FreakOut Malware that Exploits Critical Vulnerabilities in Linux Devices
Check Point Research (CPR) encountered that ongoing attacks involve a new malware variant, called ‘FreakOut.' The purpose behind these attacks is to create an IRC botnet. An IRC botnet is a collection of machines infected with malware that can be controlled remotely via an IRC channel to execute malicious commands. It is used for malicious […]
The post FreakOut Malware that Exploits Critical Vulnerabilities in Linux Devices appeared first on GBHackers On Security.
https://gbhackers.com/freakout-malware-linux/
Partager : LinkedIn / Twitter / Facebook / View
L'Actu
Intel Introduces Hardware-Based Ransomware Detection For Businesses
Given the increasing incidents of ransomware attacks targeting different businesses, Intel has come up with…
Intel Introduces Hardware-Based Ransomware Detection For Businesses on Latest Hacking News.
https://latesthackingnews.com/2021/01/20/intel-introduces-hardware-based-ransomware-detection-for-businesses/
Partager : LinkedIn / Twitter / Facebook / View
IObit Members Targeted With Ransomware After Forum Hacking
IObit members experienced devastating consequences after falling for a supposed phishing scam. As it turns…
IObit Members Targeted With Ransomware After Forum Hacking on Latest Hacking News.
https://latesthackingnews.com/2021/01/20/iobit-members-targeted-with-ransomware-after-forum-hacking/
Partager : LinkedIn / Twitter / Facebook / View
Livecoin Crypto Exchange Shuts Down A Month After Cyber Attack
Roughly a month after having suffered a severe blow from a cyber attack, Livecoin cryptocurrency…
Livecoin Crypto Exchange Shuts Down A Month After Cyber Attack on Latest Hacking News.
https://latesthackingnews.com/2021/01/20/livecoin-crypto-exchange-shuts-down-a-month-after-cyber-attack/
Partager : LinkedIn / Twitter / Facebook / View
Ring Neighbors App Vulnerability Exposed Users' Precise Location Data
A serious security vulnerability has been discovered in the Ring Neighbors app that could leak…
Ring Neighbors App Vulnerability Exposed Users' Precise Location Data on Latest Hacking News.
https://latesthackingnews.com/2021/01/19/ring-neighbors-app-vulnerability-exposed-users-precise-location-data/
Partager : LinkedIn / Twitter / Facebook / View
Malvuln – A Project Dedicated To Highlighting Vulnerabilities Within Malware
Dubbed Malvuln, a new project is up and running that aims at cataloging vulnerabilities in…
Malvuln – A Project Dedicated To Highlighting Vulnerabilities Within Malware on Latest Hacking News.
https://latesthackingnews.com/2021/01/19/malvuln-a-project-dedicated-to-highlighting-vulnerabilities-within-malware/
Partager : LinkedIn / Twitter / Facebook / View
How MSPs can offer secure cloud file storage to their clients
Cloud file security is becoming more and more complex by the day, which makes it…
How MSPs can offer secure cloud file storage to their clients on Latest Hacking News.
https://latesthackingnews.com/2021/01/18/how-msps-can-offer-secure-cloud-file-storage-to-their-clients/
Partager : LinkedIn / Twitter / Facebook / View
3 Challenges of Penetration Testing and How to Solve Them
Penetration tests are one of the best ways of testing your network for vulnerabilities. However,…
3 Challenges of Penetration Testing and How to Solve Them on Latest Hacking News.
https://latesthackingnews.com/2021/01/18/3-challenges-of-penetration-testing-and-how-to-solve-them/
Partager : LinkedIn / Twitter / Facebook / View
Latest Surveillance Tech Relies More On Computers Than Humans
Around the world technology used for surveillance is expanding and developing at a rapid rate.…
Latest Surveillance Tech Relies More On Computers Than Humans on Latest Hacking News.
https://latesthackingnews.com/2021/01/18/latest-surveillance-tech-relies-more-on-computers-than-humans/
Partager : LinkedIn / Twitter / Facebook / View
Multiple Security Vulnerabilities Found In FiberHome Routers
A security researcher has found numerous security vulnerabilities in FiberHome routers. Some of these vulnerabilities…
Multiple Security Vulnerabilities Found In FiberHome Routers on Latest Hacking News.
https://latesthackingnews.com/2021/01/18/multiple-security-vulnerabilities-found-in-fiberhome-routers/
Partager : LinkedIn / Twitter / Facebook / View
Ring Rolls Out Video End-to-End Encryption To Consumers As Technical Preview
The smart doorbells powered by Amazon, Ring, has finally taken a step towards better consumer…
Ring Rolls Out Video End-to-End Encryption To Consumers As Technical Preview on Latest Hacking News.
https://latesthackingnews.com/2021/01/18/ring-rolls-out-video-end-to-end-encryption-to-consumers-as-technical-preview/
Partager : LinkedIn / Twitter / Facebook / View
Google Details Patched Bugs in Signal, FB Messenger, JioChat Apps
In January 2019, a critical flaw was reported in Apple's FaceTime group chats feature that made it possible for users to initiate a FaceTime video call and eavesdrop on targets by adding their own number as a third person in a group chat even before the person on the other end accepted the incoming call.
The vulnerability was deemed so severe that the iPhone maker removed the FaceTime group
https://thehackernews.com/2021/01/google-discloses-flaws-in-signal-fb.html
Partager : LinkedIn / Twitter / Facebook / View
SolarWinds Hackers Also Breached Malwarebytes Cybersecurity Firm
Malwarebytes on Tuesday said it was breached by the same group who broke into SolarWinds to access some of its internal emails, making it the fourth major cybersecurity vendor to be targeted after FireEye, Microsoft, and CrowdStrike.
The company said its intrusion was not the result of a SolarWinds compromise, but rather due to a separate initial access vector that works by "abusing applications
https://thehackernews.com/2021/01/solarwinds-hackers-also-breached.html
Partager : LinkedIn / Twitter / Facebook / View
Researchers Discover Raindrop — 4th Malware Linked to the SolarWinds Attack
Cybersecurity researchers have unearthed a fourth new malware strain—designed to spread the malware onto other computers in victims' networks—which was deployed as part of the SolarWinds supply chain attack disclosed late last year.
Dubbed "Raindrop" by Broadcom-owned Symantec, the malware joins the likes of other malicious implants such as Sunspot, Sunburst (or Solorigate), and Teardrop that
https://thehackernews.com/2021/01/researchers-discover-raindrop-4th.html
Partager : LinkedIn / Twitter / Facebook / View
A Set of Severe Flaws Affect Popular DNSMasq DNS Forwarder
Cybersecurity researchers have uncovered multiple vulnerabilities in Dnsmasq, a popular open-source software used for caching Domain Name System (DNS) responses, thereby potentially allowing an adversary to mount DNS cache poisoning attacks and remotely execute malicious code.
The seven flaws, collectively called "DNSpooq" by Israeli research firm JSOF, echoes previously disclosed weaknesses in
https://thehackernews.com/2021/01/a-set-of-severe-flaws-affect-popular.html
Partager : LinkedIn / Twitter / Facebook / View
New Educational Video Series for CISOs with Small Security Teams
Cybersecurity is hard. For a CISO that faces the cyber threat landscape with a small security team, the challenge is compounded.
Compared to CISOs at large enterprises, CISOs small to medium-sized enterprises (SMEs) have smaller teams with less expertise, smaller budgets for technology and outside services, and are more involved in day-to-day protection activities.
CISOs at SMEs are
https://thehackernews.com/2021/01/new-educational-video-series-for-cisos.html
Partager : LinkedIn / Twitter / Facebook / View
FreakOut! Ongoing Botnet Attack Exploiting Recent Linux Vulnerabilities
An ongoing malware campaign has been found exploiting recently disclosed vulnerabilities in network-attached storage (NAS) devices running on Linux systems to co-opt the machines into an IRC botnet for launching distributed denial-of-service (DDoS) attacks and mining Monero cryptocurrency.
The attacks deploy a new malware variant called "FreakOut" by leveraging critical flaws fixed in Laminas
https://thehackernews.com/2021/01/freakout-ongoing-botnet-attack.html
Partager : LinkedIn / Twitter / Facebook / View
Apple Removes macOS Feature That Allowed Apps to Bypass Firewall Security
Apple has removed a controversial feature from its macOS operating system that allowed the company's own first-party apps to bypass content filters, VPNs, and third-party firewalls.
Called "ContentFilterExclusionList," it included a list of as many as 50 Apple apps like iCloud, Maps, Music, FaceTime, HomeKit, the App Store, and its software update service that were routed through Network
https://thehackernews.com/2021/01/apple-removes-macos-feature-that.html
Partager : LinkedIn / Twitter / Facebook / View
WhatsApp Delays Controversial 'Data-Sharing' Privacy Policy Update By 3 Months
WhatsApp said on Friday that it wouldn't enforce its recently announced controversial data sharing policy update until May 15.
Originally set to go into effect next month on February 8, the three-month delay comes following "a lot of misinformation" about a revision to its privacy policy that allows WhatsApp to share data with Facebook, sparking widespread concerns about the exact kind of
https://thehackernews.com/2021/01/whatsapp-delays-controversial-data.html
Partager : LinkedIn / Twitter / Facebook / View
NSA Suggests Enterprises Use 'Designated' DNS-over-HTTPS' Resolvers
The U.S. National Security Agency (NSA) on Friday said DNS over HTTPS (DoH) — if configured appropriately in enterprise environments — can help prevent "numerous" initial access, command-and-control, and exfiltration techniques used by threat actors.
"DNS over Hypertext Transfer Protocol over Transport Layer Security (HTTPS), often referred to as DNS over HTTPS (DoH), encrypts DNS requests by
https://thehackernews.com/2021/01/nsa-suggests-enterprises-use-designated.html
Partager : LinkedIn / Twitter / Facebook / View
Joker's Stash, The Largest Carding Marketplace, Announces Shutdown
Joker's Stash, the largest dark web marketplace notorious for selling compromised payment card data, has announced plans to shut down its operations on February 15, 2021.
In a message board post on a Russian-language underground cybercrime forum, the operator of the site — who goes by the name "JokerStash" — said "it's time for us to leave forever" and that "we will never ever open again,"
https://thehackernews.com/2021/01/jokers-stash-largest-carding.html
Partager : LinkedIn / Twitter / Facebook / View
Researchers Disclose Undocumented Chinese Malware Used in Recent Attacks
Cybersecurity researchers have disclosed a series of attacks by a threat actor of Chinese origin that has targeted organizations in Russia and Hong Kong with malware — including a previously undocumented backdoor.
Attributing the campaign to Winnti (or APT41), Positive Technologies dated the first attack to May 12, 2020, when the APT used LNK shortcuts to extract and run the malware payload. A
https://thehackernews.com/2021/01/researchers-disclose-undocumented.html
Partager : LinkedIn / Twitter / Facebook / View
Experts Uncover Malware Attacks Against Colombian Government and Companies
Cybersecurity researchers took the wraps off an ongoing surveillance campaign directed against Colombian government institutions and private companies in the energy and metallurgical industries.
In a report published by ESET on Tuesday, the Slovak internet security company said the attacks — dubbed "Operation Spalax" — began in 2020, with the modus operandi sharing some similarities to an APT
https://thehackernews.com/2021/01/experts-uncover-malware-attacks-against.html
Partager : LinkedIn / Twitter / Facebook / View
Intel Adds Hardware-Enabled Ransomware Detection to 11th Gen vPro Chips
Intel and Cybereason have partnered to build anti-ransomware defenses into the chipmaker's newly announced 11th generation Core vPro business-class processors.
The hardware-based security enhancements are baked into Intel's vPro platform via its Hardware Shield and Threat Detection Technology (TDT), enabling profiling and detection of ransomware and other threats that have an impact on the CPU
https://thehackernews.com/2021/01/intel-adds-hardware-enabled-ransomware.html
Partager : LinkedIn / Twitter / Facebook / View
Buyer's Guide for Securing Internal Environment with a Small Cybersecurity Team
Ensuring the cybersecurity of your internal environment when you have a small security team is challenging. If you want to maintain the highest security level with a small team, your strategy has to be 'do more with less,' and with the right technology, you can leverage your team and protect your internal environment from breaches.
The "buyer's guide for securing the internal environment with a
https://thehackernews.com/2021/01/buyers-guide-for-securing-internal.html
Partager : LinkedIn / Twitter / Facebook / View
Authorities Take Down World's Largest Illegal Dark Web Marketplace
Europol on Tuesday said it shut down DarkMarket, the world's largest online marketplace for illicit goods, as part of an international operation involving Germany, Australia, Denmark, Moldova, Ukraine, the U.K.'s National Crime Agency (NCA), and the U.S. Federal Bureau of Investigation (FBI).
At the time of closure, DarkMarket is believed to have had 500,000 users and more than 2,400 vendors,
https://thehackernews.com/2021/01/authorities-take-down-worlds-largest.html
Partager : LinkedIn / Twitter / Facebook / View
Hackers Steal Mimecast Certificate Used to Securely Connect with Microsoft 365
Mimecast said on Tuesday that "a sophisticated threat actor" had compromised a digital certificate it provided to certain customers to securely connect its products to Microsoft 365 (M365) Exchange.
The discovery was made after the breach was notified by Microsoft, the London-based company said in an alert posted on its website, adding it's reached out to the impacted organizations to remediate
https://thehackernews.com/2021/01/hackers-steal-mimecast-certificate-used.html
Partager : LinkedIn / Twitter / Facebook / View
Microsoft Issues Patches for Defender Zero-Day and 82 Other Windows Flaws
For the first patch Tuesday of 2021, Microsoft released security updates addressing a total of 83 flaws spanning as many as 11 products and services, including an actively exploited zero-day vulnerability.
The latest security patches cover Microsoft Windows, Edge browser, ChakraCore, Office and Microsoft Office Services, and Web Apps, Visual Studio, Microsoft Malware Protection Engine, .NET Core
https://thehackernews.com/2021/01/microsoft-issues-patches-for-defender.html
Partager : LinkedIn / Twitter / Facebook / View
Warning — 5 New Trojanized Android Apps Spying On Users In Pakistan
Cybersecurity researchers took the wraps off a new spyware operation targeting users in Pakistan that leverages trojanized versions of legitimate Android apps to carry out covert surveillance and espionage.
Designed to masquerade apps such as the Pakistan Citizen Portal, a Muslim prayer-clock app called Pakistan Salat Time, Mobile Packages Pakistan, Registered SIMs Checker, and TPL Insurance,
https://thehackernews.com/2021/01/warning-5-new-trojanized-android-apps.html
Partager : LinkedIn / Twitter / Facebook / View
Experts Sound Alarm On New Android Malware Sold On Hacking Forums
Cybersecurity researchers have exposed the operations of an Android malware vendor who teamed up with a second threat actor to market and sell a remote access Trojan (RAT) capable of device takeover and exfiltration of photos, locations, contacts, and messages from popular apps such as Facebook, Instagram, WhatsApp, Skype, Telegram, Kik, Line, and Google Messages.
The vendor, who goes by the
https://thehackernews.com/2021/01/experts-sound-alarm-on-new-android.html
Partager : LinkedIn / Twitter / Facebook / View
Unveiled: SUNSPOT Malware Was Used to Inject SolarWinds Backdoor
As the investigation into the SolarWinds supply-chain attack continues, cybersecurity researchers have disclosed a third malware strain that was deployed into the build environment to inject the backdoor into the company's Orion network monitoring platform.
Called "Sunspot," the malignant tool adds to a growing list of previously disclosed malicious software such as Sunburst and Teardrop.
"This
https://thehackernews.com/2021/01/unveiled-sunspot-malware-was-used-to.html
Partager : LinkedIn / Twitter / Facebook / View
Researchers Find Links Between Sunburst and Russian Kazuar Malware
Cybersecurity researchers, for the first time, may have found a potential connection between the backdoor used in the SolarWinds hack to a previously known malware strain.
In new research published by Kaspersky researchers today, the cybersecurity firm said it discovered several features that overlap with another backdoor known as Kazuar, a .NET-based malware first documented by Palo Alto
https://thehackernews.com/2021/01/researchers-find-links-between-sunburst.html
Partager : LinkedIn / Twitter / Facebook / View
Russian Hacker Gets 12-Years Prison for Massive JP Morgan Chase Hack
A U.S. court on Thursday sentenced a 37-year-old Russian to 12 years in prison for perpetrating an international hacking campaign that resulted in the heist of a trove of personal information from several financial institutions, brokerage firms, financial news publishers, and other American companies.
Andrei Tyurin was charged with computer intrusion, wire fraud, bank fraud, and illegal online
https://thehackernews.com/2021/01/russian-hacker-gets-12-years-prison-for.html
Partager : LinkedIn / Twitter / Facebook / View
New Attack Could Let Hackers Clone Your Google Titan 2FA Security Keys
Hardware security keys—such as those from Google and Yubico—are considered the most secure means to protect accounts from phishing and takeover attacks.
But a new research published on Thursday demonstrates how an adversary in possession of such a two-factor authentication (2FA) device can clone it by exploiting an electromagnetic side-channel in the chip embedded in it.
The vulnerability (
https://thehackernews.com/2021/01/new-attack-could-let-hackers-clone-your.html
Partager : LinkedIn / Twitter / Facebook / View
ALERT: North Korean hackers targeting South Korea with RokRat Trojan
A North Korean hacking group has been found deploying the RokRat Trojan in a new spear-phishing campaign targeting the South Korean government.
Attributing the attack to APT37 (aka Starcruft, Ricochet Chollima, or Reaper), Malwarebytes said it identified a malicious document last December that, when opened, executes a macro in memory to install the aforementioned remote access tool (RAT).
"The
https://thehackernews.com/2021/01/alert-north-korean-hackers-targeting.html
Partager : LinkedIn / Twitter / Facebook / View
How Does Your AD Password Policy Compare to NIST's Password Recommendations?
End-user passwords are one of the weakest components of your overall security protocols. Most users tend to reuse passwords across work and personal accounts.
They may also choose relatively weak passwords that satisfy company password policies but can be easily guessed or brute-forced. Your users may also inadvertently use breached passwords for their corporate account password.
The National
https://thehackernews.com/2021/01/creating-strong-password-policy-with.html
Partager : LinkedIn / Twitter / Facebook / View
FBI warns of voice phishing attacks stealing corporate credentials
Criminals coax employees into handing over their access credentials and use the login data to burrow deep into corporate networks
The post FBI warns of voice phishing attacks stealing corporate credentials appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/01/19/fbi-warns-voice-phishing-attacks-stealing-corporate-credentials/
Partager : LinkedIn / Twitter / Facebook / View
WhatsApp delays privacy policy update after confusion, backlash
Millions of people flock to Signal and Telegram as WhatsApp scrambles to assuage users' concerns
The post WhatsApp delays privacy policy update after confusion, backlash appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/01/18/whatsapp-delays-privacy-policy-update/
Partager : LinkedIn / Twitter / Facebook / View
Week in security with Tony Anscombe
ESET research dissects targeted malware attacks in Colombia – What parents hope to get out of parental controls – Privacy risks of new mesh Wi-Fi routers
The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
https://www.welivesecurity.com/videos/week-security-tony-anscombe-107/
Partager : LinkedIn / Twitter / Facebook / View
What's your attitude to parental controls?
Nobody said parenting was easy, but in the digital age it comes with a whole slew of new challenges. How do parents view the role of parental monitoring in children's online safety?
The post What's your attitude to parental controls? appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/01/15/whats-your-attitude-parental-controls/
Partager : LinkedIn / Twitter / Facebook / View
CES 2021: Car spying – your insurance company is watching you
Your ‘networked computer on wheels' has a privacy problem – when it comes to your data, you may not really be in the driver's seat
The post CES 2021: Car spying – your insurance company is watching you appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/01/14/ces-2021-car-spying-insurance-company-watching/
Partager : LinkedIn / Twitter / Facebook / View
Hackers leak stolen COVID‑19 vaccine documents
The documents related to COVID-19 vaccine and medications were stolen from the EU's medicines agency last month
The post Hackers leak stolen COVID‑19 vaccine documents appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/01/13/covid19-vaccine-documents-leaked/
Partager : LinkedIn / Twitter / Facebook / View
CES 2021: Router swarms invade your home (and know where you are)
New mesh Wi-Fi routers may be the answer to your wireless signal woes, but how about your privacy and security?
The post CES 2021: Router swarms invade your home (and know where you are) appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/01/13/ces-2021-router-swarms-invade-home/
Partager : LinkedIn / Twitter / Facebook / View
Operation Spalax: Targeted malware attacks in Colombia
ESET researchers uncover attacks targeting Colombian government institutions and private companies, especially from the energy and metallurgical industries
The post Operation Spalax: Targeted malware attacks in Colombia appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/01/12/operation-spalax-targeted-malware-attacks-colombia/
Partager : LinkedIn / Twitter / Facebook / View
5 common scams and how to avoid them
Fraudsters are quick to exploit current events for their own gain, but many schemes do the rounds regardless of what's making the news. Here are 5 common scams you should look out for.
The post 5 common scams and how to avoid them appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/01/11/5-common-scams-how-avoid-them/
Partager : LinkedIn / Twitter / Facebook / View
Week in security with Tony Anscombe
Watch out for a new PayPal smishing campaign – Employee login credentials up for sale – WhatsApp to share more data with Facebook
The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
https://www.welivesecurity.com/videos/week-security-tony-anscombe-106/
Partager : LinkedIn / Twitter / Facebook / View
Chrome, Firefox updates fix severe security bugs
Successful exploitation of some of these flaws could allow attackers to take control of vulnerable systems
The post Chrome, Firefox updates fix severe security bugs appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/01/08/chrome-firefox-updates-fix-severe-security-bugs/
Partager : LinkedIn / Twitter / Facebook / View
WhatsApp updates privacy policy to enable sharing more data with Facebook
Many users have until February 8 to accept the new rules – or else lose access to the app
The post WhatsApp updates privacy policy to enable sharing more data with Facebook appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/01/07/whatsapp-updates-privacy-policy-share-user-data-facebook/
Partager : LinkedIn / Twitter / Facebook / View
Stolen employee credentials put leading gaming firms at risk
It's hardly fun and games for top gaming companies and their customers as half a million employee credentials turn up for sale on the dark web
The post Stolen employee credentials put leading gaming firms at risk appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/01/05/breached-employee-credentials-gaming-companies/
Partager : LinkedIn / Twitter / Facebook / View
PayPal users targeted in new SMS phishing campaign
The scam starts with a text warning victims of suspicious activity on their accounts
The post PayPal users targeted in new SMS phishing campaign appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/01/04/paypal-users-targeted-new-sms-phishing-campaign/
Partager : LinkedIn / Twitter / Facebook / View
Would you take the bait? Take our phishing quiz to find out!
Is the message real or fake? Take our Phishing Derby quiz to find out how much you know about phishing.
