Pas d'actualité

L'Actu

4 Steps to Perform a Website Security Audit
In today's cybercrime scenario, ensuring website security has become more difficult and troublesome due to… 4 Steps to Perform a Website Security Audit on Latest Hacking News.
https://latesthackingnews.com/2021/04/13/4-steps-to-perform-a-website-security-audit/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Why SMBs Must Conduct Rigorous Vendor Evaluation to Protect Themselves from Supply Chain Attacks
In today's interconnected cloud landscape, while it is absolutely vital for SMBs to rigorously safeguard… Why SMBs Must Conduct Rigorous Vendor Evaluation to Protect Themselves from Supply Chain Attacks on Latest Hacking News.
https://latesthackingnews.com/2021/04/13/why-smbs-must-conduct-rigorous-vendor-evaluation-to-protect-themselves-from-supply-chain-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Following Facebook, Data Of 500+ Million LinkedIn Users Put For Sale
Right after Facebook's data leak incident that affected 533 million people, another data dump has… Following Facebook, Data Of 500+ Million LinkedIn Users Put For Sale on Latest Hacking News.
https://latesthackingnews.com/2021/04/12/following-facebook-data-of-500-million-linkedin-users-put-for-sale/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

VoIP Scams: The Basic Guide
Someone once said that rules were made to be broken. Scammers have taken it very… VoIP Scams: The Basic Guide on Latest Hacking News.
https://latesthackingnews.com/2021/04/12/voip-scams-the-basic-guide/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hackers Deploy Malware To Gigaset Android Phones With Malicious Update
Gigaset Android phones have become a victim of a serious supply-chain attack. Reports reveal that… Hackers Deploy Malware To Gigaset Android Phones With Malicious Update on Latest Hacking News.
https://latesthackingnews.com/2021/04/12/hackers-deploy-malware-to-gigaset-android-phones-with-malicious-update/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Malicious Android App Targeted Users With Malware Via WhatsApp Auto-replies
Once again, Android users marginally escaped falling for a malware campaign that exploited Play Store… Malicious Android App Targeted Users With Malware Via WhatsApp Auto-replies on Latest Hacking News.
https://latesthackingnews.com/2021/04/12/malicious-android-app-targeted-users-with-malware-via-whatsapp-auto-replies/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How to Spot Fake Reviews on Amazon
Reviews are one of the main factors that help retailers to increase their sales. Many… How to Spot Fake Reviews on Amazon on Latest Hacking News.
https://latesthackingnews.com/2021/04/12/how-to-spot-fake-reviews-on-amazon/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Can You Get Into a Grad School Without Taking a GRE?
Also known as the Graduate Record Examination (GRE) is a form of test that examines… Can You Get Into a Grad School Without Taking a GRE? on Latest Hacking News.
https://latesthackingnews.com/2021/04/09/can-you-get-into-a-grad-school-without-taking-a-gre/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How Can I Find My Forgotten Password?
Everyone has been in this frustrating situation before. You're trying to login to one of… How Can I Find My Forgotten Password? on Latest Hacking News.
https://latesthackingnews.com/2021/04/09/how-can-i-find-my-forgotten-password/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Facebook Responds To Data Leak – Says, ‘Data Not Hacked, But Scraped'
In response to the hype regarding the recent data dump incident, Facebook has finally opened… Facebook Responds To Data Leak – Says, ‘Data Not Hacked, But Scraped' on Latest Hacking News.
https://latesthackingnews.com/2021/04/08/facebook-responds-to-data-leak-says-data-not-hacked-but-scraped/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

New NAME:WRECK Vulnerabilities Impact Nearly 100 Million IoT Devices
Security researchers have uncovered nine vulnerabilities affecting four TCP/IP stacks impacting more than 100 million consumer and enterprise devices that could be exploited by an attacker to take control of a vulnerable system. Dubbed "NAME:WRECK" by Forescout and JSOF, the flaws are the latest in series of studies undertaken as part of an initiative called Project Memoria to study the security
https://thehackernews.com/2021/04/new-namewreck-vulnerabilities-impact.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hackers Using Website's Contact Forms to Deliver IcedID Malware
Microsoft has warned organizations of a "unique" attack campaign that abuses contact forms published on websites to deliver malicious links to businesses via emails containing fake legal threats, in what's yet another instance of adversaries abusing legitimate infrastructure to mount evasive campaigns that bypass security protections. "The emails instruct recipients to click a link to review
https://thehackernews.com/2021/04/hackers-using-websites-contact-forms-to.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Detecting the "Next" SolarWinds-Style Cyber Attack
The SolarWinds attack, which succeeded by utilizing the sunburst malware, shocked the cyber-security industry. This attack achieved persistence and was able to evade internal systems long enough to gain access to the source code of the victim. Because of the far-reaching SolarWinds deployments, the perpetrators were also able to infiltrate many other organizations, looking for intellectual
https://thehackernews.com/2021/04/detecting-next-solarwinds-attack.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

BRATA Malware Poses as Android Security Scanners on Google Play Store
A new set of malicious Android apps have been caught posing as app security scanners on the official Play Store to distribute a backdoor capable of gathering sensitive information. "These malicious apps urge users to update Chrome, WhatsApp, or a PDF reader, yet instead of updating the app in question, they take full control of the device by abusing accessibility services," cybersecurity firm
https://thehackernews.com/2021/04/brata-malware-poses-as-android-security.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

RCE Exploit Released for Unpatched Chrome, Opera, and Brave Browsers
An Indian security researcher has publicly published a proof-of-concept (PoC) exploit code for a newly discovered flaw impacting Google Chrome and other Chromium-based browsers like Microsoft Edge, Opera, and Brave. Released by Rajvardhan Agarwal, the working exploit concerns a remote code execution vulnerability in the V8 JavaScript rendering engine that powers the web browsers. It is believed
https://thehackernews.com/2021/04/rce-exploit-released-for-unpatched.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Indian Brokerage Firm Upstox Suffers Data Breach Leaking 2.5 Millions Users' Data
Online trading and discount brokerage platform Upstox has become the latest Indian company to suffer a security breach of its systems, resulting in the exposure of sensitive information of approximately 2.5 million users on the dark web. The leaked information includes names, email addresses, dates of birth, bank account information, and about 56 million know your customer (KYC) documents pulled
https://thehackernews.com/2021/04/indian-brokerage-firm-upstox-suffers.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What Does It Take To Be a Cybersecurity Researcher?
Behind the strategies and solutions needed to counter today's cyber threats are—dedicated cybersecurity researchers. They spend their lives dissecting code and analyzing incident reports to discover how to stop the bad guys.  But what drives these specialists? To understand the motivations for why these cybersecurity pros do what they do, we decided to talk with cybersecurity analysts from
https://thehackernews.com/2021/04/what-does-it-take-to-be-cybersecurity.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Windows, Ubuntu, Zoom, Safari, MS Exchange Hacked at Pwn2Own 2021
The 2021 spring edition of Pwn2Own hacking contest concluded last week on April 8 with a three-way tie between Team Devcore, OV, and Computest researchers Daan Keuper and Thijs Alkemade. A total of .2 million was awarded for 16 high-profile exploits over the course of the three-day virtual event organized by the Zero Day Initiative (ZDI). Targets with successful attempts included Zoom, Apple
https://thehackernews.com/2021/04/windows-ubuntu-zoom-safari-ms-exchange.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hackers Tampered With APKPure Store to Distribute Malware Apps
APKPure, one of the largest alternative app stores outside of the Google Play Store, was infected with malware this week, allowing threat actors to distribute Trojans to Android devices. In a supply-chain attack similar to that of German telecommunications equipment manufacturer Gigaset, the APKPure client version 3.17.18 is said to have been tampered with in an attempt to trick unsuspecting
https://thehackernews.com/2021/04/hackers-tampered-with-apkpure-store-to.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Alert — There's A New Malware Out There Snatching Users' Passwords
A previously undocumented malware downloader has been spotted in the wild in phishing attacks to deploy credential stealers and other malicious payloads. Dubbed "Saint Bot," the malware is said to have first appeared on the scene in January 2021, with indications that it's under active development. "Saint Bot is a downloader that appeared quite recently, and slowly is getting momentum. It was
https://thehackernews.com/2021/04/alert-theres-new-malware-out-there.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

[WHITEPAPER] How to Achieve CMMC Security Compliance for Your Business
For organizations that deal with the defense infrastructure – cybersecurity is more than just a buzzword. Recently the US Department of Defense (DoD) created a new certification process – the Cybersecurity Maturity Model Certificate (CMMC) – to ensure that all its vendors and contractors follow established best cybersecurity practices. For organizations that work along the DoD supply chain, this
https://thehackernews.com/2021/04/whitepaper-how-to-achieve-cmmc-security.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cisco Will Not Patch Critical RCE Flaw Affecting End-of-Life Business Routers
Networking equipment major Cisco Systems has said it does not plan to fix a critical security vulnerability affecting some of its Small Business routers, instead urging users to replace the devices. The bug, tracked as CVE-2021-1459, is rated with a CVSS score of 9.8 out of 10, and affects RV110W VPN firewall and Small Business RV130, RV130W, and RV215W routers, allowing an unauthenticated,
https://thehackernews.com/2021/04/cisco-will-not-patch-critical-rce-flaw.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Gigaset Android Update Server Hacked to Install Malware on Users' Devices
Gigaset has revealed a malware infection discovered in its Android devices was the result of a compromise of a server belonging to an external update service provider. Impacting older smartphone models — GS100, GS160, GS170, GS180, GS270 (plus), and GS370 (plus) series — the malware took the form of multiple unwanted apps that were downloaded and installed through a pre-installed system update
https://thehackernews.com/2021/04/gigaset-android-update-server-hacked-to.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Researchers uncover a new Iranian malware used in recent cyberattacks
An Iranian threat actor has unleashed a new cyberespionage campaign against a possible Lebanese target with a backdoor capable of exfiltrating sensitive information from compromised systems. Cybersecurity firm Check Point attributed the operation to APT34, citing similarities with previous techniques used by the threat actor as well as based on its pattern of victimology. APT34 (aka OilRig) is
https://thehackernews.com/2021/04/researchers-uncover-new-iranian-malware.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hackers Exploit Unpatched VPNs to Install Ransomware on Industrial Targets
Unpatched Fortinet VPN devices are being targeted in a series of attacks against industrial enterprises in Europe to deploy a new strain of ransomware called "Cring" inside corporate networks. At least one of the hacking incidents led to the temporary shutdown of a production site, said cybersecurity firm Kaspersky in a report published on Wednesday, without publicly naming the victim. The
https://thehackernews.com/2021/04/hackers-exploit-unpatched-vpns-to.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

NIST and HIPAA: Is There a Password Connection?
When dealing with user data, it's essential that we design our password policies around compliance. These policies are defined both internally and externally. While companies uphold their own password standards, outside forces like HIPAA and NIST have a heavy influence. Impacts are defined by industry and one's unique infrastructure. How do IT departments maintain compliance with NIST and HIPAA?
https://thehackernews.com/2021/04/nist-and-hipaa-is-there-password.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

