for the biggest live hacking event ever!
https://www.hackerone.com/blog/H1-702-CTF-Winners-Announced
Partager : LinkedIn / Twitter / Facebook / View
Lawfully Hacked
The best way to prevent getting hacked is to try to get hacked. Paradoxical as this may sound, evidence shows it is true. The worst data breaches the world has seen were with companies that did not invite external security researchers to report their findings. But by hunting for their security vulnerabilities, organizations can ensure the weak points are found and fixed before they are identified by criminals. Open sourcing security is the way.
https://www.hackerone.com/blog/Lawfully-Hacked
Partager : LinkedIn / Twitter / Facebook / View
The Journey to 100% Responsive Programs
Unresponsive programs are a drain on your time and your sanity. We are committed to ensure programs on the platform will be responsive and their performance metrics will be transparent.
https://www.hackerone.com/blog/Journey-100-Responsive-Programs
Partager : LinkedIn / Twitter / Facebook / View
Webinar: Learn How Hacker-Powered Pentests Give You More For Less
Join us on July 17 to learn how hacker-powered pen tests give you more. More bugs, faster, and cheaper.
https://www.hackerone.com/blog/Webinar-Learn-How-Hacker-Powered-Pentests-Give-You-More-Less
Partager : LinkedIn / Twitter / Facebook / View
Morrison & Foerster's David Newman: How Corporate Counsel Should Approach Hacker-Powered Security
Interview with MoFo's David Newman, of counsel in the National Security and Global Risk & Crisis Management practices. We asked David a few questions related to his work for clients on hacker-powered security, as well as what he's seeing in the field as more and more organizations launch both vulnerability disclosure policies (VDP) and bug bounty programs.
https://www.hackerone.com/blog/Morrison-Foersters-David-Newman-How-Corporate-Counsel-Should-Approach-Hacker-Powered-Security
Partager : LinkedIn / Twitter / Facebook / View
Hackers Descend on London for First Ever UK Live Hacking Event: H1-4420
Saturday, June 16, almost 50 hackers gathered from across the world to hack one of the most popular and mature bug bounty programs on the planet at HackerOne's first live-hacking event in London, H1-4420. Nine hours, 71 valid bugs and ,753 later...you could say our community of elite hackers exceeded all expectations.
https://www.hackerone.com/blog/Hackers-Descend-London-First-Ever-UK-Live-Hacking-Event-H1-4420
Partager : LinkedIn / Twitter / Facebook / View
Advanced triggers feature launches to further improve signal
Triggers are simple but powerful tools for executing automated responses to new, incoming reports. With triggers, you can set up an automated action when your program receives a report with or without a given trigger word. Triggers aid in reducing noise as they can flag certain reports.
https://www.hackerone.com/blog/Advanced-triggers-feature-launches-further-improve-signal
Partager : LinkedIn / Twitter / Facebook / View
Live-hacking Dropbox in Amsterdam for H1-3120
At H1-3120, Dropbox received more than 90 reports and paid out ,383 with an average bounty of ,318, over two times on their largest bounty day ever and almost three times their average bounty. Geweldig!
https://www.hackerone.com/blog/Live-hacking-Dropbox-Amsterdam-H1-3120
Partager : LinkedIn / Twitter / Facebook / View
Jackpot! The h1-702 2018 CTF is here! Win a Trip to the Biggest Live-hacking Event of 2018
H1-702 2018 is happening in Las Vegas from Wednesday, August 8 to Sunday, August 12! Any hacker from around the world who wants to attend can earn their way there. All you need to do is solve our CTF and write a great report. Six lucky winners will earn round trip airfare, seven nights at a hotel on the Las Vegas strip, and access to all five days of h1-702.
https://www.hackerone.com/blog/Jackpot-h1-702-2018-CTF-here-Win-Trip-Biggest-Live-hacking-Event-2018
Partager : LinkedIn / Twitter / Facebook / View
Hey Startups, Check Your GDPR Progress with this GDPR Checklist
The GDPR Checklist is just that: a checklist to make sure you've covered the basics concerning GDPR. It's aimed at SaaS startups, but every company can benefit from its simple, easy to understand guidance.
https://www.hackerone.com/blog/Hey-Startups-Check-Your-GDPR-Progress-GDPR-Checklist
Partager : LinkedIn / Twitter / Facebook / View
Hacker-Powered pen tests at the U.S. Federal Government
When looking for a model to inform your own security posture, the Department of Defense would be a good place to look. Not only were they the first branch of the U.S. Federal Government to use white-hat hackers back in 2016, they've been using hacker-powered security in new and interesting ways ever since. They've also blazed a trail for other public organizations.
https://www.hackerone.com/blog/Hacker-Powered-pen-tests-US-Federal-Government
Partager : LinkedIn / Twitter / Facebook / View
New Hacker101 Content: Threat modeling, Burp basics, and more
Since January, thousands of hackers have expressed their enthusiasm about the first Hacker101 content drop (almost 80,000 total video views and 8,800+ stars on GitHub in just six months!); and now it's time to take things to the next level.
https://www.hackerone.com/blog/New-Hacker101-Content-Threat-modeling-Burp-basics-and-more
Partager : LinkedIn / Twitter / Facebook / View
CISOs and GDPR: The Top 3 Concerns
In “The CISOs Guide to GDPR”, expert Thomas Fischer offered up the three main concerns he's hearing most often from CISOs regarding GDPR.