The post Would you take the bait? Take our phishing quiz to find out! appeared first on WeLiveSecurity
https://www.welivesecurity.com/2020/12/31/would-you-take-bait-phishing-quiz/
Partager : LinkedIn / Twitter / Facebook / View
New warning issued over COVID‑19 vaccine fraud, cyberattacks
Cybercriminals look to cash in on the vaccine rollout, including by falsely offering to help people jump the line
The post New warning issued over COVID‑19 vaccine fraud, cyberattacks appeared first on WeLiveSecurity
https://www.welivesecurity.com/2020/12/31/new-warning-covid19-vaccine-fraud-cyberattacks/
Partager : LinkedIn / Twitter / Facebook / View
21 arrested after allegedly using stolen logins to commit fraud
UK police also give some food for thought to those on the verge of breaking the law
The post 21 arrested after allegedly using stolen logins to commit fraud appeared first on WeLiveSecurity
https://www.welivesecurity.com/2020/12/29/21-arrested-stolen-logins-fraud/
Partager : LinkedIn / Twitter / Facebook / View
Smart tech gifts: How to keep your kids and family safe
Cyberthreats can take the fun out of connected gadgets – here's how to make sure your children enjoy the tech without putting themselves or their family at risk
The post Smart tech gifts: How to keep your kids and family safe appeared first on WeLiveSecurity
https://www.welivesecurity.com/2020/12/25/smart-tech-gifts-how-keep-children-family-safe/
Partager : LinkedIn / Twitter / Facebook / View
7 ways malware can get into your device
You know that malware is bad, but are you also aware of the various common ways in which it can infiltrate your devices?
The post 7 ways malware can get into your device appeared first on WeLiveSecurity
https://www.welivesecurity.com/2020/12/23/7-ways-malware-can-get-your-device/
Partager : LinkedIn / Twitter / Facebook / View
Cybersecurity Advent calendar: Stay aware, stay safe!
When it comes to holiday gifts, surprise and wonder are always welcome. When it comes to protecting your security, however, you don't want to leave anything to chance.
The post Cybersecurity Advent calendar: Stay aware, stay safe! appeared first on WeLiveSecurity
https://www.welivesecurity.com/2020/12/21/cybersecurity-advent-calendar-stay-aware-safe/
Partager : LinkedIn / Twitter / Facebook / View
Week in security with Tony Anscombe
Supply‑chain attack against a certification authority in Southeast Asia – Holiday online… Safely! – Scammers targeting PayPal users
The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
https://www.welivesecurity.com/videos/week-security-tony-anscombe-105/
Partager : LinkedIn / Twitter / Facebook / View
Operation SignSight: Supply‑chain attack against a certification authority in Southeast Asia
ESET researchers have uncovered a supply-chain attack on the website of a government in Southeast Asia.
The post Operation SignSight: Supply‑chain attack against a certification authority in Southeast Asia appeared first on WeLiveSecurity
https://www.welivesecurity.com/2020/12/17/operation-signsight-supply-chain-attack-southeast-asia/
Partager : LinkedIn / Twitter / Facebook / View
Cybersecurity Advent calendar: Stay close to one another… Safely!
This year, many of us will be celebrating Christmas with our loved ones virtually, however we shouldn't underestimate the value of securing our online communication.
The post Cybersecurity Advent calendar: Stay close to one another… Safely! appeared first on WeLiveSecurity
https://www.welivesecurity.com/2020/12/16/cybersecurity-advent-calendar-stay-close-safely/
Partager : LinkedIn / Twitter / Facebook / View
Medical scans of millions of patients exposed online
Other leaked data included a range of personal information such as names, addresses and personal healthcare information.
The post Medical scans of millions of patients exposed online appeared first on WeLiveSecurity
https://www.welivesecurity.com/2020/12/15/medical-scans-exposed-online/
Partager : LinkedIn / Twitter / Facebook / View
How scammers target PayPal users and how you can stay safe
What are some common ploys targeting PayPal users? Here's what you should watch out for when using the popular payment service.
The post How scammers target PayPal users and how you can stay safe appeared first on WeLiveSecurity
https://www.welivesecurity.com/2020/12/14/how-scammers-target-paypal-users-stay-safe/
Partager : LinkedIn / Twitter / Facebook / View
Week in security with Tony Anscombe
ESET research uncovers Operation StealthyTrident – Security flaws in trading apps – IRS expands its Identity Protection PIN program
The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
https://www.welivesecurity.com/videos/week-security-tony-anscombe-104/
Partager : LinkedIn / Twitter / Facebook / View
Is your trading app putting your money at risk?
A Q&A with security researcher Alejandro Hernández, who has unearthed a long list of vulnerabilities in leading trading platforms that may expose their users to a host of security and privacy risks
The post Is your trading app putting your money at risk? appeared first on WeLiveSecurity
https://www.welivesecurity.com/2020/12/11/is-your-trading-app-putting-money-risk/
Partager : LinkedIn / Twitter / Facebook / View
Cybersecurity Advent calendar: Tips for buying gifts and not receiving coal
While shopping for the perfect presents, be on the lookout for naughty cybercriminals trying to ruin your Christmas cheer by tricking you out of both gifts and money
The post Cybersecurity Advent calendar: Tips for buying gifts and not receiving coal appeared first on WeLiveSecurity
https://www.welivesecurity.com/2020/12/10/cybersecurity-advent-calendar-buying-gifts/
Partager : LinkedIn / Twitter / Facebook / View
Operation StealthyTrident: corporate software under attack
LuckyMouse, TA428, HyperBro, Tmanger and ShadowPad linked in Mongolian supply-chain attack
The post Operation StealthyTrident: corporate software under attack appeared first on WeLiveSecurity
https://www.welivesecurity.com/2020/12/10/luckymouse-ta428-compromise-able-desktop/
Partager : LinkedIn / Twitter / Facebook / View
Microsoft Patch Tuesday fixes 58 flaws
The last Patch Tuesday of the year brings another fresh batch of fixes for Microsoft products and while the number may be lower the patches are no less important.
The post Microsoft Patch Tuesday fixes 58 flaws appeared first on WeLiveSecurity
https://www.welivesecurity.com/2020/12/09/microsoft-patch-tuesday/
Partager : LinkedIn / Twitter / Facebook / View
The Internal Revenue Service expands identity protection to all tax‑payers
Starting mid-January, U.S. tax-payers will be able to enroll in the Identity Protection PIN program that was previously available only to certain users.
The post The Internal Revenue Service expands identity protection to all tax‑payers appeared first on WeLiveSecurity
https://www.welivesecurity.com/2020/12/08/the-internal-revenue-service-expands-identity-protection-to-all-tax-payers/
Partager : LinkedIn / Twitter / Facebook / View
Google patches four high‑severity flaws in Chrome
The new release patches a total of eight vulnerabilities affecting the desktop versions of the popular browser.
The post Google patches four high‑severity flaws in Chrome appeared first on WeLiveSecurity
https://www.welivesecurity.com/2020/12/07/google-patches-high-severity-flaws-chrome/
Partager : LinkedIn / Twitter / Facebook / View
Week in security with Tony Anscombe
ESET researchers analyze Turla Crutch, Cybersecurity Trends 2021 report is out and how to stay safe when paying with your phone.
The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
https://www.welivesecurity.com/videos/week-security-tony-anscombe-103/
Partager : LinkedIn / Twitter / Facebook / View
Cybersecurity Advent calendar: Let Santa in, keep hackers out!
Santa will soon come down the chimney, but there are potential entry points into your home and digital life that you should never leave open
The post Cybersecurity Advent calendar: Let Santa in, keep hackers out! appeared first on WeLiveSecurity
https://www.welivesecurity.com/2020/12/04/cybersecurity-advent-calendar-let-santa-in-keep-hackers-out/
Partager : LinkedIn / Twitter / Facebook / View
iPhone hack allowed device takeover via Wi‑Fi
Using a zero-click exploit, an attacker could have taken complete control of any iPhone within Wi-Fi range in seconds
The post iPhone hack allowed device takeover via Wi‑Fi appeared first on WeLiveSecurity
https://www.welivesecurity.com/2020/12/03/iphone-hack-device-takeover-wifi/
Partager : LinkedIn / Twitter / Facebook / View
Cybersecurity Trends 2021: Staying secure in uncertain times
ESET experts look back at some of the key themes that defined the cybersecurity landscape in the year that's ending and give their takes on what to expect in 2021
The post Cybersecurity Trends 2021: Staying secure in uncertain times appeared first on WeLiveSecurity
https://www.welivesecurity.com/2020/12/03/cybersecurity-trends-2021-staying-secure-uncertain-times/
Partager : LinkedIn / Twitter / Facebook / View
Turla Crutch: Keeping the “back door” open
ESET researchers discover a new backdoor used by Turla to exfiltrate stolen documents to Dropbox
The post Turla Crutch: Keeping the “back door” open appeared first on WeLiveSecurity
https://www.welivesecurity.com/2020/12/02/turla-crutch-keeping-back-door-open/
Partager : LinkedIn / Twitter / Facebook / View
Cyberattackers could trick scientists into producing dangerous substances
Without ever setting foot in the lab, a threat actor could dupe DNA researchers into creating pathogens, according to a study describing "an end-to-end cyber-biological attack"
The post Cyberattackers could trick scientists into producing dangerous substances appeared first on WeLiveSecurity
https://www.welivesecurity.com/2020/12/01/cyberattackers-could-trick-scientists-producing-toxins/
Partager : LinkedIn / Twitter / Facebook / View
Mobile payment apps: How to stay safe when paying with your phone
Are mobile payments and digital wallets safe? Are the apps safer than credit cards? What are the main risks? Here's what to know.
The post Mobile payment apps: How to stay safe when paying with your phone appeared first on WeLiveSecurity
https://www.welivesecurity.com/2020/11/30/mobile-payment-apps-how-stay-safe-paying-phone/
Partager : LinkedIn / Twitter / Facebook / View
Week in security with Tony Anscombe
Is your smart doorbell putting you at risk of cyberattacks? – Spotify accounts hijacked en masse – Staying safe from SIM swapping
The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
https://www.welivesecurity.com/videos/week-security-tony-anscombe-102/
Partager : LinkedIn / Twitter / Facebook / View
Europol and partners thwart massive credit card fraud scheme
The operation was carried out against fraudsters trying to monetize stolen credit card data on the internet's seedy underbelly
The post Europol and partners thwart massive credit card fraud scheme appeared first on WeLiveSecurity
https://www.welivesecurity.com/2020/11/27/europol-partners-thwart-credit-card-fraud-scheme/
Partager : LinkedIn / Twitter / Facebook / View
FBI warns of threat actors spoofing Bureau domains, email accounts
The U.S. law enforcement agency shares a sampling of more than 90 spoofed FBI-related domains registered recently
The post FBI warns of threat actors spoofing Bureau domains, email accounts appeared first on WeLiveSecurity
https://www.welivesecurity.com/2020/11/26/fbi-warning-domains-spoofing-websites/
Partager : LinkedIn / Twitter / Facebook / View
SIM swap scam: What it is and how to protect yourself
Here's what to know about attacks where a fraudster has your number, literally and otherwise
The post SIM swap scam: What it is and how to protect yourself appeared first on WeLiveSecurity
https://www.welivesecurity.com/2020/11/26/sim-swap-scam-what-it-is-how-protect-yourself/
Partager : LinkedIn / Twitter / Facebook / View
Up to 350,000 Spotify accounts hacked in credential stuffing attacks
This won't be music to your ears – researchers spot an unsecured database replete with records used for an account hijacking spree
The post Up to 350,000 Spotify accounts hacked in credential stuffing attacks appeared first on WeLiveSecurity
https://www.welivesecurity.com/2020/11/24/350000-spotify-accounts-hacked-credential-stuffing-attacks/
Partager : LinkedIn / Twitter / Facebook / View
Security flaws in smart doorbells may open the door to hackers
The peace of mind that comes with connected home security gear may be false – your smart doorbell may make an inviting target for unwanted visitors
The post Security flaws in smart doorbells may open the door to hackers appeared first on WeLiveSecurity
https://www.welivesecurity.com/2020/11/23/security-flaws-smart-doorbells-open-door-hackers/
Partager : LinkedIn / Twitter / Facebook / View
Week in security with Tony Anscombe
Lazarus takes aim at South Korea via an unusual supply-chain attack – The harsh reality of poor passwords – Bumble bitten by bugs
The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
https://www.welivesecurity.com/videos/week-security-tony-anscombe-101/
Partager : LinkedIn / Twitter / Facebook / View
5 takeaways from the 2020 (ISC)2 Cybersecurity Workforce Study
From the impact of the pandemic on cybersecurity careers to workers' job satisfaction, the report offers a number of interesting findings
The post 5 takeaways from the 2020 (ISC)<sup>2</sup> Cybersecurity Workforce Study appeared first on WeLiveSecurity
https://www.welivesecurity.com/2020/11/20/5-takeaways-2020-cybersecurity-workforce-study/
Partager : LinkedIn / Twitter / Facebook / View
The worst passwords of 2020: Is it time to change yours?
They're supremely easy to remember, as well as easy to crack. Here's how to improve your password security.
The post The worst passwords of 2020: Is it time to change yours? appeared first on WeLiveSecurity
https://www.welivesecurity.com/2020/11/19/worst-passwords-2020-is-it-time-change-yours/
Partager : LinkedIn / Twitter / Facebook / View
Bumble bugs could have exposed personal data of all users
The information at risk of theft due to API flaws included people's pictures, locations, dating preferences and Facebook data
The post Bumble bugs could have exposed personal data of all users appeared first on WeLiveSecurity
https://www.welivesecurity.com/2020/11/18/bumble-bugs-exposure-personal-data-all-users/
Partager : LinkedIn / Twitter / Facebook / View
Lazarus supply‑chain attack in South Korea
ESET researchers uncover a novel Lazarus supply-chain attack leveraging WIZVERA VeraPort software
The post Lazarus supply‑chain attack in South Korea appeared first on WeLiveSecurity
https://www.welivesecurity.com/2020/11/16/lazarus-supply-chain-attack-south-korea/
Partager : LinkedIn / Twitter / Facebook / View
Hacker Spotlight: Interview with samengmg
Read about @samengmg and his self-taught bug bounty experience hacking the Singaporean government and huge global corporations.
https://www.hackerone.com/blog/hacker-spotlight-interview-samengmg
Partager : LinkedIn / Twitter / Facebook / View
LINE on Securing the Application Development Lifecycle with Bug Bounties
HackerOne has a large hacker community and the platform necessary to operate LINE's bug bounty program. By using HackerOne's platform and welcoming the community, LINE can increase operational efficiency. Through the partnership with HackerOne, we can share new bugs and learn from the vulnerability trends on the Platform while also getting a guide that helps us create a successful bug bounty program.
https://www.hackerone.com/blog/line-securing-application-development-lifecycle-bug-bounties
Partager : LinkedIn / Twitter / Facebook / View
What Years of AWS Hacking Tells Us About Building Secure Apps
Years of AWS bug bounties have exposed SSRF vulnerabilities, misconfigurations, and dangling DNS records. What can we learn from these vulnerabilities about mitigating risk?
https://www.hackerone.com/blog/what-years-aws-hacking-tell-us-about-building-secure-apps
Partager : LinkedIn / Twitter / Facebook / View
Hacker Spotlight: Interview with jin0ne
We kick off this year's hacker spotlight with @jin0ne from Shanghai with over 200 valid vulnerabilities submitted. Read more about him in this newest blog post.
https://www.hackerone.com/blog/hacker-spotlight-interview-jin0ne
Partager : LinkedIn / Twitter / Facebook / View
Hacker Spotlight: Interview with benteveo
From developer to founder, father and hacker, read about this week's hacker spotlight on @benteveo.
https://www.hackerone.com/blog/hacker-spotlight-interview-benteveo
Partager : LinkedIn / Twitter / Facebook / View
Grab Celebrates 5 Years on HackerOne
"Just five years ago, leading rideshare, food delivery, and payments company Grab, became one of the first companies in Southeast Asia to implement a hacker-powered security program. In just three years Grab became one of the Top 20 bug bounty programs on HackerOne worldwide."
https://www.hackerone.com/blog/grab-celebrates-5-years-hackerone
Partager : LinkedIn / Twitter / Facebook / View
HackerOne Policies Update
HackerOne's Policies Received Updates - check them out now!
https://www.hackerone.com/blog/hackerone-policies-update
Partager : LinkedIn / Twitter / Facebook / View
The World's Largest Live Hacking Event
HackerOne and The Paranoids partnered to bring you the largest live hacking event in the world
https://www.hackerone.com/blog/worlds-largest-live-hacking-event
Partager : LinkedIn / Twitter / Facebook / View
Hacker Spotlight: Interview with tolo7010
Tolo7010 takes the hacker spotlight this week - learn about his story.
https://www.hackerone.com/blog/hacker-spotlight-interview-tolo7010
Partager : LinkedIn / Twitter / Facebook / View
Quantifying Risk: How do you measure success in security?
When your job is all about avoiding costly incidents and mistakes, it's hard to put a dollar value on your work. At HackerOne's recent Security@ conference, Slack and Hyatt's CISOs sat down for a chat about their challenges and the hacks they use to quantify risk:
https://www.hackerone.com/blog/quantifying-risk-how-do-you-measure-success-security
Partager : LinkedIn / Twitter / Facebook / View
12 Days of Hacky Holidays CTF
https://www.hackerone.com/blog/12-days-hacky-holidays-ctf
Partager : LinkedIn / Twitter / Facebook / View
VDPs are at the Heart of the Australian Cyber Security Centre's Recommendations
https://www.hackerone.com/blog/vdps-are-heart-australian-cyber-security-centres-recommendations
Partager : LinkedIn / Twitter / Facebook / View
Hacker Spotlight: Interview with jensec
Security and finance enthusiast, @jensec is featured in this week's hacker spotlight talking about his passion for cybersecurity and why he hacks.
https://www.hackerone.com/blog/hacker-spotlight-interview-jensec
Partager : LinkedIn / Twitter / Facebook / View
HackerOne Joins AWS Marketplace as Cloud Vulnerabilities Rise
HackerOne reveals the most common and critical vulnerabilities found in cloud infrastructure and announces its debut in AWS Marketplace.
https://www.hackerone.com/blog/hackerone-joins-aws-marketplace-cloud-vulnerabilities-rise
Partager : LinkedIn / Twitter / Facebook / View
Announcing the HackerOne Brand Ambassadors
Announcing the first group of Hacker Brand Ambassadors who will lead hackers in their local area.
https://www.hackerone.com/blog/announcing-hackerone-brand-ambassadors
Partager : LinkedIn / Twitter / Facebook / View
Hacker Spotlight: Interview with bagipro
Take a look in this week's hacker spotlight on @bagipro, bug bounty hunger and founder of Oversecured.
https://www.hackerone.com/blog/hacker-spotlight-interview-bagipro
Partager : LinkedIn / Twitter / Facebook / View
US Government Mandates Vulnerability Disclosure for IoT
https://www.hackerone.com/blog/us-government-mandates-vulnerability-disclosure-iot
Partager : LinkedIn / Twitter / Facebook / View
Hacker Spotlight: Interview with insiderphd
PhD Student and bug bounty hunter Katie Paxton-Fear talks about her story of defense and security starting with the first time we met her in London.
https://www.hackerone.com/blog/hacker-spotlight-interview-insiderphd
Partager : LinkedIn / Twitter / Facebook / View
Hacker Spotlight: Interview with fisher
Half hacker, half daydreamer @fisher shares his insight as a hacker - how he got here, what he hacks on and why he does it.
https://www.hackerone.com/blog/hacker-spotlight-interview-fisher
Partager : LinkedIn / Twitter / Facebook / View
Announcing new leaderboards: More ways to engage, compete and win
https://www.hackerone.com/blog/announcing-new-leaderboards-more-ways-engage-compete-and-win
Partager : LinkedIn / Twitter / Facebook / View
Hacker Spotlight: Interview with putsi
Finnish hacker, putsi, takes on this week's hacker spotlight sharing how he got into cybersecurity.
https://www.hackerone.com/blog/hacker-spotlight-interview-putsi
Partager : LinkedIn / Twitter / Facebook / View
HackerOne is Excited to Launch Triage Ratings for Customers and Hackers
https://www.hackerone.com/blog/hackerone-excited-launch-triage-ratings-customers-and-hackers
Partager : LinkedIn / Twitter / Facebook / View
NIST Overhauls “Security and Privacy Controls” and Emphasizes VDP as a Best Practice
https://www.hackerone.com/blog/nist-overhauls-security-and-privacy-controls-publication-heres-what-you-need-know
Partager : LinkedIn / Twitter / Facebook / View
Hacker Spotlight: Interview with yassineaboukir
This week's hacker spotlight showcases Yassine Aboukir who doesn't stop adventure both on his computer and his life.
https://www.hackerone.com/blog/hacker-spotlight-interview-yassineaboukir
Partager : LinkedIn / Twitter / Facebook / View
Snap's Security Team on Nearly 6 Years of Collaborating with Hackers
https://www.hackerone.com/blog/snaps-security-team-nearly-6-years-collaborating-hackers
Partager : LinkedIn / Twitter / Facebook / View
Organizations Paid Hackers .5 Million for These 10 Vulnerabilities in One Year
HackerOne report reveals cross-site scripting, improper access control, and information disclosure top list of most common and impactful vulnerabilities
https://www.hackerone.com/blog/organizations-paid-hackers-235-million-these-10-vulnerabilities-one-year-1
Partager : LinkedIn / Twitter / Facebook / View
Hacker Spotlight: Interview with MrTuxRacer
German hacker, Julien Ahrens or @mrtuxracer tells us how he got started in security and what it's like to be a full time bug bounty hunter.
https://www.hackerone.com/blog/hacker-spotlight-interview-mrtuxracer
Partager : LinkedIn / Twitter / Facebook / View
HackerOne Expands Integrations Ecosystem to Connect and Defend Customers
https://www.hackerone.com/blog/hackerone-expands-integrations-ecosystem-connect-and-defend-customers
Partager : LinkedIn / Twitter / Facebook / View
Hacker Spotlight: Interview with inhibitor181
From a full-stack developer to a million-dollar hacker, read this week's hacker spotlight of @inhibitor181 and his motivating story.
https://www.hackerone.com/blog/hacker-spotlight-interview-inhibitor181
Partager : LinkedIn / Twitter / Facebook / View
Hacker Spotlight: Interview with arneswinnen
Read this week's Hacker Spotlight featuring Belgium @arneswinnen on how he became a full time bug bounty hunter and why he hacks for good.
https://www.hackerone.com/blog/hacker-spotlight-interview-arneswinnen
Partager : LinkedIn / Twitter / Facebook / View
HackerOne Integrates with ServiceNow to Streamline Vulnerability Lifecycle Management
We're excited to announce our integration with ServiceNow Incident Management. This integration allows customers to escalate vulnerability reports with ServiceNow incidents and synchronize any updates in the vulnerability workflow that happen in ServiceNow or HackerOne.
https://www.hackerone.com/blog/hackerone-integrates-servicenow-streamline-vulnerability-lifecycle-management
Partager : LinkedIn / Twitter / Facebook / View
Hacker Spotlight: Interview with albinowax
We hear from PortSwigger's Director of Research on why he enjoys hacking.
https://www.hackerone.com/blog/hacker-spotlight-interview-albinowax
Partager : LinkedIn / Twitter / Facebook / View
AT&T Celebrates Million Awarded to Hackers in One Year
AT&T recently celebrated its first anniversary on HackerOne, passing million in payouts to more than 850 researchers worldwide. Read on to learn more about their program and successes over the last year.
https://www.hackerone.com/blog/att-celebrates-1-million-awarded-hackers-one-year
Partager : LinkedIn / Twitter / Facebook / View
Hacker Spotlight: Interview with ajxchapman
From pentester to full time bug bounty hunter, read about @ajxchapman and his story behind hacking.
https://www.hackerone.com/blog/hacker-spotlight-interview-ajxchapman
Partager : LinkedIn / Twitter / Facebook / View
Introducing the 4th Annual Hacker-Powered Security Report
https://www.hackerone.com/blog/introducing-4th-annual-hacker-powered-security-report
Partager : LinkedIn / Twitter / Facebook / View
H1-2010 FAQ's
FAQ's from HackerOne's biggest virtual live hacking event with The Paranoids from Verizon Media, H1-2010.
https://www.hackerone.com/blog/h1-2010-faqs
Partager : LinkedIn / Twitter / Facebook / View
Hacker Spotlight: Interview with bitK
Puzzle master and bug bounty hunter @bitK is featured on this week's Hacker Spotlight to share his story.
https://www.hackerone.com/blog/hacker-spotlight-interview-bitk
Partager : LinkedIn / Twitter / Facebook / View
Vulnerability Disclosure is Now Mandatory for Federal Agencies - Here's How to Make it Happen
https://www.hackerone.com/blog/federal-agencies-directed-quickly-publish-vdps-5-steps-make-it-happen-1
Partager : LinkedIn / Twitter / Facebook / View
Smartsheet Celebrates One Year with HackerOne
To mark Smartsheet's one-year anniversary with HackerOne, we sat down with Nolan Gibb, Information Security Engineer at Smartsheet, to discuss how bug bounties enable his team to scale and collaborate with software developers to create more secure products.
https://www.hackerone.com/blog/smartsheet-celebrates-one-year-hackerone-1
Partager : LinkedIn / Twitter / Facebook / View
HackerOne Rolls Out Pentest Review System for Customers and Pentesters
https://www.hackerone.com/blog/hackerone-rolls-out-pentest-review-system-customers-and-pentesters
Partager : LinkedIn / Twitter / Facebook / View
Hacker Spotlight: Interview with honoki
Bug bounty hunter and security consultant Pieter or @honoki is featured on this week's Hacker Spotlight to talk about programs and what makes them exciting.
https://www.hackerone.com/blog/hacker-spotlight-interview-honoki
Partager : LinkedIn / Twitter / Facebook / View
Are Election Hacking Fears Driving Voters To The Polls?