PHP Site's User Database Was Hacked In Recent Source Code Backdoor Attack
The maintainers of the PHP programming language have issued an update regarding the security incident that came to light late last month, stating that the actors may have gotten hold of a user database containing their passwords to make unauthorized changes to the repository. "We no longer believe the git.php.net server has been compromised. However, it is possible that the master.php.net user
https://thehackernews.com/2021/04/php-sites-user-database-was-hacked-in.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Android to Support Rust Programming Language to Prevent Memory Flaws
Google on Tuesday announced that its open source version of the Android operating system will add support for Rust programming language in a bid to prevent memory safety bugs. To that end, the company has been building parts of the Android Open Source Project (AOSP) with Rust for the past 18 months, with plans in the pipeline to scale this initiative to cover more aspects of the operating system
https://thehackernews.com/2021/04/android-to-support-rust-programming.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

WhatsApp-based wormable Android malware spotted on the Google Play Store
Cybersecurity researchers have discovered yet another piece of wormable Android malware—but this time downloadable directly from the official Google Play Store—that's capable of propagating via WhatsApp messages. Disguised as a rogue Netflix app under the name of "FlixOnline," the malware comes with features that allow it to automatically reply to a victim's incoming WhatsApp messages with a
https://thehackernews.com/2021/04/whatsapp-based-wormable-android-malware.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

11 Useful Security Tips for Securing Your AWS Environment
Want to take advantage of excellent cloud services? Amazon Web Services may be the perfect solution, but don't forget about AWS security. Whether you want to use AWS for a few things or everything, you need to protect access to it. Then you can make sure your business can run smoothly. Read on to learn some important AWS security tips. Use Multi-Factor authentication When setting up your AWS
https://thehackernews.com/2021/04/11-useful-security-tips-for-securing.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Critical Auth Bypass Bug Found in VMware Data Center Security Product
A critical vulnerability in the VMware Carbon Black Cloud Workload appliance could be exploited to bypass authentication and take control of vulnerable systems. Tracked as CVE-2021-21982, the flaw is rated 9.1 out of a maximum of 10 in the CVSS scoring system and affects all versions of the product prior to 1.0.1.  Carbon Black Cloud Workload is a data center security product from VMware that
https://thehackernews.com/2021/04/critical-auth-bypass-bug-found-in.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Pre-Installed Malware Dropper Found On German Gigaset Android Phones
In what appears to be a fresh twist in Android malware, users of Gigaset mobile devices are encountering unwanted apps that are being downloaded and installed through a pre-installed system update app. "The culprit installing these malware apps is the Update app, package name com.redstone.ota.ui, which is a pre-installed system app," Malwarebytes researcher Nathan Collier said. "This app is not
https://thehackernews.com/2021/04/pre-installed-malware-dropper-found-on.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Experts uncover a new Banking Trojan targeting Latin American users
Researchers on Tuesday revealed details of a new banking trojan targeting corporate users in Brazil at least since 2019 across various sectors such as engineering, healthcare, retail, manufacturing, finance, transportation, and government. Dubbed "Janeleiro" by Slovak cybersecurity firm ESET, the malware aims to disguise its true intent via lookalike pop-up windows that are designed to resemble
https://thehackernews.com/2021/04/experts-uncover-new-banking-trojan.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Watch Out! Mission Critical SAP Applications Are Under Active Attack
Cyber attackers are actively setting their sights on unsecured SAP applications in an attempt to steal information and sabotage critical processes, according to new research. "Observed exploitation could lead in many cases to full control of the unsecured SAP application, bypassing common security and compliance controls, and enabling attackers to steal sensitive information, perform financial
https://thehackernews.com/2021/04/watch-out-mission-critical-sap.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

MITRE Madness: A Guide to Weathering the Upcoming Vendor Positioning Storm
April is usually a whirlwind month for the cybersecurity industry as it coincides with the release of the highly regarded and influential MITRE ATT&CK test results. The ATT&CK test measures cybersecurity platforms' abilities to detect and react to emulated, multistep attacks that can be used as a barometer of platform effectiveness.  This means that every cybersecurity vendor will be tripping
https://thehackernews.com/2021/04/mitre-madness-guide-to-weathering.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

WhatsApp flaw lets anyone lock you out of your account
An attacker can lock you out of the app using just your phone number and without requiring any action on your part The post WhatsApp flaw lets anyone lock you out of your account appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/04/13/whatsapp-flaw-lets-anyone-lock-you-out-account/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Clubhouse in the spotlight after user records posted online
Reports of another trove of scraped user data add to the recent woes of popular social media platforms The post Clubhouse in the spotlight after user records posted online appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/04/12/clubhouse-spotlight-user-records-posted-online/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Week in security with Tony Anscombe
Janeleiro banking trojan takes aim at Brazil – Lazarus deploys Vyveva backdoor in South Africa – The long shelf life of leaked data The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
https://www.welivesecurity.com/videos/week-security-tony-anscombe-119/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Data from 500 million LinkedIn accounts put up for sale
The treasure trove of data reportedly includes users' LinkedIn IDs, full names, email addresses, phone numbers and workplace information The post Data from 500 million LinkedIn accounts put up for sale appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/04/09/data-500million-linkedin-accounts-put-up-sale/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Does data stolen in a data breach expire?
Some personal information just doesn't age – here's what the Facebook data leak may mean for you The post Does data stolen in a data breach expire? appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/04/08/does-data-stolen-data-breach-expire/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

(Are you) afreight of the dark? Watch out for Vyveva, new Lazarus backdoor
ESET researchers discover a new Lazarus backdoor deployed against a freight logistics firm in South Africa The post (Are you) afreight of the dark? Watch out for Vyveva, new Lazarus backdoor appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/04/08/are-you-afreight-dark-watch-out-vyveva-new-lazarus-backdoor/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

million worth of gift cards stolen and sold on dark web
Easy to redeem and hard to trace, gift cards remain a hot commodity in the criminal underground The post million worth of gift cards stolen and sold on dark web appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/04/07/38million-worth-stolen-gift-cards-sold-dark-web/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Supply‑chain attacks: When trust goes wrong, try hope?
How can organizations tackle the growing menace of attacks that shake trust in software? The post Supply‑chain attacks: When trust goes wrong, try hope? appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/04/07/supply-chain-attacks-when-trust-goes-wrong-try-hope/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Janeleiro, the time traveler: A new old banking trojan in Brazil
ESET Research uncovers a new threat that targets organizations operating in various sectors in Brazil The post Janeleiro, the time traveler: A new old banking trojan in Brazil appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/04/06/janeleiro-time-traveler-new-old-banking-trojan-brazil/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Week in security with Tony Anscombe
PHP source code briefly backdoored – Prevent data loss before it's too late – The perils of owning a smart dishwasher The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
https://www.welivesecurity.com/videos/week-security-tony-anscombe-118/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Is your dishwasher trying to kill you?
Does every device in your home really need to be connected to the internet? And could your smart appliance be turned against you? The post Is your dishwasher trying to kill you? appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/04/01/is-your-dishwasher-trying-kill-you/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Are you prepared to prevent data loss?
From losing cherished memories to missing deadlines, the impact of not having backups when a data disaster strikes can hardly be overstated The post Are you prepared to prevent data loss? appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/03/31/are-you-prepared-prevent-data-loss/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Backdoor added to PHP source code in Git server breach
Had the incident gone unnoticed, the attackers could have taken over websites using the tainted code The post Backdoor added to PHP source code in Git server breach appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/03/30/backdoor-php-source-code-git-server-breach/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Apple rushes to patch zero‑day flaw in iOS, iPadOS
The bug is under active exploitation by unknown attackers and affects a wide range of devices, including iPhones, iPads and Apple Watches The post Apple rushes to patch zero‑day flaw in iOS, iPadOS appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/03/29/apple-rushes-patch-zero-day-flaw-ios-ipados/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Week in security with Tony Anscombe
Security and your right to repair – Scams offer fake COVID-19 vaccines and ask for Bitcoin – Jail time for a disgruntled IT contractor The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
https://www.welivesecurity.com/videos/week-security-tony-anscombe-117/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Warning issued over scams touting fake COVID‑19 vaccines, asking for Bitcoin
Money doesn't buy you happiness – cryptocurrency doesn't buy you a genuine COVID-19 vaccine The post Warning issued over scams touting fake COVID‑19 vaccines, asking for Bitcoin appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/03/25/warning-issued-scams-fake-covid19-vaccines-asking-bitcoin/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Vengeful IT worker gets jail time for deleting company's Microsoft user accounts
The company was left to deal with three months' worth of IT problems The post Vengeful IT worker gets jail time for deleting company's Microsoft user accounts appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/03/24/vengeful-it-worker-gets-jail-time-deleting-microsoft-user-accounts/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Almost billion lost to BEC scams in 2020
Nearly half of reported cybercrime losses in 2020 were the result of BEC fraud, according to an FBI report The post Almost billion lost to BEC scams in 2020 appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/03/23/almost-2billion-lost-bec-scams-2020/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

When repairing things you own may make you an outlaw
How do you balance the right to repair with the requirement to remain secure? The post When repairing things you own may make you an outlaw appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/03/23/when-repairing-things-own-make-outlaw/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

5 reasons why (not only) financial companies struggle with cybersecurity
Why do many organizations have a hard time keeping up with the evolving threat landscape and effectively managing their cyber-risks? The post 5 reasons why (not only) financial companies struggle with cybersecurity appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/03/22/5-reasons-not-only-financial-companies-struggle-cybersecurity/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Week in security with Tony Anscombe
A banking trojan masquerades as Clubhouse for Android – The implications of the Verkada breach – A zero-day patched in Chrome The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
https://www.welivesecurity.com/videos/week-security-tony-anscombe-116/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

7 steps to staying safe and secure on Twitter
Follow these easy steps to prevent your Twitter account from being hacked and to remain safe while tweeting The post 7 steps to staying safe and secure on Twitter appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/03/19/7-steps-staying-safe-secure-twitter/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Trust your surveillance? Why hacked cameras are very bad
When a breach captures a part of us that is unchangeable, does it mean that we have allowed technology to pry too deeply into our lives? The post Trust your surveillance? Why hacked cameras are very bad appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/03/19/trust-your-surveillance-why-hacked-cameras-are-very-bad/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

FBI: Cybercrime losses topped US.2 billion in 2020
The Bureau received over 28,000 reports of COVID-19-themed scams last year The post FBI: Cybercrime losses topped US.2 billion in 2020 appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/03/18/fbi-cybercrime-losses-topped-us42billion-2020/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Beware Android trojan posing as Clubhouse app
The malware can grab login credentials for more than 450 apps and bypass SMS-based two-factor authentication The post Beware Android trojan posing as Clubhouse app appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/03/18/beware-android-trojan-posing-clubhouse-app/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Google fixes Chrome zero‑day bug exploited in the wild
The latest update patches a total of five vulnerabilities affecting the browser's desktop versions The post Google fixes Chrome zero‑day bug exploited in the wild appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/03/16/google-fixes-chrome-zero-day-bug-exploited-wild/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

PayPal fraud: What merchants should know
From overpayment to shipping scams, what are some of the most common threats that merchants using PayPal should watch out for? The post PayPal fraud: What merchants should know appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/03/15/paypal-fraud-what-merchants-should-know/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Week in security with Tony Anscombe
ESET research into exploitation of Microsoft Exchange flaws – How smart sex toys may expose your privacy – E-health versus your personal data The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
https://www.welivesecurity.com/videos/week-security-tony-anscombe-115/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Sex in the digital era: How secure are smart sex toys?
ESET researchers investigate what could possibly go wrong when you connect your bedroom to the internet of things The post Sex in the digital era: How secure are smart sex toys? appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/03/11/sex-digital-era-how-secure-are-smart-sex-toys/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Exchange servers under siege from at least 10 APT groups
ESET Research has found LuckyMouse, Tick, Winnti Group, and Calypso, among others, are likely using the recent Microsoft Exchange vulnerabilities to compromise email servers all around the world The post Exchange servers under siege from at least 10 APT groups appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/03/10/exchange-servers-under-siege-10-apt-groups/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Online health security – when ‘opt out' isn't an option
What happens when you try to opt out of e-health to avoid issues in the event of a breach? The post Online health security – when ‘opt out' isn't an option appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/03/10/online-health-security-when-opt-out-isnt-option/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