https://www.hackerone.com/blog/CISOs-and-GDPR-the-top-3-concerns
Partager : LinkedIn / Twitter / Facebook / View
Hacker Q&A with Rachel Tobac: Hacking Companies Through Their People
CEO and Co-founder of SocialProof Security, Rachel Tobac hacks people. Using a phone, email, and an approachable persona, Rachel discovers vital information that can be used to craft successful exploits.
https://www.hackerone.com/blog/Hacker-QA-Rachel-Tobac-Hacking-Companies-Through-Their-People
Partager : LinkedIn / Twitter / Facebook / View
Introducing The 90 day Hacker Leaderboard and Revamped Invitations
Hackers can now see how they ranked by their Reputation, Signal, and Impact in the last 90 days. Invitations going forward will be based on your activity during the last 90 days.
https://www.hackerone.com/blog/Introducing-90-day-Hacker-Leaderboard-and-Revamped-Invitations
Partager : LinkedIn / Twitter / Facebook / View
Hacker Q&A with Alyssa: We are all still learning
At 16 Alyssa Herrera discovered BugBounties and HackerOne--she hasn't looked back since. Now a full time bug hunter, Alyssa makes sure to give back to the community by sharing the knowledge she gained on her way to the number two spot on the DoD leaderboards.
https://www.hackerone.com/blog/Hacker-QA-Alyssa-We-are-all-still-learning
Partager : LinkedIn / Twitter / Facebook / View
Hursti hacks, DEF CON villages, and the Dubious state of electronic voting
Harri Hursti is one of the world's leading authorities on election voting security. His work has exposed gaping security flaws in electronic voting machines and the electronic voting industry as a whole. He answered some of our questions on his hacking roots and why electronic voting is so easily hacked.
https://www.hackerone.com/blog/Hursti-hacks-DEF-CON-villages-and-Dubious-state-electronic-voting
Partager : LinkedIn / Twitter / Facebook / View
H1-415 Recap: Oath Pays Over 0,000 to Hackers in One Day
Forty-one hackers representing 11 countries. More than 0,000 paid in bounties. All in nine hours. HackerOne's second annual live-hacking event in San Francisco broke multiple records on Saturday, April 14, 2018. The target? Oath, a media and tech company, under which Yahoo, AOL, Verizon Digital Media Services, TechCrunch and many more dynamic brands fall.
https://www.hackerone.com/blog/H1-415-Recap-Oath-Pays-Over-400000-Hackers-One-Day
Partager : LinkedIn / Twitter / Facebook / View
H1-202 Recap: Mapbox Pays Out Nearly ,000 in One Day
Twenty-seven hackers representing nine countries gathered at the U.S. capitol March 23-25, 2018 for HackerOne's first live hacking event in Washington, D.C. The weekend consisted of a community day with Virginia-based high schoolers and a live hacking day — nine hours of hacking at Mapbox HQ, resulting in over 100 bugs reported and nearly ,000 paid in rewards.
https://www.hackerone.com/blog/H1-202-Recap-Mapbox-Pays-Out-Nearly-65000-One-Day
Partager : LinkedIn / Twitter / Facebook / View
Q&A with CRANIUM: Easing Compliance with “GDPR in a Box”
CRANIUM, an international consulting company specializing in privacy, data protection and information security, sells a GDPR in a Box to guide organizations through their GDPR challenge. It's a combination of do-it-yourself plus online support, and we talked with one of their GDPR experts to learn more about it.
https://www.hackerone.com/blog/QA-CRANIUM-Easing-Compliance-GDPR-Box
Partager : LinkedIn / Twitter / Facebook / View
Shopify Thanks Over 300 Hackers, Pays 0,000+ to Hackers in Three Years
This month, Shopify celebrates the three year anniversary of its bug bounty program with HackerOne. To-date the commerce platform has paid over 0,000 in rewards to hackers, resolved 759 vulnerabilities and has thanked over 300 hackers for their contributions.
https://www.hackerone.com/blog/Shopify-Thanks-Over-300-Hackers-Pays-850000-Hackers-Three-Years
Partager : LinkedIn / Twitter / Facebook / View
Q&A with HackerOne's New Board Member: Kathryn Haun
We are thrilled to introduce HackerOne's new board member Kathryn Haun. Katie is a former U.S. Department of Justice (DOJ) federal prosecutor, Stanford Business School Lecturer and serves on the board of Coinbase. With cybersecurity affecting every industry, every entity, and every person who is digitally connected, Katie thinks one of the best ways to protect against nefarious actors is to provide a safe environment for ethical hackers to beat them to the punch.
https://www.hackerone.com/blog/QA-HackerOnes-New-Board-Member-Kathryn-Haun
Partager : LinkedIn / Twitter / Facebook / View
The CISO's Guide to GDPR: Q&A with Thomas Fischer
We recently caught up with GDPR expert Thomas Fischer for his help in answering some questions for us on the hot topic of GDPR.
https://www.hackerone.com/blog/CISOs-Guide-GDPR-QA-Thomas-Fischer
Partager : LinkedIn / Twitter / Facebook / View
General Motors Celebrates Second Anniversary with Hackers
Just over two years ago, General Motors became the first major automaker to launch a public vulnerability disclosure program (VDP). Its purpose? To protect its customers by working with hackers to safely identify and resolve security vulnerabilities. Since the program launched in 2016, GM has resolved more than 700 vulnerabilities across the entire supply chain, with help from hackers.
https://www.hackerone.com/blog/General-Motors-Celebrates-Second-Anniversary-Hackers
Partager : LinkedIn / Twitter / Facebook / View
Mr. Chairman, we need hackers!