If people fear that the American electoral infrastructure could be hacked, will they withhold their votes in November? Not according to research commissioned by HackerOne.
https://www.hackerone.com/blog/are-election-hacking-fears-driving-voters-polls
Partager : LinkedIn / Twitter / Facebook / View
Hacker Spotlight: Interview with dki
Mobile security research engineer and bug bounty hacker Dawn Isabel is featured in this week's Hacker Spotlight.
https://www.hackerone.com/blog/hacker-spotlight-interview-dki
Partager : LinkedIn / Twitter / Facebook / View
Hacker Spotlight: Interview with mayonaise
@mayonaise is the embodiment of our rallying cry to hack for good. Read this week's Hacker Spotlight AMA blog post about Jon Colston's impact on the world of bug bounties.
https://www.hackerone.com/blog/hacker-spotlight-interview-mayonaise
Partager : LinkedIn / Twitter / Facebook / View
Become a HackerOne Brand Ambassador
Announcing the Hacker Brand Ambassador Program: lead hackers in your city, get exclusive perks, further your career.
https://www.hackerone.com/blog/become-hackerone-brand-ambassador
Partager : LinkedIn / Twitter / Facebook / View
National University of Singapore Taps Students to Hack for Good
In an inaugural InterUni Bug Bounty Challenge jointly organized by the National University of Singapore (NUS) and Singapore Management University (SMU) from 12 August to 9 September 2020, students and staff from the two universities will get to hone their hacking skills by looking for vulnerabilities (or ‘bugs') across the digital assets of their respective universities in exchange for monetary rewards, or bounties.
To kick off the InterUni Bug Bounty Challenge, we sat down with NUS Chief Information Technology Officers Tommy Hor to learn more about the Challenge, why cybersecurity is so important to educational institutions like NUS, and more.
https://www.hackerone.com/blog/national-university-singapore-taps-students-hack-good
Partager : LinkedIn / Twitter / Facebook / View
Recap of h@cktivitycon 2020
HackerOne's first-ever hacker conference, h@cktivitycon streamed from Twitch on Friday, July 31st - August 1st, 2020 recapped in this blog post.
https://www.hackerone.com/blog/recap-hcktivitycon-2020
Partager : LinkedIn / Twitter / Facebook / View
Hacker Spotlight: Interview with todayisnew
Hear from the top hacker ranked number 1 on the all-time HackerOne leaderboard, @todayisnew in this week's Hacker Spotlight AMA Blog Post.
https://www.hackerone.com/blog/hacker-spotlight-interview-todayisnew
Partager : LinkedIn / Twitter / Facebook / View
Hacker Spotlight: Interview with dawgyg
Million dollar hacker, @dawgyg answers this week's Q&A on his thoughts behind bug bounties.
https://www.hackerone.com/blog/hacker-spotlight-interview-dawgyg
Partager : LinkedIn / Twitter / Facebook / View
Adobe and HackerOne Celebrate Five Years of Continued Collaboration
To celebrate five years with HackerOne, we sat down with Adobe's Senior Security Program Manager Pieter Ockers to discuss how their program has evolved over the last five years and the role that hacker-powered security, both bug bounties and response programs, plays into their overall security strategy.
https://www.hackerone.com/blog/adobe-and-hackerone-celebrate-five-years-continued-collaboration
Partager : LinkedIn / Twitter / Facebook / View
COVID Confessions of a CISO
The COVID-19 crisis has shifted life online. As companies rush to meet remote work requirements and customer demands for digital services, attack surfaces have dramatically expanded, leaving security teams stretched thin and not staffed to cope. HackerOne dug into this concept to identify COVID-19 impacts on security and business. Read on for our findings.
https://www.hackerone.com/blog/covid-confessions-ciso
Partager : LinkedIn / Twitter / Facebook / View
Security Engineers by Day, Hackers by Night – An Interview with Two of Singapore's Top Ethical Hackers
https://www.hackerone.com/blog/security-engineers-day-hackers-night-interview-two-singapores-top-ethical-hackers
Partager : LinkedIn / Twitter / Facebook / View
Hacker Spotlight: Interview with Ziot
Challenge and puzzle connoisseur is on this week's Hacker Spotlights. Read his story on this AMA blog post.
https://www.hackerone.com/blog/hacker-spotlight-interview-ziot
Partager : LinkedIn / Twitter / Facebook / View
Human vs. Machine: Three-Part Virtual Series on the Human Element of AppSec
https://www.hackerone.com/blog/man-vs-machine-three-part-virtual-series-human-element-appsec
Partager : LinkedIn / Twitter / Facebook / View
Securing video streaming in sub-Saharan Africa
Maintaining a video streaming service across the whole of Africa is challenge enough, without the added pressure of potential security issues. Showmax turns to hackers to secure their customer data and protect the security of their shows and movies.
https://www.hackerone.com/blog/securing-video-streaming-sub-saharan-africa
Partager : LinkedIn / Twitter / Facebook / View
Hacker Spotlight: Interview with cdl
cdl: student, researcher, bug hunter and founder. Read this week's Hacker Spotlight AMA on why and how cdl hacks for good.
https://www.hackerone.com/blog/hacker-spotlight-interview-cdl
Partager : LinkedIn / Twitter / Facebook / View
Security@ 2020 Call for Speakers is Open
HackerOne's global hacker-powered security conference, Security@, is back for its fourth year. This year's virtual event will take place October 20-22, 2020. The call for speakers is now open! You have until August 21, 2020, to submit your talk.
https://www.hackerone.com/blog/security-2020-call-speakers-open
Partager : LinkedIn / Twitter / Facebook / View
Costa Coffee prepares for global expansion with bug bounty program
As the coffee chain prepares for global expansion, Costa Coffee joins the likes of Hyatt, Deliveroo, and Zomato in launching its first private bug bounty program. Costa Coffee will shore up its digital defenses using the combined expertise and experience of HackerOne's hacker community.
https://www.hackerone.com/blog/costa-coffee-prepares-global-expansion-bug-bounty-program
Partager : LinkedIn / Twitter / Facebook / View
A Warm Welcome To Our New SVP of Customer Success
We are delighted to announce that Amanda Berger — former Chief Customer Officer at Lucidworks — has joined HackerOne as our new SVP of Customer Success. In this article, Amanda introduces herself and shares what she hopes to achieve at HackerOne.
https://www.hackerone.com/blog/warm-welcome-our-new-svp-customer-success
Partager : LinkedIn / Twitter / Facebook / View
Hacker Spotlight: Interview with zlz
This week's Hacker Spotlight on zlz, the hacker who started at 12 years old and is now a successful security consultant and professional.
https://www.hackerone.com/blog/hacker-spotlight-interview-zlz
Partager : LinkedIn / Twitter / Facebook / View
Pentesting basics video series launched on Hacker101
Learn the basics of pentesting to further your career and develop core competencies required in one of the hottest job markets in cybersecurity: Penetration testing.
https://www.hackerone.com/blog/pentesting-basics-video-series-launched-hacker101
Partager : LinkedIn / Twitter / Facebook / View
Cybersecurity Vendor Consolidation: Securing More with Less
Discover how hacker-powered security solutions can help identify the gaps and consolidate point-solution tools into a single platform for easier management and measured ROI.
https://www.hackerone.com/blog/cybersecurity-vendor-consolidation-securing-more-less
Partager : LinkedIn / Twitter / Facebook / View
Visma's Ioana Piroska on Securing the Development Lifecycle Through Bug Bounties
Having recently taken their bug bounty program public, we caught up with Visma Security Analyst Ioana Piroska about the program's results so far and Visma's plans for the future.
https://www.hackerone.com/blog/vismas-ioana-piroska-securing-development-lifecycle-through-bug-bounties
Partager : LinkedIn / Twitter / Facebook / View
Hacker Spotlight: Interview with hogarth45
From a bug hunting hobby to a security engineer, hogarth45 has hacked his way into a career in cybersecurity. Read this week's hacker spotlight blog post with hogarth45.
https://www.hackerone.com/blog/hacker-spotlight-interview-hogarth45
Partager : LinkedIn / Twitter / Facebook / View
Pentesting Beyond Compliance: A Tool to Improve Your Security Posture
https://www.hackerone.com/blog/pentesting-beyond-compliance-tool-improve-your-security-posture
Partager : LinkedIn / Twitter / Facebook / View
Meet APAC Hacker @jin0ne: A Next Generation Cyber Defender
Meet @jin0ne, 20-year old hacker from Asia Pacific, a region experiencing a cybersecurity talent shortfall of 2.6 million. Thanks to the rise of bug bounty programs, ethical hackers like @jin0ne are helping to fill the gap.
https://www.hackerone.com/blog/meet-apac-hacker-jin0ne-next-generation-cyber-defender
Partager : LinkedIn / Twitter / Facebook / View
Hacker Spotlight: Interview with rijalrojan
This week's Hacker Spotlight is rijalrojan, a California State University Fullerton student with an extensive background in hacking. He shares his perspective on programs
https://www.hackerone.com/blog/hacker-spotlight-interview-rijalrojan
Partager : LinkedIn / Twitter / Facebook / View
Hacker Spotlight: Interview with meals
Hacker Spotlight is a weekly AMA with a new hacker. This week, we hear from meals on his career and hobby in hacking.
https://www.hackerone.com/blog/hacker-spotlight-interview-meals
Partager : LinkedIn / Twitter / Facebook / View
What Juneteenth Means at HackerOne
https://www.hackerone.com/blog/what-juneteenth-means-hackerone
Partager : LinkedIn / Twitter / Facebook / View
Reputation, Signal & Impact Calculation Enhancements
Reputation, Signal and Impact changes and how this will affect hacker stats going forward.
https://www.hackerone.com/blog/reputation-signal-impact-enhancements-whats-changing-and-why-it-matters
Partager : LinkedIn / Twitter / Facebook / View
Mail.ru Group pays out over million in bounties
https://www.hackerone.com/blog/mailru-group-pays-out-over-1-million-bounties
Partager : LinkedIn / Twitter / Facebook / View
Mayonaise Joins The Ranks of The Seven-Figure-Earning Hackers
Congratulations to @mayonaise, the ninth hacker to earn Million hacking for good on the HackerOne platform! Read on for more about his unique approach, focus, and journey to being one of the top hackers in the world.
https://www.hackerone.com/blog/mayonaise-joins-ranks-seven-figure-earning-hackers
Partager : LinkedIn / Twitter / Facebook / View
Hacker Spotlight: Interview with randomdeduction
Hacker Spotlight is a weekly AMA with a new hacker. This week, randomdeduction takes the spotlight to share her journey.
https://www.hackerone.com/blog/hacker-spotlight-interview-randomdeduction
Partager : LinkedIn / Twitter / Facebook / View
Celebrating Pride at HackerOne
https://www.hackerone.com/blog/celebrating-pride-hackerone
Partager : LinkedIn / Twitter / Facebook / View
What to Look For in a Penetration Testing Company
Penetration testing is one of the most widely used techniques to comply with security regulations and protect network and computing systems and users. Hacker-powered penetration tests are emerging as a more cost-effective way to harden applications. With HackerOne Challenge, selected hackers from our community are invited to find vulnerabilities in your systems, and you only pay for the verified vulnerabilities found.
https://www.hackerone.com/blog/What-Look-Penetration-Testing-Company-0
Partager : LinkedIn / Twitter / Facebook / View
Announcing the PlayStation Bug Bounty Program
Today, PlayStation launched a public bug bounty program on HackerOne because the security of their products is a fundamental part of creating amazing experiences for the PlayStation community. Read on to learn more about their program, bounties, and more.
https://www.hackerone.com/blog/announcing-playstation-bug-bounty-program-0
Partager : LinkedIn / Twitter / Facebook / View
Hacker Spotlight: Interview with Corb3nik
Hacker Spotlight is a weekly AMA with a new hacker. Corb3nik takes the spotlight to share his journey.
https://www.hackerone.com/blog/hacker-spotlight-interview-corb3nik
Partager : LinkedIn / Twitter / Facebook / View
Juneteenth: HackerOne's Day for Action
https://www.hackerone.com/blog/juneteenth-hackerones-day-action
Partager : LinkedIn / Twitter / Facebook / View
Scaling & Prioritizing Product Security with Zendesk
In a recent virtual roundtable, we sat down with Scott Reed, Senior Manager of Product Security at Zendesk, to discuss how they incorporate bug bounties throughout their product security strategy and scaling security at a high-growth organization. Take a look at some of the highlights of our conversation below.
https://www.hackerone.com/blog/scaling-prioritizing-product-security-zendesk
Partager : LinkedIn / Twitter / Facebook / View
Q & A With Singaporean Hacker @Kactros_n
Meet @kactros_n, a Singaporean hacker and top 3 on the recent GovTech bug bounty program. He is known for his rare bug findings, including a side channel timing attack.
https://www.hackerone.com/blog/q-singaporean-hacker-kactrosn
Partager : LinkedIn / Twitter / Facebook / View
Hacking the Singapore Government: Q&A with Hacker Personality Samuel Eng
Meet @samengmg, a Singaporean hacker and top 3 on the recent GovTech Bug Bounty program. In this blog, he discusses how ethical hacking is gaining recognition as a viable career choice that is both niche and desirable.
https://www.hackerone.com/blog/hacking-singapore-government-qa-hacker-personality-samuel-eng-singapore
Partager : LinkedIn / Twitter / Facebook / View
How does Pentesting fit into your overall security strategy?
As digital technologies and data transform the way business gets done, a cybersecurity strategy is fundamental in helping your company save time and money while protecting your brand. How should organizations think about penetration testing within their overall security strategy?
https://www.hackerone.com/blog/how-does-pentesting-fit-your-overall-security-strategy
Partager : LinkedIn / Twitter / Facebook / View
Hacker Spotlight: Interview with Cache-Money
Hacker Spotlight is a weekly AMA with a new hacker. This week we hear from cache-money!
https://www.hackerone.com/blog/hacker-spotlight-interview-cache-money
Partager : LinkedIn / Twitter / Facebook / View
h1-2006 CTF
h1-2006 CTF Winner Announcement
https://www.hackerone.com/blog/h1-2006-ctf
Partager : LinkedIn / Twitter / Facebook / View
Hacker Spotlight: Interview with alyssa_herrera
Hacker Spotlight is a weekly AMA with a new hacker. This week we hear from alyssa_herrera on her journey and perspective!
https://www.hackerone.com/blog/hacker-spotlight-interview-alyssaherrera
Partager : LinkedIn / Twitter / Facebook / View
Crowdsourcing Racial Justice and Equality
https://www.hackerone.com/blog/crowdsourcing-racial-justice-and-equality
Partager : LinkedIn / Twitter / Facebook / View
There is no room for racism or inequality here.
At HackerOne we say No to racism. We are here to democratize opportunity across the world. We believe in the aspirations and possibilities of every human being. Hacker-powered security is proof that by working together across all boundaries we accomplish what otherwise would remain unachievable.
https://www.hackerone.com/blog/there-no-room-racism-or-inequality-here
Partager : LinkedIn / Twitter / Facebook / View
100 Hacking Tools and Resources
As part of our 0 Million in bounties celebration, we want to share a list of 100 tools and resources that will help hackers continue hacking!
https://www.hackerone.com/blog/100-hacking-tools-and-resources
Partager : LinkedIn / Twitter / Facebook / View
The Journey in Data: HackerOne Hits 100 Million Dollars in Bounties
Yesterday, hackers on HackerOne hit a major milestone: they have earned a total of 0 million in bounties over the past 8 years, with nearly half in the past year alone! Let's take a look at some of the numbers that have taken us to the 0 million milestone.
https://www.hackerone.com/blog/journey-data-hackerone-hits-100-million-dollars-bounties
Partager : LinkedIn / Twitter / Facebook / View
0 Million Paid - One Billion in Sight for Hackers
Today we celebrate with all our hackers the phenomenal milestone of a hundred million dollars in bounties. Hack for Good! Yet we should know that we are only getting going. The digital world is not safe and secure yet. Much more work awaits us. We have one hundred million more bugs to find.
https://www.hackerone.com/blog/100-million-paid-one-billion-sight-hackers
Partager : LinkedIn / Twitter / Facebook / View
Thanks For Being Part Of The Journey to 0 Million in Bounties!
Reaching 0 Million in bounties is a reason to celebrate what this community has achieved. It also gave us a chance to reflect on the journey to this point and the enduring values that will get us to the next milestone.
https://www.hackerone.com/blog/thanks-being-part-journey-100-million-bounties
Partager : LinkedIn / Twitter / Facebook / View
10 Ways to Hack Your “New Normal” Workweek
As a company inspired by hackers, HackerOne is taking this unique time to hack our programs to provide our people with additional support to ensure the wellbeing of all Hackeronies and their families. Here's a peek at the fun programs and perks we've implemented at HackerOne based on input from our people.
https://www.hackerone.com/blog/10-ways-hack-your-new-normal-workweek
Partager : LinkedIn / Twitter / Facebook / View
How Federal Agencies Use Vulnerability Disclosure Policies to Level Up Security
https://www.hackerone.com/blog/how-federal-agencies-use-vulnerability-disclosure-policies-level-security
Partager : LinkedIn / Twitter / Facebook / View
Security by the People: Announcing HackerOne's FedRAMP Authorization
Since 2016, we've been proud to help secure critical U.S. Department of Defense and GSA applications. As we achieve FedRAMP Tailored Authorization, we are excited to expand this important work.
https://www.hackerone.com/blog/security-people-announcing-hackerones-fedramp-authorization
Partager : LinkedIn / Twitter / Facebook / View
Stay Ahead of Threats With Hacker-Powered Retesting
Introducing Hacker-Powered Retesting! Retesting is designed to scale with capabilities to keep your critical assets safe from increasingly sophisticated attacks.
https://www.hackerone.com/blog/stay-ahead-threats-hacker-powered-retesting
Partager : LinkedIn / Twitter / Facebook / View
PayPal on Creating Strong Relationships with Security Researchers
https://www.hackerone.com/blog/paypal-creating-strong-relationships-security-researchers
Partager : LinkedIn / Twitter / Facebook / View
Hackers take on San Francisco for the 4th Year in a Row
HackerOne hosted its first flagship event of the year with Verizon Media in San Francisco.
https://www.hackerone.com/blog/hackers-take-san-francisco-4th-year-row
Partager : LinkedIn / Twitter / Facebook / View
Shopify Celebrates 5 Years on HackerOne
https://www.hackerone.com/blog/shopify-celebrates-5-years-hackerone
Partager : LinkedIn / Twitter / Facebook / View
Hackweek: An insider's look at HackerOne culture
https://www.hackerone.com/blog/hackweek-insiders-look-hackerone-culture
Partager : LinkedIn / Twitter / Facebook / View
Slack Increases Bounty Minimums For the Next 90 Days
https://www.hackerone.com/blog/slack-increases-bounty-minimums-next-90-days
Partager : LinkedIn / Twitter / Facebook / View
Live Hacking Goes Virtual
https://www.hackerone.com/blog/live-hacking-goes-virtual
Partager : LinkedIn / Twitter / Facebook / View
Hack for Good: Easily Donate Bounties to WHO's COVID-19 Response Fund
Collaboration and bounty splitting have been possible for years, and now you can easily donate bounties by adding the user “hackforgood” as a collaborator to a report submission on HackerOne.
https://www.hackerone.com/blog/hack-good-easily-donate-bounties-whos-covid-19-response-fund
Partager : LinkedIn / Twitter / Facebook / View
Six years of the GitHub Security Bug Bounty program
https://www.hackerone.com/blog/six-years-github-security-bug-bounty-program
Partager : LinkedIn / Twitter / Facebook / View
Live hacking the U.S. Air Force, UK Ministry of Defence and Verizon Media in Los Angeles at h1-213
HackerOne hosted its final flagship live hacking event of 2019 in Los Angeles, CA
https://www.hackerone.com/blog/live-hacking-us-air-force-uk-ministry-defence-and-verizon-media-los-angeles-h1-213
Partager : LinkedIn / Twitter / Facebook / View
My Career Just Got Hacked: Rana Robillard Joins HackerOne
https://www.hackerone.com/blog/my-career-just-got-hacked-rana-robillard-joins-hackerone
Partager : LinkedIn / Twitter / Facebook / View
Live Hacking Events | 2019 Recap and the Road Ahead
A look at where we've been and where we're going in 2020...
https://www.hackerone.com/blog/live-hacking-events-2019-recap-and-road-ahead
Partager : LinkedIn / Twitter / Facebook / View
Q&A with Hacker Personality Shivam Vashisht
https://www.hackerone.com/blog/qa-hacker-personality-shivam-vashisht
Partager : LinkedIn / Twitter / Facebook / View
Confessions of European CISOs
Ever wondered what's been keeping your CISO up at night? Well, wonder no more. We did some research to find out what worries European CISOs who are tasked with shoring up their digital infrastructure.
https://www.hackerone.com/blog/confessions-european-cisos
Partager : LinkedIn / Twitter / Facebook / View
LINE Security Bug Bounty Program Report 2019
https://www.hackerone.com/blog/line-security-bug-bounty-program-report-2019-1
Partager : LinkedIn / Twitter / Facebook / View
#AndroidHackingMonth Q&A With Android Hacker bagipro
Mobile hacking has become an essential part of the bug bounty hunter's tool belt, and no one knows the space better than Android hacker bagipro.
https://www.hackerone.com/blog/AndroidHackingMonth-qa-with-bagipro
Partager : LinkedIn / Twitter / Facebook / View
Todayisnew Crosses M in Bounties at h1-415 in San Francisco
This past Friday at h1-415 — HackerOne's first live hacking event of the year — todayisnew became the eighth hacker to join the ranks of seven-figure-earning hackers.
https://www.hackerone.com/blog/todayisnew-crosses-1m-bounties-h1-415-san-francisco
Partager : LinkedIn / Twitter / Facebook / View
Congratulations, Cosmin! The world's seventh million-dollar bug bounty hacker
The ranks of seven-figure-earning hackers have now risen to eight. Meet @inhibitor181 — the world's seventh million-dollar bug bounty hacker.
https://www.hackerone.com/blog/congratulations-cosmin-worlds-seventh-million-dollar-bug-bounty-hacker
Partager : LinkedIn / Twitter / Facebook / View
Dropbox bug bounty program has paid out over ,000,000
https://www.hackerone.com/blog/dropbox-bug-bounty-program-has-paid-out-over-1000000
Partager : LinkedIn / Twitter / Facebook / View
Hyatt Celebrates its First Anniversary on HackerOne
https://www.hackerone.com/blog/hyatt-celebrates-its-first-anniversary-hackerone
Partager : LinkedIn / Twitter / Facebook / View
#AndroidHackingMonth: Introduction to Android Hacking by @0xteknogeek
https://www.hackerone.com/blog/androidhackingmonth-intro-to-android-hacking
Partager : LinkedIn / Twitter / Facebook / View
Guess what's coming!? #AndroidHackingMonth on @Hacker0x01
February is Android Hacking Month! That means new resources, new CTFs, and, of course, swag. Learn more about how to get involved.
https://www.hackerone.com/blog/AndroidHackingMonth
Partager : LinkedIn / Twitter / Facebook / View
h1-415 CTF Winners Announced!