WhatsApp may soon roll out encrypted chat backups
While chats are end-to-end encrypted, their backups are not – this may change soon The post WhatsApp may soon roll out encrypted chat backups appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/03/09/whatsapp-may-soon-roll-out-encrypted-chat-backups/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Women in cybersecurity: Gender gap narrows but not enough
The number of women joining the ranks of cybersecurity practitioners is steadily increasing, but a lot still needs to be done to close the gap The post Women in cybersecurity: Gender gap narrows but not enough appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/03/08/women-cybersecurity-gender-gap-narrows-but-not-enough/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Going dark: Service disruptions at stock exchanges and brokerages
Are you a bull or a bear? If you can't access your data and money, do your sentiments about the market still matter? The post Going dark: Service disruptions at stock exchanges and brokerages appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/03/08/going-dark-service-disruptions-stock-exchanges-brokerages/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Week in security with Tony Anscombe
Four zero-days patched in Microsoft Exchange Server – A tale about an unsophisticated criminal – Web trackers in a password manager app The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
https://www.welivesecurity.com/videos/week-security-tony-anscombe-114/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How ESET's work on SafetyNet® helps protect children online
For over a decade, ESET and the San Diego Police Foundation have been working together to help keep children safe from online threats The post How ESET's work on SafetyNet® helps protect children online appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/03/05/how-eset-work-safetynet-helps-protect-children-online/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Microsoft rushes out fixes for four zero‑day flaws in Exchange Server
At least one vulnerability is being exploited by multiple cyberespionage groups to attack targets mainly in the US, per ESET telemetry The post Microsoft rushes out fixes for four zero‑day flaws in Exchange Server appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/03/04/microsoft-fixes-four-exchange-server-zero-day-vulnerabilities/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cybersecurity risks and challenges facing the financial industry
A primer on various threats looming over financial companies and the steps that these organizations can take to counter them The post Cybersecurity risks and challenges facing the financial industry appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/03/04/cybersecurity-risks-challenges-facing-financial-industry/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Not all cybercriminals are sophisticated
Some perpetrators of online crime and fraud don't use advanced methods to profit at the expense of unsuspecting victims and to avoid getting caught The post Not all cybercriminals are sophisticated appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/03/03/not-all-cybercriminals-are-sophisticated/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Popular password manager in the spotlight over web trackers
While the trackers in LastPass's Android app don't collect any personal data, the news may not sit well with some privacy-minded users The post Popular password manager in the spotlight over web trackers appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/03/01/popular-password-manager-spotlight-web-trackers/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Week in security with Tony Anscombe
Privacy bug in Brave browser – Clubhouse audio streamed to external website – Protecting children from cyberbullying in COVID-19 era The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
https://www.welivesecurity.com/videos/week-security-tony-anscombe-113/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Oxford University COVID‑19 lab hacked
Neither clinical research into the coronavirus nor any patient data were affected by the incident The post Oxford University COVID‑19 lab hacked appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/02/26/oxford-university-covid19-laboratory-hack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Safeguarding children against cyberbullying in the age of COVID‑19
As screen time has increased, so has the risk of cyberbullying. What you can do to help protect your children from online harassment? The post Safeguarding children against cyberbullying in the age of COVID‑19 appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/02/26/safeguarding-children-cyberbullying-covid19/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Championing worthy causes: How ESET gives a helping hand
A snapshot of some of the ways ESET makes an impact supporting the well-being of people, communities and the environment The post Championing worthy causes: How ESET gives a helping hand appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/02/26/championing-worthy-causes-how-eset-gives-helping-hand/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Facebook ramps up fight against child abuse content
Two new tools will warn users about the risks of searching for and sharing content that exploits children, including the potential legal consequences of doing so The post Facebook ramps up fight against child abuse content appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/02/25/facebook-fight-child-abuse-content/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Google's Password Checkup tool rolling out to Android devices
People who use devices running Android 9 or newer will be alerted if their login credentials have been stolen The post Google's Password Checkup tool rolling out to Android devices appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/02/24/google-password-checkup-android-devices/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Clubhouse chats streamed to third‑party website
The incident raises concerns about the privacy and security of conversations taking place on the platform The post Clubhouse chats streamed to third‑party website appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/02/23/clubhouse-chats-streamed-third-party-website/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Brave browser's Tor mode exposed users' dark web activity
A bug in the ad blocking component of Brave's Tor feature caused the browser to leak users' DNS queries The post Brave browser's Tor mode exposed users' dark web activity appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/02/22/brave-browser-tor-mode-exposed-dark-web-activity/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Week in security with Tony Anscombe
Avoid COVID-19 vaccine fraud and hoaxes – Romance scams cause record-high losses – Exaramel in the spotlight after attacks in France The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
https://www.welivesecurity.com/videos/week-security-tony-anscombe-112/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

TDoS attacks could cost lives, warns FBI
Both hacktivists and extortionists have used telephony denial-of-service attacks as a way to further their goals The post TDoS attacks could cost lives, warns FBI appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/02/19/tdos-attacks-could-cost-lives-warns-fbi/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacker Spotlight AMA: niemand_sec
Pentester, independent consultant and bug hunter, @niemand_sec is featured in this week's edition of Hacker Spotlights.
https://www.hackerone.com/blog/hacker-spotlight-ama-niemandsec
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Security@ 2021 Call for Speakers is Open
HackerOne's global hacker-powered security conference, Security@, is back for its fifth year. This year's virtual event will take place September 20, 2021. The call for speakers is now open! You have until May 15, 2021, to submit your talk.
https://www.hackerone.com/blog/security-2021-call-speakers-open
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacker Spotlight: Interview with edduu
Latin America hacker, @edduu shares his in-depth thinking on how to maximize reports for larger bounty earnings and what it means to be a hacker in Latin America.
https://www.hackerone.com/blog/hacker-spotlight-interview-edduu
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Rise of IDOR
Insecure Direct Object References (or IDOR) is a simple bug that packs a punch. Discover where they're most common, explore real-world examples, and learn prevention tips from hackers.
https://www.hackerone.com/blog/rise-idor
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacker Spotlight: Interview with manoelt
Brazillian CTF player and hacker, @maneolt is featured in this week's Hacker Spotlight.
https://www.hackerone.com/blog/hacker-spotlight-interview-manoelt
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacker Spotlight: Interview with p3rr0
Latin America based hacker, @p3rr0 shares his story from not knowing about bug bounties to making an income.
https://www.hackerone.com/blog/hacker-spotlight-interview-p3rr0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

PayPal is our Virtual Pal
HackerOne's second virtual live hacking event with event partners, PayPal to share experiences from the event.
https://www.hackerone.com/blog/paypal-our-virtual-pal
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacker Spotlight: Interview with Samux
Hacker from Santiago, Chile shares his journey in pentesting and bug bounties in this edition of Hacker Spotlights.
https://www.hackerone.com/blog/hacker-spotlight-interview-samux
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Discovering Three Personas within the Hacker Community
With over one million hackers making up the HackerOne community, there's more diversity of skill, approach, and personality than any security team in the world. At the launch of the 2021 Hacker Report, we catch up with three hackers, representing three very different approaches to hacking: the pentester, the VDP hacker and the bounty hunter.
https://www.hackerone.com/blog/discovering-three-personas-within-hacker-community
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacker Spotlight: Interview with bugdiscloseguys
Your neighborhood hacker as he claims himself, @bugdiscloseguys is featured in this week's Hacker Spotlight blog post series.
https://www.hackerone.com/blog/hacker-spotlight-interview-bugdiscloseguys
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Commerce Giant Shopify Kicks Off 2021 with HackerOne (Virtual) Live Hacking Event: h1-2102
HackerOne's first virtual live hacking event of the year kicked off with Shopify in January 2021. Read this blog post to learn more about how Shopify builds relationships with hackers through live events like h1-2102, and find out who the award winners are.
https://www.hackerone.com/blog/commerce-giant-shopify-kicks-2021-hackerone-virtual-live-hacking-event-h1-2102
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacker Spotlight: Interview with Geekboy
“Always be curious about what you're trying to learn.” @Geekboy is featured in this week's Hacker Spotlight sharing his background and insights on hacking and bug bounties.
https://www.hackerone.com/blog/hacker-spotlight-interview-geekboy
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Rise of Misconfiguration and Supply Chain Vulnerabilities
The vulnerability of supply chains has been top of mind since the SolarWinds attack, which still dominates headlines, but last week's Singtel breach also reflects the rise of breaches triggered by misconfiguration vulnerabilities.
https://www.hackerone.com/blog/rise-misconfiguration-and-supply-chain-vulnerabilities
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacker Spotlight: Interview with dkd
This week's hacker spotlight features @dkd, a generally private hacker who was excited to share his experience!
https://www.hackerone.com/blog/hacker-spotlight-interview-dkd
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacker Spotlight: Interview with notnaffy
Entrepreneur and hacker, @notnaffy talks about his journey in hacking through the years and his methodologies. Read this epic Q&A in this week's hacker spotlights!
https://www.hackerone.com/blog/hacker-spotlight-interview-notnaffy
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

2020 Hacker Community Year in Review
From CTF's to virtual live hacking events and more, check out this recap of the initiatives HackerOne hosted for the hacker community in 2020.
https://www.hackerone.com/blog/2020-hacker-community-year-review
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacker Spotlight: Interview with hazimaslam
This week's hacker spotlight, we virtually travel to Pakistan to get to know @hazimaslam and how he hacks and his motivations to continue hacking.
https://www.hackerone.com/blog/hacker-spotlight-interview-hazimaslam
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Announcing The Hacker of The Hill

https://www.hackerone.com/blog/announcing-hacker-hill
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacker Spotlight: Interview with pnig0s
Detailed, meticulous and precise. @pnig0s shares his hacking style and successes from his bug bounty experience in this latest Hacker Spotlight.
https://www.hackerone.com/blog/hacker-spotlight-interview-pnig0s
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

5 Learnings From A Conversation With OP Financial Group's CISO And @mrtuxracer
On 20 January, HackerOne's CEO, Marten Mickos, sat down for a chat with European hacker, Julien Ahrens a.k.a @mrtuxracer, and Teemu Ylhäisi, CISO at OP Financial Group. The discussion ranged from the recent SolarWinds attacks to the best way to prevent phishing. Here are our top takeaways from the webinar.
https://www.hackerone.com/blog/5-learnings-conversation-op-financial-groups-ciso-and-mrtuxracer
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacker Spotlight: Interview with filedescriptor
“It's challenging and rewarding, and I get to help companies become more secure. It's challenging and rewarding, and I get to help companies become more secure.” Read this week's Hacker Spotlight on filedescriptor.
https://www.hackerone.com/blog/hacker-spotlight-interview-filedescriptor
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacker Spotlight: Interview with samengmg
Read about @samengmg and his self-taught bug bounty experience hacking the Singaporean government and huge global corporations.
https://www.hackerone.com/blog/hacker-spotlight-interview-samengmg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