The more the world gets hacked, the more we need hackers. We need white hats. They will find vulnerabilities so we can fix them and not get breached.
https://www.hackerone.com/blog/Mr-Chairman-we-need-hackers
Partager : LinkedIn / Twitter / Facebook / View
GitHub Celebrates Four Years of Bug Bounties: Q&A with VP of Security, Shawn Davenport
GitHub celebrated the fourth anniversary of its Security Bug Bounty program and released a comprehensive recap of a record-breaking 2017 to mark the moment. To join the celebration and give you a chance to learn more about GitHub's approach to bug bounties and security, we recently caught up with Shawn Davenport, VP of Security at GitHub.
https://www.hackerone.com/blog/GitHub-Celebrates-Four-Years-Bug-Bounties-QA-VP-Security-Shawn-Davenport
Partager : LinkedIn / Twitter / Facebook / View
GDPR: Let's kill the FUD
It seems everywhere you look, the talk about GDPR is designed to scare you into action. Fear, uncertainty, and doubt (FUD) are powerful motivators. Probably the scariest thing of all: the potential fines. GDPR, on paper, allows for fines of up to €20 million (.5 million) or 4% of a company's global annual revenue. Here's a quick (non-FUD-ified) list of some of what we see happening and how it may impact you.
https://www.hackerone.com/blog/GDPR-Lets-kill-FUD
Partager : LinkedIn / Twitter / Facebook / View
OWASP Top 10 Web Security Risks of 2017 - Flashcards
There's no such thing as perfectly secure software. Learn about the top 10 web security risks of 2017 with our print-ready flashcard guide
https://www.hackerone.com/blog/OWASP-Top-10-Web-Security-Risks-2017-Flashcards
Partager : LinkedIn / Twitter / Facebook / View
Calling All “Bureaucracy Hackers”
Lisa Wiswell, a HackerOne advisor and a principal at GRIMM cybersecurity firm, thinks the government needs more help from hackers. Not just with hacking or security, but with simply understanding the basics of technology and the internet.
https://www.hackerone.com/blog/Calling-All-Bureaucracy-Hackers
Partager : LinkedIn / Twitter / Facebook / View
h1-202 CTF Winners Announced (and links to write-ups)
Our h1-202 CTF attracted 450 participants and we chose three winners that will be sent to Washington, DC for our live-hacking event, h1-202! Find out who won and read their solution write-ups in this post.
https://www.hackerone.com/blog/h1-202-CTF-Winners-Announced
Partager : LinkedIn / Twitter / Facebook / View
Q&A with Faye Francy: How Auto-ISAC Puts Security in the Driver's Seat
Faye Francy is executive director of Auto-ISAC, an industry-operated organization created to enhance cybersecurity awareness and collaboration across the global automotive industry. We interviewed Faye to learn more about the work Auto-ISAC is doing to make all of our vehicles more secure.
https://www.hackerone.com/blog/QA-Faye-Francy-How-Auto-ISAC-Puts-Security-Drivers-Seat
Partager : LinkedIn / Twitter / Facebook / View
Hacker Q&A with Shubham Gupta: Patience and Passion
Shubham Gupta ranks in the 96th percentile when it comes to signal and has helped secure brands like Ubiquiti Networks, Twitter, Slack and others. Shubham is enthusiastic, eager to learn and challenging himself daily. We caught up with him to learn more about his story, what drives him and why he hacks for good.
https://www.hackerone.com/blog/Hacker-QA-Shubham-gupta-Patience-and-Passion
Partager : LinkedIn / Twitter / Facebook / View
Hack Your Way to the White House
The h1-202 CTF is here! On March 25th, 2018, h1-202 will be happening in Washington, D.C. (at a top secret location!). We are opening up the event to any hacker around the world who wants to attend. All you need to do is solve our CTF and write up a great report. The individuals who submit the best write ups as determined by our judges will be invited to attend h1-202.
https://www.hackerone.com/blog/Hack-Your-Way-White-House
Partager : LinkedIn / Twitter / Facebook / View
Alexa, ask HackerOne...
Alexa, ask HackerOne what's in the news?
https://www.hackerone.com/blog/Alexa-ask-HackerOne
Partager : LinkedIn / Twitter / Facebook / View
How Hackers Spend Their Bounties
At our poolside h1-702 live-hacking event in Las Vegas we asked some of our top hackers about how they spend their bounty earnings. Responses varied - from saving money for college, to buying a family car, to helping their parents purchase a home to: headphones, snowblowers, and more.
https://www.hackerone.com/blog/How-Hackers-Spend-Their-Bounties
Partager : LinkedIn / Twitter / Facebook / View
Google Play increases bounties and expands scope for Android apps
Google is announcing updates to the program, including expanded vulnerability criteria and increased payouts.
https://www.hackerone.com/blog/Google-Play-increases-bounties-and-expands-scope-Android-apps
Partager : LinkedIn / Twitter / Facebook / View
Q&A with Jane Frankland: GDPR, CISOs, and Women in Cybersecurity
Jane Frankland is an award-winning entrepreneur, speaker, and consultant in cybersecurity and entrepreneurism. For more than 20 years, Jane has been focused on cybersecurity, and has been actively involved in OWASP, CREST and the Cyber Essentials scheme. She a prolific author, having been featured in leading publications and appeared on iconic British media programmes. She has also just published a new book about women in security.
