L0phtCrack Password Auditing Tool Now Available As Open Source
Developed and maintained for quite a while, the password auditing tool “L0phtCrack” now goes open… L0phtCrack Password Auditing Tool Now Available As Open Source on Latest Hacking News.
https://latesthackingnews.com/2021/10/25/l0phtcrack-password-auditing-tool-now-available-as-open-source/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

JavaScript Obfuscation Now Often Used By Hackers To Hide Malware
Researchers have spotted frequent occurrences of JavaScript obfuscation in regular sites that hackers have also… JavaScript Obfuscation Now Often Used By Hackers To Hide Malware on Latest Hacking News.
https://latesthackingnews.com/2021/10/25/javascript-obfuscation-now-often-used-by-hackers-to-hide-malware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

LANTENNA Attack – A New Technique To Sniff Data From Air-gapped Networks
Researchers have devised a unique and inexpensive strategy to exfiltrate data from air-gapped networks. Dubbed… LANTENNA Attack – A New Technique To Sniff Data From Air-gapped Networks on Latest Hacking News.
https://latesthackingnews.com/2021/10/25/lantenna-attack-a-new-technique-to-sniff-data-from-air-gapped-networks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

A GPSd Bug May Push You 20 Years Back From October 24, 2021
While the patch has arrived, unpatched apps may still cause a roll-back to 2002 due… A GPSd Bug May Push You 20 Years Back From October 24, 2021 on Latest Hacking News.
https://latesthackingnews.com/2021/10/25/a-gpsd-bug-may-push-you-20-years-back-from-october-24-2021/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Brave Rolls Out Its Own Search Engine By Default Ditching Google
The privacy-oriented Chrome browser alternative Brave has now announced another step to protect users' searches.… Brave Rolls Out Its Own Search Engine By Default Ditching Google on Latest Hacking News.
https://latesthackingnews.com/2021/10/25/brave-rolls-out-its-own-search-engine-by-default-ditching-google/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Google Chrome Removed FTP For Good – Deletes Code With Chrome 95
After alerting the intended withdrawal for a long time, Google has finally removed FTP with… Google Chrome Removed FTP For Good – Deletes Code With Chrome 95 on Latest Hacking News.
https://latesthackingnews.com/2021/10/25/google-chrome-removed-ftp-for-good-deletes-code-with-chrome-95/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Deep-Learning Algorithm Can Guess an ATM PIN, Even With Keypads Covered
Researchers have devised a deep-learning algorithm that can effectively guess ATM PINs even if the… The Deep-Learning Algorithm Can Guess an ATM PIN, Even With Keypads Covered on Latest Hacking News.
https://latesthackingnews.com/2021/10/25/the-deep-learning-algorithm-can-guess-an-atm-pin-even-with-keypads-covered/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

LightBasin Hacking Group Switches Focus From Windows To Linux To Target Telecom Sector
The threat actors identified as LightBasin have been targeting the telecom sector for several years.… LightBasin Hacking Group Switches Focus From Windows To Linux To Target Telecom Sector on Latest Hacking News.
https://latesthackingnews.com/2021/10/25/lightbasin-hacking-group-switches-focus-from-windows-to-linux-to-target-telecom-sector/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

HTTPA – Taking HTTPS Security To The Next Level
Now that the world has recognized the importance of HTTPS, it's time to move further… HTTPA – Taking HTTPS Security To The Next Level on Latest Hacking News.
https://latesthackingnews.com/2021/10/25/httpa-taking-https-security-to-the-next-level/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Gummy Browsers – An Attack Exploiting Browser Fingerprinting
While browser fingerprinting has long been a privacy-intrusive technique for users, it can now pose… Gummy Browsers – An Attack Exploiting Browser Fingerprinting on Latest Hacking News.
https://latesthackingnews.com/2021/10/25/gummy-browsers-an-attack-exploiting-browser-fingerprinting/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

New Attack Let Attacker Collect and Spoof Browser's Digital Fingerprints
A "potentially devastating and hard-to-detect threat" could be abused by attackers to collect users' browser fingerprinting information with the goal of spoofing the victims without their knowledge, thus effectively compromising their privacy. Academics from Texas A&M University dubbed the attack system "Gummy Browsers," likening it to a nearly 20-year-old "Gummy Fingers" technique that can
https://thehackernews.com/2021/10/new-attack-let-attacker-collect-and.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hardware-grade enterprise authentication without hardware: new SIM security solution for IAM
The average cost of a data breach, according to the latest research by IBM, now stands at USD 4.24 million, the highest reported. The leading cause? Compromised credentials, often caused by human error. Although these findings continue to show an upward trend in the wrong direction, the challenge itself is not new. What is new is the unprecedented and accelerated complexity of securing the
https://thehackernews.com/2021/10/hardware-grade-enterprise.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Microsoft Warns of Continued Supply-Chain Attacks by the Nobelium Hacker Group
Nobelium, the threat actor behind the SolarWinds compromise in December 2020, has been behind a new wave of attacks that compromised 14 downstream customers of multiple cloud service providers (CSP), managed service providers (MSP), and other IT services organizations, illustrating the adversary's continuing interest in targeting the supply chain via the "compromise-one-to-compromise-many"
https://thehackernews.com/2021/10/microsoft-warns-of-continued-supply.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hackers Exploited Popular BillQuick Billing Software to Deploy Ransomware
Cybersecurity researchers on Friday disclosed a now-patched critical vulnerability in multiple versions of a time and billing system called BillQuick that's being actively exploited by threat actors to deploy ransomware on vulnerable systems. CVE-2021-42258, as the flaw is being tracked as, concerns an SQL-based injection attack that allows for remote code execution and was successfully
https://thehackernews.com/2021/10/hackers-exploited-popular-billquick.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

NYT Journalist Repeatedly Hacked with Pegasus after Reporting on Saudi Arabia
The iPhone of New York Times journalist Ben Hubbard was repeatedly hacked with NSO Group's Pegasus spyware tool over a three-year period stretching between June 2018 to June 2021, resulting in infections twice in July 2020 and June 2021. The University of Toronto's Citizen Lab, which publicized the findings on Sunday, said the "targeting took place while he was reporting on Saudi Arabia, and
https://thehackernews.com/2021/10/nyt-journalist-repeatedly-hacked-with.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

VECTR - A Tool That Facilitates Tracking Of Your Red And Blue Team Testing Activities To Measure Detection And Prevention Capabilities Across Different Attack Scenarios
VECTR documentation can be found here: https://docs.vectr.ioVECTR Community Discord Channel: https://discord.gg/2FRd8zf728VECTR is a tool that facilitates tracking of your red and blue team testing activities to measure detection and prevention capabilities across different attack scenarios. VECTR provides the ability to create assessment groups, which consist of a collection of Campaigns and supporting Test Cases to simulate adversary threats. Campaigns can be broad and span activity across the kill chain, from initial compromise to privilege escalation and lateral movement and so on, or can be a narrow in scope to focus on specific detection layers, tools, and infrastructure. VECTR is designed to promote full transparency between offense and defense, encourage training between team members, and improve detection & prevention success rate across the environment.VECTR is focused on common indicators of attack and behaviors that may be carried out by any number of threat actor groups, with varying objectives and levels of sophistication. VECTR can also be used to replicate the step-by-step TTPs associated with specific groups and malware campaigns, however its primary purpose is to replicate attacker behaviors that span multiple threat actor groups and malware campaigns, past, present and future. VECTR is meant to be used over time with targeted campaigns, iteration, and measurable enhancements to both red team skills and blue team detection capabilities. Ultimately the goal of VECTR is to make a network resilient to all but the most sophisticated adversaries and insider attacks.DocumentationFeature Breakdowns By ReleaseVECTR v7.1.1 Feature BreakdownTeamLEAD PROGRAMMERS:Carl VonderheidGalen FisherDaniel HongPROGRAMMERS:Andrew ScottPatrick HislopDan GuzekZara GunnerNick GalanteDESIGN & REQUIREMENTS:Phil WainwrightDEV OPS:Paul SpencerGRAPHIC DESIGN & MARKETING:Doug WebsterLicensePlease see the EULAAtomic Red LICENSEDownload VECTR
http://www.kitploit.com/2021/10/vectr-tool-that-facilitates-tracking-of.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Facebook sues Ukrainian man for scraping and selling 178m users' data
By Deeba Ahmed Facebook tracked down the programmer after he mistakenly used the same username and contact information on email and job portals. This is a post from HackRead.com Read the original post: Facebook sues Ukrainian man for scraping and selling 178m users’ data
https://www.hackread.com/facebook-sues-ukrainian-scraping-users-data/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

YouTube Accounts Hijacked by Cookie Theft Malware
Google has reported that it disrupted the phishing attacks where threat actors had tried to hijack various YouTube accounts using cookie theft malware. The hijacker's intent was to use those... The post YouTube Accounts Hijacked by Cookie Theft Malware appeared first on Hacker Combat.
https://hackercombat.com/youtube-accounts-hijacked-by-cookie-theft-malware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

L'Actu

Microsoft Warns of TodayZoo Phishing Kit Used in Extensive Credential Stealing Attacks
Microsoft on Thursday disclosed an "extensive series of credential phishing campaigns" that takes advantage of a custom phishing kit that stitched together components from at least five different widely circulated ones with the goal of siphoning user login information. The tech giant's Microsoft 365 Defender Threat Intelligence Team, which detected the first instances of the tool in the wild in
https://thehackernews.com/2021/10/microsoft-warns-of-todayzoo-phishing.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Feds Reportedly Hacked REvil Ransomware Group and Forced it Offline
The Russian-led REvil ransomware gang was felled by an active multi-country law enforcement operation that resulted in its infrastructure being hacked and taken offline for a second time earlier this week, in what's the latest action taken by governments to disrupt the lucrative ecosystem. The takedown was first reported by Reuters, quoting multiple private-sector cyber experts working with the
https://thehackernews.com/2021/10/feds-reportedly-hacked-revil-ransomware.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Popular NPM Package Hijacked to Publish Crypto-mining Malware
The U.S. Cybersecurity and Infrastructure Security Agency on Friday warned of crypto-mining and password-stealing malware embedded in "UAParser.js," a popular JavaScript NPM library with over 6 million weekly downloads, days after the NPM repository moved to get rid of three rogue packages that were found to mimic the same library. <!--adsense--> The supply-chain attack targeting the open-source
https://thehackernews.com/2021/10/popular-npm-package-hijacked-to-publish.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

'Lone Wolf' Hacker Group Targeting Afghanistan and India with Commodity RATs
A new malware campaign targeting Afghanistan and India is exploiting a now-patched, 20-year-old flaw affecting Microsoft Office to deploy an array of commodity remote access trojans (RATs) that allow the adversary to gain complete control over the compromised endpoints. Cisco Talos attributed the cyber campaign to a "lone wolf" threat actor operating a Lahore-based fake IT company called Bunse
https://thehackernews.com/2021/10/lone-wolf-hacker-group-targeting.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hackers Set Up Fake Company to Get IT Experts to Launch Ransomware Attacks
The financially motivated FIN7 cybercrime gang has masqueraded as yet another fictitious cybersecurity company called "Bastion Secure" to recruit unwitting software engineers under the guise of penetration testing in a likely lead-up to a ransomware scheme. "With FIN7's latest fake company, the criminal group leveraged true, publicly available information from various legitimate cybersecurity
https://thehackernews.com/2021/10/hackers-set-up-fake-company-to-get-it.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Researchers Discover Microsoft-Signed FiveSys Rootkit in the Wild
A newly identified rootkit has been found with a valid digital signature issued by Microsoft that's used to proxy traffic to internet addresses of interest to the attackers for over a year targeting online gamers in China. Bucharest-headquartered cybersecurity technology company Bitdefender named the malware "FiveSys," calling out its possible credential theft and in-game-purchase hijacking
https://thehackernews.com/2021/10/researchers-discover-microsoft-signed.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Before and After a Pen Test: Steps to Get Through It
An effective cybersecurity strategy can be challenging to implement correctly and often involves many layers of security. Part of a robust security strategy involves performing what is known as a penetration test (pen test). The penetration test helps to discover vulnerabilities and weaknesses in your security defenses before the bad guys discover these. They can also help validate remedial
https://thehackernews.com/2021/10/before-and-after-pen-test-steps-to-get.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Bug in Popular WinRAR Software Could Let Attackers Hack Your Computer
A new security weakness has been disclosed in the WinRAR trialware file archiver utility for Windows that could be abused by a remote attacker to execute arbitrary code on targeted systems, underscoring how vulnerabilities in such software could beсome a gateway for a roster of attacks. Tracked as CVE-2021-35052, the bug impacts the trial version of the software running version 5.70. "This
https://thehackernews.com/2021/10/bug-in-free-winrar-software-could-let.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Product Overview: Cynet SaaS Security Posture Management (SSPM)
Software-as-a-service (SaaS) applications have gone from novelty to business necessity in a few short years, and its positive impact on organizations is clear. It's safe to say that most industries today run on SaaS applications, which is undoubtedly positive, but it does introduce some critical new challenges to organizations.  As SaaS application use expands, as well as the number of
https://thehackernews.com/2021/10/product-overview-cynet-saas-security.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Malicious NPM Packages Caught Running Cryptominer On Windows, Linux, macOS Devices
Three JavaScript libraries uploaded to the official NPM package repository have been unmasked as crypto-mining malware, once again demonstrating how open-source software package repositories are becoming a lucrative target for executing an array of attacks on Windows, macOS, and Linux systems. The malicious packages in question — named okhsa, klow, and klown — were published by the same
https://thehackernews.com/2021/10/malicious-npm-packages-caught-running.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

U.S. Government Bans Sale of Hacking Tools to Authoritarian Regimes
The U.S. Commerce Department on Wednesday announced new rules barring the sales of hacking software and equipment to authoritarian regimes and potentially facilitate human rights abuse for national security (NS) and anti-terrorism (AT) reasons. The mandate, which is set to go into effect in 90 days, will forbid the export, reexport and transfer of "cybersecurity items" to countries of "national
https://thehackernews.com/2021/10/us-government-bans-sale-of-hacking.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hackers Stealing Browser Cookies to Hijack High-Profile YouTube Accounts
Since at least late 2019, a network of hackers-for-hire have been hijacking the channels of YouTube creators, luring them with bogus collaboration opportunities to broadcast cryptocurrency scams or sell the accounts to the highest bidder. That's according to a new report published by Google's Threat Analysis Group (TAG), which said it disrupted financially motivated phishing campaigns targeting
https://thehackernews.com/2021/10/hackers-stealing-browser-cookies-to.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Two Eastern Europeans Sentenced for Providing Bulletproof Hosting to Cyber Criminals
Two Eastern European nationals have been sentenced in the U.S. for offering "bulletproof hosting" services to cybercriminals, who used the technical infrastructure to distribute malware and attack financial institutions across the country between 2009 to 2015. Pavel Stassi, 30, of Estonia, and Aleksandr Shorodumov, 33, of Lithuania, have been each sentenced to 24 months and 48 months in prison,
https://thehackernews.com/2021/10/two-eastern-europeans-sentenced-for.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Researchers Break Intel SGX With New 'SmashEx' CPU Attack Technique
A newly disclosed vulnerability affecting Intel processors could be abused by an adversary to gain access to sensitive information stored within enclaves and even run arbitrary code on vulnerable systems. The vulnerability (CVE-2021-0186, CVSS score: 8.2) was discovered by a group of academics from ETH Zurich, the National University of Singapore, and the Chinese National University of Defense
https://thehackernews.com/2021/10/researchers-break-intel-sgx-with-new.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

OWASP's 2021 List Shuffle: A New Battle Plan and Primary Foe
Code injection attacks, the infamous king of vulnerabilities, have lost the top spot to broken access control as the worst of the worst, and developers need to take notice. In this increasingly chaotic world, there have always been a few constants that people could reliably count on: The sun will rise in the morning and set again at night, Mario will always be cooler than Sonic the Hedgehog, and
https://thehackernews.com/2021/10/owasps-2021-list-shuffle-new-battle.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