Thanks to all who participated in our #h1415 CTF, and congratulations to our winners @p4fg and @manoelt! Here's how it went down.
https://www.hackerone.com/blog/h1-415-ctf-winners-announced
Partager : LinkedIn / Twitter / Facebook / View
Meet InnoGames' Top Hacker
https://www.hackerone.com/blog/meet-innogames-top-hacker
Partager : LinkedIn / Twitter / Facebook / View
InnoGames Models Avatar After Top Ethical Hacker
Kevin Heseler, Security Engineer at InnoGames, tells us about how InnoGames leverages their bug bounty program to secure their games and the unique approach they have taken to awarding their most valuable hacker with their very own avatar in the ‘Forge of Empires' game
https://www.hackerone.com/blog/innogames-models-avatar-after-top-ethical-hacker-0
Partager : LinkedIn / Twitter / Facebook / View
Why Every Federal Agency Needs a VDP
https://www.hackerone.com/blog/why-every-federal-agency-needs-vdp
Partager : LinkedIn / Twitter / Facebook / View
GitLab Celebrates Awarding Million in Bounties to Hackers on HackerOne
Today, GitLab announced that they have awarded million in bounties to hackers on HackerOne. To learn more about the open-source tool's security strategy and commitment to transparency, we sat down with security managers James Ritchey and Ethan Strike. Read on for a glimpse into our conversation.
https://www.hackerone.com/blog/gitlab-celebrates-awarding-1-million-bounties-hackers-hackerone
Partager : LinkedIn / Twitter / Facebook / View
HackerOne Launches Bug Bounty Program for Kubernetes
The Cloud Native Computing Foundation (CNCF) today launched the Kubernetes bug bounty program on HackerOne. The Kubernetes bug bounty program is yet another layer of security assurance that will reward researchers who find vulnerabilities in the container orchestration system. Bounties will range from 0 to ,000. All reports will be thoroughly investigated by the Kubernetes Product Security Committee, a set of security-minded Kubernetes community volunteers.
https://www.hackerone.com/blog/hackerone-launches-bug-bounty-program-kubernetes
Partager : LinkedIn / Twitter / Facebook / View
Hacking for Good
https://www.hackerone.com/blog/hacking-good
Partager : LinkedIn / Twitter / Facebook / View
This Season, Give the Gift of Data-Driven Insight
https://www.hackerone.com/blog/season-give-gift-data-driven-insight
Partager : LinkedIn / Twitter / Facebook / View
GitLab's Public Bug Bounty Program Turns One
The GitLab security team reflects on the past year of their public bug bounty program. Now, 1378 vulnerability reports more secure thanks to 513 talented hackers, GitLab has paid out 5,650 in bounties through the public program. The program kept GitLab engineers on their toes, challenged and surprised the security team and helped keep GitLab more secure. To celebrate, GitLab announced the winners of the one year anniversary promotion, as well as the special piece of swag they are gifting the winners. Check it out!
https://www.hackerone.com/blog/gitlabs-public-bug-bounty-program-turns-one
Partager : LinkedIn / Twitter / Facebook / View
Using Bug Bounty Talent Pools to Attract and Maintain Top Talent
https://www.hackerone.com/blog/using-bug-bounty-talent-pools-attract-and-maintain-top-talent
Partager : LinkedIn / Twitter / Facebook / View
Transparency Builds Trust
Someone called it a “breach,” and the world took notice. Here is the story.
https://www.hackerone.com/blog/transparency-builds-trust
Partager : LinkedIn / Twitter / Facebook / View
How Bug Bounties Help You Shift Left
https://www.hackerone.com/blog/how-bug-bounties-help-you-shift-left
Partager : LinkedIn / Twitter / Facebook / View
HackerOne is a 2019 Cyber Catalyst Designated Cybersecurity Solution
https://www.hackerone.com/blog/hackerone-2019-cyber-catalyst-designated-cybersecurity-solution
Partager : LinkedIn / Twitter / Facebook / View
8 High-impact Bugs and How HackerOne Customers Avoided a Breach: SQL Injection
https://www.hackerone.com/blog/8-high-impact-bugs-and-how-hackerone-customers-avoided-breach-sql-injection
Partager : LinkedIn / Twitter / Facebook / View
How the Risk-Averse DoD Learned to Stop Worrying and Love the Hackers
https://www.hackerone.com/blog/how-risk-averse-dod-learned-stop-worrying-and-love-hackers
Partager : LinkedIn / Twitter / Facebook / View
The World's Elite Hackers Share Tips and Insights
https://www.hackerone.com/blog/conversation-three-elite-hackers
Partager : LinkedIn / Twitter / Facebook / View
LINE Launches Public Bug Bounty Program: Q&A with Security Engineer Robin Lunde
Today, after three successful years running an independent bug bounty program, LINE launched a public bug bounty program on HackerOne. To learn more about the popular messaging app's security strategy and commitment to the hacker community, we sat down with security engineers Robin Lunde, Koh You Liang and Keitaro Yamazaki. Read on for a glimpse into our conversation.
https://www.hackerone.com/blog/line-launches-public-bug-bounty-program-qa-security-engineer-robin-lunde
Partager : LinkedIn / Twitter / Facebook / View
Supporting the Source: Why HackerOne is Upgrading its Free Tools for Open Source
Open source software powers HackerOne. As part of our mission to make the internet safer, we want to make it easier for your open source project to remain secure, so we're joining GitHub Security Lab. Read on for more on why we're joining, new free offerings for open source projects from HackerOne, and new open source targets for hackers from GitHub and HackerOne.
https://www.hackerone.com/blog/supporting-source-why-hackerone-upgrading-its-free-tools-open-source
Partager : LinkedIn / Twitter / Facebook / View
Announcing Program Audit Log
As our customers' security teams grow, it's important for us to sustain their growth with new features. Today we're announcing the Program Audit Log. It enables customers to audit important actions that were taken in their program, such as permission updates, new members, bounty rewards, and program settings. Read on for more!
https://www.hackerone.com/blog/announcing-program-audit-log
Partager : LinkedIn / Twitter / Facebook / View
Reducing Risk With a Bug Bounty Program
https://www.hackerone.com/blog/reducing-risk-bug-bounty-program
Partager : LinkedIn / Twitter / Facebook / View
U.S. Department of Defense VDP Wins Prestigious 2019 DoD Chief Information Officer Award
On Nov. 3, 2019 in the Pentagon Auditorium, the DoD Cyber Crime Center (DC3) Vulnerability Disclosure Program (VDP) was awarded the 2019 DoD Chief Information Officer (CIO) award for Cybersecurity. Over the past three years, the VDP on HackerOne has processed more than 11,000 vulnerabilities discovered by researchers within DoD's public facing websites.
https://www.hackerone.com/blog/us-department-defense-vdp-wins-prestigious-2019-dod-chief-information-officer-award-0
Partager : LinkedIn / Twitter / Facebook / View
Hacking the Singapore Government: A Q&A With A Top Hacker & MINDEF 2.0 Results
On Friday, HackerOne announced the results of the second bug bounty challenge with the Ministry of Defence, Singapore (MINDEF). The three-week challenge ran from September 30, 2019 to October 21, 2019, and saw participation from over 300 trusted hackers from around the world — 134 local Singaporean-hackers and 171 international ethical hackers. HackerOne sat down with @SpaceRacoon to chat MINDEF Singapore's bug bounty challenge, what it takes to be a top hacker, the future of bug bounty, and more. Read on to hear more!
https://www.hackerone.com/blog/hacking-singapore-government-qa-top-hacker-mindef-20-results
Partager : LinkedIn / Twitter / Facebook / View
8 High-Impact Bugs and How HackerOne Customers Avoided a Breach: Information Disclosure
https://www.hackerone.com/blog/8-high-impact-bugs-and-how-hackerone-customers-avoided-breach-information-disclosure
Partager : LinkedIn / Twitter / Facebook / View
Scaling Security: From Startup to Unicorn
https://www.hackerone.com/blog/scaling-security-startup-unicorn
Partager : LinkedIn / Twitter / Facebook / View
Why Laurie Mercer Became a Security Engineer at HackerOne
https://www.hackerone.com/blog/why-laurie-mercer-became-security-engineer-hackerone
Partager : LinkedIn / Twitter / Facebook / View
Security@ Fireside Chat: Insights from Phil Venables of Goldman Sachs
https://www.hackerone.com/blog/security-fireside-chat-insights-phil-venables-goldman-sachs
Partager : LinkedIn / Twitter / Facebook / View
Keynote with Phil Venables of Goldman Sachs
https://www.hackerone.com/blog/keynote-phil-venables-goldman-sachs
Partager : LinkedIn / Twitter / Facebook / View
Q&A with HackerOne's New Vice President, APAC, Attley Ng
https://www.hackerone.com/blog/qa-hackerones-new-vice-president-apac-attley-ng
Partager : LinkedIn / Twitter / Facebook / View
Lowering Your Pentesting Fees with HackerOne
https://www.hackerone.com/blog/lowering-your-pentesting-fees-hackerone-challenge
Partager : LinkedIn / Twitter / Facebook / View
Slack Increases Minimum Bounties for High and Critical Bugs for 30 Days
Over the past five years, Slack and HackerOne have established a partnership and commitment to ensure Slack's platform is secure for its over 12 million daily active users. To build on this momentum and engage top researchers from the HackerOne community, Slack is increasing its minimum bounties for High and Critical findings to 00 and 00 respectively for a limited time. Read on to learn more!
https://www.hackerone.com/blog/slack-increases-minimum-bounties-high-and-critical-bugs-30-days
Partager : LinkedIn / Twitter / Facebook / View
8 High-Impact Bugs and How HackerOne Customers Avoided a Breach: Privilege Escalation
https://www.hackerone.com/blog/8-high-impact-bugs-and-how-hackerone-customers-avoided-breach-privilege-escalation
Partager : LinkedIn / Twitter / Facebook / View
HackerOne Congratulates the Department of Defense on 11K Vulnerability Reports
https://www.hackerone.com/blog/hackerone-congratulates-department-defense-11k-vulnerability-reports
Partager : LinkedIn / Twitter / Facebook / View
Through a Hacker's Eyes: Recapping h1-604
For the first time ever, a hacker writes a live hacking recap blog, highlighting what it is like to attend a live event. Katie (@InsiderPhD) gives a first-person narrative of h1-604. From seeing a bear for the first time to collaborating closely with peers, Katie covers all the adventures of heading to Vancouver, Canada to hunt bugs.
https://www.hackerone.com/blog/through-hackers-eyes-recapping-h1-604
Partager : LinkedIn / Twitter / Facebook / View
Tell Your Hacker Story with the Redesigned Profile Pages
https://www.hackerone.com/blog/tell-your-hacker-story-redesigned-profile-pages
Partager : LinkedIn / Twitter / Facebook / View
3 Ways Hacker-Powered Security Helps the Agile CISO
https://www.hackerone.com/blog/3-ways-hacker-powered-security-helps-agile-ciso
Partager : LinkedIn / Twitter / Facebook / View
More Than Bounty: Beating Burnout with Hacker-Powered Security
https://www.hackerone.com/blog/more-bounty-beating-burnout-hacker-powered-security
Partager : LinkedIn / Twitter / Facebook / View
Breaking Down the Benefits of Hacker-Powered Pentests
https://www.hackerone.com/blog/breaking-down-benefits-hacker-powered-pentests
Partager : LinkedIn / Twitter / Facebook / View
PayPal Celebrates Its First Anniversary on HackerOne
It's been a year since PayPal transitioned its Bug Bounty program to HackerOne. During that time, PayPal has paid out more than .5 million in bounties to the hacker community. In this post Ray Duran, manager of PayPal's Bug Bounty team, reflects on PayPal's journey, shares some exciting changes to the program and discusses what's to come.
https://www.hackerone.com/blog/paypal-celebrates-its-first-anniversary-hackerone
Partager : LinkedIn / Twitter / Facebook / View
GitLab: Reducing the time to payout and a bug bounty anniversary contest
In just nine months since going public GitLab's bug bounty program has seen substantial contributions from the HackerOne community. Since going public, researchers have submitted 1016 reports and GitLab has paid out 5,000 in bounties. Leading up to the one year anniversary of GitLab's public program, they've changed their bounty payout timeline based on hacker feedback, are spotlighting some of their top contributors, and launched a contest open for all! Check it out.
https://www.hackerone.com/blog/gitlab-reducing-time-payout-and-bug-bounty-anniversary-contest
Partager : LinkedIn / Twitter / Facebook / View
Announcing the Security@ San Francisco 2019 Agenda
The agenda for the third annual hacker-powered security conference, Security@ San Francisco, is live! Security@ is the only conference dedicated to the booming hacker-powered security industry, where hackers and leaders come together to build a safer internet. The conference takes place on October 15, 2019 at the Palace of Fine Arts and will include talks by security leaders from some of the most innovative security teams. In addition, hackers from all over the world will discuss lessons learned from defending the front lines, scaling security teams, and addressing the talent gap. 2019 promises to be our largest event yet!
https://www.hackerone.com/blog/announcing-security-san-francisco-2019-agenda
Partager : LinkedIn / Twitter / Facebook / View
How HackerOne Fits into the Dev Tools You Know and Love
https://www.hackerone.com/blog/how-hackerone-fits-dev-tools-you-know-and-love
Partager : LinkedIn / Twitter / Facebook / View
How Companies Like Facebook Find the Bugs that Matter
https://www.hackerone.com/blog/how-companies-facebook-find-bugs-matter
Partager : LinkedIn / Twitter / Facebook / View
Hacking with Valor: Why We Raised .4M with Valor Equity Partners
Our civilization is going digital. That's fantastic. Unfortunately, our software is not secure enough to carry a digital and connected civilization. When systems get breached, people can't trust the digital world. In a way, we try to do too much. Our innovation is outpacing security and privacy. Something must be done. This is the HackerOne commitment: As long as our digital world is plagued by vulnerabilities, we will continue to hack for the good of our connected society.
https://www.hackerone.com/blog/investors-love-hackers-why-we-raised-364m-valor-equity-partners
Partager : LinkedIn / Twitter / Facebook / View
Upserve Resolves Over 85 Bugs in Two Years Thanks to Hackers
It's been two years since Upserve launched its public bug bounty program on HackerOne. During that time, Upserve's security team has resolved over 85 valid vulnerabilities thanks to hackers, paying ,000 in bounties along the way. To celebrate the milestone, we sat down with Upserve's Information Security Officer Bryan Brannigan to look back on humble beginnings, learn more about how they incorporate hackers in their security initiatives, and discuss how they've increase engagement through public disclosures. Take a look!
https://www.hackerone.com/blog/upserve-resolves-over-85-bugs-two-years-thanks-hackers
Partager : LinkedIn / Twitter / Facebook / View
Bringing the Heat to Vegas: Recapping record-breaking h1-702
HackerOne hosted their largest live hacking event to date in Las Vegas Nevada. With Hacker Summer Camp in the background, h1-702 broke several records. This included paying out nearly two million in bounties to hackers over the three days.
https://www.hackerone.com/blog/bringing-heat-vegas-recapping-record-breaking-h1-702
Partager : LinkedIn / Twitter / Facebook / View
HackerOne Praised By An Original Hacker
Steve Gibson, a security researcher who started hacking technology as a child, recently gave HackerOne high praise for helping to secure companies with bug bounty programs. We're proud when our dedicated team gets the praise they deserve from those in the industry.
https://www.hackerone.com/blog/hackerone-praised-original-hacker
Partager : LinkedIn / Twitter / Facebook / View
Meet Six Hackers Making Seven Figures
A mere five months after 19-year-old Argentinian Santiago Lopez crossed the million bounty mark, five more hackers from across the globe have now each earned over million in bounties with HackerOne.
https://www.hackerone.com/blog/meet-six-hackers-making-seven-figures
Partager : LinkedIn / Twitter / Facebook / View
Hacker-Powered Data - Security Weaknesses and Embracing Risk with HackerOne
Vulnerabilities are a fact of life; risk comes with it. Today, companies, enterprises, & governments are embracing collaboration with hackers to find vulnerabilities before criminals have a chance to exploit them. Using 7 years of data from 1,400 bug bounty programs & 360,000+ valid vulnerabilities, this post offers a new analysis of the most common vulnerabilities not found on the OWASP top 10.
https://www.hackerone.com/blog/hacker-powered-data-security-weaknesses-and-embracing-risk-hackerone
Partager : LinkedIn / Twitter / Facebook / View
Don't Believe These 4 Bug Bounty Myths
https://www.hackerone.com/blog/dont-believe-these-4-bug-bounty-myths
Partager : LinkedIn / Twitter / Facebook / View
Black Hat 2019: Highlights from the Biggest and Best Yet
Black Hat 2019 was the biggest and best yet. Over 20,000 attendees heated up Las Vegas with provocative training sessions, innovative presentations, and record-breaking live hacking events.
https://www.hackerone.com/blog/black-hat-2019-highlights-biggest-and-best-yet
Partager : LinkedIn / Twitter / Facebook / View
The Security Vendors Startups like Lob Can't Live Without
https://www.hackerone.com/blog/security-vendors-startups-lob-cant-live-without
Partager : LinkedIn / Twitter / Facebook / View
GraphQL Week on The Hacker101 Capture the Flag Challenges
Recently we rolled out 3 separate GraphQL-basd Hacker101 Capture the Flag challenges. These are valuable educational resources for hackers and developers alike, improving bug hunting capability and helping developers prevent security missteps when implementing GraphQL.
https://www.hackerone.com/blog/graphql-week-hacker101-capture-flag-challenges
Partager : LinkedIn / Twitter / Facebook / View
Live Hacking Events: Stats, invitations, and what's next
Live hacking events are an experience unlike any other. This post is about how you can increase your chances of being invited to hack. We dive into the history of live hacking events and some of the criteria that's taken into consideration
https://www.hackerone.com/blog/live-hacking-events-stats-invitations-and-whats-next
Partager : LinkedIn / Twitter / Facebook / View
London Called, Hackers Answered: Recapping h1-4420
Uber partnered with us for their third live hacking event in London, paying out over 5,000 in bounties to hackers who found more than 150 unique vulnerabilities across Uber, Uber Restaurants and Uber Freight.
https://www.hackerone.com/blog/london-called-hackers-answered-recapping-h1-4420
Partager : LinkedIn / Twitter / Facebook / View
Verizon Media Webinar Recap: Attack Surface Visibility & Reducing Risk
Bug bounty tips from a Paranoid: hackers as an extension of your security team, honoring the security page as a contract with hackers, investing in the community through things like Live Hacking events, and using the outside perspective from the hacker community to strengthen their entire SDLC.
https://www.hackerone.com/blog/verizon-media-webinar-recap-attack-surface-visibility-reducing-risk
Partager : LinkedIn / Twitter / Facebook / View
Breaking Down the Benefits of Hacker-Powered Pen Tests
Breaking down the benefits of hacker-powered pen tests from the recent Forrester report. The most important benefit was finding more vulnerabilities, both in terms of numbers and criticality, in order to remediate them and create better system security.
https://www.hackerone.com/blog/breaking-down-benefits-hacker-powered-pen-tests
Partager : LinkedIn / Twitter / Facebook / View
The HackerOne Top 10 Most Impactful and Rewarded Vulnerability Types
We've put together a list of the most impactful vulnerabilities on the HackerOne platform so you can see where to aim your security efforts and how to better align your security team to today's biggest risks. Learn which vulnerabilities aren't in the OWASP Top 10 and see the top vulnerabilities submitted by volume, bounty awards, and more.
https://www.hackerone.com/blog/hackerone-top-10-most-impactful-and-rewarded-vulnerability-types
Partager : LinkedIn / Twitter / Facebook / View
Improving Your Workflows and Analysis with Custom Fields
HackerOne is thrilled to release Custom Fields, the latest way to sharpen security workflows and software development cycles. Custom Fields empowers teams to gain new insights into data by adding details such as ownership, risk category and root cause to vulnerability reports.
https://www.hackerone.com/blog/improving-your-workflows-and-analysis-custom-fields
Partager : LinkedIn / Twitter / Facebook / View
Cloud Security Alliance Webinar Recap: Avoid the Breach with Shopify's Andrew Dunbar
Security is a top priority for e-commerce giant Shopify, with over 600,000 businesses in 175 countries trusting them to sell online and everywhere in the world. Shopify's Vice President of Security Engineering and IT, Andrew Dunbar and HackerOne's Luke Tucker discuss best practices for testing and securing cloud-based web applications.
https://www.hackerone.com/blog/cloud-security-alliance-webinar-recap-avoid-breach-shopifys-andrew-dunbar
Partager : LinkedIn / Twitter / Facebook / View
When Moving To the Cloud, Don't Leave Basic Security Behind
How to break into a serverless application, a TestLabs blog review. We'll also discuss why changes in technology don't change security best practices.