https://www.hackerone.com/blog/QA-Jane-Frankland-GDPR-CISOs-and-Women-Cybersecurity
Partager : LinkedIn / Twitter / Facebook / View
U.S. Senate Hearing - Data Security and Bug Bounty Programs: Lessons Learned
HackerOne was invited to testify in front of the U.S. Senate Subcommittee on Consumer Protection, Product Safety, Insurance, and Data Security. We are honored to join the Senate and leaders in our industry to discuss the role hackers can play in strengthening security.
https://www.hackerone.com/blog/US-Senate-Hearing-Bug-Bounty-Lessons-Learned
Partager : LinkedIn / Twitter / Facebook / View
Updated Hacker Invitations: Hack more, hack better
Program invitations are getting better. Way better. Check out the new features to help you manage the invitations you receive on HackerOne.
https://www.hackerone.com/blog/Updated-Hacker-Invitations-Hack-more-hack-better
Partager : LinkedIn / Twitter / Facebook / View
Healthy programs make for happy hackers. Introducing response SLAs
How do you measure the success of your HackerOne program? What are the top things hackers look for from security teams? Ever wonder how your peers at other companies are doing against their key performance indicators?
To answer these questions and more, today we're launching our new response service level agreement (SLA) features to make it easier for you to maintain a healthy, responsive program.
https://www.hackerone.com/blog/Healthy-programs-make-happy-hackers-Introducing-response-SLAs
Partager : LinkedIn / Twitter / Facebook / View
Hacker101: Free class for web security. Let's break some stuff
Hacker101 is a free class for web security. Whether you're a programmer with an interest in bug bounties or a seasoned security professional, Hacker101 has something to teach you.
https://www.hackerone.com/blog/Hacker101-Free-class-web-security-Lets-break-some-stuff
Partager : LinkedIn / Twitter / Facebook / View
Breaking the Bank: Getting Financial Services Companies to Embrace Hacker-Powered Security
How the tide is shifting, and financial services firms are realizing that the economics of hacker-powered security outweigh the risks as presented at Security@ San Francisco.
https://www.hackerone.com/blog/Breaking-Bank-Getting-Financial-Services-Companies-Embrace-Hacker-Powered-Security
Partager : LinkedIn / Twitter / Facebook / View
Double your signal, double your fun
Human-Augmented Signal improves the signal of programs as reports flagged with a high noise probability are reviewed by HackerOne security analysts. After our system utilizes various criteria to automatically classify all incoming reports, reports with potential noise are forwarded to HackerOne security analysts for review.
https://www.hackerone.com/blog/Double-your-signal-double-your-fun
Partager : LinkedIn / Twitter / Facebook / View
Bug Bounty or Bust! The Art of Triage
Tips on how to best set yourself up operationally to handle the loads of reports flying your way, as well as more in-depth tips on how to handle common scenarios on individual reports.
https://www.hackerone.com/blog/Bug-Bounty-or-Bust-Art-Triage
Partager : LinkedIn / Twitter / Facebook / View
The 2018 Hacker Report
https://www.hackerone.com/blog/2018-Hacker-Report
Partager : LinkedIn / Twitter / Facebook / View
An Attorney's View of Vulnerability Disclosure
Vulnerability Disclosure Programs (VDPs) are not only being promoted by more and more organizations and officials, they're an easy-to-implement yet critical part of any company's security apparatus. But there are legal issues to consider, and we had a top cybersecurity attorney offering advice at the recent Security@ event.
https://www.hackerone.com/blog/Attorneys-View-Vulnerability-Disclosure
Partager : LinkedIn / Twitter / Facebook / View
What percentage of your software vulnerabilities have GDPR implications?
Do you know how many of your unknown vulnerabilities have the potential to cause a breach of consumer data? In other words, how many have GDPR implications? We wondered the same thing, so we did some digging. Here's what we found.
https://www.hackerone.com/blog/What-percentage-your-software-vulnerabilities-have-GDPR-implications
Partager : LinkedIn / Twitter / Facebook / View
Hacker Q&A With EdOverflow
EdOverflow is a hacker's hacker. He's found bugs for Razer, GitLab, and even HackerOne :). He writes about security and web development. And, he runs Securitytxt.org, which works to standardize how websites define their security policies. We chatted with Ed a bit about his background, his work, and his causes.
https://www.hackerone.com/blog/Hacker-QA-EdOverflow
Partager : LinkedIn / Twitter / Facebook / View
Bringing Private-sector Security into the U.S. Government [Security@ Recaps]
https://www.hackerone.com/blog/Bringing-Private-sector-Security-US-Government-Security-Recaps
Partager : LinkedIn / Twitter / Facebook / View
Hacking The Planet - Hack The World 2017 Recap
After 1 month of our community's best and brightest going head to head to be named Hack The World 2017 champion, we are ready to share the winners of the annual contest. We also want to share some lessons learned, and give each of you the opportunity to share feedback with us so that we can improve on future contests.
https://www.hackerone.com/blog/Hacking-Planet-Hack-World-2017-Recap
Partager : LinkedIn / Twitter / Facebook / View
Samy Kamkar's Security@ San Francisco Keynote
If you were into social networks during the MySpace era, you might recall the Samy Worm of 2005. The worm spread through friend invitations, infecting MySpace user accounts and adding “Samy is my hero” to their personal pages. Unsurprisingly, it was developed by a teenager named Samy...and yes, Samy is our hero.