LightBasin Hackers Breach at Least 13 Telecom Service Providers Since 2019
A highly sophisticated adversary named LightBasin has been identified as behind a string of attacks targeting the telecom sector with the goal of collecting "highly specific information" from mobile communication infrastructure, such as subscriber information and call metadata.  "The nature of the data targeted by the actor aligns with information likely to be of significant interest to signals
https://thehackernews.com/2021/10/lightbasin-hackers-breach-at-least-13.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Microsoft Warns of New Security Flaw Affecting Surface Pro 3 Devices
Microsoft has published a new advisory warning of a security bypass vulnerability affecting Surface Pro 3 convertible laptops that could be exploited by an adversary to introduce malicious devices within enterprise networks and defeat the device attestation mechanism. Tracked as CVE-2021-42299 (CVSS score: 5.6), the issue has been codenamed "TPM Carte Blanche" by Google software engineer Chris
https://thehackernews.com/2021/10/microsoft-warns-of-new-security-flaw.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Squirrel Engine Bug Could Let Attackers Hack Games and Cloud Services
Researchers have disclosed an out-of-bounds read vulnerability in the Squirrel programming language that can be abused by attackers to break out of the sandbox restrictions and execute arbitrary code within a SquirrelVM, thus giving a malicious actor complete access to the underlying machine.  Tracked as CVE-2021-41556, the issue occurs when a game library referred to as Squirrel Engine is used
https://thehackernews.com/2021/10/squirrel-engine-bug-could-let-attackers.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

A New Variant of FlawedGrace Spreading Through Mass Email Campaigns
Cybersecurity researchers on Tuesday took the wraps off a mass volume email attack staged by a prolific cybercriminal gang affecting a wide range of industries, with one of its region-specific operations notably targeting Germany and Austria. Enterprise security firm Proofpoint tied the malware campaign with high confidence to TA505, which is the name assigned to the financially motivated threat
https://thehackernews.com/2021/10/a-new-variant-of-flawedgrace-spreading.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cybersecurity Experts Warn of a Rise in Lyceum Hacker Group Activities in Tunisia
A threat actor, previously known for striking organizations in the energy and telecommunications sectors across the Middle East as early as April 2018, has evolved its malware arsenal to strike two entities in Tunisia. Security researchers at Kaspersky, who presented their findings at the VirusBulletin VB2021 conference earlier this month, attributed the attacks to a group tracked as Lyceum (aka
https://thehackernews.com/2021/10/cybersecurity-experts-warn-of-rise-in.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Week in security with Tony Anscombe
How to break into cybersecurity – Is your password easy to guess? – Shining a spotlight on the security risks of shadow IT The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
https://www.welivesecurity.com/videos/week-security-tony-anscombe-147/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What's lurking in the shadows? How to manage the security risks of shadow IT
Employee use of unsanctioned hardware and software is an increasingly acute problem in the remote and hybrid work era The post What's lurking in the shadows? How to manage the security risks of shadow IT appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/10/22/whats-lurking-shadows-how-manage-security-risks-shadow-it/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cybersecurity careers: What to know and how to get started
Want to help make technology safer for everyone? Love solving puzzles? Looking for a rewarding career? Break into cybersecurity! Insights from ESET researchers Aryeh Goretsky and Cameron Camp will put you on the right track. The post Cybersecurity careers: What to know and how to get started appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/10/21/cybersecurity-careers-what-know-how-get-started/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Brave browser replaces Google with its own search engine
Brave Search will become the default search option for new users in the US, UK, Canada, Germany and France, with more countries to follow soon The post Brave browser replaces Google with its own search engine appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/10/20/brave-browser-replaces-google-own-search-engine/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

.2 billion worth of Bitcoin transactions possibly tied to ransomware
Threat actors are increasingly using advanced tactics to obfuscate and launder their illicit gains, a report by the US Government finds The post .2 billion worth of Bitcoin transactions possibly tied to ransomware appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/10/19/52-billion-bitcoin-transactions-possibly-tied-ransomware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

A recipe for failure: Predictably poor passwords
Security professionals advise to never use ‘beef stew' as a password. It just isn't stroganoff. The post A recipe for failure: Predictably poor passwords appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/10/19/recipe-failure-predictably-poor-passwords/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Week in security with Tony Anscombe
Phishing and how to avoid taking the bait – Offboarding employees securely – Why old malware refuses to die The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
https://www.welivesecurity.com/videos/week-security-tony-anscombe-146/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Virus Bulletin: Old malware never dies – it just gets more targeted
Putting a precision payload on top of more generic malware makes perfect sense for malware operators The post Virus Bulletin: Old malware never dies – it just gets more targeted appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/10/15/virus-bulletin-old-malware-never-dies-gets-more-targeted/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Employee offboarding: Why companies must close a crucial gap in their security strategy
There are various ways a departing employee could put your organization at risk of a data breach. How do you offboard employees the right way and ensure your data remains safe? The post Employee offboarding: Why companies must close a crucial gap in their security strategy appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/10/14/employee-offboarding-companies-close-crucial-gap-security/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Don't get phished! How to be the one that got away
If it looks like a duck, swims like a duck, and quacks like a duck, then it's probably a duck. Now, how do you apply the duck test to defend against phishing? The post Don’t get phished! How to be the one that got away appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/10/13/phishing-how-be-one-got-away/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Microsoft thwarts record‑breaking DDoS attack
The attack, which clocked in at 2.4 Tbps, targeted an Azure customer based in Europe The post Microsoft thwarts record‑breaking DDoS attack appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/10/12/microsoft-thwarts-record-breaking-ddos-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Ransomware cost US companies almost billion in downtime in 2020
The victims lost an average of nine days to downtime and two-and-a-half months to investigations, an analysis of disclosed attacks shows The post Ransomware cost US companies almost billion in downtime in 2020 appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/10/11/ransomware-cost-us-companies-almost-21billion-downtime-2020/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Week in security with Tony Anscombe
ESET research discovers ESPecter bootkit – FontOnLake targeting Linux – Fake SafeMoon app update The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
https://www.welivesecurity.com/videos/week-security-tony-anscombe-145/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

FontOnLake: Previously unknown malware family targeting Linux
ESET researchers discover a malware family with tools that show signs they're used in targeted attacks The post FontOnLake: Previously unknown malware family targeting Linux appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/10/07/fontonlake-previously-unknown-malware-family-targeting-linux/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Google to turn on 2FA by default for 150 million users, 2 million YouTubers
Two-factor authentication is a simple way to greatly enhance the security of your account The post Google to turn on 2FA by default for 150 million users, 2 million YouTubers appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/10/06/google-turn-on-2fa-default-150-million-users-2-million-youtubers/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

To the moon and hack: Fake SafeMoon app drops malware to spy on you
Cryptocurrencies rise and fall, but one thing stays the same – cybercriminals attempt to cash in on the craze The post To the moon and hack: Fake SafeMoon app drops malware to spy on you appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/10/06/moon-hack-fake-safemoon-cryptocurrency-app-drops-malware-spy/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

UEFI threats moving to the ESP: Introducing ESPecter bootkit
ESET research discovers a previously undocumented UEFI bootkit with roots going back all the way to at least 2012 The post UEFI threats moving to the ESP: Introducing ESPecter bootkit appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/10/05/uefi-threats-moving-esp-introducing-especter-bootkit/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Week in security with Tony Anscombe
New ESET Threat Report is out – Cybersecurity Awareness Month begins today – What organizations should do to secure their VPNs The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
https://www.welivesecurity.com/videos/week-security-tony-anscombe-144/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

October is Cybersecurity Awareness Month! Why being cyber‑smart matters
The campaign may last for a month, but we should remember that cybersecurity is a year-round affair The post October is Cybersecurity Awareness Month! Why being cyber‑smart matters appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/10/01/october-cybersecurity-awareness-month-being-cyber-smart/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hackers could force locked iPhones to make contactless payments
Flaws in Apple Pay and Visa could allow criminals to make arbitrary contactless payments – no authentication needed, research finds The post Hackers could force locked iPhones to make contactless payments appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/09/30/hackers-could-force-locked-iphones-contactless-payments/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ESET Threat Report T2 2021
A view of the T2 2021 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts The post ESET Threat Report T2 2021 appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/09/30/eset-threat-report-t22021/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CISA and NSA release guidance for securing VPNs
What your organization should consider when it comes to choosing a VPN solution and hardening it against attacks The post CISA and NSA release guidance for securing VPNs appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/09/29/cisa-nsa-guidance-securing-vpns/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Google releases emergency fix to plug zero‑day hole in Chrome
The emergency release comes a mere three days after Google's previous update that plugged another 19 security loopholes The post Google releases emergency fix to plug zero‑day hole in Chrome appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/09/27/google-releases-emergency-fix-plug-zero-day-hole-chrome/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Week in security with Tony Anscombe
ESET unmasks FamousSparrow APT group – Stopping cloud data leaks – European cybercrime ring busted The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
https://www.welivesecurity.com/videos/week-security-tony-anscombe-143/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Bug in macOS Finder allows remote code execution
While Apple did issue a patch for the vulnerability, it seems that the fix can be easily circumvented The post Bug in macOS Finder allows remote code execution appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/09/23/bug-macos-finder-remote-code-execution/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

FamousSparrow: A suspicious hotel guest
Yet another APT group that exploited the ProxyLogon vulnerability in March 2021 The post FamousSparrow: A suspicious hotel guest appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/09/23/famoussparrow-suspicious-hotel-guest/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Plugging the holes: How to prevent corporate data leaks in the cloud
Misconfigurations of cloud resources can lead to various security incidents and ultimately cost your organization dearly. Here's what you can do to prevent cloud configuration conundrums. The post Plugging the holes: How to prevent corporate data leaks in the cloud appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/09/22/plugging-holes-how-prevent-corporate-data-leaks-cloud/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

European police dismantle cybercrime ring with ties to Italian Mafia
The group used phishing, BEC and other types of attacks to swindle victims out of millions The post European police dismantle cybercrime ring with ties to Italian Mafia appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/09/21/european-police-dismantle-cybercrime-ring-ties-italian-mafia/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Week in security with Tony Anscombe
Analysis of Numando banking trojan, steps to mitigate attack surface, and more! – Week in security with Tony Anscombe The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
https://www.welivesecurity.com/videos/week-security-tony-anscombe-142/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Numando: Count once, code twice
The (probably) penultimate post in our occasional series demystifying Latin American banking trojans. The post Numando: Count once, code twice appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/09/17/numando-latam-banking-trojan/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Microsoft Patch Tuesday fixes actively exploited zero‑day and 85 other flaws
The most recent Patch Tuesday includes a fix for the previously disclosed and actively exploited remote code execution flaw in MSHTML. The post Microsoft Patch Tuesday fixes actively exploited zero‑day and 85 other flaws appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/09/15/microsoft-patch-tuesday-september-zero-day-flaws/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

WhatsApp announces end‑to‑end encrypted backups
The Facebook-owned messaging service plans to roll out the feature to both iOS and Android users in the coming weeks. The post WhatsApp announces end‑to‑end encrypted backups appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/09/14/whatsapp-announces-end-to-end-encrypted-backups/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What is a cyberattack surface and how can you reduce it?
Discover the best ways to mitigate your organization's attack surface, in order to maximize cybersecurity. The post What is a cyberattack surface and how can you reduce it? appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/09/14/cyber-attack-surface-reduce/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Beware of these 5 common scams you can encounter on Instagram
From cybercriminal evergreens like phishing to the verification badge scam, we look at the most common tactics fraudsters use to trick their victims The post Beware of these 5 common scams you can encounter on Instagram appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/09/13/beware-common-scams-instagram/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Week in security with Tony Anscombe
Cyberespionnage against Kurdish ethnic group, and more! – Week in security with Tony Anscombe The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
https://www.welivesecurity.com/videos/week-security-tony-anscombe-141/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Victims duped out of US.8 million by BEC and romance scam ring
Elderly men and women were the main targets of the romance scams operated by the fraudsters. The post Victims duped out of US.8 million by BEC and romance scam ring appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/09/10/bec-romance-scam-ring/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Howard University suffers cyberattack, suspends online classes in aftermath
The university suffered a ransomware attack; however, there is no evidence so far of data being accessed or stolen. The post Howard University suffers cyberattack, suspends online classes in aftermath appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/09/09/howard-university-cyberattack-suspends-classes/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ProtonMail forced to log user's IP address after order from Swiss authorities
Following the incident the company has updated its website and privacy policy to clarify its legal obligations to its userbase The post ProtonMail forced to log user's IP address after order from Swiss authorities appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/09/07/protonmail-log-users-ip-address/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

BladeHawk group: Android espionage against Kurdish ethnic group
ESET researchers have investigated a mobile espionage campaign that targets the Kurdish ethnic group and has been active since at least March 2020 The post BladeHawk group: Android espionage against Kurdish ethnic group appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/09/07/bladehawk-android-espionage-kurdish/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Week in security with Tony Anscombe
Vaccination passports - what you need to know. A guide to kids' smartphone security. CISA lists single-factor authentication as bad practice. The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
https://www.welivesecurity.com/videos/week-security-tony-anscombe-140/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