LINE on Securing the Application Development Lifecycle with Bug Bounties
HackerOne has a large hacker community and the platform necessary to operate LINE's bug bounty program. By using HackerOne's platform and welcoming the community, LINE can increase operational efficiency. Through the partnership with HackerOne, we can share new bugs and learn from the vulnerability trends on the Platform while also getting a guide that helps us create a successful bug bounty program.
https://www.hackerone.com/blog/line-securing-application-development-lifecycle-bug-bounties
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What Years of AWS Hacking Tells Us About Building Secure Apps
Years of AWS bug bounties have exposed SSRF vulnerabilities, misconfigurations, and dangling DNS records. What can we learn from these vulnerabilities about mitigating risk?
https://www.hackerone.com/blog/what-years-aws-hacking-tell-us-about-building-secure-apps
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacker Spotlight: Interview with jin0ne
We kick off this year's hacker spotlight with @jin0ne from Shanghai with over 200 valid vulnerabilities submitted. Read more about him in this newest blog post.
https://www.hackerone.com/blog/hacker-spotlight-interview-jin0ne
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacker Spotlight: Interview with benteveo
From developer to founder, father and hacker, read about this week's hacker spotlight on @benteveo.
https://www.hackerone.com/blog/hacker-spotlight-interview-benteveo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Grab Celebrates 5 Years on HackerOne
"Just five years ago, leading rideshare, food delivery, and payments company Grab, became one of the first companies in Southeast Asia to implement a hacker-powered security program. In just three years Grab became one of the Top 20 bug bounty programs on HackerOne worldwide."
https://www.hackerone.com/blog/grab-celebrates-5-years-hackerone
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

HackerOne Policies Update
HackerOne's Policies Received Updates - check them out now!
https://www.hackerone.com/blog/hackerone-policies-update
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The World's Largest Live Hacking Event
HackerOne and The Paranoids partnered to bring you the largest live hacking event in the world
https://www.hackerone.com/blog/worlds-largest-live-hacking-event
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacker Spotlight: Interview with tolo7010
Tolo7010 takes the hacker spotlight this week - learn about his story.
https://www.hackerone.com/blog/hacker-spotlight-interview-tolo7010
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Quantifying Risk: How do you measure success in security?
When your job is all about avoiding costly incidents and mistakes, it's hard to put a dollar value on your work. At HackerOne's recent Security@ conference, Slack and Hyatt's CISOs sat down for a chat about their challenges and the hacks they use to quantify risk:
https://www.hackerone.com/blog/quantifying-risk-how-do-you-measure-success-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

12 Days of Hacky Holidays CTF

https://www.hackerone.com/blog/12-days-hacky-holidays-ctf
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

VDPs are at the Heart of the Australian Cyber Security Centre's Recommendations

https://www.hackerone.com/blog/vdps-are-heart-australian-cyber-security-centres-recommendations
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacker Spotlight: Interview with jensec
Security and finance enthusiast, @jensec is featured in this week's hacker spotlight talking about his passion for cybersecurity and why he hacks.
https://www.hackerone.com/blog/hacker-spotlight-interview-jensec
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

HackerOne Joins AWS Marketplace as Cloud Vulnerabilities Rise
HackerOne reveals the most common and critical vulnerabilities found in cloud infrastructure and announces its debut in AWS Marketplace.
https://www.hackerone.com/blog/hackerone-joins-aws-marketplace-cloud-vulnerabilities-rise
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Announcing the HackerOne Brand Ambassadors
Announcing the first group of Hacker Brand Ambassadors who will lead hackers in their local area.
https://www.hackerone.com/blog/announcing-hackerone-brand-ambassadors
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacker Spotlight: Interview with bagipro
Take a look in this week's hacker spotlight on @bagipro, bug bounty hunger and founder of Oversecured.
https://www.hackerone.com/blog/hacker-spotlight-interview-bagipro
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

US Government Mandates Vulnerability Disclosure for IoT

https://www.hackerone.com/blog/us-government-mandates-vulnerability-disclosure-iot
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacker Spotlight: Interview with insiderphd
PhD Student and bug bounty hunter Katie Paxton-Fear talks about her story of defense and security starting with the first time we met her in London.
https://www.hackerone.com/blog/hacker-spotlight-interview-insiderphd
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacker Spotlight: Interview with fisher
Half hacker, half daydreamer @fisher shares his insight as a hacker - how he got here, what he hacks on and why he does it.
https://www.hackerone.com/blog/hacker-spotlight-interview-fisher
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Announcing new leaderboards: More ways to engage, compete and win

https://www.hackerone.com/blog/announcing-new-leaderboards-more-ways-engage-compete-and-win
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacker Spotlight: Interview with putsi
Finnish hacker, putsi, takes on this week's hacker spotlight sharing how he got into cybersecurity.
https://www.hackerone.com/blog/hacker-spotlight-interview-putsi
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

HackerOne is Excited to Launch Triage Ratings for Customers and Hackers

https://www.hackerone.com/blog/hackerone-excited-launch-triage-ratings-customers-and-hackers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

NIST Overhauls “Security and Privacy Controls” and Emphasizes VDP as a Best Practice

https://www.hackerone.com/blog/nist-overhauls-security-and-privacy-controls-publication-heres-what-you-need-know
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacker Spotlight: Interview with yassineaboukir
This week's hacker spotlight showcases Yassine Aboukir who doesn't stop adventure both on his computer and his life.
https://www.hackerone.com/blog/hacker-spotlight-interview-yassineaboukir
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Snap's Security Team on Nearly 6 Years of Collaborating with Hackers

https://www.hackerone.com/blog/snaps-security-team-nearly-6-years-collaborating-hackers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Organizations Paid Hackers .5 Million for These 10 Vulnerabilities in One Year
HackerOne report reveals cross-site scripting, improper access control, and information disclosure top list of most common and impactful vulnerabilities
https://www.hackerone.com/blog/organizations-paid-hackers-235-million-these-10-vulnerabilities-one-year-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacker Spotlight: Interview with MrTuxRacer
German hacker, Julien Ahrens or @mrtuxracer tells us how he got started in security and what it's like to be a full time bug bounty hunter.
https://www.hackerone.com/blog/hacker-spotlight-interview-mrtuxracer
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

HackerOne Expands Integrations Ecosystem to Connect and Defend Customers

https://www.hackerone.com/blog/hackerone-expands-integrations-ecosystem-connect-and-defend-customers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacker Spotlight: Interview with inhibitor181
From a full-stack developer to a million-dollar hacker, read this week's hacker spotlight of @inhibitor181 and his motivating story.
https://www.hackerone.com/blog/hacker-spotlight-interview-inhibitor181
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacker Spotlight: Interview with arneswinnen
Read this week's Hacker Spotlight featuring Belgium @arneswinnen on how he became a full time bug bounty hunter and why he hacks for good.
https://www.hackerone.com/blog/hacker-spotlight-interview-arneswinnen
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

HackerOne Integrates with ServiceNow to Streamline Vulnerability Lifecycle Management
We're excited to announce our integration with ServiceNow Incident Management. This integration allows customers to escalate vulnerability reports with ServiceNow incidents and synchronize any updates in the vulnerability workflow that happen in ServiceNow or HackerOne.
https://www.hackerone.com/blog/hackerone-integrates-servicenow-streamline-vulnerability-lifecycle-management
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacker Spotlight: Interview with albinowax
We hear from PortSwigger's Director of Research on why he enjoys hacking.
https://www.hackerone.com/blog/hacker-spotlight-interview-albinowax
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AT&T Celebrates Million Awarded to Hackers in One Year
AT&T recently celebrated its first anniversary on HackerOne, passing million in payouts to more than 850 researchers worldwide. Read on to learn more about their program and successes over the last year.
https://www.hackerone.com/blog/att-celebrates-1-million-awarded-hackers-one-year
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacker Spotlight: Interview with ajxchapman
From pentester to full time bug bounty hunter, read about @ajxchapman and his story behind hacking.
https://www.hackerone.com/blog/hacker-spotlight-interview-ajxchapman
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Introducing the 4th Annual Hacker-Powered Security Report

https://www.hackerone.com/blog/introducing-4th-annual-hacker-powered-security-report
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

H1-2010 FAQ's
FAQ's from HackerOne's biggest virtual live hacking event with The Paranoids from Verizon Media, H1-2010.
https://www.hackerone.com/blog/h1-2010-faqs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacker Spotlight: Interview with bitK
Puzzle master and bug bounty hunter @bitK is featured on this week's Hacker Spotlight to share his story.
https://www.hackerone.com/blog/hacker-spotlight-interview-bitk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Vulnerability Disclosure is Now Mandatory for Federal Agencies - Here's How to Make it Happen

https://www.hackerone.com/blog/federal-agencies-directed-quickly-publish-vdps-5-steps-make-it-happen-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Smartsheet Celebrates One Year with HackerOne
To mark Smartsheet's one-year anniversary with HackerOne, we sat down with Nolan Gibb, Information Security Engineer at Smartsheet, to discuss how bug bounties enable his team to scale and collaborate with software developers to create more secure products.
https://www.hackerone.com/blog/smartsheet-celebrates-one-year-hackerone-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

HackerOne Rolls Out Pentest Review System for Customers and Pentesters

https://www.hackerone.com/blog/hackerone-rolls-out-pentest-review-system-customers-and-pentesters
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacker Spotlight: Interview with honoki
Bug bounty hunter and security consultant Pieter or @honoki is featured on this week's Hacker Spotlight to talk about programs and what makes them exciting.
https://www.hackerone.com/blog/hacker-spotlight-interview-honoki
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Are Election Hacking Fears Driving Voters To The Polls?
If people fear that the American electoral infrastructure could be hacked, will they withhold their votes in November? Not according to research commissioned by HackerOne.
https://www.hackerone.com/blog/are-election-hacking-fears-driving-voters-polls
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacker Spotlight: Interview with dki
Mobile security research engineer and bug bounty hacker Dawn Isabel is featured in this week's Hacker Spotlight.
https://www.hackerone.com/blog/hacker-spotlight-interview-dki
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacker Spotlight: Interview with mayonaise
@mayonaise is the embodiment of our rallying cry to hack for good. Read this week's Hacker Spotlight AMA blog post about Jon Colston's impact on the world of bug bounties.
https://www.hackerone.com/blog/hacker-spotlight-interview-mayonaise
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Become a HackerOne Brand Ambassador
Announcing the Hacker Brand Ambassador Program: lead hackers in your city, get exclusive perks, further your career.
https://www.hackerone.com/blog/become-hackerone-brand-ambassador
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

National University of Singapore Taps Students to Hack for Good
In an inaugural InterUni Bug Bounty Challenge jointly organized by the National University of Singapore (NUS) and Singapore Management University (SMU) from 12 August to 9 September 2020, students and staff from the two universities will get to hone their hacking skills by looking for vulnerabilities (or ‘bugs') across the digital assets of their respective universities in exchange for monetary rewards, or bounties. To kick off the InterUni Bug Bounty Challenge, we sat down with NUS Chief Information Technology Officers Tommy Hor to learn more about the Challenge, why cybersecurity is so important to educational institutions like NUS, and more.
https://www.hackerone.com/blog/national-university-singapore-taps-students-hack-good
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Recap of h@cktivitycon 2020
HackerOne's first-ever hacker conference, h@cktivitycon streamed from Twitch on Friday, July 31st - August 1st, 2020 recapped in this blog post.
https://www.hackerone.com/blog/recap-hcktivitycon-2020
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacker Spotlight: Interview with todayisnew
Hear from the top hacker ranked number 1 on the all-time HackerOne leaderboard, @todayisnew in this week's Hacker Spotlight AMA Blog Post.
https://www.hackerone.com/blog/hacker-spotlight-interview-todayisnew
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacker Spotlight: Interview with dawgyg
Million dollar hacker, @dawgyg answers this week's Q&A on his thoughts behind bug bounties.
https://www.hackerone.com/blog/hacker-spotlight-interview-dawgyg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Adobe and HackerOne Celebrate Five Years of Continued Collaboration
To celebrate five years with HackerOne, we sat down with Adobe's Senior Security Program Manager Pieter Ockers to discuss how their program has evolved over the last five years and the role that hacker-powered security, both bug bounties and response programs, plays into their overall security strategy. 
https://www.hackerone.com/blog/adobe-and-hackerone-celebrate-five-years-continued-collaboration
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