https://www.hackerone.com/blog/Samy-Kamkar-Security-at-San-Francisco-Keynote
Partager : LinkedIn / Twitter / Facebook / View
Alex Rice and Zane Lackey Discuss Modern Security for Practitioners
Our co-founder and CTO, Alex Rice, was a recent guest on The Modern Security Series by Signal Sciences, along with Signal Sciences' co-founder and CSO, Zane Lackey.
https://www.hackerone.com/blog/Alex-Rice-and-Zane-Lackey-Discuss-Modern-Security-Practitioners
Partager : LinkedIn / Twitter / Facebook / View
Hacking the U.S. Air Force (again) from a New York City subway station
https://www.hackerone.com/blog/Hacking-US-Air-Force-again-New-York-City-subway-station
Partager : LinkedIn / Twitter / Facebook / View
The European Commission's First-Ever Bug Bounty Program
The European Commission has selected HackerOne as the platform for their first ever bug bounty program.
https://www.hackerone.com/blog/the-european-commissions-first-ever-bug-bounty-program
Partager : LinkedIn / Twitter / Facebook / View
AlienVault streamlines their vulnerability disclosure with HackerOne Response
HackerOne is helping AlienVault manage incoming reports, triage them, and automatically create tickets on their internal ticketing system for only the valid reports.
https://www.hackerone.com/blog/AlienVault-streamlines-their-vulnerability-disclosure-with-HackerOne-Response
Partager : LinkedIn / Twitter / Facebook / View
Why Riot Games Pays Hackers to Break Them
In the League of Legends world, your nexus is protected from outside threats by a strong team of diverse champions. It's similar to how you should approach security in the real world, and wouldn't it be better to have more and better champions working on your team?
https://www.hackerone.com/blog/Why-Riot-Games-Pays-Hackers-to-Break-Them
Partager : LinkedIn / Twitter / Facebook / View
KPMG's Cyber Security Expert Offers Advice for Bug Bounty Success
Before you propose a bug bounty program to your organization, you need a comprehensive plan. That's just one of the many takeaways offered on a recent podcast from KPMG's Advisory Institute, which publishes content related to business performance, technology, risk management, and more.
https://www.hackerone.com/blog/KPMGs-Cyber-Security-Expert-Offers-Advice-for-Bug-Bounty-Success
Partager : LinkedIn / Twitter / Facebook / View
The ICO's 12-Step Guide to GDPR Compliance
The United Kingdom's Information Commissioner's Office suggested “12 steps to take now” to get ahead of GDPR's impact on your operations and processes. We've put together a quick recap available on our resources page.
https://www.hackerone.com/blog/The-ICOs-12-Step-Guide-to-GDPR-Compliance
Partager : LinkedIn / Twitter / Facebook / View
Breach Basics: Preparation for the Inevitable
Data breaches in information security have become an inescapable reality. A common inquiry we receive here at HackerOne is for guidance on how to most effectively respond to one of these unfortunate incidents. There are no easy answers. Our hope is the following guidance can serve as recommendations for any victim of a breach.
https://www.hackerone.com/blog/Breach-Basics-Preparation-for-the-Inevitable
Partager : LinkedIn / Twitter / Facebook / View
The Voices of Vulnerability Disclosure: Look Who's Talking About VDPs
The attention being given to vulnerability disclosure policies (VDP) in the past year has increased dramatically. It might be the latest high-profile breach that sparks a comment, but more and more, it's the attitude that VDPs aren't just nice-to-haves, they're critical tools for every cyber security team.
https://www.hackerone.com/blog/The-Voices-of-Vulnerability-Disclosure-Look-Whos-Talking-About-VDPs
Partager : LinkedIn / Twitter / Facebook / View
H1-212 CTF results
Thanks to all of you who participated in our first ever h1-212 CTF! We had a lot of fun building it and it looks like many of you had a great time participating.
https://www.hackerone.com/blog/h1-212-ctf-results
Partager : LinkedIn / Twitter / Facebook / View
Hack your way to NYC this December for h1-212
Want to win an all expenses paid trip to New York City to hack against HackerOne 1337 and a chance to earn up to 0,000 in bounties? The h1-212 CTF is here!
https://www.hackerone.com/blog/hack-your-way-to-nyc-this-december-for-h1-212
Partager : LinkedIn / Twitter / Facebook / View
Hack The Pentagon Turns One on HackerOne
Great news for U.S. citizens! Over 3,000 valid security vulnerabilities have been resolved with the U.S. Department of Defense's “Hack the Pentagon” hacker-powered security program.
https://www.hackerone.com/blog/hack-the-pentagon-turns-one
Partager : LinkedIn / Twitter / Facebook / View
Hacker-Powered Pen Tests and The Power of More
Traditional pen tests can be expensive, especially those that produce low-hanging fruit results. And even more painful when you pay the same price tag for the low-value pen test report as the report revealing multiple critical vulnerabilities. With hacker-powered penetration testing, on the other hand you tap into more of the best talent, without a huge initial price tag.
https://www.hackerone.com/blog/Hacker-Powered-Pen-Tests-and-The-Power-of-More
Partager : LinkedIn / Twitter / Facebook / View
HackerOne CEO joins Node.js Foundation Board
HackerOne has joined the Node.js Foundation as a member and CEO Marten Mickos has joined its board. Node.js Foundation sat down with Marten to learn more about his vision, mission and why he's passionate about Node.js and the open source community.