https://www.hackerone.com/blog/when-moving-cloud-dont-leave-basic-security-behind
Partager : LinkedIn / Twitter / Facebook / View
Grand Rounds VP InfoSec: Achieving SOC 2 Type II Compliance with Hacker-Powered Security
Grand Rounds is an innovative new healthcare company using hacker-powered security for better, more effective pen tests. Learn how HackerOne Compliance meets HIPPA, SOC2, and other security testing needs.
https://www.hackerone.com/blog/grand-rounds-vp-infosec-achieving-soc-2-type-ii-compliance-hacker-powered-security
Partager : LinkedIn / Twitter / Facebook / View
Automate Workflows with Enhanced Jira Integration
Integrating with Jira has always been an important piece of integrating HackerOne into the SDLC of our customers. HackerOne's bi-directional Jira integration is currently in use by many of our customers and today we're announcing how it's getting even better.
https://www.hackerone.com/blog/automate-workflows-enhanced-jira-integration
Partager : LinkedIn / Twitter / Facebook / View
Taking The Guesswork Out of Vulnerability Reporting
To make vulnerability disclosure easier on open source maintainers, GitHub and HackerOne are collaborating to help close the gap between the hacker community and software engineers.
https://www.hackerone.com/blog/taking-guesswork-out-of-vulnerability-reporting
Partager : LinkedIn / Twitter / Facebook / View
See Your Success In Real Time with the new Program Dashboard
Effective security programs are more efficient when backed with clear reports that both technical and business teams understand. The HackerOne program dashboard delivers real-time insights into the program metrics that matter most to your programs, such as submission status, bounty spent, exploit severity, asset weaknesses, program health, and more.
https://www.hackerone.com/blog/see-your-success-in-real-time-with-the-new-program-dashboard
Partager : LinkedIn / Twitter / Facebook / View
Inside the GitLab public bug bounty program
Since launching GitLab's public bug bounty program in December 2018, their team has resolved 95 security findings, awarded more than 0,000 in bounties and rewarded over 35 hackers for those findings. The overarching goal of their bug bounty program is to make their products and services more secure. In this guest post, Senior Director of Security Kathy Wang shares the early success they've seen to date.
https://www.hackerone.com/blog/inside-gitlab-public-bug-bounty-program
Partager : LinkedIn / Twitter / Facebook / View
Hacking Dropbox Live in the Heart of Singapore at h1-65
Dropbox joined us as the participating company, paying out over 0,000 in bounties to hackers who found 264 vulnerabilities across Dropbox, Dropbox Paper, newly-acquired HelloSign, and third-party vendors that work with Dropbox.
https://www.hackerone.com/blog/hacking-dropbox-live-heart-singapore-h1-65
Partager : LinkedIn / Twitter / Facebook / View
PayPal Thanks Hackers with Million in 7 Months on HackerOne
Since launching an independently run bug bounty program in 2012, PayPal's program has evolved several times over, including transitioning to a platform, HackerOne, in 2018 to expand participation from 2,000 hackers to over 300,000 hackers on the platform. In just 6 months, we're proud to announce that PayPal has paid over million to hackers through HackerOne. It's quite a milestone for us, and so much more the a dollar figure.
https://www.hackerone.com/blog/paypal-thanks-hackers-1-million-7-months-hackerone-0
Partager : LinkedIn / Twitter / Facebook / View
Priceline Launches Public Bug Bounty Program: Q&A with Matt Southworth
Today, Priceline launched its public bug bounty program on HackerOne, including Priceline's e-commerce site, Priceline.com, PPN affiliate sites and mobile apps. We sat down with Matt to learn more about their program, prioritizing customer trust, what it's like working with hackers, and more. Check it out!
https://www.hackerone.com/blog/priceline-launches-public-bug-bounty-program-qa-matt-southworth
Partager : LinkedIn / Twitter / Facebook / View
Announcing the Community T-shirt Winner(s)
Hackers submitted amazing designs for the first ever community t-shirt contest! @akaash2397 received the most votes among the three finalists for his Bug Hunter design.
https://www.hackerone.com/blog/announcing-community-t-shirt-winners-0
Partager : LinkedIn / Twitter / Facebook / View
Learn How HackerOne Can Help You Crawl, Walk, or Run Your Way to a Bug Bounty Program
No matter your company size or security team bandwidth, learn how to get a bug bounty program started with advice from those who've launched hundreds of new programs. This webinar explains how to get a program started at your own pace, what you need to think about before you start, and how you can control the program's impact on your existing infrastructure. It's only 25 minutes, so grab a coffee, take a break, and watch it now.
https://www.hackerone.com/blog/learn-how-hackerone-can-help-you-crawl-walk-or-run-your-way-bug-bounty-program
Partager : LinkedIn / Twitter / Facebook / View
What the California Consumer Privacy Act Means For You
The collection of personal data and the privacy issues surrounding it have been a hot topic the past several years, especially in the security industry. Governments are taking notice and new regulations are appearing. The new California Consumer Privacy Act (CCPA) is a regulation requiring certain organizations to protect the personal data and privacy of California consumers. HackerOne can help you.
https://www.hackerone.com/blog/What-CCPA-Means-You
Partager : LinkedIn / Twitter / Facebook / View
Hackers have earned more than M in bug bounty cash on HackerOne: Time to celebrate!
Hackers, congratulate yourselves on an incredible milestone, earning M+ for your contributions to a safer internet. HackerOne's mission is to empower the world to build a safer internet, and you are the heroic individuals making that mission a day-to-day reality. Thank you for inspiring us with your creativity and talents. Keep pursuing the flags, squashing the bugs, and sharing the knowledge. Together. We. Hit. Harder. Happy hacking one and all!
https://www.hackerone.com/blog/Hackers-have-earned-more-50M-bug-bounty-cash-HackerOne-Time-celebrate
Partager : LinkedIn / Twitter / Facebook / View
How Hackers Define “Hacker”
Dictionary definitions tend to conflate “hacker” with “criminal”. We know that's definitely not the case, but we wanted to know what hackers think. We combed through more than three dozen interviews to determine and share the true definition of “hacker” from hackers themselves.
https://www.hackerone.com/blog/How-Hackers-Define-Hacker
Partager : LinkedIn / Twitter / Facebook / View
Hacker-Powered Security, Government Support Needed to Protect Financial Services Consumers from Application Vulnerabilities
What is the current state of security in the financial sector? How can governments contribute to this security? These questions were addressed by Christopher Parsons in his testimony before the Standing Committee on Public Safety and National Security (SECU) in Canada. His testimony shines a light on some major issues facing the security community in Canada and across the world.
https://www.hackerone.com/blog/Hacker-Powered-Security-Government-Support-Needed-Protect-Financial-Services-Consumers
Partager : LinkedIn / Twitter / Facebook / View
Product Updates and Enhancements
https://www.hackerone.com/blog/Product-Update-Q1-2019
Partager : LinkedIn / Twitter / Facebook / View
Airbnb and Verizon Media participate in 3rd annual h1-415 live hacking event including a cybersecurity mentorship program
The power of collaboration came through full-force in our first live hacking event of 2019. Hosted over three days, we partnered with Airbnb and Verizon Media for hacking, mentoring, and celebrating the community.
https://www.hackerone.com/blog/Airbnb-and-Verizon-Media-participate-3rd-annual-h1-415-live-hacking-event-including
Partager : LinkedIn / Twitter / Facebook / View
Xiaomi Security Center Welcomes Security Research with HackerOne Partnership
Please welcome the Xiaomi Security Center to HackerOne! Xiaomi, one of the world's largest consumer electronics manufacturers, is launching a vulnerability disclosure program (VDP) on April 1, 2019, welcoming vulnerability submissions for products and services under the brands of Xiaomi, Mijia, Mitu, and Redmi. Check it out!
https://www.hackerone.com/blog/Xiaomi-Security-Center-Welcomes-Security-Research-HackerOne-Partnership
Partager : LinkedIn / Twitter / Facebook / View
Security at Startup Speed: Enterprise Grade Security from the Start
Startups today must adapt to a rapidly changing environment, completing security tasks along with code deploys and automating security scans as much as possible. But even with these measures, security vulnerabilities find a way to slip through the cracks. That's where hacker-powered security can put out the embers of the fire you may have missed. Learn how hacker-powered security allows startups to launch smart.
https://www.hackerone.com/blog/Security-Startup-Speed-Enterprise-Grade-Security-Start
Partager : LinkedIn / Twitter / Facebook / View
Q&A with Brian Neely, CIO & CISO of AMERICAN SYSTEMS
As a defense contractor, AMERICAN SYSTEMS provides IT and engineering solutions for complex national priority programs for the U.S. government. As you can imagine, the sensitive programs and data they hold makes them heavily targeted by sophisticated, determined, highly resourced nation-state threat actors. Losing data would mean losing a competitive advantage on the battlefield. In short, lives could be at stake. That's not your average security breach. We sat down with CIO and CISO Brian Neely to learn a bit more about how he's seen the industry evolve, what's next and how hacker-powered security fits into the matrix.
https://www.hackerone.com/blog/QA-Brian-Neely-CIO-CISO-AMERICAN-SYSTEMS
Partager : LinkedIn / Twitter / Facebook / View
The 2019 Hacker Report: Celebrating The World's Largest Community of Hackers
The third annual Hacker Report includes the largest survey conducted to date of the ethical hacking community with hackers participating from over 100 countries and territories. Hackers are heroes, they are in it for the good and there is more opportunity than ever before. The 2019 Hacker Report shares the stories and celebrates the impact of the hacker community.
https://www.hackerone.com/blog/2019-Hacker-Report-Celebrating-Worlds-Largest-Community-Hackers
Partager : LinkedIn / Twitter / Facebook / View
@try_to_hack Makes History as First Bug Bounty Hacker to Earn over Million
19-year-old Argentinian @try_to_hack just made history as the first to earn over ,000,000 in bounty awards on HackerOne. We connect with him to learn more about how he reached this impressive milestone. We hope you are just inspired as we are!
https://www.hackerone.com/blog/trytohack-Makes-History-First-Bug-Bounty-Hacker-Earn-over-1-Million
Partager : LinkedIn / Twitter / Facebook / View
Q&A with HackerOne's VP of Customer Success Jeff McBride
We sat down with HackerOne's VP of Customer Success, Jeff McBride, to get more acquainted with his style of leadership, what customer success means to him, and his view of hacker-powered program management. Take a look at our conversation.
https://www.hackerone.com/blog/QA-HackerOnes-VP-Customer-Success-Jeff-McBride
Partager : LinkedIn / Twitter / Facebook / View
Program Insights from the PayPal Security Team
PayPal's security team is tasked with helping to protect personal financial information for millions of account holders every day. We sat down with PayPal Information Security Engineers Ray Duran, Sonal Shrivastava, and Pax Whitmore, and Project Manager Rebecca Francom to learn more about how PayPal works with researchers, what the journey of a bug looks like once it gets reported, and what findings are most impactful.
https://www.hackerone.com/blog/Program-Insights-QA-PayPal-Security-Team
Partager : LinkedIn / Twitter / Facebook / View
Introducing Hacker Task Manager and Statistics
We're proud to announce the latest iteration of Hacker Dashboard today- Hacker Task Manager and Statistics! The Hacker Task Manager underlines our focus on helping new and upcoming hackers to onboard themselves on our platform. With the help of the Task Manager, hackers can educate themselves with help from Hacker101 and other educational resources to get closer to the goal of submitting a valid vulnerability report.
https://www.hackerone.com/blog/Introducing-Hacker-Task-Manager-and-Statistics
Partager : LinkedIn / Twitter / Facebook / View
Design the next HackerOne T-Shirt
We are very excited to open the first ever HackerOne community T-shirt design contest. Like crafting a creative exploit or spinning up photoshop to create a perfect meme, we know you've got some amazing ideas and we want to see them. We are looking for designs that reflect the spirit of our community. This can include ingenuity, diversity and the collaborative forces that make #TogetherWeHitHarder.
https://www.hackerone.com/blog/Design-next-HackerOne-T-Shirt
Partager : LinkedIn / Twitter / Facebook / View
Five years of the GitHub Bug Bounty program
Over the past five years, GitHub has been continuously impressed by the hard work and ingenuity of the hacker community. Last year was no different. GitHub paid out 5,000 to researchers through their public bug bounty program in 2018. They decided to share some of their highlights from the past year and introduce some big changes in 2019: full legal protection for researchers, more GitHub properties eligible for rewards, and increased reward amounts.
https://www.hackerone.com/blog/Five-years-GitHub-Bug-Bounty-program
Partager : LinkedIn / Twitter / Facebook / View
HackerOne Hosts Rails Girls in Groningen
Following months of preparation, the day was finally here. HackerOne's office in Groningen was hosting a Rails Girls global coding event. Born in Finland, Rails Girls is a global, non-profit volunteer community that aims to provide the right tools and a community for women to understand technology and to build their ideas. I am Stuti Srivastava, a senior product engineer at HackerOne and one of the organisers for the event, and this was my first experience at a Rails Girls event.
https://www.hackerone.com/blog/HackerOne-Hosts-Rails-Girls-Groningen
Partager : LinkedIn / Twitter / Facebook / View
FanDuel's Liam Somerville on Prioritising Researchers as an Extension of the Security Team
FanDuel, the web-based fantasy sports game with traditional season-long fantasy sports leagues compressed into daily or weekly games of skill, is used by over 8 million members across the globe. With hundreds of millions of dollars being exchanged through weekly games, the small but mighty FanDuel security is tasked with defending enormous amounts of sensitive data all while meeting rigorous state and national regulations. Over the course of their bug bounty program, FanDuel has resolved about 85 vulnerabilities and paid out over ,000 in gratitude to researchers. We dove a little deeper with Liam to learn more about how his security team of seven works with the researcher community to boost security and how researchers can maximize their earnings by being creative.
https://www.hackerone.com/blog/FanDuels-Liam-Somerville-Prioritising-Researchers-Extension-Security-Team
Partager : LinkedIn / Twitter / Facebook / View
How Hacker-Powered Security Protects Your Data, Even When Third Parties Don't
Providing third parties with access to privileged sites and information can expose companies to greater risk of data theft, with all the financial and reputational costs such breaches bring. Hacker-powered security programs like HackerOne Bounty let you focus tens to thousands of security researchers on the precise systems you care about most. Through careful design of the program page and bounty table, which tells hackers how much they will be paid to find different types of vulnerabilities in different systems, you can concentrate the HackerOne community on hardening the applications, authentication, and access control systems that third parties use.
https://www.hackerone.com/blog/How-Hacker-Powered-Security-Protects-Your-Data-Even-When-Third-Parties-Dont
Partager : LinkedIn / Twitter / Facebook / View
Alibaba and HackerOne Join Forces in Global Vulnerability Testing Program
Alibaba, one of the world's largest Internet companies is joining HackerOne to tap into the technical expertise of the world's best cybersecurity experts to implement a global vulnerability disclosure program (VDP) to help boost security and better protect customers, transactions, and the Alibaba ecosystem. Today, Alibaba has announced that all participating cybersecurity researchers who submit valid vulnerabilities will receive a limited production physical challenge coin issued by Alibaba and HackerOne — a “metal medal of honor” – to recognize their contributions. The coin is awarded in addition to the incentives researchers receive as active members of the HackerOne community.
https://www.hackerone.com/blog/Alibaba-and-HackerOne-Join-Forces-Global-Vulnerability-Testing-Program
Partager : LinkedIn / Twitter / Facebook / View
Introducing My Programs
We're proud to announce the release of My Programs, the next iteration of Hacker Dashboard. My Programs is a completely new page in the dashboard that replaces the old “accepted invitations” page. In addition to the accepted invitations, My Programs now lists all public programs you have previously submitted a report to.
https://www.hackerone.com/blog/Introducing-My-Programs
Partager : LinkedIn / Twitter / Facebook / View
Brace yourself: Million in Bounties is Coming—and we are celebrating the whole way there!
A huge milestone towards a safer internet, better lives, and communities for hackers, HackerOne is celebrating hackers and the path to M in bounties!
https://www.hackerone.com/blog/Brace-yourself-50-Million-Bounties-Coming-and-we-are-celebrating-whole-way-there
Partager : LinkedIn / Twitter / Facebook / View
Launching the Hacker Calendar, Never Miss a Challenge Again
Hacker Calendar is a small but useful feature to track important dates and events via your calendar app. You can easily see all running challenges that you're part of and know their respective start and end dates.
https://www.hackerone.com/blog/Launching-Hacker-Calendar-Never-miss-challenge-again
Partager : LinkedIn / Twitter / Facebook / View
EU-FOSSA 2 Open Source Bug Bounty Programme Series | Q&A
Following the success of the European Commission's pilot bug bounty programme with HackerOne last year, they are announcing the launch of a new bug bounty initiative involving open source software on a much larger scale. This bug bounty programme run by the EU-Free and Open Source Software Auditing (EU-FOSSA 2) project, aims to help EU institutions better protect their critical software. We recently chatted separately with Marek Przybyszewski and Saranjit Arora who are leading the EU-FOSSA 2 project.
https://www.hackerone.com/blog/EU-FOSSA-2-Open-Source-Bug-Bounty-Programme-Series-QA
Partager : LinkedIn / Twitter / Facebook / View
Riot Games Surpasses 1,000 Valid Reports: Q&A
At the end of 2018, Riot Games surpassed one of the biggest milestones of its bug bounty program to-date: 1,000 valid vulnerabilities reported to the program. Today, the League of Legends maker celebrates 1,000 issues fixed and 1,000 opportunities to better protect their over 80 million players worldwide. We connected with Riot Games Security Engineer Diarmaid McManus to learn more about what the milestone means to him and the team, as well as the greater impact HackerOne's community has had on their security practice.
https://www.hackerone.com/blog/Riot-Games-Surpasses-1000-Valid-Reports-QA
Partager : LinkedIn / Twitter / Facebook / View
Open-Xchange Approaches 3 Years of Bug Bounties & 250 Valid Vulnerabilities
Just shy of their third anniversary of bug bounties, web-based communication, collaboration and office productivity software company Open-Xchange (OX) is sharing the results of their program to-date. OX has seen nearly 250 valid vulnerabilities reported through the program and paid out over ,000. Looking back, Security Officer Martin Heiland says bugs surfaced on HackerOne have cost about a tenth of what traditional pen testing has surfaced over the years.
https://www.hackerone.com/blog/Open-Xchange-Approaches-3-Years-Bug-Bounties-250-Valid-Vulnerabilities
Partager : LinkedIn / Twitter / Facebook / View
5 Tips for an Effective AppSec Testing Strategy
Applications have become the lifeblood of businesses in today's connected world. Software is now the “front door” into your business for many people around the world. Caution is required, though. Applications exposed to the internet are also exposed to shady characters out to exploit your systems for their benefit, often at the expense of your customers and your business. This blog shares 5 tips for an effective application security testing strategy.
https://www.hackerone.com/blog/5-Tips-Effective-AppSec-Testing-Strategy
Partager : LinkedIn / Twitter / Facebook / View
Your First 90 Days as Security Lead, Part 2: Developing a Plan and Getting to Work
You've just been named the new security lead for your organization. You probably have many projects swirling through your mind, like addressing a critical issue, benchmarking your organization against peers, or developing a broad plan. This two-part blog series details best practices for developing your program and the key steps to take during the first three months in your new role.
https://www.hackerone.com/blog/Your-First-90-Days-Security-Lead-Part-2-Developing-Plan-and-Getting-Work
Partager : LinkedIn / Twitter / Facebook / View
Hyatt Launches Public Bug Bounty Program: Q&A with CISO Benjamin Vaughn
Today, Hyatt is launching its first public bug bounty program at HackerOne. To learn more about Hyatt's program, their commitment to security and the hacker community, we sat down with Chief Information Security Officer Benjamin Vaughn.
https://www.hackerone.com/blog/Hyatt-Launches-Public-Bug-Bounty-Program-QA-CISO-Benjamin-Vaughn
Partager : LinkedIn / Twitter / Facebook / View
Introducing Indian Rupee payments: Cheaper and faster bank transfers
We're proud to announce that HackerOne now supports payments in Indian Rupees. The addition of Indian Rupees means we can now eliminate the roughly 5% conversion fee per bounty by using the “mid-market rate” to convert your bounties directly to Indian Rupees before sending them to your bank account.
https://www.hackerone.com/blog/Introducing-Indian-Rupee-payments-Cheaper-and-faster-bank-transfers
Partager : LinkedIn / Twitter / Facebook / View
Your First 90 Days as Security Lead, Part 1: Building Your Security Foundation
You've just been named the new security lead for your organization. You probably have many projects swirling through your mind, like addressing a critical issue, benchmarking your organization against peers, or developing a broad plan. This two-part blog series details best practices for developing your program and the key steps to take during the first three months in your new role.
https://www.hackerone.com/blog/Your-First-90-Days-Security-Lead-Part-1-Building-Your-Security-Foundation
Partager : LinkedIn / Twitter / Facebook / View
More Hackers Means Less To Worry About
With enough hackers, all security vulnerabilities are shallow. There is no better way to know the security of your systems than inviting a diverse community to report your weaknesses. On behalf of grateful customers, we have awarded over M in rewards to the do-gooders — the hackers. We will end 2018 with a business that has grown 10X in just 3 years.
https://www.hackerone.com/blog/More-Hackers-Means-Less-Worry-About-0
Partager : LinkedIn / Twitter / Facebook / View
Oath's Big Year of Bug Bounties Capped off with NYC Live Hacking Event
In 2018, Oath has received over 1,900 valid vulnerabilities through its private bug bounty program, over 300 of which were high or critical severity. Big numbers mean big rewards — Oath has paid million in bounties in 2018. It's been a record year, including four live hacking events all over the world — Goa, San Francisco, Argentina, and a 2018 finale live hacking event in New York City on November 27-29.
https://www.hackerone.com/blog/Oaths-Big-Year-Bug-Bounties-Capped-NYC-Live-Hacking-Event
Partager : LinkedIn / Twitter / Facebook / View
GitLab's Public Bug Bounty Program Kicks Off: Q&A with GitLab's Kathy Wang & James Ritchey
Today, GitLab is launching their first public bug bounty program. After running a private bug bounty program and public vulnerability disclosure program (VDP) on HackerOne for over a year, the company resolved nearly 250 vulnerabilities thanks to the over 100 participating hackers. We sat down with GitLab's Director of Security Kathy Wang and Senior Application Security Engineer James Ritchey to dive into the evolution of GitLab's program over time, their decision to go public with their program, and how leveraging HackerOne's community has helped to find and fix security issues quickly.
https://www.hackerone.com/blog/GitLabs-Public-Bug-Bounty-Program-Kicks-QA-GitLabs-Kathy-Wang-James-Ritchey
Partager : LinkedIn / Twitter / Facebook / View
Grammarly's Bug Bounty Program Goes Public: Q&A with VP of Engineering Joe Xavier
It's been over a year since Grammarly launched its first bug bounty program on HackerOne. It's been a private, invite-only program ever since. That is, until today! We sat down with the company's VP of Engineering Joe Xavier to learn more about how the newly public bug bounty program fits into the team's overall security strategy, what it's like working with hackers, and any advice for other organizations considering the bug bounty model.