A parent's guide to smartphone security
Smartphones are kids' trusty companions both in- and outside the classroom, and as they return to their desks, we've prepared some handy tips on how to keep their devices secure. The post A parent's guide to smartphone security appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/09/03/parents-guide-smartphone-security/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Twitter introduces new feature to automatically block abusive behavior
Dubbed Safety Mode, the feature will temporarily block authors of offensive tweets from being able to contact or follow users. The post Twitter introduces new feature to automatically block abusive behavior appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/09/02/twitter-feature-block-abusive-behavior/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Flaw in the Quebec vaccine passport: analysis
ESET cybersecurity expert Marc-Étienne Léveillé analyses in-depth the Quebec vaccine proof apps VaxiCode and VaxiCode Verif. The post Flaw in the Quebec vaccine passport: analysis appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/08/31/flaw-quebec-vaccine-passport-vaxicode-verif-analysis/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Don't use single‑factor authentication, warns CISA
The federal agency urges organizations to ditch the bad practice and instead use multi-factor authentication methods The post Don't use single‑factor authentication, warns CISA appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/08/31/single-factor-authentication-bad-practices-cisa/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Vaccine passports: Is your personal data in safe hands?
Vaccination passports may facilitate the return to normalcy, but there are also concerns about what kinds of personal data they collect and how well they protect it. Here's what you should know. The post Vaccine passports: Is your personal data in safe hands? appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/08/31/vaccine-passports-is-your-personal-data-in-safe-hands/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Week in security with Tony Anscombe
ESET research discovers SideWalk backdoor – Why data breach costs have never been higher – 620,000 personal pictures stolen from iCloud accounts The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
https://www.welivesecurity.com/videos/week-security-tony-anscombe-139/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Beyond the pandemic: Why are data breach costs at an all‑time high?
It might be tempting to blame the record-high costs of data breaches on the COVID-19 pandemic alone. But dig deeper and a more nuanced picture emerges. The post Beyond the pandemic: Why are data breach costs at an all‑time high? appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/08/27/beyond-pandemic-why-are-data-breach-costs-all-time-high/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Man impersonates Apple support, steals 620,000 photos from iCloud accounts
The man was after sexually explicit photos and videos that he would then share online or store in his own collection The post Man impersonates Apple support, steals 620,000 photos from iCloud accounts appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/08/26/man-impersonates-apple-support-steals-620000-photos-icloud/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Microsoft Power Apps misconfiguration exposes millions of records
The caches of data that were publicly accessible included names, email addresses and social security numbers The post Microsoft Power Apps misconfiguration exposes millions of records appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/08/24/microsoft-power-apps-misconfiguration-exposes-millions-records/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The SideWalk may be as dangerous as the CROSSWALK
Meet SparklingGoblin, a member of the Winnti family The post The SideWalk may be as dangerous as the CROSSWALK appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/08/24/sidewalk-may-be-as-dangerous-as-crosswalk/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DevSecOps: Bridging the Gap Between Security and Development
Organizations that rely on developing secure, functional products understand the value of increased collaboration between security and development teams. Tighter partnerships between the two teams can allow organizations to deliver better, safer products faster, but how can this work in the real world?
https://www.hackerone.com/security-event/devsecops-bridging-gap-between-security-and-development
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How Trustpilot Manages Risk by Working with Ethical Hackers
At our 2021 Security@ conference, we spoke with Stu Hirst, CISO at consumer review site Trustpilot. Trustpilot's mission is to create an independent currency of trust between consumers and businesses, and cybersecurity plays a central role.
https://www.hackerone.com/bounty/how-trustpilot-manages-risk-working-ethical-hackers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What's a Vulnerability Disclosure Program & Do You Need One?
Are you wondering about Vulnerability Disclosure Programs (VDPs)? Here's why you need one, and instructions on starting one or improving your current process.
https://www.hackerone.com/vulnerability-disclosure/whats-vulnerability-disclosure-program-do-you-need-one
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Bug Bounty Benefits | Why You Need a Bug Bounty Program
We explain how a bug bounty program identifies vulnerabilities, discuss the program's benefits, and detail its challenges.
https://www.hackerone.com/new-program-launch/bug-bounty-benefits-why-you-need-bug-bounty-program
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Bug Bounty Benefits | Why You Need a Bug Bounty Program
​​​​​​​We explain how a bug bounty program identifies vulnerabilities, discuss the program's benefits, and detail its challenges.
https://www.hackerone.com/bounty/bug-bounty-benefits-why-you-need-bug-bounty-program
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Navigating a Safe, Successful Return to Office: 5 Tips for Security Leaders
Security leaders have a lot on their plates in these later stages of the continuing COVID-19 pandemic. In a 2021 survey by Gartner, over three-quarters (76%) of respondents reported increased demand for new digital products or services during the pandemic — and 83% expected this demand to continue to increase. This imperative for transformation has been coming straight from the top: 69% of boards report accelerating digital business initiatives in response to COVID-19.
https://www.hackerone.com/company-news/navigating-safe-successful-return-office-5-tips-security-leaders
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Vulnerability Remediation | A Step-by-Step Guide
Are you wondering about vulnerability remediation? We give you a step-by-step guide to addressing vulnerabilities in your system.
https://www.hackerone.com/vulnerability-remediation-step-step-guide
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How Hackers—the Best Kept Secret in Cybersecurity—Can Help Your Organization Protect its Assets and Improve Security
Last week, HackerOne held its fifth annual one-of-a-kind global Security@ conference featuring the best-kept secret in cybersecurity—hackers.
https://www.hackerone.com/ethical-hacker/how-hackers-best-kept-secret-cybersecurity-can-help-your-organization-protect-its
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Top 5 Cloud Security Risks: How Hacker-Powered Security Can Help
Widespread digital transformation means increased cloud security risk. Learn how human intelligence—hacker-powered security—can help your organization defend against new attack vectors, mitigate risk, and improve cloud security.
https://www.hackerone.com/application-security/top-5-cloud-security-risks-how-hacker-powered-security-can-help
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Time to Issue Your Own Cyber Executive Order

https://www.hackerone.com/from-the-ceo/time-issue-your-own-cyber-executive-order
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Vulnerability Testing | Best Techniques for Assessing Risks
Curious about vulnerability testing techniques? We explain processes such as vulnerability assessments, vulnerability scanning, and penetration testing.
https://www.hackerone.com/vulnerability-management/vulnerability-testing-best-techniques-assessing-risks
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How Hacker-Powered Security Can Help Security Teams Become More Data-Driven

https://www.hackerone.com/vulnerability-management/how-hacker-powered-security-can-help-security-teams-become-more-data
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Vulnerability Assessment Tools [Top Tools & What They Do]
Are you curious about the best vulnerability assessment tools? We detail some of the popular tools, what they do, and their pros and cons.
https://www.hackerone.com/vulnerability-management/vulnerability-assessment-tools-top-tools-what-they-do
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacker-Powered Security and DeFi: How Human Intelligence Improves Cryptocurrency Security
Over the last year, DeFi has grown significantly with billions of dollars of cryptocurrency locked into blockchain contracts. With this growth comes increased risk and DeFi funds are lucrative targets for malicious actors. Learn how a HackerOne hacker helps protect DeFi funds and mitigate this risk.
https://www.hackerone.com/ethical-hacker/hacker-powered-security-and-defi-how-human-intelligence-improves-cryptocurrency
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

HackerOne Announces Hacker-Powered Cloud Security Capabilities for AWS Customers
HackerOne announces new capabilities for AWS customers looking to improve security in their cloud applications. These include vulnerability pentests specific to AWS environments, an AWS Security Hub integration for fast, effective security actions, and AWS Certified hackers. AWS customers can now identify and fix vulnerabilities quickly and develop a better understanding of their cloud application security profile.
https://www.hackerone.com/penetration-testing/hackerone-announces-hacker-powered-cloud-security-capabilities-aws-customers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How a New HackerOne Integration with AWS Security Hub Accelerates Vulnerability Remediation Time
HackerOne announced an integration with AWS Security Hub that exchanges vulnerability findings and streamlines workflows to accelerate security actions. The integration consolidates and routes vulnerability intelligence from HackerOne to AWS Security Hub, delivering greater visibility into crucial gaps that could lead to a cyberattack.
https://www.hackerone.com/company-news/how-new-hackerone-integration-aws-security-hub-accelerates-vulnerability-remediation
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The DOD Improves Their Security Posture Through the DIB-VDP
One of the primary missions of the Defense Counterintelligence and Security Agency (DCSA) is to provide critical technology protection to the Defense Industrial Base (DIB). Given the recent increase in cyber incidents affecting the DIB, DCSA views the DIB-VDP Pilot as a promising way to identify and stop attempts at stealing our Nation's secrets.
https://www.hackerone.com/vulnerability-disclosure/dod-improves-their-security-posture-through-dib-vdp
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hyatt's Bug Bounty Program Update: Q&A with Senior Analyst Robert Lowery
Hyatt's three-year-old bug bounty program has reached a significant milestone: 0,000 in bounties paid to hackers. As the first organization in the hospitality industry to embrace hacker-powered security, Hyatt's milestone today demonstrates its long-term commitment to setting the highest standard for cybersecurity. We sat down with Robert Lowery, Senior Analyst at Hyatt, to learn more about the history of Hyatt's bug bounty program and their most recent 0,000 milestone. Read on to see what Robert shared on how the knowledge of the global security researcher community helps Hyatt reduce risk, enable security improvements, and ultimately, deliver on their promise to care for employees, guests, and shareholders alike so they can be their best.
https://www.hackerone.com/bounty/hyatts-bug-bounty-program-update-qa-senior-analyst-robert-lowery
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Why security transparency makes for good corporate governance

https://www.hackerone.com/resources/wistia-webinars/blackhat-marten-mickos
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

One Month of Learnings from Flo Health's Bug Bounty Program: A Q&A with CISO, Leo Cunningham

https://www.hackerone.com/vulnerability-management/one-month-learnings-flo-healths-bug-bounty-program-qa-ciso-leo-cunningham
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Vulnerability Assessment I A Complete Guide

https://www.hackerone.com/vulnerability-management/vulnerability-assessment-i-complete-guide
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What We Can Learn From Recent Ransomware Attacks

https://www.hackerone.com/vulnerability-management/what-we-can-learn-recent-ransomware-attacks
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How to Use HackerOne and PagerDuty to Identify When Vulnerabilities Need Action

https://www.hackerone.com/vulnerability-management/how-use-hackerone-and-pagerduty-identify-when-vulnerabilities-need-action
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What Are Bug Bounties? How Do They Work? [With Examples]

https://www.hackerone.com/vulnerability-management/what-are-bug-bounties-how-do-they-work-examples
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How the Industry's First Hacker-Powered API Helps Hackers Automate Workflows

https://www.hackerone.com/application-security/how-industrys-first-hacker-powered-api-helps-hackers-automate-workflows
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How HackerOne Positively Influences Zebra's Software Development Life Cycle

https://www.hackerone.com/vulnerability-management/zebra-secure-development-lifecycle
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Bug Bounty vs. CTF [Understanding Differences & Benefits]
Trying to understand the difference between a bug bounty vs. CTF? We explain the differences, the similarities, and the benefits of each.
https://www.hackerone.com/ethical-hacker/bug-bounty-vs-ctf-understanding-differences-benefits
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Bug Bounty vs. Penetration Testing: Differences Explained

https://www.hackerone.com/penetration-testing/bug-bounty-vs-penetration-testing-differences-explained
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

HackerOne in DevSecOps

https://www.hackerone.com/vulnerability-disclosure/hackerone-devsecops
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What is Vulnerability Scanning? [And How to Do It Right]

https://www.hackerone.com/vulnerability-management/what-vulnerability-scanning-and-how-do-it-right
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

HOW HACKERONE AND GITHUB NOW WORK BETTER TOGETHER

https://www.hackerone.com/vulnerability-management/how-hackerone-and-github-now-work-better-together
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CITRIX'S HACKER-POWERED SECURITY GROWTH PLAN: Q&A WITH ABHIJITH CHANDRASHEKAR

https://www.hackerone.com/vulnerability-management/citrixs-hacker-powered-security-growth-plan-qa-abhijith-chandrashekar
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How Hackers Can Help Reduce Your Organization's Application Risk on AWS

https://www.hackerone.com/vulnerability-management/how-hackers-can-help-reduce-your-organizations-application-risk-aws
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What Is Penetration Testing? How Does It Work Step-by-Step?

https://www.hackerone.com/penetration-testing/what-penetration-testing-how-does-it-work-step-step
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

60 Days of Insights from the DOD's Defense Industrial Base Vulnerability Disclosure Program Pilot

https://www.hackerone.com/vulnerability-management/60-days-insights-dods-defense-industrial-base-vulnerability-disclosure
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ANNOUNCING HACK THE ARMY 3.0 RESULTS: A CONVERSATION WITH DEFENSE DIGITAL SERVICE, U.S. ARMY, AND HACK THE ARMY 3.0'S TOP HACKER

https://www.hackerone.com/blog/announcing-hack-army-30-results-conversation-defense-digital-service-us-army-and-hack-army
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

BUILD A RESILIENT SECURITY POSTURE WITH VULNERABILITY INTELLIGENCE AND CYBERSECURITY RATINGS

https://www.hackerone.com/vulnerability-management/build-resilient-security-posture-vulnerability-intelligence-and
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

HACK HARD. HAVE FUN. INCREASE SECURITY

https://www.hackerone.com/ethical-hacker/hack-hard-have-fun-increase-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

HOW DIGITAL TRANSFORMATION CHANGES AN ORGANIZATION'S SECURITY CHALLENGES

https://www.hackerone.com/vulnerability-management/how-digital-transformation-changes-organizations-security-challenges
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

MICROSOFT SAYS: RUSSIAN SOLARWINDS HACKERS HIT U.S. GOVERNMENT AGENCIES AGAIN

https://www.hackerone.com/vulnerability-management/microsoft-says-russian-solarwinds-hackers-hit-us-government-agencies-again
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Spotlight on the Server-Side
Server-side request forgery (or SSRF) vulnerabilities are particularly dangerous because they can lead to total system compromise. Discover where they're most common, explore real-world examples, and learn prevention tips from hackers.
https://www.hackerone.com/application-security/spotlight-server-side
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The 5 Secrets of a Mature Vulnerability Management Program
During HackerOne's recent series of webinars, we caught up with Matt Southworth, CISO of Priceline, and Matt Adams, Global Security Architect at Costa Coffee, to learn their 5 secrets to building a highly effective vulnerability management program.
https://www.hackerone.com/vulnerability-management/5-secrets-mature-vulnerability-management-program
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

A Security Engineer and Hacker Share Their Experiences with Security Assessments
A few weeks ago, HackerOne and PortSwigger teamed up to shine a light on the innovative ways that customers and security analysts are scaling risk assessments. Read on for key learnings.
https://www.hackerone.com/ethical-hacker/security-engineer-and-hacker-share-their-experiences-security-assessments
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Saxo Bank Celebrates One Year of Bug Bounties: Q&A with CISO Mads Syska Hasling

https://www.hackerone.com/vulnerability-management/saxo-bank-celebrates-one-year-bug-bounties-qa-ciso-mads-syska-hasling
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How HackerOne Helps the Vulnerability Management Process
HackerOne sees vulnerability management as a process combining software tools and security analyst actions to reduce risk. In many cases, successful Vulnerability Management requires a joint effort between security operations, who find vulnerabilities, and IT operations responsible for fixing, or patching, vulnerabilities.
https://www.hackerone.com/vulnerability-management/how-hackerone-helps-vulnerability-management-process
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Reddit's Bug Bounty Program Kicks Off: Q&A with Reddit's Allison Miller and Spencer Koch, and Top Program Hacker @RENEKROKA
HackerOne sat down with Reddit's CISO and VP of Trust, resident Security Wizard, and top hacker to discover the secrets to Reddit's bug bounty success, explore their goals and key results, delve into how they use hackers to scale security across software development, and gain a unique perspective about what it's like to hack one of the world's leading social networks.
https://www.hackerone.com/application-security/reddits-bug-bounty-program-kicks-qa-reddits-allison-miller-and-spencer-koch
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Security@ 2021 Call for Speakers is Open
HackerOne's global hacker-powered security conference, Security@, is back for its fifth year. This year's virtual event will take place September 20, 2021. The call for speakers is now open! You have until May 15, 2021, to submit your talk.
https://www.hackerone.com/company-news/security-2021-call-speakers-open
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Rise of IDOR
Insecure Direct Object References (or IDOR) is a simple bug that packs a punch. Discover where they're most common, explore real-world examples, and learn prevention tips from hackers.
https://www.hackerone.com/company-news/rise-idor
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

PayPal is our Virtual Pal
HackerOne's second virtual live hacking event with event partners, PayPal to share experiences from the event.
https://www.hackerone.com/vulnerability-management/paypal-our-virtual-pal
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Commerce Giant Shopify Kicks Off 2021 with HackerOne (Virtual) Live Hacking Event: h1-2102
HackerOne's first virtual live hacking event of the year kicked off with Shopify in January 2021. Read this blog post to learn more about how Shopify builds relationships with hackers through live events like h1-2102, and find out who the award winners are.
https://www.hackerone.com/ethical-hacker/commerce-giant-shopify-kicks-2021-hackerone-virtual-live-hacking-event-h1-2102
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Rise of Misconfiguration and Supply Chain Vulnerabilities
The vulnerability of supply chains has been top of mind since the SolarWinds attack, which still dominates headlines, but last week's Singtel breach also reflects the rise of breaches triggered by misconfiguration vulnerabilities.
https://www.hackerone.com/vulnerability-management/rise-misconfiguration-and-supply-chain-vulnerabilities
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

2020 Hacker Community Year in Review
From CTF's to virtual live hacking events and more, check out this recap of the initiatives HackerOne hosted for the hacker community in 2020.
https://www.hackerone.com/ethical-hacker/2020-hacker-community-year-review
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Announcing The Hacker of The Hill

https://www.hackerone.com/ethical-hacker/announcing-hacker-hill
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

5 Learnings From A Conversation With OP Financial Group's CISO And @mrtuxracer
On 20 January, HackerOne's CEO, Marten Mickos, sat down for a chat with European hacker, Julien Ahrens a.k.a @mrtuxracer, and Teemu Ylhäisi, CISO at OP Financial Group. The discussion ranged from the recent SolarWinds attacks to the best way to prevent phishing. Here are our top takeaways from the webinar.
https://www.hackerone.com/application-security/5-learnings-conversation-op-financial-groups-ciso-and-mrtuxracer
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