https://www.hackerone.com/blog/hackerone-ceo-joins-nodejs-foundation-board
Partager : LinkedIn / Twitter / Facebook / View
XOXO: We Love Coinbase for Loving Bug Bounties
Coinbase just professed their love for bug bounty programs, and it kind of makes us blush. Read all about their program's evolution and how they've paid out more than 5,000 in bounties over the past 5 years.
https://www.hackerone.com/blog/we-love-coinbase-for-loving-bug-bounties
Partager : LinkedIn / Twitter / Facebook / View
Your TL;DR Summary of The CERT Guide to Coordinated Vulnerability Disclosure
The CERT Coordination Center at Carnegie Mellon University's Software Engineering Institute (SEI) recently released The CERT Guide to Coordinated Vulnerability Disclosure. It is an amazingly detailed, clever, and complete guide to explaining the need for coordinated vulnerability disclosure (CVD). We've done our best to give you the cliff notes and even included some additional helpful resources at the end.
https://www.hackerone.com/blog/Your-TLDR-Summary-of-The-CERT-Guide-to-Coordinated-Vulnerability-Disclosure
Partager : LinkedIn / Twitter / Facebook / View
Google wants you to hack their top Android apps
It's a great day to be mobile hacker. Today, Google and HackerOne announced the groundbreaking Google Play Security Reward Program.
https://www.hackerone.com/blog/google-wants-you-to-hack-their-top-android-apps
Partager : LinkedIn / Twitter / Facebook / View
Introducing Security@ San Francisco!
Next week we're kicking off our first conference by and for the hacker-powered security industry. On Tuesday, October 24, 2017, Security@ San Francisco will gather more than 200 security leaders, hackers and industry experts for groundbreaking keynotes, presentations and networking with peers and industry leaders who are paving the way to a safer internet.
https://www.hackerone.com/blog/Introducing-Security-at-San-Francisco
Partager : LinkedIn / Twitter / Facebook / View
Ready or Not, Here Comes GDPR
The European General Data Protection Regulation, better known as GDPR, will take effect on May 25, 2018 and it will radically change how your business manages customer data and security. Read the high-level GDPR info you need to know including three key provisions in GDPR related to security and vulnerability testing.
https://www.hackerone.com/blog/Ready-or-Not-Here-Comes-GDPR
Partager : LinkedIn / Twitter / Facebook / View
Announcing Hack The World 2017
After the success of Hack The World 2016, we're bringing back our annual hacking competition and, thanks to your feedback, have made some great improvements to make it even better than last year.
https://www.hackerone.com/blog/Announcing-Hack-The-World-2017
Partager : LinkedIn / Twitter / Facebook / View
HackerOne Joins Forces with Node.js Foundation to Build a Safer Internet
Open source powers our platform, our community, and is the underpinning of our entire connected society. Node.js developers build the web applications that are responsible for the foundation of our connected world. Because of this, we have a responsibility to help them grow their community, while also empowering them to be more secure.
https://www.hackerone.com/blog/node-js-foundation
Partager : LinkedIn / Twitter / Facebook / View
Better than Cyber Monday: Ecommerce and Retail Edition of The Hacker-Powered Security Report
Is the ecommerce and retail industry a pioneer or a laggard in using hacker-powered efforts in the fight against cyber criminals? And how does your retail company stack up against others in the industry? Find out with this new report, specifically for the ecommerce and retail industry, and using data culled from more than 800 hacker-powered security programs, over million in awarded bounties, and nearly 50,000 resolved security vulnerabilities.
https://www.hackerone.com/blog/hacker-powered-security-report-retail-edition
Partager : LinkedIn / Twitter / Facebook / View
Hacker Q&A with Gerben_Javado: To Share Knowledge is to Gain Knowledge
Twenty-one years old. Full-time college student. Mountain biker. Bounty hunter. That's Gerben Janssen van Doorn, who goes by Gerben_Javado and is ranked ninth on HackerOne's hacker reputation. He's found more than 400 bugs and made ,000 in the past month alone (and that's just on public bugs).
https://www.hackerone.com/blog/q-and-a-with-hacker-gerben-javado
Partager : LinkedIn / Twitter / Facebook / View
Shopify Shares How Hackers Help to Secure B+ in Transactions
Dark Reading's Kelly Sheridan recently sat down with Andrew for a Q&A talking about Ecommerce security and their bug bounty program hosted on HackerOne.
https://www.hackerone.com/blog/shopify-shares-how-hackers-help-secure-40B-in-transactions
Partager : LinkedIn / Twitter / Facebook / View
Hacker Q&A with LEETboy: I bought a car for my mom from bug bounties
A hacker is a superhero who uses his superpower (hacking) to make the world a better place. That's what LEETboy, aka Mohammad Aman Khan, believes (and so do we).
https://www.hackerone.com/blog/hacker-q-and-a-with-leetboy
Partager : LinkedIn / Twitter / Facebook / View
,000,000: Time to split bounties!