https://www.hackerone.com/blog/Grammarlys-Bug-Bounty-Program-Goes-Public-QA-VP-Engineering-Joe-Xavier
Partager : LinkedIn / Twitter / Facebook / View
Hacktivity Disclosure for Private Programs
With over 6,000 reports that have been disclosed on Hacktivity, we're proud to announce that we're launching Disclosure for Private Programs. Vulnerability reports can now be disclosed within a private program.
https://www.hackerone.com/blog/Hacktivity-Disclosure-Private-Programs
Partager : LinkedIn / Twitter / Facebook / View
Q&A with Flickr's Senior Engineering Manager Alex Seville
As of November 2018, Flickr has been running its first independent bug bounty program, maintaining an average resolution time of just 4 days in the first month. We sat down with Flickr Senior Engineering Manager Alex Seville to learn more about his team's commitment to working with the hacker community, how it fits into Flickr's larger cybersecurity strategy, and what's to come.
https://www.hackerone.com/blog/QA-Flickrs-Senior-Engineering-Manager-Alex-Seville
Partager : LinkedIn / Twitter / Facebook / View
Easy and secure Credential Management
The new credential management functionality enables program owners to share credentials with hackers in the program easily. It's as simple as uploading a CSV with credentials, and a new button will appear on your program page from where hackers can download the credentials. When uploading the credentials, you can also give the hacker instructions on how to use them. This can be helpful in case the setup isn't straightforward.
https://www.hackerone.com/blog/Easy-and-secure-Credential-Management
Partager : LinkedIn / Twitter / Facebook / View
Test your hacking skills on real-world simulated bugs
Five sandbox environments of recently disclosed hacktivity reports available for anyone to test their hacking skills and see if they can replicate the same bug that was discovered. #hackon
https://www.hackerone.com/blog/Test-your-hacking-skills-real-world-simulated-bugs
Partager : LinkedIn / Twitter / Facebook / View
Introducing Hacker Dashboard: Your personalized HackerOne overview
Earlier this month, we introduced the all-new Program Directory with fresh metrics and better filtering. Now, we're taking it a step further with the introduction of the Hacker Dashboard. Check it out!
https://www.hackerone.com/blog/Introducing-Hacker-Dashboard-Your-personalized-HackerOne-overview
Partager : LinkedIn / Twitter / Facebook / View
Hacker101 CTF++: Find flags, get private bug bounty program invitations
Get rewarded with private invitations and work through the CTF as a group with our new release.
https://www.hackerone.com/blog/Hacker101-CTF-Find-flags-get-private-bug-bounty-program-invitations
Partager : LinkedIn / Twitter / Facebook / View
Shopify Awards 6,000 to Hackers in Canada: h1-514 Recap
Forty top hackers met in Montréal over the weekend to hack Canada-based Shopify. The commerce platform helps more than a half-million merchants spread across 90% of the world's countries design, set-up, and manage their stores. During the live hacking event, dubbed h1-514, Shopify paid over 6,000 in bounties to hackers who helped surface 55 valid vulnerabilities to the program.
https://www.hackerone.com/blog/Shopify-Awards-116000-Hackers-Canada-h1-514-Recap
Partager : LinkedIn / Twitter / Facebook / View
Integrate HackerOne directly into your website with Embedded Submissions
Receiving vulnerabilities has never been easier with the release of our newest integration: Embedded Submissions! The form will be embedded directly on your website by simply adding one line of JavaScript on your web page.
https://www.hackerone.com/blog/Integrate-HackerOne-directly-your-website-Embedded-Submissions
Partager : LinkedIn / Twitter / Facebook / View
Security@ 2018: Oath, DoD Highlight Value in Bringing Bug Bounties to Life
Most hacker-powered security happens remotely, with digital messaging being the typical communication channel. There's no brainstorming together with a whiteboard, no chats over coffee, no conversations during the walk across the street for lunch. One of the many benefits of Security@ is the chance to bring hackers, developers, and security teams together to meet in real life.
https://www.hackerone.com/blog/Security-2018-Oath-DoD-Highlight-Value-Bringing-Bug-Bounties-Life
Partager : LinkedIn / Twitter / Facebook / View
Security@ 2018: Sumo Logic's CSO On Transparency and Using Hacker-Powered Pen Tests for Better Security and Complete Compliance
At Security@ 2018, held in San Francisco in late October, Gerchow took the stage to share how Sumo Logic works with HackerOne to take a decidedly modern approach to security, using bug bounties as a tool in the arsenal and transparency as the common thread. Transparency, according to Gerchow, means that organizations must admit not only that bugs will always exist, but that the best ways to reduce vulnerabilities is to share learnings and best practices with the broader community.
https://www.hackerone.com/blog/Security-2018-Sumo-Logics-CSO-Transparency-and-Using-Hacker-Powered-Pen-Tests-Better-Security
Partager : LinkedIn / Twitter / Facebook / View
Discovering programs is easier than ever with the new and improved Program Directory
Today, we're excited to announce a complete overhaul of our Program Directory! The new directory features a fresh design and more granular filters to find programs faster than ever. Let us know what you think!
https://www.hackerone.com/blog/Discovering-programs-easier-ever-new-and-improved-Program-Directory
Partager : LinkedIn / Twitter / Facebook / View
What To Do When You're Stuck Hacking
Hacking can be tedious work. Sometimes you're looking for hours, perhaps days, and you're unable to find a security vulnerability. It can be demotivating at times. This blog will give you multiple tips to power through it and regain that sweet, sweet feeling of submitting a security vulnerability.
https://www.hackerone.com/blog/What-To-Do-When-You-Are-Stuck-Hacking
Partager : LinkedIn / Twitter / Facebook / View
Financial Services: Tips for Bug Bounty Success
Jason Pubal is an appsec director at a large financial services firm. Over the past 2 years, he's prepared for and rolled out a successful bug bounty program with HackerOne. Here's what he's learned in the process and how you can prepare to launch your own bug bounty program.
https://www.hackerone.com/blog/Financial-Services-Tips-Bug-Bounty-Success
Partager : LinkedIn / Twitter / Facebook / View
The Best is Yet To Come: DOD Awards New Hack the Pentagon Contract to HackerOne
Today we celebrate cyber defense. The U.S. Department of Defense's Defense Digital Service (DDS) announced expansion of the Hack the Pentagon crowdsourced security program and partnership with HackerOne. HackerOne is one of three vendors to be awarded a contract as part of the Hack the Pentagon expansion to run private assessments against sensitive, internal systems.
https://www.hackerone.com/blog/Best-Yet-Come-DOD-Awards-New-Hack-Pentagon-Contract-HackerOne
Partager : LinkedIn / Twitter / Facebook / View
The Paranoids at Oath Take Bug Bounties to Argentina: h1-5411 Recap
HackerOne kicked off its first South America live hacking event in Buenos Aires, Argentina! Oath, a media and tech company, under which Yahoo, AOL, Verizon Digital Media Services, TechCrunch and many more dynamic brands fall, opened up their assets to 53 hackers in their second live hacking event in 2018. Eight hours later, Oath had paid out over 0,000 in bounties to hackers for their contributions. Thank you to our hackers that literally weathered a storm to join us in Argentina for the first time.
https://www.hackerone.com/blog/Paranoids-Oath-Take-Bug-Bounties-Argentina-h1-5411-Recap
Partager : LinkedIn / Twitter / Facebook / View
Say Yes To Cyber Help
We are seeing tremendous growth at HackerOne. Bug bounty programs, vulnerability disclosure policies, and crowdsourced pentests are needed by anyone entrusted with protecting customer data. To serve our rapidly expanding customer base, we have tripled our headcount in the past 12 months and opened new offices in New York, Washington D.C. and Singapore, in addition to our San Francisco, London and Netherlands offices.
https://www.hackerone.com/blog/Say-Yes-Cyber-Help
Partager : LinkedIn / Twitter / Facebook / View
The U.S. Marine Corps Resolves Nearly 150 Vulnerabilities Thanks to Hackers
Hack the Marine Corps, the U.S. Depart of Defense's (DoD) six public bug bounty challenge, officially concluded and the results are in! Over 100 ethical hackers tested public-facing Marine Corps websites and services in an effort to harden the defenses of the Marine Corps Enterprise Network (MCEN). Over the 20 days of the hacking challenge, hackers reported nearly 150 unique valid vulnerabilities to the U.S. Marine Corps Cyberspace Command (MARFORCYBER) team and were awarded over 0,000 for their findings.
https://www.hackerone.com/blog/US-Marine-Corps-Resolves-Nearly-150-Vulnerabilities-Thanks-Hackers-2
Partager : LinkedIn / Twitter / Facebook / View
The AWS Shared Responsibility Model: 3 Areas of Improvement to Make Today Part 3: Logging, Monitoring, and Alerting in AWS
Migrating to the cloud means sharing responsibility for security with the cloud provider. Read about one important part of the shared responsibility model: logging, monitoring, and alerting in an AWS environment. Discover the tools available to help you always know what is happening in your environment.
https://www.hackerone.com/blog/AWS-Shared-Responsibility-Model-3-Areas-Improvement-Make-Today-Part-3
Partager : LinkedIn / Twitter / Facebook / View
How Hacktivity Can Save Your Company: Experts Weigh In
Hacktivity can save your company. Take help from hackers. You can't do it alone. Approach hackers with an assumption of benevolence, and develop relationships with them. Don't find out about a vulnerability for the first time on Twitter. How do you defend yourself against people who get up in the morning, put on their flip flops (or military uniform) and do nothing but think about how to attack you? These were themes at the Atlantic Council's panel on coordinated vulnerability disclosure (CVD) on September 18 in Washington, D.C.
https://www.hackerone.com/blog/How-Hacktivity-Can-Save-Your-Company-Experts-Weigh-In
Partager : LinkedIn / Twitter / Facebook / View
Hacker Q&A with André Baptista: From CTF Champ to h1-202 MVH
From CTF Champ to H1-202 MVH. André applied the creativity of CTFs to find and escalate bugs in the wild and hack his way to to the Championship Belt less than a month after finding his first bug in the wild.
https://www.hackerone.com/blog/Hacker-QA-Andre-Baptista-CTF-Champ-h1-202-MVH
Partager : LinkedIn / Twitter / Facebook / View
Streamline Every Aspect of Your Responsible Disclosure Policy with HackerOne Response
HackerOne Response is our turnkey solution offering enterprise-grade security and conformance with ISO-29147 (vulnerability disclosure) and ISO-30111 (vulnerability handling). It allows vulnerability management teams to work directly with external third-parties to resolve critical security vulnerabilities before they can be exploited.
https://www.hackerone.com/blog/Streamline-Every-Aspect-Your-VDP-HackerOne-Response
Partager : LinkedIn / Twitter / Facebook / View
Top Firewall Misconfigurations that Lead to Easy Exploitations by Attackers
Migrating to the cloud means sharing responsibility for security with the cloud provider. Read about one important part of the shared responsibility model: keeping your cloud network secure. Discover how to protect your cloud networks from attackers.
https://www.hackerone.com/blog/Top-Firewall-Misconfigurations-that-Lead-to-Easy-Exploitations
Partager : LinkedIn / Twitter / Facebook / View
The AWS Shared Responsibility Model: 3 Areas of Improvement to Make Today, Part 1
Migrating to the cloud means sharing responsibility for security with the cloud provider. Read about one important part of the shared responsibility model: keeping your private keys private. Discover how to prevent your secrets from escaping the cloud.
https://www.hackerone.com/blog/AWS-Shared-Responsibility-Model-3-Areas-Improvement-Make-Today-Part-1-Keep-Your-Private-Keys
Partager : LinkedIn / Twitter / Facebook / View
Introducing the Hacker101 CTF
Capture flags all day and night in our newly launched CTF, available 24/7 at ctf.hacker101.com.
https://www.hackerone.com/blog/Introducing-Hacker101-CTF
Partager : LinkedIn / Twitter / Facebook / View
Highlights of New York's Cybersecurity Regulation 23 NYCRR Part 500
Effective March 1, 2017, the New York State Department of Financial Services (NYDFS) promulgated 23 NYCRR Part 500, a regulation establishing cybersecurity requirements for financial services companies. Beginning today, September 4, 2018, Sections 500.06, 500.08, 500.13, 500.14(a) and 500.15 of 23 NYCRR Part 500 will be enforceable.
https://www.hackerone.com/blog/Highlights-New-Yorks-Cybersecurity-Regulation-23-NYCRR-Part-500
Partager : LinkedIn / Twitter / Facebook / View
H1-702 2018 makes history with over 0K in bounties paid!
Five straight nights of hacking with over 75 hackers representing 20+ countries hacked five targets earning over 0,000. It was the largest and most successful live hacking event ever.
https://www.hackerone.com/blog/H1-702-2018-makes-history-over-500K-bounties-paid
Partager : LinkedIn / Twitter / Facebook / View
Hacker Q&A with Matthew Bryant: Good Artists Copy, Great Artists Steal
“Seeing an exploit without understanding how any of it works felt like witnessing someone doing actual magic.” In his search to understand new-to-him security vulnerabilities, Matthew Bryant (@iammandatory) has found some iconic bugs. He chatted with us about those finds, collaboration, and the tools he builds as a modern-day security magician.
https://www.hackerone.com/blog/Hacker-QA-Matthew-Bryant-1
Partager : LinkedIn / Twitter / Facebook / View
What is a Responsible Disclosure Policy and Why You Need One
This article will answer the simple question of what a vulnerability disclosure policy is, what's included in a good policy, which organizations have a VDP today, and which government agencies have published guidance on VDPs.
https://www.hackerone.com/blog/What-Vulnerability-Disclosure-Policy-and-Why-You-Need-One
Partager : LinkedIn / Twitter / Facebook / View
118 Fascinating Facts from HackerOne's Hacker-Powered Security Report 2018
Read 118 of the most intriguing data points from HackerOne's Hacker-Powered Security Report 2018. Get the facts to learn how security teams are working with hackers to crush more bugs and make the internet safer for everyone.
https://www.hackerone.com/blog/118-Fascinating-Facts-HackerOnes-Hacker-Powered-Security-Report-2018
Partager : LinkedIn / Twitter / Facebook / View
7 Common Security Pitfalls to Avoid When Migrating to the Cloud
Read about the seven common security pitfalls to avoid when considering a migration to the cloud. Get actionable steps you should take now to ensure the best security possible for your customers.
https://www.hackerone.com/blog/7-Common-Security-Pitfalls-Avoid-When-Migrating-Cloud
Partager : LinkedIn / Twitter / Facebook / View
Oath Bug Bounty Program Update: M in payouts and expansion of the program
Oath has surpassed over ,000,000 bounties paid to hackers for their help to significantly decrease risk and reduce Oath's attack surface. However, bugs aren't all Oath received from the security community. They also heard a ton of feedback that they've accounted for in five changes to their program policy. Check them out!
https://www.hackerone.com/blog/Oath-Bug-Bounty-Program-Update-1M-payouts-and-expansion-program
Partager : LinkedIn / Twitter / Facebook / View
Improve Credential Sharing with Hacker Email Aliases
New hacker email aliases feature makes credential sharing, and whitelisting domains simple for programs
https://www.hackerone.com/blog/Improve-Credential-Sharing-Hacker-Email-Aliases
Partager : LinkedIn / Twitter / Facebook / View
A Guide To Subdomain Takeovers
Technical guide on how to understand, find, exploit, and report subdomain misconfigurations by EdOverflow
https://www.hackerone.com/blog/Guide-Subdomain-Takeovers
Partager : LinkedIn / Twitter / Facebook / View
Software Vulnerability Disclosure in Europe: Summary and Key Highlights of the European Parliament CEPS Task Force Report
HackerOne's summary review of the Software Vulnerability Disclosure in Europe Technology, Policies and Legal Challenges report.
https://www.hackerone.com/blog/Software-Vulnerability-Disclosure-Europe-Summary-and-Key-Highlights-European-Parliament-CEPS
Partager : LinkedIn / Twitter / Facebook / View
Sumo Logic Looks to Hacker-Powered Pen Testing for Security and Compliance
In late 2017, Sumo Logic CSO George Gerchow faced a challenge most only dream of — pen testing reports kept coming back clean. While this seems like good knews, it meant Sumo Logic's attack surface was hardening, Gerchow knew nothing is bulletproof. Three bug bounty challenges later, Sumo Logic is sharing the results and inner workings of its open line of communication with the hacker community for the first time.
https://www.hackerone.com/blog/Sumo-Logic-Looks-Hacker-Powered-Pen-Testing-Security-and-Compliance
Partager : LinkedIn / Twitter / Facebook / View
Zomato's First Anniversary with Bug Bounties: Q&A with Security Lead, Prateek Tiwari
This month, Zomato is celebrating the first anniversary of its bug bounty program. Since launching in July 2017, the company has paid out over 0,000 to over 350 hackers for their efforts, all while maintaining an average response time of 4 hours. We recently caught up with Prateek to celebrate the milestone and give you a chance to learn more about Zomato's approach to bug bounties and security.
https://www.hackerone.com/blog/Zomatos-First-Anniversary-Bug-Bounties-QA-Security-Lead-Prateek-Tiwari
Partager : LinkedIn / Twitter / Facebook / View
The Hacker-Powered Security Report 2018
The Hacker-Powered Security Report 2018 is the most comprehensive report on hacker-powered security. Analysis of 78,275 security vulnerability reports received in the past year from ethical hackers that reported them to over 1,000 organizations through HackerOne.
https://www.hackerone.com/blog/Hacker-Powered-Security-Report-2018
Partager : LinkedIn / Twitter / Facebook / View
H1-702 CTF Winners Announced!
Thanks to all the hackers who participated in the H1-702 2018 CTF! For the first time ever, we had both web and mobile challenges. Our six winners were selected from a pool of 750 registered participants and over 30 submissions received. Congratulations on winning your way to Las Vegas for the biggest live hacking event ever!
https://www.hackerone.com/blog/H1-702-CTF-Winners-Announced
Partager : LinkedIn / Twitter / Facebook / View
Lawfully Hacked
The best way to prevent getting hacked is to try to get hacked. Paradoxical as this may sound, evidence shows it is true. The worst data breaches the world has seen were with companies that did not invite external security researchers to report their findings. But by hunting for their security vulnerabilities, organizations can ensure the weak points are found and fixed before they are identified by criminals. Open sourcing security is the way.
https://www.hackerone.com/blog/Lawfully-Hacked
Partager : LinkedIn / Twitter / Facebook / View
The Journey to 100% Responsive Programs
Unresponsive programs are a drain on your time and your sanity. We are committed to ensure programs on the platform will be responsive and their performance metrics will be transparent.
https://www.hackerone.com/blog/Journey-100-Responsive-Programs
Partager : LinkedIn / Twitter / Facebook / View
Webinar: Learn How Hacker-Powered Pentests Give You More For Less
Join us on July 17 to learn how hacker-powered pen tests give you more. More bugs, faster, and cheaper.
https://www.hackerone.com/blog/Webinar-Learn-How-Hacker-Powered-Pentests-Give-You-More-Less
Partager : LinkedIn / Twitter / Facebook / View
Morrison & Foerster's David Newman: How Corporate Counsel Should Approach Hacker-Powered Security
Interview with MoFo's David Newman, of counsel in the National Security and Global Risk & Crisis Management practices. We asked David a few questions related to his work for clients on hacker-powered security, as well as what he's seeing in the field as more and more organizations launch both vulnerability disclosure policies (VDP) and bug bounty programs.
https://www.hackerone.com/blog/Morrison-Foersters-David-Newman-How-Corporate-Counsel-Should-Approach-Hacker-Powered-Security
Partager : LinkedIn / Twitter / Facebook / View
Hackers Descend on London for First Ever UK Live Hacking Event: H1-4420
Saturday, June 16, almost 50 hackers gathered from across the world to hack one of the most popular and mature bug bounty programs on the planet at HackerOne's first live-hacking event in London, H1-4420. Nine hours, 71 valid bugs and ,753 later...you could say our community of elite hackers exceeded all expectations.
https://www.hackerone.com/blog/Hackers-Descend-London-First-Ever-UK-Live-Hacking-Event-H1-4420
Partager : LinkedIn / Twitter / Facebook / View
Advanced triggers feature launches to further improve signal
Triggers are simple but powerful tools for executing automated responses to new, incoming reports. With triggers, you can set up an automated action when your program receives a report with or without a given trigger word. Triggers aid in reducing noise as they can flag certain reports.
https://www.hackerone.com/blog/Advanced-triggers-feature-launches-further-improve-signal
Partager : LinkedIn / Twitter / Facebook / View
Live-hacking Dropbox in Amsterdam for H1-3120
At H1-3120, Dropbox received more than 90 reports and paid out ,383 with an average bounty of ,318, over two times on their largest bounty day ever and almost three times their average bounty. Geweldig!
https://www.hackerone.com/blog/Live-hacking-Dropbox-Amsterdam-H1-3120
Partager : LinkedIn / Twitter / Facebook / View
Jackpot! The h1-702 2018 CTF is here! Win a Trip to the Biggest Live-hacking Event of 2018
H1-702 2018 is happening in Las Vegas from Wednesday, August 8 to Sunday, August 12! Any hacker from around the world who wants to attend can earn their way there. All you need to do is solve our CTF and write a great report. Six lucky winners will earn round trip airfare, seven nights at a hotel on the Las Vegas strip, and access to all five days of h1-702.
https://www.hackerone.com/blog/Jackpot-h1-702-2018-CTF-here-Win-Trip-Biggest-Live-hacking-Event-2018
Partager : LinkedIn / Twitter / Facebook / View
Hey Startups, Check Your GDPR Progress with this GDPR Checklist
The GDPR Checklist is just that: a checklist to make sure you've covered the basics concerning GDPR. It's aimed at SaaS startups, but every company can benefit from its simple, easy to understand guidance.
https://www.hackerone.com/blog/Hey-Startups-Check-Your-GDPR-Progress-GDPR-Checklist
Partager : LinkedIn / Twitter / Facebook / View
Hacker-Powered pen tests at the U.S. Federal Government
When looking for a model to inform your own security posture, the Department of Defense would be a good place to look. Not only were they the first branch of the U.S. Federal Government to use white-hat hackers back in 2016, they've been using hacker-powered security in new and interesting ways ever since. They've also blazed a trail for other public organizations.
https://www.hackerone.com/blog/Hacker-Powered-pen-tests-US-Federal-Government
Partager : LinkedIn / Twitter / Facebook / View
New Hacker101 Content: Threat modeling, Burp basics, and more
Since January, thousands of hackers have expressed their enthusiasm about the first Hacker101 content drop (almost 80,000 total video views and 8,800+ stars on GitHub in just six months!); and now it's time to take things to the next level.
https://www.hackerone.com/blog/New-Hacker101-Content-Threat-modeling-Burp-basics-and-more
Partager : LinkedIn / Twitter / Facebook / View
CISOs and GDPR: The Top 3 Concerns
In “The CISOs Guide to GDPR”, expert Thomas Fischer offered up the three main concerns he's hearing most often from CISOs regarding GDPR.
https://www.hackerone.com/blog/CISOs-and-GDPR-the-top-3-concerns
Partager : LinkedIn / Twitter / Facebook / View
Hacker Q&A with Rachel Tobac: Hacking Companies Through Their People
CEO and Co-founder of SocialProof Security, Rachel Tobac hacks people. Using a phone, email, and an approachable persona, Rachel discovers vital information that can be used to craft successful exploits.