LINE on Securing the Application Development Lifecycle with Bug Bounties
HackerOne has a large hacker community and the platform necessary to operate LINE's bug bounty program. By using HackerOne's platform and welcoming the community, LINE can increase operational efficiency. Through the partnership with HackerOne, we can share new bugs and learn from the vulnerability trends on the Platform while also getting a guide that helps us create a successful bug bounty program.
https://www.hackerone.com/application-security/line-securing-application-development-lifecycle-bug-bounties
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What Years of AWS Hacking Tells Us About Building Secure Apps
Years of AWS bug bounties have exposed SSRF vulnerabilities, misconfigurations, and dangling DNS records. What can we learn from these vulnerabilities about mitigating risk?
https://www.hackerone.com/application-security/what-years-aws-hacking-tells-us-about-building-secure-apps
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Grab Celebrates 5 Years on HackerOne
"Just five years ago, leading rideshare, food delivery, and payments company Grab, became one of the first companies in Southeast Asia to implement a hacker-powered security program. In just three years Grab became one of the Top 20 bug bounty programs on HackerOne worldwide."
https://www.hackerone.com/company-news/grab-celebrates-5-years-hackerone
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

HackerOne Policies Update
HackerOne's Policies Received Updates - check them out now!
https://www.hackerone.com/company-news/hackerone-policies-update
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The World's Largest Live Hacking Event
HackerOne and The Paranoids partnered to bring you the largest live hacking event in the world
https://www.hackerone.com/ethical-hacker/worlds-largest-live-hacking-event
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Quantifying Risk: How do you measure success in security?
When your job is all about avoiding costly incidents and mistakes, it's hard to put a dollar value on your work. At HackerOne's recent Security@ conference, Slack and Hyatt's CISOs sat down for a chat about their challenges and the hacks they use to quantify risk:
https://www.hackerone.com/application-security/quantifying-risk-how-do-you-measure-success-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

12 Days of Hacky Holidays CTF

https://www.hackerone.com/ethical-hacker/12-days-hacky-holidays-ctf
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

VDPs are at the Heart of the Australian Cyber Security Centre's Recommendations

https://www.hackerone.com/vulnerability-management/vdps-are-heart-australian-cyber-security-centres-recommendations
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

HackerOne Joins AWS Marketplace as Cloud Vulnerabilities Rise
HackerOne reveals the most common and critical vulnerabilities found in cloud infrastructure and announces its debut in AWS Marketplace.
https://www.hackerone.com/application-security/hackerone-joins-aws-marketplace-cloud-vulnerabilities-rise
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Announcing the HackerOne Brand Ambassadors
Announcing the first group of Hacker Brand Ambassadors who will lead hackers in their local area.
https://www.hackerone.com/ethical-hacker/announcing-hackerone-brand-ambassadors
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

US Government Mandates Vulnerability Disclosure for IoT

https://www.hackerone.com/vulnerability-management/us-government-mandates-vulnerability-disclosure-iot
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Announcing new leaderboards: More ways to engage, compete and win

https://www.hackerone.com/ethical-hacker/announcing-new-leaderboards-more-ways-engage-compete-and-win
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

HackerOne is Excited to Launch Triage Ratings for Customers and Hackers

https://www.hackerone.com/application-security/hackerone-excited-launch-triage-ratings-customers-and-hackers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

NIST Overhauls “Security and Privacy Controls” and Emphasizes VDP as a Best Practice

https://www.hackerone.com/security-compliance/nist-overhauls-security-and-privacy-controls-and-emphasizes-vdp-best-practice
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Snap's Security Team on Nearly 6 Years of Collaborating with Hackers

https://www.hackerone.com/vulnerability-management/snaps-security-team-nearly-6-years-collaborating-hackers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Organizations Paid Hackers .5 Million for These 10 Vulnerabilities in One Year
HackerOne report reveals cross-site scripting, improper access control, and information disclosure top list of most common and impactful vulnerabilities
https://www.hackerone.com/ethical-hacker/organizations-paid-hackers-235-million-these-10-vulnerabilities-one-year
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

HackerOne Expands Integrations Ecosystem to Connect and Defend Customers

https://www.hackerone.com/vulnerability-management/hackerone-expands-integrations-ecosystem-connect-and-defend-customers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

HackerOne Integrates with ServiceNow to Streamline Vulnerability Lifecycle Management
We're excited to announce our integration with ServiceNow Incident Management. This integration allows customers to escalate vulnerability reports with ServiceNow incidents and synchronize any updates in the vulnerability workflow that happen in ServiceNow or HackerOne.
https://www.hackerone.com/vulnerability-management/hackerone-integrates-servicenow-streamline-vulnerability-lifecycle
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AT&T Celebrates Million Awarded to Hackers in One Year
AT&T recently celebrated its first anniversary on HackerOne, passing million in payouts to more than 850 researchers worldwide. Read on to learn more about their program and successes over the last year.
https://www.hackerone.com/ethical-hacker/att-celebrates-1-million-awarded-hackers-one-year
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Introducing the 4th Annual Hacker-Powered Security Report

https://www.hackerone.com/ethical-hacker/introducing-4th-annual-hacker-powered-security-report
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

H1-2010 FAQ's
FAQ's from HackerOne's biggest virtual live hacking event with The Paranoids from Verizon Media, H1-2010.
https://www.hackerone.com/company-news/h1-2010-faqs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Vulnerability Disclosure is Now Mandatory for Federal Agencies - Here's How to Make it Happen

https://www.hackerone.com/vulnerability-management/vulnerability-disclosure-now-mandatory-federal-agencies-heres-how-make-it
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Smartsheet Celebrates One Year with HackerOne
To mark Smartsheet's one-year anniversary with HackerOne, we sat down with Nolan Gibb, Information Security Engineer at Smartsheet, to discuss how bug bounties enable his team to scale and collaborate with software developers to create more secure products.
https://www.hackerone.com/vulnerability-management/smartsheet-celebrates-one-year-hackerone
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

HackerOne Rolls Out Pentest Review System for Customers and Pentesters

https://www.hackerone.com/penetration-testing/hackerone-rolls-out-pentest-review-system-customers-and-pentesters
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Are Election Hacking Fears Driving Voters To The Polls?
If people fear that the American electoral infrastructure could be hacked, will they withhold their votes in November? Not according to research commissioned by HackerOne.
https://www.hackerone.com/company-news/are-election-hacking-fears-driving-voters-polls
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Become a HackerOne Brand Ambassador
Announcing the Hacker Brand Ambassador Program: lead hackers in your city, get exclusive perks, further your career.
https://www.hackerone.com/company-news/become-hackerone-brand-ambassador
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

National University of Singapore Taps Students to Hack for Good
In an inaugural InterUni Bug Bounty Challenge jointly organized by the National University of Singapore (NUS) and Singapore Management University (SMU) from 12 August to 9 September 2020, students and staff from the two universities will get to hone their hacking skills by looking for vulnerabilities (or ‘bugs') across the digital assets of their respective universities in exchange for monetary rewards, or bounties. To kick off the InterUni Bug Bounty Challenge, we sat down with NUS Chief Information Technology Officers Tommy Hor to learn more about the Challenge, why cybersecurity is so important to educational institutions like NUS, and more.
https://www.hackerone.com/ethical-hacker/national-university-singapore-taps-students-hack-good
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Recap of h@cktivitycon 2020
HackerOne's first-ever hacker conference, h@cktivitycon streamed from Twitch on Friday, July 31st - August 1st, 2020 recapped in this blog post.
https://www.hackerone.com/ethical-hacker/recap-hcktivitycon-2020
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Adobe and HackerOne Celebrate Five Years of Continued Collaboration
To celebrate five years with HackerOne, we sat down with Adobe's Senior Security Program Manager Pieter Ockers to discuss how their program has evolved over the last five years and the role that hacker-powered security, both bug bounties and response programs, plays into their overall security strategy. 
https://www.hackerone.com/company-news/adobe-and-hackerone-celebrate-five-years-continued-collaboration
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

COVID Confessions of a CISO
The COVID-19 crisis has shifted life online. As companies rush to meet remote work requirements and customer demands for digital services, attack surfaces have dramatically expanded, leaving security teams stretched thin and not staffed to cope. HackerOne dug into this concept to identify COVID-19 impacts on security and business. Read on for our findings.
https://www.hackerone.com/company-news/covid-confessions-ciso
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Human vs. Machine: Three-Part Virtual Series on the Human Element of AppSec

https://www.hackerone.com/ethical-hacker/human-vs-machine-three-part-virtual-series-human-element-appsec
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Securing video streaming in sub-Saharan Africa
Maintaining a video streaming service across the whole of Africa is challenge enough, without the added pressure of potential security issues. Showmax turns to hackers to secure their customer data and protect the security of their shows and movies.
https://www.hackerone.com/application-security/securing-video-streaming-sub-saharan-africa
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Security@ 2020 Call for Speakers is Open
HackerOne's global hacker-powered security conference, Security@, is back for its fourth year. This year's virtual event will take place October 20-22, 2020. The call for speakers is now open! You have until August 21, 2020, to submit your talk.
https://www.hackerone.com/company-news/security-2020-call-speakers-open
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Costa Coffee prepares for global expansion with bug bounty program
As the coffee chain prepares for global expansion, Costa Coffee joins the likes of Hyatt, Deliveroo, and Zomato in launching its first private bug bounty program. Costa Coffee will shore up its digital defenses using the combined expertise and experience of HackerOne's hacker community.
https://www.hackerone.com/application-security/costa-coffee-prepares-global-expansion-bug-bounty-program
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

A Warm Welcome To Our New SVP of Customer Success
We are delighted to announce that Amanda Berger — former Chief Customer Officer at Lucidworks — has joined HackerOne as our new SVP of Customer Success. In this article, Amanda introduces herself and shares what she hopes to achieve at HackerOne.
https://www.hackerone.com/company-news/warm-welcome-our-new-svp-customer-success
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Pentesting basics video series launched on Hacker101
Learn the basics of pentesting to further your career and develop core competencies required in one of the hottest job markets in cybersecurity: Penetration testing.
https://www.hackerone.com/ethical-hacker/pentesting-basics-video-series-launched-hacker101
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cybersecurity Vendor Consolidation: Securing More with Less
Discover how hacker-powered security solutions can help identify the gaps and consolidate point-solution tools into a single platform for easier management and measured ROI.
https://www.hackerone.com/company-news/cybersecurity-vendor-consolidation-securing-more-less
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Visma's Ioana Piroska on Securing the Development Lifecycle Through Bug Bounties
Having recently taken their bug bounty program public, we caught up with Visma Security Analyst Ioana Piroska about the program's results so far and Visma's plans for the future.
https://www.hackerone.com/application-security/vismas-ioana-piroska-securing-development-lifecycle-through-bug-bounties
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Pentesting Beyond Compliance: A Tool to Improve Your Security Posture

https://www.hackerone.com/penetration-testing/pentesting-beyond-compliance-tool-improve-your-security-posture
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What Juneteenth Means at HackerOne

https://www.hackerone.com/company-news/what-juneteenth-means-hackerone
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Reputation, Signal & Impact Calculation Enhancements
Reputation, Signal and Impact changes and how this will affect hacker stats going forward.
https://www.hackerone.com/ethical-hacker/reputation-signal-impact-calculation-enhancements
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Mail.ru Group pays out over million in bounties

https://www.hackerone.com/ethical-hacker/mailru-group-pays-out-over-1-million-bounties
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Mayonaise Joins The Ranks of The Seven-Figure-Earning Hackers
Congratulations to @mayonaise, the ninth hacker to earn Million hacking for good on the HackerOne platform! Read on for more about his unique approach, focus, and journey to being one of the top hackers in the world.
https://www.hackerone.com/ethical-hacker/mayonaise-joins-ranks-seven-figure-earning-hackers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Celebrating Pride at HackerOne

https://www.hackerone.com/company-news/celebrating-pride-hackerone
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What to Look For in a Penetration Testing Company
Penetration testing is one of the most widely used techniques to comply with security regulations and protect network and computing systems and users. Hacker-powered penetration tests are emerging as a more cost-effective way to harden applications. With HackerOne Challenge, selected hackers from our community are invited to find vulnerabilities in your systems, and you only pay for the verified vulnerabilities found.
https://www.hackerone.com/vulnerability-management/what-look-penetration-testing-company
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Announcing the PlayStation Bug Bounty Program
Today, PlayStation launched a public bug bounty program on HackerOne because the security of their products is a fundamental part of creating amazing experiences for the PlayStation community. Read on to learn more about their program, bounties, and more.
https://www.hackerone.com/application-security/announcing-playstation-bug-bounty-program
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Juneteenth: HackerOne's Day for Action

https://www.hackerone.com/company-news/juneteenth-hackerones-day-action
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Scaling & Prioritizing Product Security with Zendesk
In a recent virtual roundtable, we sat down with Scott Reed, Senior Manager of Product Security at Zendesk, to discuss how they incorporate bug bounties throughout their product security strategy and scaling security at a high-growth organization. Take a look at some of the highlights of our conversation below.
https://www.hackerone.com/application-security/scaling-prioritizing-product-security-zendesk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How does Pentesting fit into your overall security strategy?
As digital technologies and data transform the way business gets done, a cybersecurity strategy is fundamental in helping your company save time and money while protecting your brand. How should organizations think about penetration testing within their overall security strategy?
https://www.hackerone.com/penetration-testing/how-does-pentesting-fit-your-overall-security-strategy
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

h1-2006 CTF
h1-2006 CTF Winner Announcement
https://www.hackerone.com/ethical-hacker/h1-2006-ctf
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Crowdsourcing Racial Justice and Equality

https://www.hackerone.com/company-news/crowdsourcing-racial-justice-and-equality
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

There is no room for racism or inequality here.
At HackerOne we say No to racism. We are here to democratize opportunity across the world. We believe in the aspirations and possibilities of every human being. Hacker-powered security is proof that by working together across all boundaries we accomplish what otherwise would remain unachievable.
https://www.hackerone.com/ceo/there-no-room-racism-or-inequality-here
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

100 Hacking Tools and Resources
As part of our 0 Million in bounties celebration, we want to share a list of 100 tools and resources that will help hackers continue hacking!
https://www.hackerone.com/ethical-hacker/100-hacking-tools-and-resources
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Journey in Data: HackerOne Hits 100 Million Dollars in Bounties
Yesterday, hackers on HackerOne hit a major milestone: they have earned a total of 0 million in bounties over the past 8 years, with nearly half in the past year alone! Let's take a look at some of the numbers that have taken us to the 0 million milestone.
https://www.hackerone.com/ethical-hacker/journey-data-hackerone-hits-100-million-dollars-bounties
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

0 Million Paid - One Billion in Sight for Hackers
Today we celebrate with all our hackers the phenomenal milestone of a hundred million dollars in bounties. Hack for Good! Yet we should know that we are only getting going. The digital world is not safe and secure yet. Much more work awaits us. We have one hundred million more bugs to find.
https://www.hackerone.com/ceo/100-million-paid-one-billion-sight-hackers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Thanks For Being Part Of The Journey to 0 Million in Bounties!
Reaching 0 Million in bounties is a reason to celebrate what this community has achieved. It also gave us a chance to reflect on the journey to this point and the enduring values that will get us to the next milestone.
https://www.hackerone.com/ethical-hacker/thanks-being-part-journey-100-million-bounties
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