We are excited to announce bounty splitting! A feature designed to give back to those other hackers who helped you find that RCE!
https://www.hackerone.com/blog/time-to-split-bounties
Partager : LinkedIn / Twitter / Facebook / View
M in Bounties Paid and 0M In Sight
Over 50,000 vulnerabilities found and fixed. Over 100,000 hackers strong in the HackerOne community. Over million paid in bounties to those who help make the connected world more secure.
https://www.hackerone.com/blog/20M-in-bounties-paid-and-100M-in-sight
Partager : LinkedIn / Twitter / Facebook / View
Celebrating M in Bounties with a Recap of Our Top 20 Up Voted Reports on Hacktivity
In honor of our M in bounties paid out to hackers, we revisit some of the top most up voted reports ever submitted on HackerOne.
https://www.hackerone.com/blog/top-20-upvoted-reports-on-hacktivity
Partager : LinkedIn / Twitter / Facebook / View
Slack Integration 2.0: Notification Filters, Multiple Channels, & Username Mentions
Today we're announcing an enhanced Slack integration which allows teams to customize their HackerOne notifications and support their own unique workflows. The new integration features include: granular notification settings, ability to configure multiple channels, and username mention notifications.
https://www.hackerone.com/blog/slack-integration-update-2
Partager : LinkedIn / Twitter / Facebook / View
What Happens in Vegas...Stays on Hacktivity
H1-702 was HackerOne's second annual live-hacking event held in Las Vegas. It's hosted during Security Summer Camp: Where security teams, hackers, feds, and fans attend the trifecta of events: Black Hat, DEF CON, and BSides Las Vegas.
https://www.hackerone.com/blog/what-happens-in-vegas-stays-on-hacktivity
Partager : LinkedIn / Twitter / Facebook / View
Interview with Hack the Air Force Winner, @CableJ
HackerOne recently sat down with Jack, who found 30 unique valid vulnerabilities during “Hack the Air Force” bug bounty challenge, making him the top hacker for the program.
https://www.hackerone.com/blog/interview-with-hack-the-air-force-winner
Partager : LinkedIn / Twitter / Facebook / View
Key Findings From The Hacker-Powered Security Report: Security Vulnerabilities Worry Companies the Most (6 of 6)
We surveyed our customers to see what their security focus is. Read the summarized data of our survey results that are published in the Hacker-Powered Security Report.
https://www.hackerone.com/blog/Key-Findings-From-The-Hacker-Powered-Security-Report-Security-Vulnerabilities-Worry-Companies-The-Most-6-of-6
Partager : LinkedIn / Twitter / Facebook / View
Capture The Flag Solution: reversing the password
Last week, a mini Capture The Flag (CTF) was posted about a criminal who changed Barry's password. The challenge was to come up with the password the criminal chose. This blog will explain how the CTF could be solved.
https://www.hackerone.com/blog/capture-the-flag-solution-reversing-the-password
Partager : LinkedIn / Twitter / Facebook / View
Vulnerability Disclosure Policy Basics: 5 Critical Components
Vulnerabilities are found every day by security researchers, friendly hackers, customers, academics, journalists, and tech hobbyists. Because no system is entirely free of security issues, it's important to provide an obvious way for external parties to report vulnerabilities.
https://www.hackerone.com/blog/Vulnerability-Disclosure-Policy-Basics-5-Critical-Components
Partager : LinkedIn / Twitter / Facebook / View
Aim High...Find, Fix, Win!
It took just under a minute for hackers to report the first security vulnerability to the U.S. Air Force. Twenty-five days later when the Hack the Air Force bug bounty challenge concluded, 207 valid vulnerabilities had been discovered. Hackers will be awarded more than 0,000 for making the Air Force more secure.
https://www.hackerone.com/blog/hack-the-air-force-results
Partager : LinkedIn / Twitter / Facebook / View
Key Findings From The Hacker-Powered Security Report: Vulnerability Disclosure Policies (5 of 6)
The Hacker-Powered Security Report found that, despite increased bug bounty program adoption and recommendations from federal agencies, 94 percent of the top publicly-traded companies do not have known vulnerability disclosure policies (VDP).
https://www.hackerone.com/blog/Key-Findings-From-The-Hacker-Powered-Security-Report-Vulnerability-Disclosure-Policies-5-of-6
Partager : LinkedIn / Twitter / Facebook / View
5 Hacker-Powered Trends You Need to Know About
For your quick reference, we've distilled the Hacker-Powered Security Report to 5 key trends that show how white-hat hackers are shaping the world of security.
https://www.hackerone.com/blog/5-hacker-powered-trends-you-need-to-know
Partager : LinkedIn / Twitter / Facebook / View
Key Findings From The Hacker-Powered Security Report: Bounty Payments Are Increasing (4 of 6)
As you can imagine, money talks. Better hackers — those with more experience and in-demand skills — go where the money is, and that means organizations that pay more generally get access to the best talent.
https://www.hackerone.com/blog/Key-Findings-From-The-Hacker-Powered-Security-Report-Bounty-Payments-Are-Increasing-4-of-6
Partager : LinkedIn / Twitter / Facebook / View
Security Risk Assessment Report - Key Facts
Our Hacker-Powered Security Report is so chock-full of compelling insights, interesting tidbits, and surprising stats that we decided to distill them down to just the top 100.
https://www.hackerone.com/blog/100-Facts-from-The-Hacker-Powered-Security-Report-2017
Partager : LinkedIn / Twitter / Facebook / View
How to: Recon and Content Discovery
Recon plays a major role while hacking on a program. Recon doesn't always mean to find subdomains belonging to a company, it also could relate to finding out how a company is setting up its properties and what resources they are using.