COVID Confessions of a CISO
The COVID-19 crisis has shifted life online. As companies rush to meet remote work requirements and customer demands for digital services, attack surfaces have dramatically expanded, leaving security teams stretched thin and not staffed to cope. HackerOne dug into this concept to identify COVID-19 impacts on security and business. Read on for our findings.
https://www.hackerone.com/blog/covid-confessions-ciso
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Security Engineers by Day, Hackers by Night – An Interview with Two of Singapore's Top Ethical Hackers

https://www.hackerone.com/blog/security-engineers-day-hackers-night-interview-two-singapores-top-ethical-hackers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacker Spotlight: Interview with Ziot
Challenge and puzzle connoisseur is on this week's Hacker Spotlights. Read his story on this AMA blog post.
https://www.hackerone.com/blog/hacker-spotlight-interview-ziot
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Human vs. Machine: Three-Part Virtual Series on the Human Element of AppSec

https://www.hackerone.com/blog/man-vs-machine-three-part-virtual-series-human-element-appsec
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Securing video streaming in sub-Saharan Africa
Maintaining a video streaming service across the whole of Africa is challenge enough, without the added pressure of potential security issues. Showmax turns to hackers to secure their customer data and protect the security of their shows and movies.
https://www.hackerone.com/blog/securing-video-streaming-sub-saharan-africa
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacker Spotlight: Interview with cdl
cdl: student, researcher, bug hunter and founder. Read this week's Hacker Spotlight AMA on why and how cdl hacks for good.
https://www.hackerone.com/blog/hacker-spotlight-interview-cdl
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Security@ 2020 Call for Speakers is Open
HackerOne's global hacker-powered security conference, Security@, is back for its fourth year. This year's virtual event will take place October 20-22, 2020. The call for speakers is now open! You have until August 21, 2020, to submit your talk.
https://www.hackerone.com/blog/security-2020-call-speakers-open
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Costa Coffee prepares for global expansion with bug bounty program
As the coffee chain prepares for global expansion, Costa Coffee joins the likes of Hyatt, Deliveroo, and Zomato in launching its first private bug bounty program. Costa Coffee will shore up its digital defenses using the combined expertise and experience of HackerOne's hacker community.
https://www.hackerone.com/blog/costa-coffee-prepares-global-expansion-bug-bounty-program
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

A Warm Welcome To Our New SVP of Customer Success
We are delighted to announce that Amanda Berger — former Chief Customer Officer at Lucidworks — has joined HackerOne as our new SVP of Customer Success. In this article, Amanda introduces herself and shares what she hopes to achieve at HackerOne.
https://www.hackerone.com/blog/warm-welcome-our-new-svp-customer-success
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacker Spotlight: Interview with zlz
This week's Hacker Spotlight on zlz, the hacker who started at 12 years old and is now a successful security consultant and professional.
https://www.hackerone.com/blog/hacker-spotlight-interview-zlz
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Pentesting basics video series launched on Hacker101
Learn the basics of pentesting to further your career and develop core competencies required in one of the hottest job markets in cybersecurity: Penetration testing.
https://www.hackerone.com/blog/pentesting-basics-video-series-launched-hacker101
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cybersecurity Vendor Consolidation: Securing More with Less
Discover how hacker-powered security solutions can help identify the gaps and consolidate point-solution tools into a single platform for easier management and measured ROI.
https://www.hackerone.com/blog/cybersecurity-vendor-consolidation-securing-more-less
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Visma's Ioana Piroska on Securing the Development Lifecycle Through Bug Bounties
Having recently taken their bug bounty program public, we caught up with Visma Security Analyst Ioana Piroska about the program's results so far and Visma's plans for the future.
https://www.hackerone.com/blog/vismas-ioana-piroska-securing-development-lifecycle-through-bug-bounties
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacker Spotlight: Interview with hogarth45
From a bug hunting hobby to a security engineer, hogarth45 has hacked his way into a career in cybersecurity. Read this week's hacker spotlight blog post with hogarth45.
https://www.hackerone.com/blog/hacker-spotlight-interview-hogarth45
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Pentesting Beyond Compliance: A Tool to Improve Your Security Posture

https://www.hackerone.com/blog/pentesting-beyond-compliance-tool-improve-your-security-posture
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Meet APAC Hacker @jin0ne: A Next Generation Cyber Defender
Meet @jin0ne, 20-year old hacker from Asia Pacific, a region experiencing a cybersecurity talent shortfall of 2.6 million. Thanks to the rise of bug bounty programs, ethical hackers like @jin0ne are helping to fill the gap.
https://www.hackerone.com/blog/meet-apac-hacker-jin0ne-next-generation-cyber-defender
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacker Spotlight: Interview with rijalrojan
This week's Hacker Spotlight is rijalrojan, a California State University Fullerton student with an extensive background in hacking. He shares his perspective on programs
https://www.hackerone.com/blog/hacker-spotlight-interview-rijalrojan
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacker Spotlight: Interview with meals
Hacker Spotlight is a weekly AMA with a new hacker. This week, we hear from meals on his career and hobby in hacking.
https://www.hackerone.com/blog/hacker-spotlight-interview-meals
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What Juneteenth Means at HackerOne

https://www.hackerone.com/blog/what-juneteenth-means-hackerone
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Reputation, Signal & Impact Calculation Enhancements
Reputation, Signal and Impact changes and how this will affect hacker stats going forward.
https://www.hackerone.com/blog/reputation-signal-impact-enhancements-whats-changing-and-why-it-matters
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Mail.ru Group pays out over million in bounties

https://www.hackerone.com/blog/mailru-group-pays-out-over-1-million-bounties
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Mayonaise Joins The Ranks of The Seven-Figure-Earning Hackers
Congratulations to @mayonaise, the ninth hacker to earn Million hacking for good on the HackerOne platform! Read on for more about his unique approach, focus, and journey to being one of the top hackers in the world.
https://www.hackerone.com/blog/mayonaise-joins-ranks-seven-figure-earning-hackers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacker Spotlight: Interview with randomdeduction
Hacker Spotlight is a weekly AMA with a new hacker. This week, randomdeduction takes the spotlight to share her journey.
https://www.hackerone.com/blog/hacker-spotlight-interview-randomdeduction
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Celebrating Pride at HackerOne

https://www.hackerone.com/blog/celebrating-pride-hackerone
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What to Look For in a Penetration Testing Company
Penetration testing is one of the most widely used techniques to comply with security regulations and protect network and computing systems and users. Hacker-powered penetration tests are emerging as a more cost-effective way to harden applications. With HackerOne Challenge, selected hackers from our community are invited to find vulnerabilities in your systems, and you only pay for the verified vulnerabilities found.
https://www.hackerone.com/blog/What-Look-Penetration-Testing-Company-0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Announcing the PlayStation Bug Bounty Program
Today, PlayStation launched a public bug bounty program on HackerOne because the security of their products is a fundamental part of creating amazing experiences for the PlayStation community. Read on to learn more about their program, bounties, and more.
https://www.hackerone.com/blog/announcing-playstation-bug-bounty-program-0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacker Spotlight: Interview with Corb3nik
Hacker Spotlight is a weekly AMA with a new hacker. Corb3nik takes the spotlight to share his journey.
https://www.hackerone.com/blog/hacker-spotlight-interview-corb3nik
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Juneteenth: HackerOne's Day for Action

https://www.hackerone.com/blog/juneteenth-hackerones-day-action
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Scaling & Prioritizing Product Security with Zendesk
In a recent virtual roundtable, we sat down with Scott Reed, Senior Manager of Product Security at Zendesk, to discuss how they incorporate bug bounties throughout their product security strategy and scaling security at a high-growth organization. Take a look at some of the highlights of our conversation below.
https://www.hackerone.com/blog/scaling-prioritizing-product-security-zendesk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Q & A With Singaporean Hacker @Kactros_n
Meet @kactros_n, a Singaporean hacker and top 3 on the recent GovTech bug bounty program. He is known for his rare bug findings, including a side channel timing attack.
https://www.hackerone.com/blog/q-singaporean-hacker-kactrosn
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacking the Singapore Government: Q&A with Hacker Personality Samuel Eng
Meet @samengmg, a Singaporean hacker and top 3 on the recent GovTech Bug Bounty program. In this blog, he discusses how ethical hacking is gaining recognition as a viable career choice that is both niche and desirable.
https://www.hackerone.com/blog/hacking-singapore-government-qa-hacker-personality-samuel-eng-singapore
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How does Pentesting fit into your overall security strategy?
As digital technologies and data transform the way business gets done, a cybersecurity strategy is fundamental in helping your company save time and money while protecting your brand. How should organizations think about penetration testing within their overall security strategy?
https://www.hackerone.com/blog/how-does-pentesting-fit-your-overall-security-strategy
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacker Spotlight: Interview with Cache-Money
Hacker Spotlight is a weekly AMA with a new hacker. This week we hear from cache-money!
https://www.hackerone.com/blog/hacker-spotlight-interview-cache-money
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

h1-2006 CTF
h1-2006 CTF Winner Announcement
https://www.hackerone.com/blog/h1-2006-ctf
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacker Spotlight: Interview with alyssa_herrera
Hacker Spotlight is a weekly AMA with a new hacker. This week we hear from alyssa_herrera on her journey and perspective!
https://www.hackerone.com/blog/hacker-spotlight-interview-alyssaherrera
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Crowdsourcing Racial Justice and Equality

https://www.hackerone.com/blog/crowdsourcing-racial-justice-and-equality
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

There is no room for racism or inequality here.
At HackerOne we say No to racism. We are here to democratize opportunity across the world. We believe in the aspirations and possibilities of every human being. Hacker-powered security is proof that by working together across all boundaries we accomplish what otherwise would remain unachievable.
https://www.hackerone.com/blog/there-no-room-racism-or-inequality-here
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

100 Hacking Tools and Resources
As part of our 0 Million in bounties celebration, we want to share a list of 100 tools and resources that will help hackers continue hacking!
https://www.hackerone.com/blog/100-hacking-tools-and-resources
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Journey in Data: HackerOne Hits 100 Million Dollars in Bounties
Yesterday, hackers on HackerOne hit a major milestone: they have earned a total of 0 million in bounties over the past 8 years, with nearly half in the past year alone! Let's take a look at some of the numbers that have taken us to the 0 million milestone.
https://www.hackerone.com/blog/journey-data-hackerone-hits-100-million-dollars-bounties
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