https://www.hackerone.com/blog/Hacker-QA-Rachel-Tobac-Hacking-Companies-Through-Their-People
Partager : LinkedIn / Twitter / Facebook / View
Introducing The 90 day Hacker Leaderboard and Revamped Invitations
Hackers can now see how they ranked by their Reputation, Signal, and Impact in the last 90 days. Invitations going forward will be based on your activity during the last 90 days.
https://www.hackerone.com/blog/Introducing-90-day-Hacker-Leaderboard-and-Revamped-Invitations
Partager : LinkedIn / Twitter / Facebook / View
Hacker Q&A with Alyssa: We are all still learning
At 16 Alyssa Herrera discovered BugBounties and HackerOne--she hasn't looked back since. Now a full time bug hunter, Alyssa makes sure to give back to the community by sharing the knowledge she gained on her way to the number two spot on the DoD leaderboards.
https://www.hackerone.com/blog/Hacker-QA-Alyssa-We-are-all-still-learning
Partager : LinkedIn / Twitter / Facebook / View
Hursti hacks, DEF CON villages, and the Dubious state of electronic voting
Harri Hursti is one of the world's leading authorities on election voting security. His work has exposed gaping security flaws in electronic voting machines and the electronic voting industry as a whole. He answered some of our questions on his hacking roots and why electronic voting is so easily hacked.
https://www.hackerone.com/blog/Hursti-hacks-DEF-CON-villages-and-Dubious-state-electronic-voting
Partager : LinkedIn / Twitter / Facebook / View
H1-415 Recap: Oath Pays Over 0,000 to Hackers in One Day
Forty-one hackers representing 11 countries. More than 0,000 paid in bounties. All in nine hours. HackerOne's second annual live-hacking event in San Francisco broke multiple records on Saturday, April 14, 2018. The target? Oath, a media and tech company, under which Yahoo, AOL, Verizon Digital Media Services, TechCrunch and many more dynamic brands fall.
https://www.hackerone.com/blog/H1-415-Recap-Oath-Pays-Over-400000-Hackers-One-Day
Partager : LinkedIn / Twitter / Facebook / View
H1-202 Recap: Mapbox Pays Out Nearly ,000 in One Day
Twenty-seven hackers representing nine countries gathered at the U.S. capitol March 23-25, 2018 for HackerOne's first live hacking event in Washington, D.C. The weekend consisted of a community day with Virginia-based high schoolers and a live hacking day — nine hours of hacking at Mapbox HQ, resulting in over 100 bugs reported and nearly ,000 paid in rewards.
https://www.hackerone.com/blog/H1-202-Recap-Mapbox-Pays-Out-Nearly-65000-One-Day
Partager : LinkedIn / Twitter / Facebook / View
Q&A with CRANIUM: Easing Compliance with “GDPR in a Box”
CRANIUM, an international consulting company specializing in privacy, data protection and information security, sells a GDPR in a Box to guide organizations through their GDPR challenge. It's a combination of do-it-yourself plus online support, and we talked with one of their GDPR experts to learn more about it.
https://www.hackerone.com/blog/QA-CRANIUM-Easing-Compliance-GDPR-Box
Partager : LinkedIn / Twitter / Facebook / View
Shopify Thanks Over 300 Hackers, Pays 0,000+ to Hackers in Three Years
This month, Shopify celebrates the three year anniversary of its bug bounty program with HackerOne. To-date the commerce platform has paid over 0,000 in rewards to hackers, resolved 759 vulnerabilities and has thanked over 300 hackers for their contributions.
https://www.hackerone.com/blog/Shopify-Thanks-Over-300-Hackers-Pays-850000-Hackers-Three-Years
Partager : LinkedIn / Twitter / Facebook / View
Q&A with HackerOne's New Board Member: Kathryn Haun
We are thrilled to introduce HackerOne's new board member Kathryn Haun. Katie is a former U.S. Department of Justice (DOJ) federal prosecutor, Stanford Business School Lecturer and serves on the board of Coinbase. With cybersecurity affecting every industry, every entity, and every person who is digitally connected, Katie thinks one of the best ways to protect against nefarious actors is to provide a safe environment for ethical hackers to beat them to the punch.
https://www.hackerone.com/blog/QA-HackerOnes-New-Board-Member-Kathryn-Haun
Partager : LinkedIn / Twitter / Facebook / View
The CISO's Guide to GDPR: Q&A with Thomas Fischer
We recently caught up with GDPR expert Thomas Fischer for his help in answering some questions for us on the hot topic of GDPR.
https://www.hackerone.com/blog/CISOs-Guide-GDPR-QA-Thomas-Fischer
Partager : LinkedIn / Twitter / Facebook / View
General Motors Celebrates Second Anniversary with Hackers
Just over two years ago, General Motors became the first major automaker to launch a public vulnerability disclosure program (VDP). Its purpose? To protect its customers by working with hackers to safely identify and resolve security vulnerabilities. Since the program launched in 2016, GM has resolved more than 700 vulnerabilities across the entire supply chain, with help from hackers.
https://www.hackerone.com/blog/General-Motors-Celebrates-Second-Anniversary-Hackers
Partager : LinkedIn / Twitter / Facebook / View
Mr. Chairman, we need hackers!
The more the world gets hacked, the more we need hackers. We need white hats. They will find vulnerabilities so we can fix them and not get breached.
https://www.hackerone.com/blog/Mr-Chairman-we-need-hackers
Partager : LinkedIn / Twitter / Facebook / View
GitHub Celebrates Four Years of Bug Bounties: Q&A with VP of Security, Shawn Davenport
GitHub celebrated the fourth anniversary of its Security Bug Bounty program and released a comprehensive recap of a record-breaking 2017 to mark the moment. To join the celebration and give you a chance to learn more about GitHub's approach to bug bounties and security, we recently caught up with Shawn Davenport, VP of Security at GitHub.
https://www.hackerone.com/blog/GitHub-Celebrates-Four-Years-Bug-Bounties-QA-VP-Security-Shawn-Davenport
Partager : LinkedIn / Twitter / Facebook / View
GDPR: Let's kill the FUD
It seems everywhere you look, the talk about GDPR is designed to scare you into action. Fear, uncertainty, and doubt (FUD) are powerful motivators. Probably the scariest thing of all: the potential fines. GDPR, on paper, allows for fines of up to €20 million (.5 million) or 4% of a company's global annual revenue. Here's a quick (non-FUD-ified) list of some of what we see happening and how it may impact you.
https://www.hackerone.com/blog/GDPR-Lets-kill-FUD
Partager : LinkedIn / Twitter / Facebook / View
OWASP Top 10 Web Security Risks of 2017 - Flashcards
There's no such thing as perfectly secure software. Learn about the top 10 web security risks of 2017 with our print-ready flashcard guide
https://www.hackerone.com/blog/OWASP-Top-10-Web-Security-Risks-2017-Flashcards
Partager : LinkedIn / Twitter / Facebook / View
Calling All “Bureaucracy Hackers”
Lisa Wiswell, a HackerOne advisor and a principal at GRIMM cybersecurity firm, thinks the government needs more help from hackers. Not just with hacking or security, but with simply understanding the basics of technology and the internet.
https://www.hackerone.com/blog/Calling-All-Bureaucracy-Hackers
Partager : LinkedIn / Twitter / Facebook / View
h1-202 CTF Winners Announced (and links to write-ups)
Our h1-202 CTF attracted 450 participants and we chose three winners that will be sent to Washington, DC for our live-hacking event, h1-202! Find out who won and read their solution write-ups in this post.
https://www.hackerone.com/blog/h1-202-CTF-Winners-Announced
Partager : LinkedIn / Twitter / Facebook / View
Q&A with Faye Francy: How Auto-ISAC Puts Security in the Driver's Seat
Faye Francy is executive director of Auto-ISAC, an industry-operated organization created to enhance cybersecurity awareness and collaboration across the global automotive industry. We interviewed Faye to learn more about the work Auto-ISAC is doing to make all of our vehicles more secure.
https://www.hackerone.com/blog/QA-Faye-Francy-How-Auto-ISAC-Puts-Security-Drivers-Seat
Partager : LinkedIn / Twitter / Facebook / View
Hacker Q&A with Shubham Gupta: Patience and Passion
Shubham Gupta ranks in the 96th percentile when it comes to signal and has helped secure brands like Ubiquiti Networks, Twitter, Slack and others. Shubham is enthusiastic, eager to learn and challenging himself daily. We caught up with him to learn more about his story, what drives him and why he hacks for good.
https://www.hackerone.com/blog/Hacker-QA-Shubham-gupta-Patience-and-Passion
Partager : LinkedIn / Twitter / Facebook / View
Hack Your Way to the White House
The h1-202 CTF is here! On March 25th, 2018, h1-202 will be happening in Washington, D.C. (at a top secret location!). We are opening up the event to any hacker around the world who wants to attend. All you need to do is solve our CTF and write up a great report. The individuals who submit the best write ups as determined by our judges will be invited to attend h1-202.
https://www.hackerone.com/blog/Hack-Your-Way-White-House
Partager : LinkedIn / Twitter / Facebook / View
Alexa, ask HackerOne...
Alexa, ask HackerOne what's in the news?
https://www.hackerone.com/blog/Alexa-ask-HackerOne
Partager : LinkedIn / Twitter / Facebook / View
How Hackers Spend Their Bounties
At our poolside h1-702 live-hacking event in Las Vegas we asked some of our top hackers about how they spend their bounty earnings. Responses varied - from saving money for college, to buying a family car, to helping their parents purchase a home to: headphones, snowblowers, and more.
https://www.hackerone.com/blog/How-Hackers-Spend-Their-Bounties
Partager : LinkedIn / Twitter / Facebook / View
Google Play increases bounties and expands scope for Android apps
Google is announcing updates to the program, including expanded vulnerability criteria and increased payouts.
https://www.hackerone.com/blog/Google-Play-increases-bounties-and-expands-scope-Android-apps
Partager : LinkedIn / Twitter / Facebook / View
Q&A with Jane Frankland: GDPR, CISOs, and Women in Cybersecurity
Jane Frankland is an award-winning entrepreneur, speaker, and consultant in cybersecurity and entrepreneurism. For more than 20 years, Jane has been focused on cybersecurity, and has been actively involved in OWASP, CREST and the Cyber Essentials scheme. She a prolific author, having been featured in leading publications and appeared on iconic British media programmes. She has also just published a new book about women in security.
https://www.hackerone.com/blog/QA-Jane-Frankland-GDPR-CISOs-and-Women-Cybersecurity
Partager : LinkedIn / Twitter / Facebook / View
U.S. Senate Hearing - Data Security and Bug Bounty Programs: Lessons Learned
HackerOne was invited to testify in front of the U.S. Senate Subcommittee on Consumer Protection, Product Safety, Insurance, and Data Security. We are honored to join the Senate and leaders in our industry to discuss the role hackers can play in strengthening security.
https://www.hackerone.com/blog/US-Senate-Hearing-Bug-Bounty-Lessons-Learned
Partager : LinkedIn / Twitter / Facebook / View
Updated Hacker Invitations: Hack more, hack better
Program invitations are getting better. Way better. Check out the new features to help you manage the invitations you receive on HackerOne.
https://www.hackerone.com/blog/Updated-Hacker-Invitations-Hack-more-hack-better
Partager : LinkedIn / Twitter / Facebook / View
Healthy programs make for happy hackers. Introducing response SLAs
How do you measure the success of your HackerOne program? What are the top things hackers look for from security teams? Ever wonder how your peers at other companies are doing against their key performance indicators?
To answer these questions and more, today we're launching our new response service level agreement (SLA) features to make it easier for you to maintain a healthy, responsive program.
https://www.hackerone.com/blog/Healthy-programs-make-happy-hackers-Introducing-response-SLAs
Partager : LinkedIn / Twitter / Facebook / View
Hacker101: Free class for web security. Let's break some stuff
Hacker101 is a free class for web security. Whether you're a programmer with an interest in bug bounties or a seasoned security professional, Hacker101 has something to teach you.
https://www.hackerone.com/blog/Hacker101-Free-class-web-security-Lets-break-some-stuff
Partager : LinkedIn / Twitter / Facebook / View
Breaking the Bank: Getting Financial Services Companies to Embrace Hacker-Powered Security
How the tide is shifting, and financial services firms are realizing that the economics of hacker-powered security outweigh the risks as presented at Security@ San Francisco.
https://www.hackerone.com/blog/Breaking-Bank-Getting-Financial-Services-Companies-Embrace-Hacker-Powered-Security
Partager : LinkedIn / Twitter / Facebook / View
Double your signal, double your fun
Human-Augmented Signal improves the signal of programs as reports flagged with a high noise probability are reviewed by HackerOne security analysts. After our system utilizes various criteria to automatically classify all incoming reports, reports with potential noise are forwarded to HackerOne security analysts for review.
https://www.hackerone.com/blog/Double-your-signal-double-your-fun
Partager : LinkedIn / Twitter / Facebook / View
Bug Bounty or Bust! The Art of Triage
Tips on how to best set yourself up operationally to handle the loads of reports flying your way, as well as more in-depth tips on how to handle common scenarios on individual reports.
https://www.hackerone.com/blog/Bug-Bounty-or-Bust-Art-Triage
Partager : LinkedIn / Twitter / Facebook / View
The 2018 Hacker Report
https://www.hackerone.com/blog/2018-Hacker-Report
Partager : LinkedIn / Twitter / Facebook / View
An Attorney's View of Vulnerability Disclosure
Vulnerability Disclosure Programs (VDPs) are not only being promoted by more and more organizations and officials, they're an easy-to-implement yet critical part of any company's security apparatus. But there are legal issues to consider, and we had a top cybersecurity attorney offering advice at the recent Security@ event.
https://www.hackerone.com/blog/Attorneys-View-Vulnerability-Disclosure
Partager : LinkedIn / Twitter / Facebook / View
What percentage of your software vulnerabilities have GDPR implications?
Do you know how many of your unknown vulnerabilities have the potential to cause a breach of consumer data? In other words, how many have GDPR implications? We wondered the same thing, so we did some digging. Here's what we found.
https://www.hackerone.com/blog/What-percentage-your-software-vulnerabilities-have-GDPR-implications
Partager : LinkedIn / Twitter / Facebook / View
Hacker Q&A With EdOverflow
EdOverflow is a hacker's hacker. He's found bugs for Razer, GitLab, and even HackerOne :). He writes about security and web development. And, he runs Securitytxt.org, which works to standardize how websites define their security policies. We chatted with Ed a bit about his background, his work, and his causes.
https://www.hackerone.com/blog/Hacker-QA-EdOverflow
Partager : LinkedIn / Twitter / Facebook / View
Bringing Private-sector Security into the U.S. Government [Security@ Recaps]
https://www.hackerone.com/blog/Bringing-Private-sector-Security-US-Government-Security-Recaps
Partager : LinkedIn / Twitter / Facebook / View
Hacking The Planet - Hack The World 2017 Recap
After 1 month of our community's best and brightest going head to head to be named Hack The World 2017 champion, we are ready to share the winners of the annual contest. We also want to share some lessons learned, and give each of you the opportunity to share feedback with us so that we can improve on future contests.
https://www.hackerone.com/blog/Hacking-Planet-Hack-World-2017-Recap
Partager : LinkedIn / Twitter / Facebook / View
Samy Kamkar's Security@ San Francisco Keynote
If you were into social networks during the MySpace era, you might recall the Samy Worm of 2005. The worm spread through friend invitations, infecting MySpace user accounts and adding “Samy is my hero” to their personal pages. Unsurprisingly, it was developed by a teenager named Samy...and yes, Samy is our hero.
https://www.hackerone.com/blog/Samy-Kamkar-Security-at-San-Francisco-Keynote
Partager : LinkedIn / Twitter / Facebook / View
Alex Rice and Zane Lackey Discuss Modern Security for Practitioners
Our co-founder and CTO, Alex Rice, was a recent guest on The Modern Security Series by Signal Sciences, along with Signal Sciences' co-founder and CSO, Zane Lackey.
https://www.hackerone.com/blog/Alex-Rice-and-Zane-Lackey-Discuss-Modern-Security-Practitioners
Partager : LinkedIn / Twitter / Facebook / View
Hacking the U.S. Air Force (again) from a New York City subway station
https://www.hackerone.com/blog/Hacking-US-Air-Force-again-New-York-City-subway-station
Partager : LinkedIn / Twitter / Facebook / View
The European Commission's First-Ever Bug Bounty Program
The European Commission has selected HackerOne as the platform for their first ever bug bounty program.
https://www.hackerone.com/blog/the-european-commissions-first-ever-bug-bounty-program
Partager : LinkedIn / Twitter / Facebook / View
AlienVault streamlines their vulnerability disclosure with HackerOne Response
HackerOne is helping AlienVault manage incoming reports, triage them, and automatically create tickets on their internal ticketing system for only the valid reports.
https://www.hackerone.com/blog/AlienVault-streamlines-their-vulnerability-disclosure-with-HackerOne-Response
Partager : LinkedIn / Twitter / Facebook / View
Why Riot Games Pays Hackers to Break Them
In the League of Legends world, your nexus is protected from outside threats by a strong team of diverse champions. It's similar to how you should approach security in the real world, and wouldn't it be better to have more and better champions working on your team?
https://www.hackerone.com/blog/Why-Riot-Games-Pays-Hackers-to-Break-Them
Partager : LinkedIn / Twitter / Facebook / View
KPMG's Cyber Security Expert Offers Advice for Bug Bounty Success
Before you propose a bug bounty program to your organization, you need a comprehensive plan. That's just one of the many takeaways offered on a recent podcast from KPMG's Advisory Institute, which publishes content related to business performance, technology, risk management, and more.
https://www.hackerone.com/blog/KPMGs-Cyber-Security-Expert-Offers-Advice-for-Bug-Bounty-Success
Partager : LinkedIn / Twitter / Facebook / View
The ICO's 12-Step Guide to GDPR Compliance
The United Kingdom's Information Commissioner's Office suggested “12 steps to take now” to get ahead of GDPR's impact on your operations and processes. We've put together a quick recap available on our resources page.
https://www.hackerone.com/blog/The-ICOs-12-Step-Guide-to-GDPR-Compliance
Partager : LinkedIn / Twitter / Facebook / View
Breach Basics: Preparation for the Inevitable
Data breaches in information security have become an inescapable reality. A common inquiry we receive here at HackerOne is for guidance on how to most effectively respond to one of these unfortunate incidents. There are no easy answers. Our hope is the following guidance can serve as recommendations for any victim of a breach.
https://www.hackerone.com/blog/Breach-Basics-Preparation-for-the-Inevitable
Partager : LinkedIn / Twitter / Facebook / View
The Voices of Vulnerability Disclosure: Look Who's Talking About VDPs
The attention being given to vulnerability disclosure policies (VDP) in the past year has increased dramatically. It might be the latest high-profile breach that sparks a comment, but more and more, it's the attitude that VDPs aren't just nice-to-haves, they're critical tools for every cyber security team.
https://www.hackerone.com/blog/The-Voices-of-Vulnerability-Disclosure-Look-Whos-Talking-About-VDPs
Partager : LinkedIn / Twitter / Facebook / View
H1-212 CTF results
Thanks to all of you who participated in our first ever h1-212 CTF! We had a lot of fun building it and it looks like many of you had a great time participating.
https://www.hackerone.com/blog/h1-212-ctf-results
Partager : LinkedIn / Twitter / Facebook / View
Hack your way to NYC this December for h1-212
Want to win an all expenses paid trip to New York City to hack against HackerOne 1337 and a chance to earn up to 0,000 in bounties? The h1-212 CTF is here!
https://www.hackerone.com/blog/hack-your-way-to-nyc-this-december-for-h1-212
Partager : LinkedIn / Twitter / Facebook / View
Hack The Pentagon Turns One on HackerOne
Great news for U.S. citizens! Over 3,000 valid security vulnerabilities have been resolved with the U.S. Department of Defense's “Hack the Pentagon” hacker-powered security program.
https://www.hackerone.com/blog/hack-the-pentagon-turns-one
Partager : LinkedIn / Twitter / Facebook / View
Hacker-Powered Pen Tests and The Power of More
Traditional pen tests can be expensive, especially those that produce low-hanging fruit results. And even more painful when you pay the same price tag for the low-value pen test report as the report revealing multiple critical vulnerabilities. With hacker-powered penetration testing, on the other hand you tap into more of the best talent, without a huge initial price tag.
https://www.hackerone.com/blog/Hacker-Powered-Pen-Tests-and-The-Power-of-More
Partager : LinkedIn / Twitter / Facebook / View
HackerOne CEO joins Node.js Foundation Board
HackerOne has joined the Node.js Foundation as a member and CEO Marten Mickos has joined its board. Node.js Foundation sat down with Marten to learn more about his vision, mission and why he's passionate about Node.js and the open source community.
https://www.hackerone.com/blog/hackerone-ceo-joins-nodejs-foundation-board
Partager : LinkedIn / Twitter / Facebook / View
XOXO: We Love Coinbase for Loving Bug Bounties
Coinbase just professed their love for bug bounty programs, and it kind of makes us blush. Read all about their program's evolution and how they've paid out more than 5,000 in bounties over the past 5 years.
https://www.hackerone.com/blog/we-love-coinbase-for-loving-bug-bounties
Partager : LinkedIn / Twitter / Facebook / View
Your TL;DR Summary of The CERT Guide to Coordinated Vulnerability Disclosure
The CERT Coordination Center at Carnegie Mellon University's Software Engineering Institute (SEI) recently released The CERT Guide to Coordinated Vulnerability Disclosure. It is an amazingly detailed, clever, and complete guide to explaining the need for coordinated vulnerability disclosure (CVD). We've done our best to give you the cliff notes and even included some additional helpful resources at the end.
https://www.hackerone.com/blog/Your-TLDR-Summary-of-The-CERT-Guide-to-Coordinated-Vulnerability-Disclosure
Partager : LinkedIn / Twitter / Facebook / View
Google wants you to hack their top Android apps
It's a great day to be mobile hacker. Today, Google and HackerOne announced the groundbreaking Google Play Security Reward Program.
https://www.hackerone.com/blog/google-wants-you-to-hack-their-top-android-apps
Partager : LinkedIn / Twitter / Facebook / View
Introducing Security@ San Francisco!