10 Ways to Hack Your “New Normal” Workweek
As a company inspired by hackers, HackerOne is taking this unique time to hack our programs to provide our people with additional support to ensure the wellbeing of all Hackeronies and their families. Here's a peek at the fun programs and perks we've implemented at HackerOne based on input from our people.
https://www.hackerone.com/company-news/10-ways-hack-your-new-normal-workweek
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How Federal Agencies Use Vulnerability Disclosure Policies to Level Up Security

https://www.hackerone.com/vulnerability-management/how-federal-agencies-use-vulnerability-disclosure-policies-level-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Security by the People: Announcing HackerOne's FedRAMP Authorization
Since 2016, we've been proud to help secure critical U.S. Department of Defense and GSA applications. As we achieve FedRAMP Tailored Authorization, we are excited to expand this important work.
https://www.hackerone.com/vulnerability-management/security-people-announcing-hackerones-fedramp-authorization
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Stay Ahead of Threats With Hacker-Powered Retesting
Introducing Hacker-Powered Retesting! Retesting is designed to scale with capabilities to keep your critical assets safe from increasingly sophisticated attacks.
https://www.hackerone.com/vulnerability-management/stay-ahead-threats-hacker-powered-retesting
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

PayPal on Creating Strong Relationships with Security Researchers

https://www.hackerone.com/application-security/paypal-creating-strong-relationships-security-researchers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hackers take on San Francisco for the 4th Year in a Row
HackerOne hosted its first flagship event of the year with Verizon Media in San Francisco.
https://www.hackerone.com/ethical-hacker/hackers-take-san-francisco-4th-year-row
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Shopify Celebrates 5 Years on HackerOne

https://www.hackerone.com/vulnerability-management/shopify-celebrates-5-years-hackerone
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hackweek: An insider's look at HackerOne culture

https://www.hackerone.com/ethical-hacker/hackweek-insiders-look-hackerone-culture
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Slack Increases Bounty Minimums For the Next 90 Days

https://www.hackerone.com/application-security/slack-increases-bounty-minimums-next-90-days
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Live Hacking Goes Virtual

https://www.hackerone.com/ethical-hacker/live-hacking-goes-virtual
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hack for Good: Easily Donate Bounties to WHO's COVID-19 Response Fund
Collaboration and bounty splitting have been possible for years, and now you can easily donate bounties by adding the user “hackforgood” as a collaborator to a report submission on HackerOne.
https://www.hackerone.com/ethical-hacker/hack-good-easily-donate-bounties-whos-covid-19-response-fund
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Six years of the GitHub Security Bug Bounty program

https://www.hackerone.com/application-security/six-years-github-security-bug-bounty-program
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Live hacking the U.S. Air Force, UK Ministry of Defence and Verizon Media in Los Angeles at h1-213
HackerOne hosted its final flagship live hacking event of 2019 in Los Angeles, CA
https://www.hackerone.com/ethical-hacker/live-hacking-us-air-force-uk-ministry-defence-and-verizon-media-los-angeles-h1-213
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

My Career Just Got Hacked: Rana Robillard Joins HackerOne

https://www.hackerone.com/my-career-just-got-hacked-rana-robillard-joins-hackerone
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Live Hacking Events | 2019 Recap and the Road Ahead
A look at where we've been and where we're going in 2020...
https://www.hackerone.com/ethical-hacker/live-hacking-events-2019-recap-and-road-ahead
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Confessions of European CISOs
Ever wondered what's been keeping your CISO up at night? Well, wonder no more. We did some research to find out what worries European CISOs who are tasked with shoring up their digital infrastructure.
https://www.hackerone.com/company-news/confessions-european-cisos
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

LINE Security Bug Bounty Program Report 2019

https://www.hackerone.com/application-security/line-security-bug-bounty-program-report-2019
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Congratulations, Cosmin! The world's seventh million-dollar bug bounty hacker
The ranks of seven-figure-earning hackers have now risen to eight. Meet @inhibitor181 — the world's seventh million-dollar bug bounty hacker.
https://www.hackerone.com/ethical-hacker/congratulations-cosmin-worlds-seventh-million-dollar-bug-bounty-hacker
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Dropbox bug bounty program has paid out over ,000,000

https://www.hackerone.com/ethical-hacker/dropbox-bug-bounty-program-has-paid-out-over-1000000
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hyatt Celebrates its First Anniversary on HackerOne

https://www.hackerone.com/vulnerability-management/hyatt-celebrates-its-first-anniversary-hackerone
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

#AndroidHackingMonth: Introduction to Android Hacking by @0xteknogeek

https://www.hackerone.com/ethical-hacker/androidhackingmonth-intro-to-android-hacking
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Guess what's coming!? #AndroidHackingMonth on @Hacker0x01
February is Android Hacking Month! That means new resources, new CTFs, and, of course, swag. Learn more about how to get involved.
https://www.hackerone.com/ethical-hacker/AndroidHackingMonth
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

h1-415 CTF Winners Announced!
Thanks to all who participated in our #h1415 CTF, and congratulations to our winners @p4fg and @manoelt! Here's how it went down.
https://www.hackerone.com/ethical-hacker/h1-415-ctf-winners-announced
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

InnoGames Models Avatar After Top Ethical Hacker
Kevin Heseler, Security Engineer at InnoGames, tells us about how InnoGames leverages their bug bounty program to secure their games and the unique approach they have taken to awarding their most valuable hacker with their very own avatar in the ‘Forge of Empires' game
https://www.hackerone.com/ethical-hacker/innogames-models-avatar-after-top-ethical-hacker
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Why Every Federal Agency Needs a VDP

https://www.hackerone.com/vulnerability-management/why-every-federal-agency-needs-vdp
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

HackerOne Launches Bug Bounty Program for Kubernetes
The Cloud Native Computing Foundation (CNCF) today launched the Kubernetes bug bounty program on HackerOne. The Kubernetes bug bounty program is yet another layer of security assurance that will reward researchers who find vulnerabilities in the container orchestration system. Bounties will range from 0 to ,000. All reports will be thoroughly investigated by the Kubernetes Product Security Committee, a set of security-minded Kubernetes community volunteers.
https://www.hackerone.com/application-security/hackerone-launches-bug-bounty-program-kubernetes
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacking for Good

https://www.hackerone.com/ceo/hacking-good
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

This Season, Give the Gift of Data-Driven Insight

https://www.hackerone.com/company-news/season-give-gift-data-driven-insight
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Using Bug Bounty Talent Pools to Attract and Maintain Top Talent

https://www.hackerone.com/vulnerability-management/using-bug-bounty-talent-pools-attract-and-maintain-top-talent
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Transparency Builds Trust
Someone called it a “breach,” and the world took notice. Here is the story.
https://www.hackerone.com/vulnerability-management/transparency-builds-trust
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How Bug Bounties Help You Shift Left

https://www.hackerone.com/application-security/how-bug-bounties-help-you-shift-left
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

HackerOne is a 2019 Cyber Catalyst Designated Cybersecurity Solution

https://www.hackerone.com/application-security/hackerone-2019-cyber-catalyst-designated-cybersecurity-solution
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

8 High-impact Bugs and How HackerOne Customers Avoided a Breach: SQL Injection

https://www.hackerone.com/security-compliance/8-high-impact-bugs-and-how-hackerone-customers-avoided-breach-sql-injection
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How the Risk-Averse DoD Learned to Stop Worrying and Love the Hackers

https://www.hackerone.com/vulnerability-management/how-risk-averse-dod-learned-stop-worrying-and-love-hackers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The World's Elite Hackers Share Tips and Insights

https://www.hackerone.com/ethical-hacker/worlds-elite-hackers-share-tips-and-insights
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

LINE Launches Public Bug Bounty Program: Q&A with Security Engineer Robin Lunde
Today, after three successful years running an independent bug bounty program, LINE launched a public bug bounty program on HackerOne. To learn more about the popular messaging app's security strategy and commitment to the hacker community, we sat down with security engineers Robin Lunde, Koh You Liang and Keitaro Yamazaki. Read on for a glimpse into our conversation.
https://www.hackerone.com/application-security/line-launches-public-bug-bounty-program-qa-security-engineer-robin-lunde
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Supporting the Source: Why HackerOne is Upgrading its Free Tools for Open Source
Open source software powers HackerOne. As part of our mission to make the internet safer, we want to make it easier for your open source project to remain secure, so we're joining GitHub Security Lab. Read on for more on why we're joining, new free offerings for open source projects from HackerOne, and new open source targets for hackers from GitHub and HackerOne.
https://www.hackerone.com/vulnerability-management/supporting-source-why-hackerone-upgrading-its-free-tools-open-source
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Announcing Program Audit Log
As our customers' security teams grow, it's important for us to sustain their growth with new features. Today we're announcing the Program Audit Log. It enables customers to audit important actions that were taken in their program, such as permission updates, new members, bounty rewards, and program settings. Read on for more!
https://www.hackerone.com/vulnerability-management/announcing-program-audit-log
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Reducing Risk With a Bug Bounty Program

https://www.hackerone.com/application-security/reducing-risk-bug-bounty-program
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

U.S. Department of Defense VDP Wins Prestigious 2019 DoD Chief Information Officer Award
On Nov. 3, 2019 in the Pentagon Auditorium, the DoD Cyber Crime Center (DC3) Vulnerability Disclosure Program (VDP) was awarded the 2019 DoD Chief Information Officer (CIO) award for Cybersecurity. Over the past three years, the VDP on HackerOne has processed more than 11,000 vulnerabilities discovered by researchers within DoD's public facing websites.
https://www.hackerone.com/vulnerability-management/us-department-defense-vdp-wins-prestigious-2019-dod-chief-information
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

8 High-Impact Bugs and How HackerOne Customers Avoided a Breach: Information Disclosure

https://www.hackerone.com/security-compliance/8-high-impact-bugs-and-how-hackerone-customers-avoided-breach-information
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Scaling Security: From Startup to Unicorn

https://www.hackerone.com/application-security/scaling-security-startup-unicorn
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Why Laurie Mercer Became a Security Engineer at HackerOne

https://www.hackerone.com/company-news/why-laurie-mercer-became-security-engineer-hackerone
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Security@ Fireside Chat: Insights from Phil Venables of Goldman Sachs

https://www.hackerone.com/vulnerability-management/security-fireside-chat-insights-phil-venables-goldman-sachs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Keynote with Phil Venables of Goldman Sachs

https://www.hackerone.com/vulnerability-management/keynote-phil-venables-goldman-sachs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Q&A with HackerOne's New Vice President, APAC, Attley Ng

https://www.hackerone.com/company-news/qa-hackerones-new-vice-president-apac-attley-ng
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Lowering Your Pentesting Fees with HackerOne

https://www.hackerone.com/penetration-testing/lowering-your-pentesting-fees-hackerone
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Slack Increases Minimum Bounties for High and Critical Bugs for 30 Days
Over the past five years, Slack and HackerOne have established a partnership and commitment to ensure Slack's platform is secure for its over 12 million daily active users. To build on this momentum and engage top researchers from the HackerOne community, Slack is increasing its minimum bounties for High and Critical findings to 00 and 00 respectively for a limited time. Read on to learn more!
https://www.hackerone.com/application-security/slack-increases-minimum-bounties-high-and-critical-bugs-30-days
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

8 High-Impact Bugs and How HackerOne Customers Avoided a Breach: Privilege Escalation

https://www.hackerone.com/security-compliance/8-high-impact-bugs-and-how-hackerone-customers-avoided-breach-privilege
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

HackerOne Congratulates the Department of Defense on 11K Vulnerability Reports

https://www.hackerone.com/vulnerability-management/hackerone-congratulates-department-defense-11k-vulnerability-reports
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Through a Hacker's Eyes: Recapping h1-604
For the first time ever, a hacker writes a live hacking recap blog, highlighting what it is like to attend a live event. Katie (@InsiderPhD) gives a first-person narrative of h1-604. From seeing a bear for the first time to collaborating closely with peers, Katie covers all the adventures of heading to Vancouver, Canada to hunt bugs.
https://www.hackerone.com/ethical-hacker/through-hackers-eyes-recapping-h1-604
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Tell Your Hacker Story with the Redesigned Profile Pages

https://www.hackerone.com/ethical-hacker/tell-your-hacker-story-redesigned-profile-pages
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

3 Ways Hacker-Powered Security Helps the Agile CISO

https://www.hackerone.com/3-ways-hacker-powered-security-helps-agile-ciso
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

More Than Bounty: Beating Burnout with Hacker-Powered Security

https://www.hackerone.com/more-bounty-beating-burnout-hacker-powered-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Breaking Down the Benefits of Hacker-Powered Pentests

https://www.hackerone.com/breaking-down-benefits-hacker-powered-pentests
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

PayPal Celebrates Its First Anniversary on HackerOne
It's been a year since PayPal transitioned its Bug Bounty program to HackerOne. During that time, PayPal has paid out more than .5 million in bounties to the hacker community. In this post Ray Duran, manager of PayPal's Bug Bounty team, reflects on PayPal's journey, shares some exciting changes to the program and discusses what's to come.
https://www.hackerone.com/vulnerability-management/paypal-celebrates-its-first-anniversary-hackerone
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Announcing the Security@ San Francisco 2019 Agenda
The agenda for the third annual hacker-powered security conference, Security@ San Francisco, is live! Security@ is the only conference dedicated to the booming hacker-powered security industry, where hackers and leaders come together to build a safer internet. The conference takes place on October 15, 2019 at the Palace of Fine Arts and will include talks by security leaders from some of the most innovative security teams. In addition, hackers from all over the world will discuss lessons learned from defending the front lines, scaling security teams, and addressing the talent gap. 2019 promises to be our largest event yet!
https://www.hackerone.com/company-news/announcing-security-san-francisco-2019-agenda
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How HackerOne Fits into the Dev Tools You Know and Love

https://www.hackerone.com/vulnerability-management/how-hackerone-fits-dev-tools-you-know-and-love
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How Companies Like Facebook Find the Bugs that Matter

https://www.hackerone.com/application-security/how-companies-facebook-find-bugs-matter
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacking with Valor: Why We Raised .4M with Valor Equity Partners
Our civilization is going digital. That's fantastic. Unfortunately, our software is not secure enough to carry a digital and connected civilization. When systems get breached, people can't trust the digital world. In a way, we try to do too much. Our innovation is outpacing security and privacy. Something must be done. This is the HackerOne commitment: As long as our digital world is plagued by vulnerabilities, we will continue to hack for the good of our connected society.
https://www.hackerone.com/ceo/hacking-valor-why-we-raised-364m-valor-equity-partners
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Upserve Resolves Over 85 Bugs in Two Years Thanks to Hackers
It's been two years since Upserve launched its public bug bounty program on HackerOne. During that time, Upserve's security team has resolved over 85 valid vulnerabilities thanks to hackers, paying ,000 in bounties along the way. To celebrate the milestone, we sat down with Upserve's Information Security Officer Bryan Brannigan to look back on humble beginnings, learn more about how they incorporate hackers in their security initiatives, and discuss how they've increase engagement through public disclosures. Take a look!
https://www.hackerone.com/ethical-hacker/upserve-resolves-over-85-bugs-two-years-thanks-hackers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Bringing the Heat to Vegas: Recapping record-breaking h1-702
HackerOne hosted their largest live hacking event to date in Las Vegas Nevada. With Hacker Summer Camp in the background, h1-702 broke several records. This included paying out nearly two million in bounties to hackers over the three days.
https://www.hackerone.com/company-news/bringing-heat-vegas-recapping-record-breaking-h1-702
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