0 Million Paid - One Billion in Sight for Hackers
Today we celebrate with all our hackers the phenomenal milestone of a hundred million dollars in bounties. Hack for Good! Yet we should know that we are only getting going. The digital world is not safe and secure yet. Much more work awaits us. We have one hundred million more bugs to find.
https://www.hackerone.com/blog/100-million-paid-one-billion-sight-hackers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Thanks For Being Part Of The Journey to 0 Million in Bounties!
Reaching 0 Million in bounties is a reason to celebrate what this community has achieved. It also gave us a chance to reflect on the journey to this point and the enduring values that will get us to the next milestone.
https://www.hackerone.com/blog/thanks-being-part-journey-100-million-bounties
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

10 Ways to Hack Your “New Normal” Workweek
As a company inspired by hackers, HackerOne is taking this unique time to hack our programs to provide our people with additional support to ensure the wellbeing of all Hackeronies and their families. Here's a peek at the fun programs and perks we've implemented at HackerOne based on input from our people.
https://www.hackerone.com/blog/10-ways-hack-your-new-normal-workweek
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How Federal Agencies Use Vulnerability Disclosure Policies to Level Up Security

https://www.hackerone.com/blog/how-federal-agencies-use-vulnerability-disclosure-policies-level-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Security by the People: Announcing HackerOne's FedRAMP Authorization
Since 2016, we've been proud to help secure critical U.S. Department of Defense and GSA applications. As we achieve FedRAMP Tailored Authorization, we are excited to expand this important work.
https://www.hackerone.com/blog/security-people-announcing-hackerones-fedramp-authorization
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Stay Ahead of Threats With Hacker-Powered Retesting
Introducing Hacker-Powered Retesting! Retesting is designed to scale with capabilities to keep your critical assets safe from increasingly sophisticated attacks.
https://www.hackerone.com/blog/stay-ahead-threats-hacker-powered-retesting
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

PayPal on Creating Strong Relationships with Security Researchers

https://www.hackerone.com/blog/paypal-creating-strong-relationships-security-researchers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hackers take on San Francisco for the 4th Year in a Row
HackerOne hosted its first flagship event of the year with Verizon Media in San Francisco.
https://www.hackerone.com/blog/hackers-take-san-francisco-4th-year-row
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Shopify Celebrates 5 Years on HackerOne

https://www.hackerone.com/blog/shopify-celebrates-5-years-hackerone
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hackweek: An insider's look at HackerOne culture

https://www.hackerone.com/blog/hackweek-insiders-look-hackerone-culture
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Slack Increases Bounty Minimums For the Next 90 Days

https://www.hackerone.com/blog/slack-increases-bounty-minimums-next-90-days
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Live Hacking Goes Virtual

https://www.hackerone.com/blog/live-hacking-goes-virtual
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hack for Good: Easily Donate Bounties to WHO's COVID-19 Response Fund
Collaboration and bounty splitting have been possible for years, and now you can easily donate bounties by adding the user “hackforgood” as a collaborator to a report submission on HackerOne.
https://www.hackerone.com/blog/hack-good-easily-donate-bounties-whos-covid-19-response-fund
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Six years of the GitHub Security Bug Bounty program

https://www.hackerone.com/blog/six-years-github-security-bug-bounty-program
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Live hacking the U.S. Air Force, UK Ministry of Defence and Verizon Media in Los Angeles at h1-213
HackerOne hosted its final flagship live hacking event of 2019 in Los Angeles, CA
https://www.hackerone.com/blog/live-hacking-us-air-force-uk-ministry-defence-and-verizon-media-los-angeles-h1-213
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

My Career Just Got Hacked: Rana Robillard Joins HackerOne

https://www.hackerone.com/blog/my-career-just-got-hacked-rana-robillard-joins-hackerone
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Live Hacking Events | 2019 Recap and the Road Ahead
A look at where we've been and where we're going in 2020...
https://www.hackerone.com/blog/live-hacking-events-2019-recap-and-road-ahead
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Q&A with Hacker Personality Shivam Vashisht

https://www.hackerone.com/blog/qa-hacker-personality-shivam-vashisht
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Confessions of European CISOs
Ever wondered what's been keeping your CISO up at night? Well, wonder no more. We did some research to find out what worries European CISOs who are tasked with shoring up their digital infrastructure.
https://www.hackerone.com/blog/confessions-european-cisos
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

LINE Security Bug Bounty Program Report 2019

https://www.hackerone.com/blog/line-security-bug-bounty-program-report-2019-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

#AndroidHackingMonth Q&A With Android Hacker bagipro
Mobile hacking has become an essential part of the bug bounty hunter's tool belt, and no one knows the space better than Android hacker bagipro.
https://www.hackerone.com/blog/AndroidHackingMonth-qa-with-bagipro
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Todayisnew Crosses M in Bounties at h1-415 in San Francisco
This past Friday at h1-415 — HackerOne's first live hacking event of the year — todayisnew became the eighth hacker to join the ranks of seven-figure-earning hackers.
https://www.hackerone.com/blog/todayisnew-crosses-1m-bounties-h1-415-san-francisco
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Congratulations, Cosmin! The world's seventh million-dollar bug bounty hacker
The ranks of seven-figure-earning hackers have now risen to eight. Meet @inhibitor181 — the world's seventh million-dollar bug bounty hacker.
https://www.hackerone.com/blog/congratulations-cosmin-worlds-seventh-million-dollar-bug-bounty-hacker
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Dropbox bug bounty program has paid out over ,000,000

https://www.hackerone.com/blog/dropbox-bug-bounty-program-has-paid-out-over-1000000
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hyatt Celebrates its First Anniversary on HackerOne

https://www.hackerone.com/blog/hyatt-celebrates-its-first-anniversary-hackerone
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

#AndroidHackingMonth: Introduction to Android Hacking by @0xteknogeek

https://www.hackerone.com/blog/androidhackingmonth-intro-to-android-hacking
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Guess what's coming!? #AndroidHackingMonth on @Hacker0x01
February is Android Hacking Month! That means new resources, new CTFs, and, of course, swag. Learn more about how to get involved.
https://www.hackerone.com/blog/AndroidHackingMonth
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

h1-415 CTF Winners Announced!
Thanks to all who participated in our #h1415 CTF, and congratulations to our winners @p4fg and @manoelt! Here's how it went down.
https://www.hackerone.com/blog/h1-415-ctf-winners-announced
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Meet InnoGames' Top Hacker

https://www.hackerone.com/blog/meet-innogames-top-hacker
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

InnoGames Models Avatar After Top Ethical Hacker
Kevin Heseler, Security Engineer at InnoGames, tells us about how InnoGames leverages their bug bounty program to secure their games and the unique approach they have taken to awarding their most valuable hacker with their very own avatar in the ‘Forge of Empires' game
https://www.hackerone.com/blog/innogames-models-avatar-after-top-ethical-hacker-0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Why Every Federal Agency Needs a VDP

https://www.hackerone.com/blog/why-every-federal-agency-needs-vdp
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

HackerOne Launches Bug Bounty Program for Kubernetes
The Cloud Native Computing Foundation (CNCF) today launched the Kubernetes bug bounty program on HackerOne. The Kubernetes bug bounty program is yet another layer of security assurance that will reward researchers who find vulnerabilities in the container orchestration system. Bounties will range from 0 to ,000. All reports will be thoroughly investigated by the Kubernetes Product Security Committee, a set of security-minded Kubernetes community volunteers.
https://www.hackerone.com/blog/hackerone-launches-bug-bounty-program-kubernetes
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacking for Good

https://www.hackerone.com/blog/hacking-good
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

This Season, Give the Gift of Data-Driven Insight

https://www.hackerone.com/blog/season-give-gift-data-driven-insight
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Using Bug Bounty Talent Pools to Attract and Maintain Top Talent

https://www.hackerone.com/blog/using-bug-bounty-talent-pools-attract-and-maintain-top-talent
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Transparency Builds Trust
Someone called it a “breach,” and the world took notice. Here is the story.
https://www.hackerone.com/blog/transparency-builds-trust
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How Bug Bounties Help You Shift Left

https://www.hackerone.com/blog/how-bug-bounties-help-you-shift-left
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

HackerOne is a 2019 Cyber Catalyst Designated Cybersecurity Solution

https://www.hackerone.com/blog/hackerone-2019-cyber-catalyst-designated-cybersecurity-solution
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

8 High-impact Bugs and How HackerOne Customers Avoided a Breach: SQL Injection

https://www.hackerone.com/blog/8-high-impact-bugs-and-how-hackerone-customers-avoided-breach-sql-injection
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How the Risk-Averse DoD Learned to Stop Worrying and Love the Hackers

https://www.hackerone.com/blog/how-risk-averse-dod-learned-stop-worrying-and-love-hackers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The World's Elite Hackers Share Tips and Insights

https://www.hackerone.com/blog/conversation-three-elite-hackers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

LINE Launches Public Bug Bounty Program: Q&A with Security Engineer Robin Lunde
Today, after three successful years running an independent bug bounty program, LINE launched a public bug bounty program on HackerOne. To learn more about the popular messaging app's security strategy and commitment to the hacker community, we sat down with security engineers Robin Lunde, Koh You Liang and Keitaro Yamazaki. Read on for a glimpse into our conversation.
https://www.hackerone.com/blog/line-launches-public-bug-bounty-program-qa-security-engineer-robin-lunde
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Supporting the Source: Why HackerOne is Upgrading its Free Tools for Open Source
Open source software powers HackerOne. As part of our mission to make the internet safer, we want to make it easier for your open source project to remain secure, so we're joining GitHub Security Lab. Read on for more on why we're joining, new free offerings for open source projects from HackerOne, and new open source targets for hackers from GitHub and HackerOne.
https://www.hackerone.com/blog/supporting-source-why-hackerone-upgrading-its-free-tools-open-source
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Announcing Program Audit Log
As our customers' security teams grow, it's important for us to sustain their growth with new features. Today we're announcing the Program Audit Log. It enables customers to audit important actions that were taken in their program, such as permission updates, new members, bounty rewards, and program settings. Read on for more!
https://www.hackerone.com/blog/announcing-program-audit-log
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Reducing Risk With a Bug Bounty Program

https://www.hackerone.com/blog/reducing-risk-bug-bounty-program
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

U.S. Department of Defense VDP Wins Prestigious 2019 DoD Chief Information Officer Award
On Nov. 3, 2019 in the Pentagon Auditorium, the DoD Cyber Crime Center (DC3) Vulnerability Disclosure Program (VDP) was awarded the 2019 DoD Chief Information Officer (CIO) award for Cybersecurity. Over the past three years, the VDP on HackerOne has processed more than 11,000 vulnerabilities discovered by researchers within DoD's public facing websites.
https://www.hackerone.com/blog/us-department-defense-vdp-wins-prestigious-2019-dod-chief-information-officer-award-0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacking the Singapore Government: A Q&A With A Top Hacker & MINDEF 2.0 Results
On Friday, HackerOne announced the results of the second bug bounty challenge with the Ministry of Defence, Singapore (MINDEF). The three-week challenge ran from September 30, 2019 to October 21, 2019, and saw participation from over 300 trusted hackers from around the world — 134 local Singaporean-hackers and 171 international ethical hackers. HackerOne sat down with @SpaceRacoon to chat MINDEF Singapore's bug bounty challenge, what it takes to be a top hacker, the future of bug bounty, and more. Read on to hear more!
https://www.hackerone.com/blog/hacking-singapore-government-qa-top-hacker-mindef-20-results
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