https://www.hackerone.com/blog/how-to-recon-and-content-discovery
Partager : LinkedIn / Twitter / Facebook / View
Key Findings From The Hacker-Powered Security Report: Responsive Programs Attract Top Hackers (3 of 6)
The Hacker-Powered Security Report found that hackers are overwhelmingly attracted to the programs that are the fastest at acknowledging, validating, and resolving submitted vulnerabilities.
https://www.hackerone.com/blog/Key-Findings-From-The-Hacker-Powered-Security-Report-Security-Responsive-Programs-Attract-Top-Hackers-3-of-6
Partager : LinkedIn / Twitter / Facebook / View
Faster and Better: New Bank Transfer Payment Feature for Hackers
We're happy to announce that we're adding Bank Transfers as a payout option to complement Paypal and Coinbase. This feature will give you the ability to get paid out in 30 different currencies to almost any country in the world.
https://www.hackerone.com/blog/Faster-and-better-New-Bank-Transfer-Payment-Feature-for-Hackers
Partager : LinkedIn / Twitter / Facebook / View
Hey Hackers: We've got your free Burp Suite Professional license right here
Burp Suite is the premier offensive hacking solution, and now when new hackers reach at least a 500 reputation on HackerOne and have a positive signal, they are eligible for 3-months free of Burp Suite Professional.
https://www.hackerone.com/blog/Hey-Hackers-Weve-got-your-free-Burp-Suite-Professional-license-right-here
Partager : LinkedIn / Twitter / Facebook / View
Q&A With @MalwareTechBlog
When he's not reverse engineering malware, Marcus Hutchins (aka @MalwareTechBlog) can be found surfing, partying, or traveling. That's to be expected for any typical 22-year-old, except for the part where he stopped the WannaCry malware outbreak. This is part of his story...
https://www.hackerone.com/blog/Q-and-A-With-Malware-Tech-Blog
Partager : LinkedIn / Twitter / Facebook / View
What is your program's Scope?
We are glad to announce our new functionality for defining Scope! HackerOne's Vulnerability Taxonomy now includes Severity, Weakness type, and Asset.
https://www.hackerone.com/blog/What-is-your-programs-Scope
Partager : LinkedIn / Twitter / Facebook / View
Tor Project Launches Public Bug Bounty Program | Q&A with Tor Browser Team Lead, Georg Koppen
In January 2016, the Tor Project launched its first private bug bounty program on HackerOne. Today the Tor Project announced its public bug bounty program. We sat down with the Tor security team lead, Georg Koppen to learn more about the program, what it means for the industry, and how it fits into Tor's security strategy. See the full Q&A below.
https://www.hackerone.com/blog/Tor-Project-Launches-Public-Bug-Bounty-Program
Partager : LinkedIn / Twitter / Facebook / View
Webinar Recap: Attorneys Chime in on Hacker-Powered Security
To learn more about how legal teams and federal enforcers view hacker-powered security, we asked Megan Brown, partner, and Matthew Gardner, attorney, from the Privacy & Cybersecurity Practice at Wiley Rein LLP, a Washington, DC-based firm to present at our webinar, Invitation to Hack: Vulnerability Disclosure Programs.
https://www.hackerone.com/blog/Webinar-Recap-Attorneys-Chime-in-on-Hacker-Powered-Security
Partager : LinkedIn / Twitter / Facebook / View
Key Findings From The Hacker-Powered Security Report: Security Responsiveness is Improving (2 of 6)
The Hacker-Powered Security Report found that the average time to first response for security issues was 6 days in 2017, compared to 7 days in 2016.
https://www.hackerone.com/blog/Key-Findings-From-The-Hacker-Powered-Security-Report-Security-Responsiveness-Is-Improving-2-of-6
Partager : LinkedIn / Twitter / Facebook / View
HackerOne Black Hat Week Activities- 2017 Edition
Let the countdown begin - Las Vegas awaits patiently for that amazing week of 0-days, conferencing, revelry, and networking. Read on for a quick rundown of what activities HackerOne has got in store for Black Hat week - the 2017 edition
https://www.hackerone.com/blog/HackerOne-Black-Hat-Week-Activities-2017-Edition
Partager : LinkedIn / Twitter / Facebook / View
451 Research Defines 7-Step Roadmap for Hacker-Powered Security Success
One of the top IT research and advisory companies, 451 Research, recently authored a new “pathfinder report” to help decision-makers better understand the value of bug bounties and a compliant vulnerability disclosure process in their overall software security apparatus.
https://www.hackerone.com/blog/451-Research-Defines-7-Step-Roadmap-for-Hacker-Powered-Security-Success
Partager : LinkedIn / Twitter / Facebook / View
Your Grab public bug bounty program is arriving now
Any hackers out there ever hunt for bugs on your mobile phone while riding in a car? Well, now our thousands of hackers in Southeast Asia can do just that - hack and report bugs to Grab, the largest ride-hailing app and payment platform in Southeast Asia.
https://www.hackerone.com/blog/Your-Grab-public-bug-bounty-program-is-arriving-now
Partager : LinkedIn / Twitter / Facebook / View
Key Findings From The Hacker-Powered Security Report: It's Not Just For Tech (1 of 6)
When hacker-powered security is mentioned, you might assume it's a bleeding-edge technique reserved for risk-tolerant tech firms. But incorporating bug bounty programs, working with ethical hackers, and encouraging vulnerability disclosures is being adopted across industries.
https://www.hackerone.com/blog/Key-Findings-From-The-Hacker-Powered-Security-Report-Its-Not-Just-For-Tech-1-of-6
Partager : LinkedIn / Twitter / Facebook / View