HackerOne Praised By An Original Hacker
Steve Gibson, a security researcher who started hacking technology as a child, recently gave HackerOne high praise for helping to secure companies with bug bounty programs. We're proud when our dedicated team gets the praise they deserve from those in the industry.
https://www.hackerone.com/company-news/hackerone-praised-original-hacker
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacker-Powered Data - Security Weaknesses and Embracing Risk with HackerOne
Vulnerabilities are a fact of life; risk comes with it. Today, companies, enterprises, & governments are embracing collaboration with hackers to find vulnerabilities before criminals have a chance to exploit them. Using 7 years of data from 1,400 bug bounty programs & 360,000+ valid vulnerabilities, this post offers a new analysis of the most common vulnerabilities not found on the OWASP top 10.
https://www.hackerone.com/application-security/hacker-powered-data-security-weaknesses-and-embracing-risk-hackerone
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Don't Believe These 4 Bug Bounty Myths

https://www.hackerone.com/application-security/dont-believe-these-4-bug-bounty-myths
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Black Hat 2019: Highlights from the Biggest and Best Yet
Black Hat 2019 was the biggest and best yet. Over 20,000 attendees heated up Las Vegas with provocative training sessions, innovative presentations, and record-breaking live hacking events.
https://www.hackerone.com/application-security/black-hat-2019-highlights-biggest-and-best-yet
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Security Vendors Startups like Lob Can't Live Without

https://www.hackerone.com/application-security/security-vendors-startups-lob-cant-live-without
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

GraphQL Week on The Hacker101 Capture the Flag Challenges
Recently we rolled out 3 separate GraphQL-basd Hacker101 Capture the Flag challenges. These are valuable educational resources for hackers and developers alike, improving bug hunting capability and helping developers prevent security missteps when implementing GraphQL.
https://www.hackerone.com/ethical-hacker/graphql-week-hacker101-capture-flag-challenges
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Live Hacking Events: Stats, invitations, and what's next
Live hacking events are an experience unlike any other. This post is about how you can increase your chances of being invited to hack. We dive into the history of live hacking events and some of the criteria that's taken into consideration
https://www.hackerone.com/ethical-hacker/live-hacking-events-stats-invitations-and-whats-next
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

London Called, Hackers Answered: Recapping h1-4420
Uber partnered with us for their third live hacking event in London, paying out over 5,000 in bounties to hackers who found more than 150 unique vulnerabilities across Uber, Uber Restaurants and Uber Freight.
https://www.hackerone.com/ethical-hacker/london-called-hackers-answered-recapping-h1-4420
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Verizon Media Webinar Recap: Attack Surface Visibility & Reducing Risk
Bug bounty tips from a Paranoid: hackers as an extension of your security team, honoring the security page as a contract with hackers, investing in the community through things like Live Hacking events, and using the outside perspective from the hacker community to strengthen their entire SDLC.
https://www.hackerone.com/vulnerability-management/verizon-media-webinar-recap-attack-surface-visibility-reducing-risk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Breaking Down the Benefits of Hacker-Powered Pen Tests
Breaking down the benefits of hacker-powered pen tests from the recent Forrester report. The most important benefit was finding more vulnerabilities, both in terms of numbers and criticality, in order to remediate them and create better system security.
https://www.hackerone.com/penetration-testing/breaking-down-benefits-hacker-powered-pen-tests
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The HackerOne Top 10 Most Impactful and Rewarded Vulnerability Types
We've put together a list of the most impactful vulnerabilities on the HackerOne platform so you can see where to aim your security efforts and how to better align your security team to today's biggest risks. Learn which vulnerabilities aren't in the OWASP Top 10 and see the top vulnerabilities submitted by volume, bounty awards, and more.
https://www.hackerone.com/vulnerability-management/hackerone-top-10-most-impactful-and-rewarded-vulnerability-types
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Improving Your Workflows and Analysis with Custom Fields
HackerOne is thrilled to release Custom Fields, the latest way to sharpen security workflows and software development cycles. Custom Fields empowers teams to gain new insights into data by adding details such as ownership, risk category and root cause to vulnerability reports.
https://www.hackerone.com/vulnerability-management/improving-your-workflows-and-analysis-custom-fields
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cloud Security Alliance Webinar Recap: Avoid the Breach with Shopify's Andrew Dunbar
Security is a top priority for e-commerce giant Shopify, with over 600,000 businesses in 175 countries trusting them to sell online and everywhere in the world. Shopify's Vice President of Security Engineering and IT, Andrew Dunbar and HackerOne's Luke Tucker discuss best practices for testing and securing cloud-based web applications.
https://www.hackerone.com/application-security/cloud-security-alliance-webinar-recap-avoid-breach-shopifys-andrew-dunbar
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

When Moving To the Cloud, Don't Leave Basic Security Behind
How to break into a serverless application, a TestLabs blog review. We'll also discuss why changes in technology don't change security best practices.
https://www.hackerone.com/application-security/when-moving-cloud-dont-leave-basic-security-behind
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Grand Rounds VP InfoSec: Achieving SOC 2 Type II Compliance with Hacker-Powered Security
Grand Rounds is an innovative new healthcare company using hacker-powered security for better, more effective pen tests. Learn how HackerOne Compliance meets HIPPA, SOC2, and other security testing needs.
https://www.hackerone.com/security-compliance/grand-rounds-vp-infosec-achieving-soc-2-type-ii-compliance-hacker-powered
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Automate Workflows with Enhanced Jira Integration
Integrating with Jira has always been an important piece of integrating HackerOne into the SDLC of our customers. HackerOne's bi-directional Jira integration is currently in use by many of our customers and today we're announcing how it's getting even better.
https://www.hackerone.com/application-security/automate-workflows-enhanced-jira-integration
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Taking The Guesswork Out of Vulnerability Reporting
To make vulnerability disclosure easier on open source maintainers, GitHub and HackerOne are collaborating to help close the gap between the hacker community and software engineers.
https://www.hackerone.com/vulnerability-management/taking-guesswork-out-of-vulnerability-reporting
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

See Your Success In Real Time with the new Program Dashboard
Effective security programs are more efficient when backed with clear reports that both technical and business teams understand. The HackerOne program dashboard delivers real-time insights into the program metrics that matter most to your programs, such as submission status, bounty spent, exploit severity, asset weaknesses, program health, and more.
https://www.hackerone.com/vulnerability-management/see-your-success-in-real-time-with-the-new-program-dashboard
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacking Dropbox Live in the Heart of Singapore at h1-65
Dropbox joined us as the participating company, paying out over 0,000 in bounties to hackers who found 264 vulnerabilities across Dropbox, Dropbox Paper, newly-acquired HelloSign, and third-party vendors that work with Dropbox.
https://www.hackerone.com/ethical-hacker/hacking-dropbox-live-heart-singapore-h1-65
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

PayPal Thanks Hackers with Million in 7 Months on HackerOne
Since launching an independently run bug bounty program in 2012, PayPal's program has evolved several times over, including transitioning to a platform, HackerOne, in 2018 to expand participation from 2,000 hackers to over 300,000 hackers on the platform. In just 6 months, we're proud to announce that PayPal has paid over million to hackers through HackerOne. It's quite a milestone for us, and so much more the a dollar figure.
https://www.hackerone.com/ethical-hacker/paypal-thanks-hackers-1-million-7-months-hackerone
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Priceline Launches Public Bug Bounty Program: Q&A with Matt Southworth
Today, Priceline launched its public bug bounty program on HackerOne, including Priceline's e-commerce site, Priceline.com, PPN affiliate sites and mobile apps. We sat down with Matt to learn more about their program, prioritizing customer trust, what it's like working with hackers, and more. Check it out!
https://www.hackerone.com/vulnerability-management/priceline-launches-public-bug-bounty-program-qa-matt-southworth
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Announcing the Community T-shirt Winner(s)
Hackers submitted amazing designs for the first ever community t-shirt contest! @akaash2397 received the most votes among the three finalists for his Bug Hunter design.
https://www.hackerone.com/company-news/announcing-community-t-shirt-winners
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Learn How HackerOne Can Help You Crawl, Walk, or Run Your Way to a Bug Bounty Program
No matter your company size or security team bandwidth, learn how to get a bug bounty program started with advice from those who've launched hundreds of new programs. This webinar explains how to get a program started at your own pace, what you need to think about before you start, and how you can control the program's impact on your existing infrastructure. It's only 25 minutes, so grab a coffee, take a break, and watch it now.
https://www.hackerone.com/application-security/learn-how-hackerone-can-help-you-crawl-walk-or-run-your-way-bug-bounty-program
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What the California Consumer Privacy Act Means For You
The collection of personal data and the privacy issues surrounding it have been a hot topic the past several years, especially in the security industry. Governments are taking notice and new regulations are appearing. The new California Consumer Privacy Act (CCPA) is a regulation requiring certain organizations to protect the personal data and privacy of California consumers. HackerOne can help you.
https://www.hackerone.com/security-compliance/what-california-consumer-privacy-act-means-you
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hackers have earned more than M in bug bounty cash on HackerOne: Time to celebrate!
Hackers, congratulate yourselves on an incredible milestone, earning M+ for your contributions to a safer internet. HackerOne's mission is to empower the world to build a safer internet, and you are the heroic individuals making that mission a day-to-day reality. Thank you for inspiring us with your creativity and talents. Keep pursuing the flags, squashing the bugs, and sharing the knowledge. Together. We. Hit. Harder. Happy hacking one and all!
https://www.hackerone.com/ethical-hacker/hackers-have-earned-more-50m-bug-bounty-cash-hackerone-time-celebrate
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacker-Powered Security, Government Support Needed to Protect Financial Services Consumers from Application Vulnerabilities
What is the current state of security in the financial sector? How can governments contribute to this security? These questions were addressed by Christopher Parsons in his testimony before the Standing Committee on Public Safety and National Security (SECU) in Canada. His testimony shines a light on some major issues facing the security community in Canada and across the world.
https://www.hackerone.com/security-compliance/hacker-powered-security-government-support-needed-protect-financial-services
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Product Updates and Enhancements

https://www.hackerone.com/company-news/product-updates-and-enhancements
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Airbnb and Verizon Media participate in 3rd annual h1-415 live hacking event including a cybersecurity mentorship program
The power of collaboration came through full-force in our first live hacking event of 2019. Hosted over three days, we partnered with Airbnb and Verizon Media for hacking, mentoring, and celebrating the community.
https://www.hackerone.com/ethical-hacker/airbnb-and-verizon-media-participate-3rd-annual-h1-415-live-hacking-event-including
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Xiaomi Security Center Welcomes Security Research with HackerOne Partnership
Please welcome the Xiaomi Security Center to HackerOne! Xiaomi, one of the world's largest consumer electronics manufacturers, is launching a vulnerability disclosure program (VDP) on April 1, 2019, welcoming vulnerability submissions for products and services under the brands of Xiaomi, Mijia, Mitu, and Redmi. Check it out!
https://www.hackerone.com/vulnerability-management/xiaomi-security-center-welcomes-security-research-hackerone-partnership
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Security at Startup Speed: Enterprise Grade Security from the Start
Startups today must adapt to a rapidly changing environment, completing security tasks along with code deploys and automating security scans as much as possible. But even with these measures, security vulnerabilities find a way to slip through the cracks. That's where hacker-powered security can put out the embers of the fire you may have missed. Learn how hacker-powered security allows startups to launch smart.
https://www.hackerone.com/application-security/Security-Startup-Speed-Enterprise-Grade-Security-Start
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Q&A with Brian Neely, CIO & CISO of AMERICAN SYSTEMS
As a defense contractor, AMERICAN SYSTEMS provides IT and engineering solutions for complex national priority programs for the U.S. government. As you can imagine, the sensitive programs and data they hold makes them heavily targeted by sophisticated, determined, highly resourced nation-state threat actors. Losing data would mean losing a competitive advantage on the battlefield. In short, lives could be at stake. That's not your average security breach. We sat down with CIO and CISO Brian Neely to learn a bit more about how he's seen the industry evolve, what's next and how hacker-powered security fits into the matrix.
https://www.hackerone.com/vulnerability-management/qa-brian-neely-cio-ciso-american-systems
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

@try_to_hack Makes History as First Bug Bounty Hacker to Earn over Million
19-year-old Argentinian @try_to_hack just made history as the first to earn over ,000,000 in bounty awards on HackerOne. We connect with him to learn more about how he reached this impressive milestone. We hope you are just inspired as we are!
https://www.hackerone.com/company-news/trytohack-makes-history-first-bug-bounty-hacker-earn-over-1-million
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Q&A with HackerOne's VP of Customer Success Jeff McBride
We sat down with HackerOne's VP of Customer Success, Jeff McBride, to get more acquainted with his style of leadership, what customer success means to him, and his view of hacker-powered program management. Take a look at our conversation.
https://www.hackerone.com/company-news/qa-hackerones-vp-customer-success-jeff-mcbride
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Program Insights from the PayPal Security Team
PayPal's security team is tasked with helping to protect personal financial information for millions of account holders every day. We sat down with PayPal Information Security Engineers Ray Duran, Sonal Shrivastava, and Pax Whitmore, and Project Manager Rebecca Francom to learn more about how PayPal works with researchers, what the journey of a bug looks like once it gets reported, and what findings are most impactful.
https://www.hackerone.com/vulnerability-management/program-insights-paypal-security-team
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Introducing Hacker Task Manager and Statistics
We're proud to announce the latest iteration of Hacker Dashboard today- Hacker Task Manager and Statistics! The Hacker Task Manager underlines our focus on helping new and upcoming hackers to onboard themselves on our platform. With the help of the Task Manager, hackers can educate themselves with help from Hacker101 and other educational resources to get closer to the goal of submitting a valid vulnerability report.
https://www.hackerone.com/ethical-hacker/Introducing-Hacker-Task-Manager-and-Statistics
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Design the next HackerOne T-Shirt
We are very excited to open the first ever HackerOne community T-shirt design contest. Like crafting a creative exploit or spinning up photoshop to create a perfect meme, we know you've got some amazing ideas and we want to see them. We are looking for designs that reflect the spirit of our community. This can include ingenuity, diversity and the collaborative forces that make #TogetherWeHitHarder.
https://www.hackerone.com/company-news/Design-next-HackerOne-T-Shirt
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Five years of the GitHub Bug Bounty program
Over the past five years, GitHub has been continuously impressed by the hard work and ingenuity of the hacker community. Last year was no different. GitHub paid out 5,000 to researchers through their public bug bounty program in 2018. They decided to share some of their highlights from the past year and introduce some big changes in 2019: full legal protection for researchers, more GitHub properties eligible for rewards, and increased reward amounts.
https://www.hackerone.com/application-security/five-years-github-bug-bounty-program
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

HackerOne Hosts Rails Girls in Groningen
Following months of preparation, the day was finally here. HackerOne's office in Groningen was hosting a Rails Girls global coding event. Born in Finland, Rails Girls is a global, non-profit volunteer community that aims to provide the right tools and a community for women to understand technology and to build their ideas. I am Stuti Srivastava, a senior product engineer at HackerOne and one of the organisers for the event, and this was my first experience at a Rails Girls event.
https://www.hackerone.com/company-news/hackerone-hosts-rails-girls-groningen
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