8 High-Impact Bugs and How HackerOne Customers Avoided a Breach: Information Disclosure

https://www.hackerone.com/blog/8-high-impact-bugs-and-how-hackerone-customers-avoided-breach-information-disclosure
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Scaling Security: From Startup to Unicorn

https://www.hackerone.com/blog/scaling-security-startup-unicorn
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Why Laurie Mercer Became a Security Engineer at HackerOne

https://www.hackerone.com/blog/why-laurie-mercer-became-security-engineer-hackerone
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Security@ Fireside Chat: Insights from Phil Venables of Goldman Sachs

https://www.hackerone.com/blog/security-fireside-chat-insights-phil-venables-goldman-sachs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Keynote with Phil Venables of Goldman Sachs

https://www.hackerone.com/blog/keynote-phil-venables-goldman-sachs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Q&A with HackerOne's New Vice President, APAC, Attley Ng

https://www.hackerone.com/blog/qa-hackerones-new-vice-president-apac-attley-ng
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Lowering Your Pentesting Fees with HackerOne

https://www.hackerone.com/blog/lowering-your-pentesting-fees-hackerone-challenge
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Slack Increases Minimum Bounties for High and Critical Bugs for 30 Days
Over the past five years, Slack and HackerOne have established a partnership and commitment to ensure Slack's platform is secure for its over 12 million daily active users. To build on this momentum and engage top researchers from the HackerOne community, Slack is increasing its minimum bounties for High and Critical findings to 00 and 00 respectively for a limited time. Read on to learn more!
https://www.hackerone.com/blog/slack-increases-minimum-bounties-high-and-critical-bugs-30-days
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

8 High-Impact Bugs and How HackerOne Customers Avoided a Breach: Privilege Escalation

https://www.hackerone.com/blog/8-high-impact-bugs-and-how-hackerone-customers-avoided-breach-privilege-escalation
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

HackerOne Congratulates the Department of Defense on 11K Vulnerability Reports

https://www.hackerone.com/blog/hackerone-congratulates-department-defense-11k-vulnerability-reports
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Through a Hacker's Eyes: Recapping h1-604
For the first time ever, a hacker writes a live hacking recap blog, highlighting what it is like to attend a live event. Katie (@InsiderPhD) gives a first-person narrative of h1-604. From seeing a bear for the first time to collaborating closely with peers, Katie covers all the adventures of heading to Vancouver, Canada to hunt bugs.
https://www.hackerone.com/blog/through-hackers-eyes-recapping-h1-604
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Tell Your Hacker Story with the Redesigned Profile Pages

https://www.hackerone.com/blog/tell-your-hacker-story-redesigned-profile-pages
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

3 Ways Hacker-Powered Security Helps the Agile CISO

https://www.hackerone.com/blog/3-ways-hacker-powered-security-helps-agile-ciso
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

More Than Bounty: Beating Burnout with Hacker-Powered Security

https://www.hackerone.com/blog/more-bounty-beating-burnout-hacker-powered-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Breaking Down the Benefits of Hacker-Powered Pentests

https://www.hackerone.com/blog/breaking-down-benefits-hacker-powered-pentests
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

PayPal Celebrates Its First Anniversary on HackerOne
It's been a year since PayPal transitioned its Bug Bounty program to HackerOne. During that time, PayPal has paid out more than .5 million in bounties to the hacker community. In this post Ray Duran, manager of PayPal's Bug Bounty team, reflects on PayPal's journey, shares some exciting changes to the program and discusses what's to come.
https://www.hackerone.com/blog/paypal-celebrates-its-first-anniversary-hackerone
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Announcing the Security@ San Francisco 2019 Agenda
The agenda for the third annual hacker-powered security conference, Security@ San Francisco, is live! Security@ is the only conference dedicated to the booming hacker-powered security industry, where hackers and leaders come together to build a safer internet. The conference takes place on October 15, 2019 at the Palace of Fine Arts and will include talks by security leaders from some of the most innovative security teams. In addition, hackers from all over the world will discuss lessons learned from defending the front lines, scaling security teams, and addressing the talent gap. 2019 promises to be our largest event yet!
https://www.hackerone.com/blog/announcing-security-san-francisco-2019-agenda
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How HackerOne Fits into the Dev Tools You Know and Love

https://www.hackerone.com/blog/how-hackerone-fits-dev-tools-you-know-and-love
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How Companies Like Facebook Find the Bugs that Matter

https://www.hackerone.com/blog/how-companies-facebook-find-bugs-matter
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacking with Valor: Why We Raised .4M with Valor Equity Partners
Our civilization is going digital. That's fantastic. Unfortunately, our software is not secure enough to carry a digital and connected civilization. When systems get breached, people can't trust the digital world. In a way, we try to do too much. Our innovation is outpacing security and privacy. Something must be done. This is the HackerOne commitment: As long as our digital world is plagued by vulnerabilities, we will continue to hack for the good of our connected society.
https://www.hackerone.com/blog/investors-love-hackers-why-we-raised-364m-valor-equity-partners
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Upserve Resolves Over 85 Bugs in Two Years Thanks to Hackers
It's been two years since Upserve launched its public bug bounty program on HackerOne. During that time, Upserve's security team has resolved over 85 valid vulnerabilities thanks to hackers, paying ,000 in bounties along the way. To celebrate the milestone, we sat down with Upserve's Information Security Officer Bryan Brannigan to look back on humble beginnings, learn more about how they incorporate hackers in their security initiatives, and discuss how they've increase engagement through public disclosures. Take a look!
https://www.hackerone.com/blog/upserve-resolves-over-85-bugs-two-years-thanks-hackers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Bringing the Heat to Vegas: Recapping record-breaking h1-702
HackerOne hosted their largest live hacking event to date in Las Vegas Nevada. With Hacker Summer Camp in the background, h1-702 broke several records. This included paying out nearly two million in bounties to hackers over the three days.
https://www.hackerone.com/blog/bringing-heat-vegas-recapping-record-breaking-h1-702
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

HackerOne Praised By An Original Hacker
Steve Gibson, a security researcher who started hacking technology as a child, recently gave HackerOne high praise for helping to secure companies with bug bounty programs. We're proud when our dedicated team gets the praise they deserve from those in the industry.
https://www.hackerone.com/blog/hackerone-praised-original-hacker
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Meet Six Hackers Making Seven Figures
A mere five months after 19-year-old Argentinian Santiago Lopez crossed the million bounty mark, five more hackers from across the globe have now each earned over million in bounties with HackerOne.
https://www.hackerone.com/blog/meet-six-hackers-making-seven-figures
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacker-Powered Data - Security Weaknesses and Embracing Risk with HackerOne
Vulnerabilities are a fact of life; risk comes with it. Today, companies, enterprises, & governments are embracing collaboration with hackers to find vulnerabilities before criminals have a chance to exploit them. Using 7 years of data from 1,400 bug bounty programs & 360,000+ valid vulnerabilities, this post offers a new analysis of the most common vulnerabilities not found on the OWASP top 10.
https://www.hackerone.com/blog/hacker-powered-data-security-weaknesses-and-embracing-risk-hackerone
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Don't Believe These 4 Bug Bounty Myths

https://www.hackerone.com/blog/dont-believe-these-4-bug-bounty-myths
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Black Hat 2019: Highlights from the Biggest and Best Yet
Black Hat 2019 was the biggest and best yet. Over 20,000 attendees heated up Las Vegas with provocative training sessions, innovative presentations, and record-breaking live hacking events.
https://www.hackerone.com/blog/black-hat-2019-highlights-biggest-and-best-yet
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Security Vendors Startups like Lob Can't Live Without

https://www.hackerone.com/blog/security-vendors-startups-lob-cant-live-without
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

GraphQL Week on The Hacker101 Capture the Flag Challenges
Recently we rolled out 3 separate GraphQL-basd Hacker101 Capture the Flag challenges. These are valuable educational resources for hackers and developers alike, improving bug hunting capability and helping developers prevent security missteps when implementing GraphQL.
https://www.hackerone.com/blog/graphql-week-hacker101-capture-flag-challenges
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Live Hacking Events: Stats, invitations, and what's next
Live hacking events are an experience unlike any other. This post is about how you can increase your chances of being invited to hack. We dive into the history of live hacking events and some of the criteria that's taken into consideration
https://www.hackerone.com/blog/live-hacking-events-stats-invitations-and-whats-next
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

London Called, Hackers Answered: Recapping h1-4420
Uber partnered with us for their third live hacking event in London, paying out over 5,000 in bounties to hackers who found more than 150 unique vulnerabilities across Uber, Uber Restaurants and Uber Freight.
https://www.hackerone.com/blog/london-called-hackers-answered-recapping-h1-4420
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Verizon Media Webinar Recap: Attack Surface Visibility & Reducing Risk
Bug bounty tips from a Paranoid: hackers as an extension of your security team, honoring the security page as a contract with hackers, investing in the community through things like Live Hacking events, and using the outside perspective from the hacker community to strengthen their entire SDLC.
https://www.hackerone.com/blog/verizon-media-webinar-recap-attack-surface-visibility-reducing-risk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Breaking Down the Benefits of Hacker-Powered Pen Tests
Breaking down the benefits of hacker-powered pen tests from the recent Forrester report. The most important benefit was finding more vulnerabilities, both in terms of numbers and criticality, in order to remediate them and create better system security.
https://www.hackerone.com/blog/breaking-down-benefits-hacker-powered-pen-tests
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The HackerOne Top 10 Most Impactful and Rewarded Vulnerability Types
We've put together a list of the most impactful vulnerabilities on the HackerOne platform so you can see where to aim your security efforts and how to better align your security team to today's biggest risks. Learn which vulnerabilities aren't in the OWASP Top 10 and see the top vulnerabilities submitted by volume, bounty awards, and more.
https://www.hackerone.com/blog/hackerone-top-10-most-impactful-and-rewarded-vulnerability-types
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Improving Your Workflows and Analysis with Custom Fields
HackerOne is thrilled to release Custom Fields, the latest way to sharpen security workflows and software development cycles. Custom Fields empowers teams to gain new insights into data by adding details such as ownership, risk category and root cause to vulnerability reports.
https://www.hackerone.com/blog/improving-your-workflows-and-analysis-custom-fields
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cloud Security Alliance Webinar Recap: Avoid the Breach with Shopify's Andrew Dunbar
Security is a top priority for e-commerce giant Shopify, with over 600,000 businesses in 175 countries trusting them to sell online and everywhere in the world. Shopify's Vice President of Security Engineering and IT, Andrew Dunbar and HackerOne's Luke Tucker discuss best practices for testing and securing cloud-based web applications.
https://www.hackerone.com/blog/cloud-security-alliance-webinar-recap-avoid-breach-shopifys-andrew-dunbar
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

When Moving To the Cloud, Don't Leave Basic Security Behind
How to break into a serverless application, a TestLabs blog review. We'll also discuss why changes in technology don't change security best practices.
https://www.hackerone.com/blog/when-moving-cloud-dont-leave-basic-security-behind
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Grand Rounds VP InfoSec: Achieving SOC 2 Type II Compliance with Hacker-Powered Security
Grand Rounds is an innovative new healthcare company using hacker-powered security for better, more effective pen tests. Learn how HackerOne Compliance meets HIPPA, SOC2, and other security testing needs.
https://www.hackerone.com/blog/grand-rounds-vp-infosec-achieving-soc-2-type-ii-compliance-hacker-powered-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Automate Workflows with Enhanced Jira Integration
Integrating with Jira has always been an important piece of integrating HackerOne into the SDLC of our customers. HackerOne's bi-directional Jira integration is currently in use by many of our customers and today we're announcing how it's getting even better.
https://www.hackerone.com/blog/automate-workflows-enhanced-jira-integration
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Taking The Guesswork Out of Vulnerability Reporting
To make vulnerability disclosure easier on open source maintainers, GitHub and HackerOne are collaborating to help close the gap between the hacker community and software engineers.
https://www.hackerone.com/blog/taking-guesswork-out-of-vulnerability-reporting
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