Next week we're kicking off our first conference by and for the hacker-powered security industry. On Tuesday, October 24, 2017, Security@ San Francisco will gather more than 200 security leaders, hackers and industry experts for groundbreaking keynotes, presentations and networking with peers and industry leaders who are paving the way to a safer internet.
https://www.hackerone.com/blog/Introducing-Security-at-San-Francisco
Partager : LinkedIn / Twitter / Facebook / View
Ready or Not, Here Comes GDPR
The European General Data Protection Regulation, better known as GDPR, will take effect on May 25, 2018 and it will radically change how your business manages customer data and security. Read the high-level GDPR info you need to know including three key provisions in GDPR related to security and vulnerability testing.
https://www.hackerone.com/blog/Ready-or-Not-Here-Comes-GDPR
Partager : LinkedIn / Twitter / Facebook / View
Announcing Hack The World 2017
After the success of Hack The World 2016, we're bringing back our annual hacking competition and, thanks to your feedback, have made some great improvements to make it even better than last year.
https://www.hackerone.com/blog/Announcing-Hack-The-World-2017
Partager : LinkedIn / Twitter / Facebook / View
HackerOne Joins Forces with Node.js Foundation to Build a Safer Internet
Open source powers our platform, our community, and is the underpinning of our entire connected society. Node.js developers build the web applications that are responsible for the foundation of our connected world. Because of this, we have a responsibility to help them grow their community, while also empowering them to be more secure.
https://www.hackerone.com/blog/node-js-foundation
Partager : LinkedIn / Twitter / Facebook / View
Better than Cyber Monday: Ecommerce and Retail Edition of The Hacker-Powered Security Report
Is the ecommerce and retail industry a pioneer or a laggard in using hacker-powered efforts in the fight against cyber criminals? And how does your retail company stack up against others in the industry? Find out with this new report, specifically for the ecommerce and retail industry, and using data culled from more than 800 hacker-powered security programs, over million in awarded bounties, and nearly 50,000 resolved security vulnerabilities.
https://www.hackerone.com/blog/hacker-powered-security-report-retail-edition
Partager : LinkedIn / Twitter / Facebook / View
Hacker Q&A with Gerben_Javado: To Share Knowledge is to Gain Knowledge
Twenty-one years old. Full-time college student. Mountain biker. Bounty hunter. That's Gerben Janssen van Doorn, who goes by Gerben_Javado and is ranked ninth on HackerOne's hacker reputation. He's found more than 400 bugs and made ,000 in the past month alone (and that's just on public bugs).
https://www.hackerone.com/blog/q-and-a-with-hacker-gerben-javado
Partager : LinkedIn / Twitter / Facebook / View
Shopify Shares How Hackers Help to Secure B+ in Transactions
Dark Reading's Kelly Sheridan recently sat down with Andrew for a Q&A talking about Ecommerce security and their bug bounty program hosted on HackerOne.
https://www.hackerone.com/blog/shopify-shares-how-hackers-help-secure-40B-in-transactions
Partager : LinkedIn / Twitter / Facebook / View
Hacker Q&A with LEETboy: I bought a car for my mom from bug bounties
A hacker is a superhero who uses his superpower (hacking) to make the world a better place. That's what LEETboy, aka Mohammad Aman Khan, believes (and so do we).
https://www.hackerone.com/blog/hacker-q-and-a-with-leetboy
Partager : LinkedIn / Twitter / Facebook / View
,000,000: Time to split bounties!
We are excited to announce bounty splitting! A feature designed to give back to those other hackers who helped you find that RCE!
https://www.hackerone.com/blog/time-to-split-bounties
Partager : LinkedIn / Twitter / Facebook / View
M in Bounties Paid and 0M In Sight
Over 50,000 vulnerabilities found and fixed. Over 100,000 hackers strong in the HackerOne community. Over million paid in bounties to those who help make the connected world more secure.
https://www.hackerone.com/blog/20M-in-bounties-paid-and-100M-in-sight
Partager : LinkedIn / Twitter / Facebook / View
Celebrating M in Bounties with a Recap of Our Top 20 Up Voted Reports on Hacktivity
In honor of our M in bounties paid out to hackers, we revisit some of the top most up voted reports ever submitted on HackerOne.
https://www.hackerone.com/blog/top-20-upvoted-reports-on-hacktivity
Partager : LinkedIn / Twitter / Facebook / View
Slack Integration 2.0: Notification Filters, Multiple Channels, & Username Mentions
Today we're announcing an enhanced Slack integration which allows teams to customize their HackerOne notifications and support their own unique workflows. The new integration features include: granular notification settings, ability to configure multiple channels, and username mention notifications.
https://www.hackerone.com/blog/slack-integration-update-2
Partager : LinkedIn / Twitter / Facebook / View
What Happens in Vegas...Stays on Hacktivity
H1-702 was HackerOne's second annual live-hacking event held in Las Vegas. It's hosted during Security Summer Camp: Where security teams, hackers, feds, and fans attend the trifecta of events: Black Hat, DEF CON, and BSides Las Vegas.
https://www.hackerone.com/blog/what-happens-in-vegas-stays-on-hacktivity
Partager : LinkedIn / Twitter / Facebook / View
Interview with Hack the Air Force Winner, @CableJ
HackerOne recently sat down with Jack, who found 30 unique valid vulnerabilities during “Hack the Air Force” bug bounty challenge, making him the top hacker for the program.
https://www.hackerone.com/blog/interview-with-hack-the-air-force-winner
Partager : LinkedIn / Twitter / Facebook / View
Key Findings From The Hacker-Powered Security Report: Security Vulnerabilities Worry Companies the Most (6 of 6)
We surveyed our customers to see what their security focus is. Read the summarized data of our survey results that are published in the Hacker-Powered Security Report.
https://www.hackerone.com/blog/Key-Findings-From-The-Hacker-Powered-Security-Report-Security-Vulnerabilities-Worry-Companies-The-Most-6-of-6
Partager : LinkedIn / Twitter / Facebook / View
Capture The Flag Solution: reversing the password
Last week, a mini Capture The Flag (CTF) was posted about a criminal who changed Barry's password. The challenge was to come up with the password the criminal chose. This blog will explain how the CTF could be solved.
https://www.hackerone.com/blog/capture-the-flag-solution-reversing-the-password
Partager : LinkedIn / Twitter / Facebook / View
Vulnerability Disclosure Policy Basics: 5 Critical Components
Vulnerabilities are found every day by security researchers, friendly hackers, customers, academics, journalists, and tech hobbyists. Because no system is entirely free of security issues, it's important to provide an obvious way for external parties to report vulnerabilities.
https://www.hackerone.com/blog/Vulnerability-Disclosure-Policy-Basics-5-Critical-Components
Partager : LinkedIn / Twitter / Facebook / View
Aim High...Find, Fix, Win!
It took just under a minute for hackers to report the first security vulnerability to the U.S. Air Force. Twenty-five days later when the Hack the Air Force bug bounty challenge concluded, 207 valid vulnerabilities had been discovered. Hackers will be awarded more than 0,000 for making the Air Force more secure.
https://www.hackerone.com/blog/hack-the-air-force-results
Partager : LinkedIn / Twitter / Facebook / View
Key Findings From The Hacker-Powered Security Report: Vulnerability Disclosure Policies (5 of 6)
The Hacker-Powered Security Report found that, despite increased bug bounty program adoption and recommendations from federal agencies, 94 percent of the top publicly-traded companies do not have known vulnerability disclosure policies (VDP).
https://www.hackerone.com/blog/Key-Findings-From-The-Hacker-Powered-Security-Report-Vulnerability-Disclosure-Policies-5-of-6
Partager : LinkedIn / Twitter / Facebook / View
5 Hacker-Powered Trends You Need to Know About
For your quick reference, we've distilled the Hacker-Powered Security Report to 5 key trends that show how white-hat hackers are shaping the world of security.
https://www.hackerone.com/blog/5-hacker-powered-trends-you-need-to-know
Partager : LinkedIn / Twitter / Facebook / View
Key Findings From The Hacker-Powered Security Report: Bounty Payments Are Increasing (4 of 6)
As you can imagine, money talks. Better hackers — those with more experience and in-demand skills — go where the money is, and that means organizations that pay more generally get access to the best talent.
https://www.hackerone.com/blog/Key-Findings-From-The-Hacker-Powered-Security-Report-Bounty-Payments-Are-Increasing-4-of-6
Partager : LinkedIn / Twitter / Facebook / View
Security Risk Assessment Report - Key Facts
Our Hacker-Powered Security Report is so chock-full of compelling insights, interesting tidbits, and surprising stats that we decided to distill them down to just the top 100.
https://www.hackerone.com/blog/100-Facts-from-The-Hacker-Powered-Security-Report-2017
Partager : LinkedIn / Twitter / Facebook / View
How to: Recon and Content Discovery
Recon plays a major role while hacking on a program. Recon doesn't always mean to find subdomains belonging to a company, it also could relate to finding out how a company is setting up its properties and what resources they are using.
https://www.hackerone.com/blog/how-to-recon-and-content-discovery
Partager : LinkedIn / Twitter / Facebook / View
Faster and Better: New Bank Transfer Payment Feature for Hackers
We're happy to announce that we're adding Bank Transfers as a payout option to complement Paypal and Coinbase. This feature will give you the ability to get paid out in 30 different currencies to almost any country in the world.
https://www.hackerone.com/blog/Faster-and-better-New-Bank-Transfer-Payment-Feature-for-Hackers
Partager : LinkedIn / Twitter / Facebook / View
Key Findings From The Hacker-Powered Security Report: Responsive Programs Attract Top Hackers (3 of 6)
The Hacker-Powered Security Report found that hackers are overwhelmingly attracted to the programs that are the fastest at acknowledging, validating, and resolving submitted vulnerabilities.
https://www.hackerone.com/blog/Key-Findings-From-The-Hacker-Powered-Security-Report-Security-Responsive-Programs-Attract-Top-Hackers-3-of-6
Partager : LinkedIn / Twitter / Facebook / View
Hey Hackers: We've got your free Burp Suite Professional license right here
Burp Suite is the premier offensive hacking solution, and now when new hackers reach at least a 500 reputation on HackerOne and have a positive signal, they are eligible for 3-months free of Burp Suite Professional.
https://www.hackerone.com/blog/Hey-Hackers-Weve-got-your-free-Burp-Suite-Professional-license-right-here
Partager : LinkedIn / Twitter / Facebook / View
Q&A With @MalwareTechBlog
When he's not reverse engineering malware, Marcus Hutchins (aka @MalwareTechBlog) can be found surfing, partying, or traveling. That's to be expected for any typical 22-year-old, except for the part where he stopped the WannaCry malware outbreak. This is part of his story...
https://www.hackerone.com/blog/Q-and-A-With-Malware-Tech-Blog
Partager : LinkedIn / Twitter / Facebook / View
What is your program's Scope?
We are glad to announce our new functionality for defining Scope! HackerOne's Vulnerability Taxonomy now includes Severity, Weakness type, and Asset.
https://www.hackerone.com/blog/What-is-your-programs-Scope
Partager : LinkedIn / Twitter / Facebook / View
Tor Project Launches Public Bug Bounty Program | Q&A with Tor Browser Team Lead, Georg Koppen
In January 2016, the Tor Project launched its first private bug bounty program on HackerOne. Today the Tor Project announced its public bug bounty program. We sat down with the Tor security team lead, Georg Koppen to learn more about the program, what it means for the industry, and how it fits into Tor's security strategy. See the full Q&A below.
https://www.hackerone.com/blog/Tor-Project-Launches-Public-Bug-Bounty-Program
Partager : LinkedIn / Twitter / Facebook / View
Webinar Recap: Attorneys Chime in on Hacker-Powered Security
To learn more about how legal teams and federal enforcers view hacker-powered security, we asked Megan Brown, partner, and Matthew Gardner, attorney, from the Privacy & Cybersecurity Practice at Wiley Rein LLP, a Washington, DC-based firm to present at our webinar, Invitation to Hack: Vulnerability Disclosure Programs.
https://www.hackerone.com/blog/Webinar-Recap-Attorneys-Chime-in-on-Hacker-Powered-Security
Partager : LinkedIn / Twitter / Facebook / View
Key Findings From The Hacker-Powered Security Report: Security Responsiveness is Improving (2 of 6)
The Hacker-Powered Security Report found that the average time to first response for security issues was 6 days in 2017, compared to 7 days in 2016.
https://www.hackerone.com/blog/Key-Findings-From-The-Hacker-Powered-Security-Report-Security-Responsiveness-Is-Improving-2-of-6
Partager : LinkedIn / Twitter / Facebook / View
HackerOne Black Hat Week Activities- 2017 Edition
Let the countdown begin - Las Vegas awaits patiently for that amazing week of 0-days, conferencing, revelry, and networking. Read on for a quick rundown of what activities HackerOne has got in store for Black Hat week - the 2017 edition
https://www.hackerone.com/blog/HackerOne-Black-Hat-Week-Activities-2017-Edition
Partager : LinkedIn / Twitter / Facebook / View
451 Research Defines 7-Step Roadmap for Hacker-Powered Security Success
One of the top IT research and advisory companies, 451 Research, recently authored a new “pathfinder report” to help decision-makers better understand the value of bug bounties and a compliant vulnerability disclosure process in their overall software security apparatus.
https://www.hackerone.com/blog/451-Research-Defines-7-Step-Roadmap-for-Hacker-Powered-Security-Success
Partager : LinkedIn / Twitter / Facebook / View
Your Grab public bug bounty program is arriving now
Any hackers out there ever hunt for bugs on your mobile phone while riding in a car? Well, now our thousands of hackers in Southeast Asia can do just that - hack and report bugs to Grab, the largest ride-hailing app and payment platform in Southeast Asia.
https://www.hackerone.com/blog/Your-Grab-public-bug-bounty-program-is-arriving-now
Partager : LinkedIn / Twitter / Facebook / View
Key Findings From The Hacker-Powered Security Report: It's Not Just For Tech (1 of 6)
When hacker-powered security is mentioned, you might assume it's a bleeding-edge technique reserved for risk-tolerant tech firms. But incorporating bug bounty programs, working with ethical hackers, and encouraging vulnerability disclosures is being adopted across industries.
https://www.hackerone.com/blog/Key-Findings-From-The-Hacker-Powered-Security-Report-Its-Not-Just-For-Tech-1-of-6
Partager : LinkedIn / Twitter / Facebook / View
How To: Command Injections
A command injection is a class of vulnerabilities where the attacker can control one or multiple commands that are being executed on a system. This post will go over the impact, how to test for it, defeating mitigations, and caveats of command injection vulnerabilities.
https://www.hackerone.com/blog/how-to-command-injections
Partager : LinkedIn / Twitter / Facebook / View
HackerOne-sie - More than just epic swag
This illustrious sweater and sweat pant combo has been elevated to elite swag status donned by a lucky few. Only the elite of the elite on our Hacker Advisory Board have been offered a HackerOne-sie. Until now...
https://www.hackerone.com/blog/HackerOne-sie-More-than-just-epic-swag
Partager : LinkedIn / Twitter / Facebook / View
From Free Food to Free Flights: Kanishk's Journey
Kanishk Sajnani is a young hacker who lives in Ahmedabad, Gujarat, India. He could have flown around the world for free, but he didn't...
https://www.hackerone.com/blog/From-Free-Food-to-Free-Flights-Kanishks-Journey
Partager : LinkedIn / Twitter / Facebook / View
The Hacker-Powered Security Report: Insights from Over 800 Programs
Did you know 94% of the Forbes Global 2000 do not have known vulnerability disclosure policies? It's true, and the average amount paid out for a critical vulnerability by HackerOne Bug Bounty customers is ,923 in 2017. These stats and many more are explored and explained in The Hacker-Powered Security Report, our most recent deep dive into the data from more than 800 programs that have resolved nearly 50,000 security vulnerabilities with our hacker-powered security platform.
https://www.hackerone.com/blog/The-Hacker-Powered-Security-Report-Insights-from-Over-800-Programs
Partager : LinkedIn / Twitter / Facebook / View
Getting to know the HackerOne triage team with Zach Dando
If triaging vulnerability reports was a martial art, Zach Dando would be sensei master. Zach runs the triage team at HackerOne and we recently sent some questions his way to glean insight into how he has HackerOne's Security Analysts clicking on all cylinders.
https://www.hackerone.com/blog/Getting-to-know-the-HackerOne-triage-team-with-Zach-Dando
Partager : LinkedIn / Twitter / Facebook / View
GitHub Embraces Hacker-Powered Security To Protect 55 Million Projects
You've probably heard of GitHub, but you might not know they support more than 20 million people learning, sharing, and working together on more than 55 million projects. Yeah, that's a lot...and a lot of responsibility on GitHub's part to ensure the safety and security of their customers' data.
https://www.hackerone.com/blog/GitHub-Embraces-Hacker-Powered-Security-To-Protect-55-million-projects
Partager : LinkedIn / Twitter / Facebook / View
How To: Server-Side Request Forgery (SSRF)
Server-Side Request Forgery, SSRF for short, is a vulnerability class that describes the behavior of a server making a request that's under the attacker's control. This post will go over the impact, how to test for it, the potential pivots, defeating mitigations, and caveats.
https://www.hackerone.com/blog-How-To-Server-Side-Request-Forgery-SSRF
Partager : LinkedIn / Twitter / Facebook / View
It's Phab-tastic! HackerOne integrates with Phabricator
https://www.hackerone.com/blog/hackerone-integrates-with-phabricator
Partager : LinkedIn / Twitter / Facebook / View
The ,000 Gem: Part 1
Opening your database to the world is a scary thought! But that's exactly what we wanted to do by implementing a GraphQL endpoint. Feeling stuck with the classic REST-ish JSON API, there were a multitude of problems that we were looking to get rid of.
https://www.hackerone.com/blog/the-30-thousand-dollar-gem-part-1
Partager : LinkedIn / Twitter / Facebook / View
GitLab's Brian Neel on Secure Software Development and Bug Bounties
Brian Neel, GitLab's Security Lead, looks at how the software security apparatus has grown over time, and how hacker-powered security has become a critical component for GitLab and other companies like them.
https://www.hackerone.com/blog/Gitlab-brian-neel-on-secure-software-development-and-bug-bounties
Partager : LinkedIn / Twitter / Facebook / View
Put Your Security to the Test: Introducing HackerOne Challenge
Today we launch a new product, designed for every security team that runs periodic testing of web applications.
https://www.hackerone.com/blog/introducing-hackerone-challenge
Partager : LinkedIn / Twitter / Facebook / View
Register Now to Hack the US Air Force
Hackers, do you have what it takes to hack the U.S. Air Force? Register now to participate in the Department of Defense's largest bug bounty challenge to date.
https://www.hackerone.com/blog/Register-Now-to-Hack-the-US-Air-Force
Partager : LinkedIn / Twitter / Facebook / View
The Visual Guide to Bug Bounty Success
We have created the most comprehensive, educational, practical, and valuable resource ever about the ins and outs of running a successful bug bounty program and now we've turned it into a simple one-page graphic.
https://www.hackerone.com/blog/The-Visual-Guide-to-Bug-Bounty-Success
Partager : LinkedIn / Twitter / Facebook / View
HackerOne's Approach to Triage
Triage is critical to any vulnerability disclosure process or bug bounty program. Similar to triaging in a hospital emergency room, it's crucial that issues are diagnosed as soon as they arrive.
https://www.hackerone.com/blog/HackerOne-Approach-to-Triage
Partager : LinkedIn / Twitter / Facebook / View
Bug Bounty Programs — Why Should I Care?
Every digital company has software vulnerabilities, and they get terribly expensive in case of a breach. Traditional methods of finding vulnerabilities are slow and costly. Bug bounty programs find vulnerabilities quickly, broadly and deeply thanks to clever testing from the outside by a large community of security researchers and ethical hackers.
https://www.hackerone.com/blog/bug-bounty-programs-why-should-i-care
Partager : LinkedIn / Twitter / Facebook / View
Ethical considerations of access to the HackerOne community
We believe every organization that creates connected technology needs a Vulnerability Disclosure Policy. This rings especially true wherever a security incident would place the safety of others in jeopardy.
https://www.hackerone.com/blog/ethical-considerations-of-access-to-the-HackerOne-community
Partager : LinkedIn / Twitter / Facebook / View
HackerOne and JIRA integration update: more improvements, fewer clicks
More good news around making simple cross-platform tasks even easier - specifically, we've got three updates that improve ease-of-use and two-way integration: HackerOne for JIRA via the Atlassian Marketplace, One-click JIRA issue creation in HackerOne, and stronger two-way communication.
https://www.hackerone.com/blog/hackerone-and-jira-integration-update-more-improvements-fewer-clicks
Partager : LinkedIn / Twitter / Facebook / View
Announcing the Largest DoD Bug Bounty Challenge Ever: Hack the Air Force
The Air Force is asking hackers to take their best shot following the success of Hack the Pentagon and Hack the Army bug bounty challenges.
https://www.hackerone.com/blog/announcing-the-largest-dod-bug-bounty-challenge-ever-hack-the-air-force
Partager : LinkedIn / Twitter / Facebook / View
Zero Daily Newsletter: Fun, yet informative, AppSec, bug bounty, and hacker news
Read the news every day, and check the usual websites? Want to get your industry news and have a little humor dashed in? With Zero Daily you can have your cake and eat it too: we include links and brief sound bites on some of the top news in application security, bug bounty, and hacker topics but with a fun and non-markety flair.
https://www.hackerone.com/blog/Zero-Daily-Newsletter
Partager : LinkedIn / Twitter / Facebook / View
More Hardware, More Problems
Bounties are for hardware, too. Microwaves notwithstanding, there is an increasing amount of connected technology in our homes, cars, and workplaces. Unfortunately, each of them comes with more and more potential vulnerabilities.
https://www.hackerone.com/blog/more-hardware-more-problems
Partager : LinkedIn / Twitter / Facebook / View
Bug fixes just got a little easier; HackerOne introduces bi-directional JIRA integration
It's now possible to view updates on JIRA issues right inside your HackerOne Reports. The two-way integration means that whenever a JIRA issue changes state, an internal comment is posted on the appropriate HackerOne Report. No more going back and forth between JIRA and HackerOne!
https://www.hackerone.com/blog/bug-fixes-just-got-easier-hackerone-introduces-bi-directional-jira-integration
Partager : LinkedIn / Twitter / Facebook / View
Q&A with Top Hacker Geekboy
Whether he's uncovering weirdness in Uber's app, sharing savvy how-to's in his blog, or working out issues for AirBnB, Geekboy is hot like fire. He's number three on our leaderboard and his signal rank is in the 90th percentile!
We caught up with Geekboy in Goa at Nullcon and here are some of his thoughts on cool bugs, Burp Suite and Bountycraft, among other things.
https://www.hackerone.com/blog/top-hacker-geekboy-questions-and-answers-at-nullcon
Partager : LinkedIn / Twitter / Facebook / View
Tapping Hackers for Continuous Security
Last week, I attended the FinDEVr conference in New York City. The 2-day conference is focused on the technology aspect of fintech. Attendees ranged from financial institutions to data analytics startups coming from places like Canada, the U.K, and all across the U.S. At the conference, I gave a talk titled “Tapping Hackers for Continuous Security”. Here's a recap of the topics I addressed.
https://www.hackerone.com/blog/Tapping-Hackers-for-Continuous-Security
Partager : LinkedIn / Twitter / Facebook / View
Bug Bounty Field Manual: The Definitive Guide for Planning, Launching, and Operating a Successful Bug Bounty Program
Writing the Bug Bounty Field Manual was a herculean task. Just ask Adam Bacchus, the distinguished author of this manual. But as he'll tell you, it was also an incredibly enjoyable piece to write.
https://www.hackerone.com/blog/the-bug-bounty-field-manual
Partager : LinkedIn / Twitter / Facebook / View
H1-415 Live Hacking Event Delivers to Customers, Community, and Hackers
Just a few short weeks ago, an elite group of hac