FanDuel's Liam Somerville on Prioritising Researchers as an Extension of the Security Team
FanDuel, the web-based fantasy sports game with traditional season-long fantasy sports leagues compressed into daily or weekly games of skill, is used by over 8 million members across the globe. With hundreds of millions of dollars being exchanged through weekly games, the small but mighty FanDuel security is tasked with defending enormous amounts of sensitive data all while meeting rigorous state and national regulations. Over the course of their bug bounty program, FanDuel has resolved about 85 vulnerabilities and paid out over ,000 in gratitude to researchers. We dove a little deeper with Liam to learn more about how his security team of seven works with the researcher community to boost security and how researchers can maximize their earnings by being creative.
https://www.hackerone.com/company-news/fanduels-liam-somerville-prioritising-researchers-extension-security-team
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How Hacker-Powered Security Protects Your Data, Even When Third Parties Don't
Providing third parties with access to privileged sites and information can expose companies to greater risk of data theft, with all the financial and reputational costs such breaches bring. Hacker-powered security programs like HackerOne Bounty let you focus tens to thousands of security researchers on the precise systems you care about most. Through careful design of the program page and bounty table, which tells hackers how much they will be paid to find different types of vulnerabilities in different systems, you can concentrate the HackerOne community on hardening the applications, authentication, and access control systems that third parties use.
https://www.hackerone.com/vulnerability-management/how-hacker-powered-security-protects-your-data-even-when-third-parties
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Alibaba and HackerOne Join Forces in Global Vulnerability Testing Program
Alibaba, one of the world's largest Internet companies is joining HackerOne to tap into the technical expertise of the world's best cybersecurity experts to implement a global vulnerability disclosure program (VDP) to help boost security and better protect customers, transactions, and the Alibaba ecosystem. Today, Alibaba has announced that all participating cybersecurity researchers who submit valid vulnerabilities will receive a limited production physical challenge coin issued by Alibaba and HackerOne — a “metal medal of honor” – to recognize their contributions. The coin is awarded in addition to the incentives researchers receive as active members of the HackerOne community.
https://www.hackerone.com/vulnerability-management/alibaba-and-hackerone-join-forces-global-vulnerability-testing-program
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Introducing My Programs
We're proud to announce the release of My Programs, the next iteration of Hacker Dashboard. My Programs is a completely new page in the dashboard that replaces the old “accepted invitations” page. In addition to the accepted invitations, My Programs now lists all public programs you have previously submitted a report to.
https://www.hackerone.com/ethical-hacker/introducing-my-programs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Launching the Hacker Calendar, Never Miss a Challenge Again
Hacker Calendar is a small but useful feature to track important dates and events via your calendar app. You can easily see all running challenges that you're part of and know their respective start and end dates.
https://www.hackerone.com/ethical-hacker/launching-hacker-calendar-never-miss-challenge-again
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

EU-FOSSA 2 Open Source Bug Bounty Programme Series | Q&A
Following the success of the European Commission's pilot bug bounty programme with HackerOne last year, they are announcing the launch of a new bug bounty initiative involving open source software on a much larger scale. This bug bounty programme run by the EU-Free and Open Source Software Auditing (EU-FOSSA 2) project, aims to help EU institutions better protect their critical software. We recently chatted separately with Marek Przybyszewski and Saranjit Arora who are leading the EU-FOSSA 2 project.
https://www.hackerone.com/company-news/eu-fossa-2-open-source-bug-bounty-programme-series-qa
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Riot Games Surpasses 1,000 Valid Reports: Q&A
At the end of 2018, Riot Games surpassed one of the biggest milestones of its bug bounty program to-date: 1,000 valid vulnerabilities reported to the program. Today, the League of Legends maker celebrates 1,000 issues fixed and 1,000 opportunities to better protect their over 80 million players worldwide. We connected with Riot Games Security Engineer Diarmaid McManus to learn more about what the milestone means to him and the team, as well as the greater impact HackerOne's community has had on their security practice.
https://www.hackerone.com/vulnerability-management/riot-games-surpasses-1000-valid-reports-qa
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Open-Xchange Approaches 3 Years of Bug Bounties & 250 Valid Vulnerabilities
Just shy of their third anniversary of bug bounties, web-based communication, collaboration and office productivity software company Open-Xchange (OX) is sharing the results of their program to-date. OX has seen nearly 250 valid vulnerabilities reported through the program and paid out over ,000. Looking back, Security Officer Martin Heiland says bugs surfaced on HackerOne have cost about a tenth of what traditional pen testing has surfaced over the years.
https://www.hackerone.com/vulnerability-management/open-xchange-approaches-3-years-bug-bounties-250-valid-vulnerabilities
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

5 Tips for an Effective AppSec Testing Strategy
Applications have become the lifeblood of businesses in today's connected world. Software is now the “front door” into your business for many people around the world. Caution is required, though. Applications exposed to the internet are also exposed to shady characters out to exploit your systems for their benefit, often at the expense of your customers and your business. This blog shares 5 tips for an effective application security testing strategy.
https://www.hackerone.com/application-security/5-tips-effective-appsec-testing-strategy
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Your First 90 Days as Security Lead, Part 2: Developing a Plan and Getting to Work
You've just been named the new security lead for your organization. You probably have many projects swirling through your mind, like addressing a critical issue, benchmarking your organization against peers, or developing a broad plan. This two-part blog series details best practices for developing your program and the key steps to take during the first three months in your new role.
https://www.hackerone.com/vulnerability-management/your-first-90-days-security-lead-part-2-developing-plan-and-getting-work
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hyatt Launches Public Bug Bounty Program: Q&A with CISO Benjamin Vaughn
Today, Hyatt is launching its first public bug bounty program at HackerOne. To learn more about Hyatt's program, their commitment to security and the hacker community, we sat down with Chief Information Security Officer Benjamin Vaughn.
https://www.hackerone.com/application-security/hyatt-launches-public-bug-bounty-program-qa-ciso-benjamin-vaughn
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Introducing Indian Rupee payments: Cheaper and faster bank transfers
We're proud to announce that HackerOne now supports payments in Indian Rupees. The addition of Indian Rupees means we can now eliminate the roughly 5% conversion fee per bounty by using the “mid-market rate” to convert your bounties directly to Indian Rupees before sending them to your bank account.
https://www.hackerone.com/ethical-hacker/introducing-indian-rupee-payments-cheaper-and-faster-bank-transfers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Your First 90 Days as Security Lead, Part 1: Building Your Security Foundation
You've just been named the new security lead for your organization. You probably have many projects swirling through your mind, like addressing a critical issue, benchmarking your organization against peers, or developing a broad plan. This two-part blog series details best practices for developing your program and the key steps to take during the first three months in your new role.
https://www.hackerone.com/vulnerability-management/your-first-90-days-security-lead-part-1-building-your-security-foundation
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

More Hackers Means Less To Worry About
With enough hackers, all security vulnerabilities are shallow. There is no better way to know the security of your systems than inviting a diverse community to report your weaknesses. On behalf of grateful customers, we have awarded over M in rewards to the do-gooders — the hackers. We will end 2018 with a business that has grown 10X in just 3 years.
https://www.hackerone.com/ceo/more-hackers-means-less-worry-about
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Oath's Big Year of Bug Bounties Capped off with NYC Live Hacking Event
In 2018, Oath has received over 1,900 valid vulnerabilities through its private bug bounty program, over 300 of which were high or critical severity. Big numbers mean big rewards — Oath has paid million in bounties in 2018. It's been a record year, including four live hacking events all over the world — Goa, San Francisco, Argentina, and a 2018 finale live hacking event in New York City on November 27-29.
https://www.hackerone.com/ethical-hacker/oaths-big-year-bug-bounties-capped-nyc-live-hacking-event
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Grammarly's Bug Bounty Program Goes Public: Q&A with VP of Engineering Joe Xavier
It's been over a year since Grammarly launched its first bug bounty program on HackerOne. It's been a private, invite-only program ever since. That is, until today! We sat down with the company's VP of Engineering Joe Xavier to learn more about how the newly public bug bounty program fits into the team's overall security strategy, what it's like working with hackers, and any advice for other organizations considering the bug bounty model.
https://www.hackerone.com/company-news/grammarlys-bug-bounty-program-goes-public-qa-vp-engineering-joe-xavier
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacktivity Disclosure for Private Programs
With over 6,000 reports that have been disclosed on Hacktivity, we're proud to announce that we're launching Disclosure for Private Programs. Vulnerability reports can now be disclosed within a private program.
https://www.hackerone.com/ethical-hacker/hacktivity-disclosure-private-programs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Q&A with Flickr's Senior Engineering Manager Alex Seville
As of November 2018, Flickr has been running its first independent bug bounty program, maintaining an average resolution time of just 4 days in the first month. We sat down with Flickr Senior Engineering Manager Alex Seville to learn more about his team's commitment to working with the hacker community, how it fits into Flickr's larger cybersecurity strategy, and what's to come.
https://www.hackerone.com/application-security/qa-flickrs-senior-engineering-manager-alex-seville
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Easy and secure Credential Management
The new credential management functionality enables program owners to share credentials with hackers in the program easily. It's as simple as uploading a CSV with credentials, and a new button will appear on your program page from where hackers can download the credentials. When uploading the credentials, you can also give the hacker instructions on how to use them. This can be helpful in case the setup isn't straightforward.
https://www.hackerone.com/security-compliance/easy-and-secure-credential-management
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Test your hacking skills on real-world simulated bugs
Five sandbox environments of recently disclosed hacktivity reports available for anyone to test their hacking skills and see if they can replicate the same bug that was discovered. #hackon
https://www.hackerone.com/ethical-hacker/test-your-hacking-skills-real-world-simulated-bugs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Introducing Hacker Dashboard: Your personalized HackerOne overview
Earlier this month, we introduced the all-new Program Directory with fresh metrics and better filtering. Now, we're taking it a step further with the introduction of the Hacker Dashboard. Check it out!
https://www.hackerone.com/ethical-hacker/introducing-hacker-dashboard-your-personalized-hackerone-overview
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacker101 CTF++: Find flags, get private bug bounty program invitations
Get rewarded with private invitations and work through the CTF as a group with our new release.
https://www.hackerone.com/application-security/hacker101-ctf-find-flags-get-private-bug-bounty-program-invitations
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Shopify Awards 6,000 to Hackers in Canada: h1-514 Recap
Forty top hackers met in Montréal over the weekend to hack Canada-based Shopify. The commerce platform helps more than a half-million merchants spread across 90% of the world's countries design, set-up, and manage their stores. During the live hacking event, dubbed h1-514, Shopify paid over 6,000 in bounties to hackers who helped surface 55 valid vulnerabilities to the program.
https://www.hackerone.com/ethical-hacker/shopify-awards-116000-hackers-canada-h1-514-recap
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Integrate HackerOne directly into your website with Embedded Submissions
Receiving vulnerabilities has never been easier with the release of our newest integration: Embedded Submissions! The form will be embedded directly on your website by simply adding one line of JavaScript on your web page.
https://www.hackerone.com/vulnerability-management/integrate-hackerone-directly-your-website-embedded-submissions
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Security@ 2018: Oath, DoD Highlight Value in Bringing Bug Bounties to Life
Most hacker-powered security happens remotely, with digital messaging being the typical communication channel. There's no brainstorming together with a whiteboard, no chats over coffee, no conversations during the walk across the street for lunch. One of the many benefits of Security@ is the chance to bring hackers, developers, and security teams together to meet in real life.
https://www.hackerone.com/application-security/security-2018-oath-dod-highlight-value-bringing-bug-bounties-life
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Security@ 2018: Sumo Logic's CSO On Transparency and Using Hacker-Powered Pen Tests for Better Security and Complete Compliance
At Security@ 2018, held in San Francisco in late October, Gerchow took the stage to share how Sumo Logic works with HackerOne to take a decidedly modern approach to security, using bug bounties as a tool in the arsenal and transparency as the common thread. Transparency, according to Gerchow, means that organizations must admit not only that bugs will always exist, but that the best ways to reduce vulnerabilities is to share learnings and best practices with the broader community.
https://www.hackerone.com/penetration-testing/security-2018-sumo-logics-cso-transparency-and-using-hacker-powered-pen-tests
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Discovering programs is easier than ever with the new and improved Program Directory
Today, we're excited to announce a complete overhaul of our Program Directory! The new directory features a fresh design and more granular filters to find programs faster than ever. Let us know what you think!
https://www.hackerone.com/vulnerability-management/Discovering-programs-easier-ever-new-and-improved-Program-Directory
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What To Do When You're Stuck Hacking
Hacking can be tedious work. Sometimes you're looking for hours, perhaps days, and you're unable to find a security vulnerability. It can be demotivating at times. This blog will give you multiple tips to power through it and regain that sweet, sweet feeling of submitting a security vulnerability.
https://www.hackerone.com/ethical-hacker/What-To-Do-When-You-Are-Stuck-Hacking
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Financial Services: Tips for Bug Bounty Success
Jason Pubal is an appsec director at a large financial services firm. Over the past 2 years, he's prepared for and rolled out a successful bug bounty program with HackerOne. Here's what he's learned in the process and how you can prepare to launch your own bug bounty program.
https://www.hackerone.com/application-security/financial-services-tips-bug-bounty-success
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Best is Yet To Come: DOD Awards New Hack the Pentagon Contract to HackerOne
Today we celebrate cyber defense. The U.S. Department of Defense's Defense Digital Service (DDS) announced expansion of the Hack the Pentagon crowdsourced security program and partnership with HackerOne. HackerOne is one of three vendors to be awarded a contract as part of the Hack the Pentagon expansion to run private assessments against sensitive, internal systems.
https://www.hackerone.com/ethical-hacker/best-yet-come-dod-awards-new-hack-pentagon-contract-hackerone
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Paranoids at Oath Take Bug Bounties to Argentina: h1-5411 Recap
HackerOne kicked off its first South America live hacking event in Buenos Aires, Argentina! Oath, a media and tech company, under which Yahoo, AOL, Verizon Digital Media Services, TechCrunch and many more dynamic brands fall, opened up their assets to 53 hackers in their second live hacking event in 2018. Eight hours later, Oath had paid out over 0,000 in bounties to hackers for their contributions. Thank you to our hackers that literally weathered a storm to join us in Argentina for the first time.
https://www.hackerone.com/vulnerability-management/paranoids-oath-take-bug-bounties-argentina-h1-5411-recap
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Say Yes To Cyber Help
We are seeing tremendous growth at HackerOne. Bug bounty programs, vulnerability disclosure policies, and crowdsourced pentests are needed by anyone entrusted with protecting customer data. To serve our rapidly expanding customer base, we have tripled our headcount in the past 12 months and opened new offices in New York, Washington D.C. and Singapore, in addition to our San Francisco, London and Netherlands offices.
https://www.hackerone.com/company-news/say-yes-cyber-help
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The U.S. Marine Corps Resolves Nearly 150 Vulnerabilities Thanks to Hackers
Hack the Marine Corps, the U.S. Depart of Defense's (DoD) six public bug bounty challenge, officially concluded and the results are in! Over 100 ethical hackers tested public-facing Marine Corps websites and services in an effort to harden the defenses of the Marine Corps Enterprise Network (MCEN). Over the 20 days of the hacking challenge, hackers reported nearly 150 unique valid vulnerabilities to the U.S. Marine Corps Cyberspace Command (MARFORCYBER) team and were awarded over 0,000 for their findings.
https://www.hackerone.com/vulnerability-management/us-marine-corps-resolves-nearly-150-vulnerabilities-thanks-hackers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The AWS Shared Responsibility Model: 3 Areas of Improvement to Make Today Part 3: Logging, Monitoring, and Alerting in AWS
Migrating to the cloud means sharing responsibility for security with the cloud provider. Read about one important part of the shared responsibility model: logging, monitoring, and alerting in an AWS environment. Discover the tools available to help you always know what is happening in your environment.
https://www.hackerone.com/application-security/AWS-Shared-Responsibility-Model-3-Areas-Improvement-Make-Today-Part-3
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How Hacktivity Can Save Your Company: Experts Weigh In
Hacktivity can save your company.  Take help from hackers.  You can't do it alone.  Approach hackers with an assumption of benevolence, and develop relationships with them.  Don't find out about a vulnerability for the first time on Twitter.  How do you defend yourself against people who get up in the morning, put on their flip flops (or military uniform) and do nothing but think about how to attack you?  These were themes at the Atlantic Council's panel on coordinated vulnerability disclosure (CVD) on September 18 in Washington, D.C.
https://www.hackerone.com/ethical-hacker/How-Hacktivity-Can-Save-Your-Company-Experts-Weigh-In
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Streamline Every Aspect of Your Responsible Disclosure Policy with HackerOne Response
HackerOne Response is our turnkey solution offering enterprise-grade security and conformance with ISO-29147 (vulnerability disclosure) and ISO-30111 (vulnerability handling). It allows vulnerability management teams to work directly with external third-parties to resolve critical security vulnerabilities before they can be exploited.
https://www.hackerone.com/vulnerability-management/streamline-every-aspect-your-responsible-disclosure-policy-hackerone
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Top Firewall Misconfigurations that Lead to Easy Exploitations by Attackers
Migrating to the cloud means sharing responsibility for security with the cloud provider. Read about one important part of the shared responsibility model: keeping your cloud network secure. Discover how to protect your cloud networks from attackers.
https://www.hackerone.com/vulnerability-management/Top-Firewall-Misconfigurations-that-Lead-to-Easy-Exploitations
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The AWS Shared Responsibility Model: 3 Areas of Improvement to Make Today, Part 1
Migrating to the cloud means sharing responsibility for security with the cloud provider. Read about one important part of the shared responsibility model: keeping your private keys private. Discover how to prevent your secrets from escaping the cloud.
https://www.hackerone.com/application-security/aws-shared-responsibility-model-3-areas-improvement-make-today-part-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Introducing the Hacker101 CTF
Capture flags all day and night in our newly launched CTF, available 24/7 at ctf.hacker101.com.
https://www.hackerone.com/ethical-hacker/introducing-hacker101-ctf
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Highlights of New York's Cybersecurity Regulation 23 NYCRR Part 500
Effective March 1, 2017, the New York State Department of Financial Services (NYDFS) promulgated 23 NYCRR Part 500, a regulation establishing cybersecurity requirements for financial services companies. Beginning today, September 4, 2018, Sections 500.06, 500.08, 500.13, 500.14(a) and 500.15 of 23 NYCRR Part 500 will be enforceable.
https://www.hackerone.com/security-compliance/highlights-new-yorks-cybersecurity-regulation-23-nycrr-part-500
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

H1-702 2018 makes history with over 0K in bounties paid!
Five straight nights of hacking with over 75 hackers representing 20+ countries hacked five targets earning over 0,000. It was the largest and most successful live hacking event ever.
https://www.hackerone.com/ethical-hacker/h1-702-2018-makes-history-over-500k-bounties-paid
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What is a Responsible Disclosure Policy and Why You Need One
This article will answer the simple question of what a vulnerability disclosure policy is, what's included in a good policy, which organizations have a VDP today, and which government agencies have published guidance on VDPs.
https://www.hackerone.com/vulnerability-management/what-responsible-disclosure-policy-and-why-you-need-one
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

118 Fascinating Facts from HackerOne's Hacker-Powered Security Report 2018
Read 118 of the most intriguing data points from HackerOne's Hacker-Powered Security Report 2018. Get the facts to learn how security teams are working with hackers to crush more bugs and make the internet safer for everyone.
https://www.hackerone.com/ethical-hacker/118-fascinating-facts-hackerones-hacker-powered-security-report-2018
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

7 Common Security Pitfalls to Avoid When Migrating to the Cloud
Read about the seven common security pitfalls to avoid when considering a migration to the cloud. Get actionable steps you should take now to ensure the best security possible for your customers.
https://www.hackerone.com/application-security/7-common-security-pitfalls-avoid-when-migrating-cloud
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Oath Bug Bounty Program Update: M in payouts and expansion of the program
Oath has surpassed over ,000,000 bounties paid to hackers for their help to significantly decrease risk and reduce Oath's attack surface. However, bugs aren't all Oath received from the security community. They also heard a ton of feedback that they've accounted for in five changes to their program policy. Check them out!
https://www.hackerone.com/vulnerability-management/oath-bug-bounty-program-update-1m-payouts-and-expansion-program
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Improve Credential Sharing with Hacker Email Aliases
New hacker email aliases feature makes credential sharing, and whitelisting domains simple for programs
https://www.hackerone.com/ethical-hacker/Improve-Credential-Sharing-Hacker-Email-Aliases
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

A Guide To Subdomain Takeovers
Technical guide on how to understand, find, exploit, and report subdomain misconfigurations by EdOverflow
https://www.hackerone.com/application-security/guide-subdomain-takeovers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Software Vulnerability Disclosure in Europe: Summary and Key Highlights of the European Parliament CEPS Task Force Report
HackerOne's summary review of the Software Vulnerability Disclosure in Europe Technology, Policies and Legal Challenges report.
https://www.hackerone.com/vulnerability-management/software-vulnerability-disclosure-europe-summary-and-key-highlights
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Sumo Logic Looks to Hacker-Powered Pen Testing for Security and Compliance
In late 2017, Sumo Logic CSO George Gerchow faced a challenge most only dream of — pen testing reports kept coming back clean. While this seems like good knews, it meant Sumo Logic's attack surface was hardening, Gerchow knew nothing is bulletproof. Three bug bounty challenges later, Sumo Logic is sharing the results and inner workings of its open line of communication with the hacker community for the first time.
https://www.hackerone.com/penetration-testing/sumo-logic-looks-hacker-powered-pen-testing-security-and-compliance
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Zomato's First Anniversary with Bug Bounties: Q&A with Security Lead, Prateek Tiwari
This month, Zomato is celebrating the first anniversary of its bug bounty program. Since launching in July 2017, the company has paid out over 0,000 to over 350 hackers for their efforts, all while maintaining an average response time of 4 hours. We recently caught up with Prateek to celebrate the milestone and give you a chance to learn more about Zomato's approach to bug bounties and security.
https://www.hackerone.com/ethical-hacker/zomatos-first-anniversary-bug-bounties-qa-security-lead-prateek-tiwari
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Hacker-Powered Security Report 2018
The Hacker-Powered Security Report 2018 is the most comprehensive report on hacker-powered security. Analysis of 78,275 security vulnerability reports received in the past year from ethical hackers that reported them to over 1,000 organizations through HackerOne.
https://www.hackerone.com/ethical-hacker/hacker-powered-security-report-2018
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

H1-702 CTF Winners Announced!
Thanks to all the hackers who participated in the H1-702 2018 CTF! For the first time ever, we had both web and mobile challenges. Our six winners were selected from a pool of 750 registered participants and over 30 submissions received. Congratulations on winning your way to Las Vegas for the biggest live hacking event ever!
https://www.hackerone.com/ethical-hacker/h1-702-ctf-winners-announced
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Lawfully Hacked
The best way to prevent getting hacked is to try to get hacked. Paradoxical as this may sound, evidence shows it is true. The worst data breaches the world has seen were with companies that did not invite external security researchers to report their findings. But by hunting for their security vulnerabilities, organizations can ensure the weak points are found and fixed before they are identified by criminals. Open sourcing security is the way.
https://www.hackerone.com/ceo/lawfully-hacked
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Journey to 100% Responsive Programs
Unresponsive programs are a drain on your time and your sanity. We are committed to ensure programs on the platform will be responsive and their performance metrics will be transparent.
https://www.hackerone.com/ethical-hacker/journey-100-responsive-programs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Webinar: Learn How Hacker-Powered Pentests Give You More For Less
Join us on July 17 to learn how hacker-powered pen tests give you more. More bugs, faster, and cheaper.
https://www.hackerone.com/penetration-testing/webinar-learn-how-hacker-powered-pentests-give-you-more-less
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Morrison & Foerster's David Newman: How Corporate Counsel Should Approach Hacker-Powered Security
Interview with MoFo's David Newman, of counsel in the National Security and Global Risk & Crisis Management practices. We asked David a few questions related to his work for clients on hacker-powered security, as well as what he's seeing in the field as more and more organizations launch both vulnerability disclosure policies (VDP) and bug bounty programs.
https://www.hackerone.com/ethical-hacker/morrison-foersters-david-newman-how-corporate-counsel-should-approach-hacker-powered
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hackers Descend on London for First Ever UK Live Hacking Event: H1-4420
Saturday, June 16, almost 50 hackers gathered from across the world to hack one of the most popular and mature bug bounty programs on the planet at HackerOne's first live-hacking event in London, H1-4420. Nine hours, 71 valid bugs and ,753 later...you could say our community of elite hackers exceeded all expectations.
https://www.hackerone.com/ethical-hacker/Hackers-Descend-London-First-Ever-UK-Live-Hacking-Event-H1-4420
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Advanced triggers feature launches to further improve signal
Triggers are simple but powerful tools for executing automated responses to new, incoming reports. With triggers, you can set up an automated action when your program receives a report with or without a given trigger word. Triggers aid in reducing noise as they can flag certain reports.
https://www.hackerone.com/application-security/Advanced-triggers-feature-launches-further-improve-signal
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Live-hacking Dropbox in Amsterdam for H1-3120
At H1-3120, Dropbox received more than 90 reports and paid out ,383 with an average bounty of ,318, over two times on their largest bounty day ever and almost three times their average bounty. Geweldig!
https://www.hackerone.com/ethical-hacker/live-hacking-dropbox-amsterdam-h1-3120
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Jackpot! The h1-702 2018 CTF is here! Win a Trip to the Biggest Live-hacking Event of 2018
H1-702 2018 is happening in Las Vegas from Wednesday, August 8 to Sunday, August 12! Any hacker from around the world who wants to attend can earn their way there. All you need to do is solve our CTF and write a great report. Six lucky winners will earn round trip airfare, seven nights at a hotel on the Las Vegas strip, and access to all five days of h1-702.
https://www.hackerone.com/ethical-hacker/jackpot-h1-702-2018-ctf-here-win-trip-biggest-live-hacking-event-2018
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hey Startups, Check Your GDPR Progress with this GDPR Checklist
The GDPR Checklist is just that: a checklist to make sure you've covered the basics concerning GDPR. It's aimed at SaaS startups, but every company can benefit from its simple, easy to understand guidance.
https://www.hackerone.com/security-compliance/hey-startups-check-your-gdpr-progress-gdpr-checklist
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacker-Powered pen tests at the U.S. Federal Government
When looking for a model to inform your own security posture, the Department of Defense would be a good place to look. Not only were they the first branch of the U.S. Federal Government to use white-hat hackers back in 2016, they've been using hacker-powered security in new and interesting ways ever since. They've also blazed a trail for other public organizations.
https://www.hackerone.com/penetration-testing/hacker-powered-pen-tests-us-federal-government
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

New Hacker101 Content: Threat modeling, Burp basics, and more
Since January, thousands of hackers have expressed their enthusiasm about the first Hacker101 content drop (almost 80,000 total video views and 8,800+ stars on GitHub in just six months!); and now it's time to take things to the next level.
https://www.hackerone.com/ethical-hacker/new-hacker101-content-threat-modeling-burp-basics-and-more
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CISOs and GDPR: The Top 3 Concerns
In “The CISOs Guide to GDPR”, expert Thomas Fischer offered up the three main concerns he's hearing most often from CISOs regarding GDPR.
https://www.hackerone.com/company-news/CISOs-and-GDPR-the-top-3-concerns
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Introducing The 90 day Hacker Leaderboard and Revamped Invitations
Hackers can now see how they ranked by their Reputation, Signal, and Impact in the last 90 days. Invitations going forward will be based on your activity during the last 90 days.
https://www.hackerone.com/ethical-hacker/introducing-90-day-hacker-leaderboard-and-revamped-invitations
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hursti hacks, DEF CON villages, and the Dubious state of electronic voting
Harri Hursti is one of the world's leading authorities on election voting security. His work has exposed gaping security flaws in electronic voting machines and the electronic voting industry as a whole. He answered some of our questions on his hacking roots and why electronic voting is so easily hacked.
https://www.hackerone.com/ethical-hacker/hursti-hacks-def-con-villages-and-dubious-state-electronic-voting
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

H1-415 Recap: Oath Pays Over 0,000 to Hackers in One Day
Forty-one hackers representing 11 countries. More than 0,000 paid in bounties. All in nine hours. HackerOne's second annual live-hacking event in San Francisco broke multiple records on Saturday, April 14, 2018. The target? Oath, a media and tech company, under which Yahoo, AOL, Verizon Digital Media Services, TechCrunch and many more dynamic brands fall.
https://www.hackerone.com/ethical-hacker/h1-415-recap-oath-pays-over-400000-hackers-one-day
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

H1-202 Recap: Mapbox Pays Out Nearly ,000 in One Day
Twenty-seven hackers representing nine countries gathered at the U.S. capitol March 23-25, 2018 for HackerOne's first live hacking event in Washington, D.C. The weekend consisted of a community day with Virginia-based high schoolers and a live hacking day — nine hours of hacking at Mapbox HQ, resulting in over 100 bugs reported and nearly ,000 paid in rewards.
https://www.hackerone.com/ethical-hacker/h1-202-recap-mapbox-pays-out-nearly-65000-one-day
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Q&A with CRANIUM: Easing Compliance with “GDPR in a Box”
CRANIUM, an international consulting company specializing in privacy, data protection and information security, sells a GDPR in a Box to guide organizations through their GDPR challenge. It's a combination of do-it-yourself plus online support, and we talked with one of their GDPR experts to learn more about it.
https://www.hackerone.com/security-compliance/qa-cranium-easing-compliance-gdpr-box
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Shopify Thanks Over 300 Hackers, Pays 0,000+ to Hackers in Three Years
This month, Shopify celebrates the three year anniversary of its bug bounty program with HackerOne. To-date the commerce platform has paid over 0,000 in rewards to hackers, resolved 759 vulnerabilities and has thanked over 300 hackers for their contributions.
https://www.hackerone.com/vulnerability-management/shopify-thanks-over-300-hackers-pays-850000-hackers-three-years
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Q&A with HackerOne's New Board Member: Kathryn Haun
We are thrilled to introduce HackerOne's new board member Kathryn Haun. Katie is a former U.S. Department of Justice (DOJ) federal prosecutor, Stanford Business School Lecturer and serves on the board of Coinbase. With cybersecurity affecting every industry, every entity, and every person who is digitally connected, Katie thinks one of the best ways to protect against nefarious actors is to provide a safe environment for ethical hackers to beat them to the punch.
https://www.hackerone.com/company-news/qa-hackerones-new-board-member-kathryn-haun
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The CISO's Guide to GDPR: Q&A with Thomas Fischer
We recently caught up with GDPR expert Thomas Fischer for his help in answering some questions for us on the hot topic of GDPR.
https://www.hackerone.com/company-news/cisos-guide-gdpr-qa-thomas-fischer
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

General Motors Celebrates Second Anniversary with Hackers
Just over two years ago, General Motors became the first major automaker to launch a public vulnerability disclosure program (VDP). Its purpose? To protect its customers by working with hackers to safely identify and resolve security vulnerabilities. Since the program launched in 2016, GM has resolved more than 700 vulnerabilities across the entire supply chain, with help from hackers.
https://www.hackerone.com/ethical-hacker/general-motors-celebrates-second-anniversary-hackers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Mr. Chairman, we need hackers!
The more the world gets hacked, the more we need hackers. We need white hats. They will find vulnerabilities so we can fix them and not get breached.
https://www.hackerone.com/ceo/mr-chairman-we-need-hackers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

GitHub Celebrates Four Years of Bug Bounties: Q&A with VP of Security, Shawn Davenport
GitHub celebrated the fourth anniversary of its Security Bug Bounty program and released a comprehensive recap of a record-breaking 2017 to mark the moment. To join the celebration and give you a chance to learn more about GitHub's approach to bug bounties and security, we recently caught up with Shawn Davenport, VP of Security at GitHub.
https://www.hackerone.com/application-security/github-celebrates-four-years-bug-bounties-qa-vp-security-shawn-davenport
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

GDPR: Let's kill the FUD
It seems everywhere you look, the talk about GDPR is designed to scare you into action. Fear, uncertainty, and doubt (FUD) are powerful motivators. Probably the scariest thing of all: the potential fines. GDPR, on paper, allows for fines of up to €20 million (.5 million) or 4% of a company's global annual revenue. Here's a quick (non-FUD-ified) list of some of what we see happening and how it may impact you.
https://www.hackerone.com/company-news/gdpr-lets-kill-fud
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

OWASP Top 10 Web Security Risks of 2017 - Flashcards
There's no such thing as perfectly secure software. Learn about the top 10 web security risks of 2017 with our print-ready flashcard guide
https://www.hackerone.com/application-security/owasp-top-10-web-security-risks-2017-flashcards
Partager : LinkedIn / Twitter / Facebook / View /