See Your Success In Real Time with the new Program Dashboard
Effective security programs are more efficient when backed with clear reports that both technical and business teams understand. The HackerOne program dashboard delivers real-time insights into the program metrics that matter most to your programs, such as submission status, bounty spent, exploit severity, asset weaknesses, program health, and more.
https://www.hackerone.com/blog/see-your-success-in-real-time-with-the-new-program-dashboard
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacking Dropbox Live in the Heart of Singapore at h1-65
Dropbox joined us as the participating company, paying out over 0,000 in bounties to hackers who found 264 vulnerabilities across Dropbox, Dropbox Paper, newly-acquired HelloSign, and third-party vendors that work with Dropbox.
https://www.hackerone.com/blog/hacking-dropbox-live-heart-singapore-h1-65
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

PayPal Thanks Hackers with Million in 7 Months on HackerOne
Since launching an independently run bug bounty program in 2012, PayPal's program has evolved several times over, including transitioning to a platform, HackerOne, in 2018 to expand participation from 2,000 hackers to over 300,000 hackers on the platform. In just 6 months, we're proud to announce that PayPal has paid over million to hackers through HackerOne. It's quite a milestone for us, and so much more the a dollar figure.
https://www.hackerone.com/blog/paypal-thanks-hackers-1-million-7-months-hackerone-0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Priceline Launches Public Bug Bounty Program: Q&A with Matt Southworth
Today, Priceline launched its public bug bounty program on HackerOne, including Priceline's e-commerce site, Priceline.com, PPN affiliate sites and mobile apps. We sat down with Matt to learn more about their program, prioritizing customer trust, what it's like working with hackers, and more. Check it out!
https://www.hackerone.com/blog/priceline-launches-public-bug-bounty-program-qa-matt-southworth
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Announcing the Community T-shirt Winner(s)
Hackers submitted amazing designs for the first ever community t-shirt contest! @akaash2397 received the most votes among the three finalists for his Bug Hunter design.
https://www.hackerone.com/blog/announcing-community-t-shirt-winners-0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Learn How HackerOne Can Help You Crawl, Walk, or Run Your Way to a Bug Bounty Program
No matter your company size or security team bandwidth, learn how to get a bug bounty program started with advice from those who've launched hundreds of new programs. This webinar explains how to get a program started at your own pace, what you need to think about before you start, and how you can control the program's impact on your existing infrastructure. It's only 25 minutes, so grab a coffee, take a break, and watch it now.
https://www.hackerone.com/blog/learn-how-hackerone-can-help-you-crawl-walk-or-run-your-way-bug-bounty-program
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What the California Consumer Privacy Act Means For You
The collection of personal data and the privacy issues surrounding it have been a hot topic the past several years, especially in the security industry. Governments are taking notice and new regulations are appearing. The new California Consumer Privacy Act (CCPA) is a regulation requiring certain organizations to protect the personal data and privacy of California consumers. HackerOne can help you.
https://www.hackerone.com/blog/What-CCPA-Means-You
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hackers have earned more than M in bug bounty cash on HackerOne: Time to celebrate!
Hackers, congratulate yourselves on an incredible milestone, earning M+ for your contributions to a safer internet. HackerOne's mission is to empower the world to build a safer internet, and you are the heroic individuals making that mission a day-to-day reality. Thank you for inspiring us with your creativity and talents. Keep pursuing the flags, squashing the bugs, and sharing the knowledge. Together. We. Hit. Harder. Happy hacking one and all!
https://www.hackerone.com/blog/Hackers-have-earned-more-50M-bug-bounty-cash-HackerOne-Time-celebrate
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How Hackers Define “Hacker”
Dictionary definitions tend to conflate “hacker” with “criminal”. We know that's definitely not the case, but we wanted to know what hackers think. We combed through more than three dozen interviews to determine and share the true definition of “hacker” from hackers themselves.
https://www.hackerone.com/blog/How-Hackers-Define-Hacker
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacker-Powered Security, Government Support Needed to Protect Financial Services Consumers from Application Vulnerabilities
What is the current state of security in the financial sector? How can governments contribute to this security? These questions were addressed by Christopher Parsons in his testimony before the Standing Committee on Public Safety and National Security (SECU) in Canada. His testimony shines a light on some major issues facing the security community in Canada and across the world.
https://www.hackerone.com/blog/Hacker-Powered-Security-Government-Support-Needed-Protect-Financial-Services-Consumers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Product Updates and Enhancements

https://www.hackerone.com/blog/Product-Update-Q1-2019
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Airbnb and Verizon Media participate in 3rd annual h1-415 live hacking event including a cybersecurity mentorship program
The power of collaboration came through full-force in our first live hacking event of 2019. Hosted over three days, we partnered with Airbnb and Verizon Media for hacking, mentoring, and celebrating the community.
https://www.hackerone.com/blog/Airbnb-and-Verizon-Media-participate-3rd-annual-h1-415-live-hacking-event-including
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Xiaomi Security Center Welcomes Security Research with HackerOne Partnership
Please welcome the Xiaomi Security Center to HackerOne! Xiaomi, one of the world's largest consumer electronics manufacturers, is launching a vulnerability disclosure program (VDP) on April 1, 2019, welcoming vulnerability submissions for products and services under the brands of Xiaomi, Mijia, Mitu, and Redmi. Check it out!
https://www.hackerone.com/blog/Xiaomi-Security-Center-Welcomes-Security-Research-HackerOne-Partnership
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Security at Startup Speed: Enterprise Grade Security from the Start
Startups today must adapt to a rapidly changing environment, completing security tasks along with code deploys and automating security scans as much as possible. But even with these measures, security vulnerabilities find a way to slip through the cracks. That's where hacker-powered security can put out the embers of the fire you may have missed. Learn how hacker-powered security allows startups to launch smart.
https://www.hackerone.com/blog/Security-Startup-Speed-Enterprise-Grade-Security-Start
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Q&A with Brian Neely, CIO & CISO of AMERICAN SYSTEMS
As a defense contractor, AMERICAN SYSTEMS provides IT and engineering solutions for complex national priority programs for the U.S. government. As you can imagine, the sensitive programs and data they hold makes them heavily targeted by sophisticated, determined, highly resourced nation-state threat actors. Losing data would mean losing a competitive advantage on the battlefield. In short, lives could be at stake. That's not your average security breach. We sat down with CIO and CISO Brian Neely to learn a bit more about how he's seen the industry evolve, what's next and how hacker-powered security fits into the matrix.
https://www.hackerone.com/blog/QA-Brian-Neely-CIO-CISO-AMERICAN-SYSTEMS
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The 2019 Hacker Report: Celebrating The World's Largest Community of Hackers
The third annual Hacker Report includes the largest survey conducted to date of the ethical hacking community with hackers participating from over 100 countries and territories. Hackers are heroes, they are in it for the good and there is more opportunity than ever before. The 2019 Hacker Report shares the stories and celebrates the impact of the hacker community.
https://www.hackerone.com/blog/2019-Hacker-Report-Celebrating-Worlds-Largest-Community-Hackers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

@try_to_hack Makes History as First Bug Bounty Hacker to Earn over Million
19-year-old Argentinian @try_to_hack just made history as the first to earn over ,000,000 in bounty awards on HackerOne. We connect with him to learn more about how he reached this impressive milestone. We hope you are just inspired as we are!
https://www.hackerone.com/blog/trytohack-Makes-History-First-Bug-Bounty-Hacker-Earn-over-1-Million
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Q&A with HackerOne's VP of Customer Success Jeff McBride
We sat down with HackerOne's VP of Customer Success, Jeff McBride, to get more acquainted with his style of leadership, what customer success means to him, and his view of hacker-powered program management. Take a look at our conversation.
https://www.hackerone.com/blog/QA-HackerOnes-VP-Customer-Success-Jeff-McBride
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Program Insights from the PayPal Security Team
PayPal's security team is tasked with helping to protect personal financial information for millions of account holders every day. We sat down with PayPal Information Security Engineers Ray Duran, Sonal Shrivastava, and Pax Whitmore, and Project Manager Rebecca Francom to learn more about how PayPal works with researchers, what the journey of a bug looks like once it gets reported, and what findings are most impactful.
https://www.hackerone.com/blog/Program-Insights-QA-PayPal-Security-Team
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Introducing Hacker Task Manager and Statistics
We're proud to announce the latest iteration of Hacker Dashboard today- Hacker Task Manager and Statistics! The Hacker Task Manager underlines our focus on helping new and upcoming hackers to onboard themselves on our platform. With the help of the Task Manager, hackers can educate themselves with help from Hacker101 and other educational resources to get closer to the goal of submitting a valid vulnerability report.
https://www.hackerone.com/blog/Introducing-Hacker-Task-Manager-and-Statistics
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Design the next HackerOne T-Shirt
We are very excited to open the first ever HackerOne community T-shirt design contest. Like crafting a creative exploit or spinning up photoshop to create a perfect meme, we know you've got some amazing ideas and we want to see them. We are looking for designs that reflect the spirit of our community. This can include ingenuity, diversity and the collaborative forces that make #TogetherWeHitHarder.
https://www.hackerone.com/blog/Design-next-HackerOne-T-Shirt
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Five years of the GitHub Bug Bounty program
Over the past five years, GitHub has been continuously impressed by the hard work and ingenuity of the hacker community. Last year was no different. GitHub paid out 5,000 to researchers through their public bug bounty program in 2018. They decided to share some of their highlights from the past year and introduce some big changes in 2019: full legal protection for researchers, more GitHub properties eligible for rewards, and increased reward amounts.
https://www.hackerone.com/blog/Five-years-GitHub-Bug-Bounty-program
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

HackerOne Hosts Rails Girls in Groningen
Following months of preparation, the day was finally here. HackerOne's office in Groningen was hosting a Rails Girls global coding event. Born in Finland, Rails Girls is a global, non-profit volunteer community that aims to provide the right tools and a community for women to understand technology and to build their ideas. I am Stuti Srivastava, a senior product engineer at HackerOne and one of the organisers for the event, and this was my first experience at a Rails Girls event.
https://www.hackerone.com/blog/HackerOne-Hosts-Rails-Girls-Groningen
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

FanDuel's Liam Somerville on Prioritising Researchers as an Extension of the Security Team
FanDuel, the web-based fantasy sports game with traditional season-long fantasy sports leagues compressed into daily or weekly games of skill, is used by over 8 million members across the globe. With hundreds of millions of dollars being exchanged through weekly games, the small but mighty FanDuel security is tasked with defending enormous amounts of sensitive data all while meeting rigorous state and national regulations. Over the course of their bug bounty program, FanDuel has resolved about 85 vulnerabilities and paid out over ,000 in gratitude to researchers. We dove a little deeper with Liam to learn more about how his security team of seven works with the researcher community to boost security and how researchers can maximize their earnings by being creative.
https://www.hackerone.com/blog/FanDuels-Liam-Somerville-Prioritising-Researchers-Extension-Security-Team
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How Hacker-Powered Security Protects Your Data, Even When Third Parties Don't
Providing third parties with access to privileged sites and information can expose companies to greater risk of data theft, with all the financial and reputational costs such breaches bring. Hacker-powered security programs like HackerOne Bounty let you focus tens to thousands of security researchers on the precise systems you care about most. Through careful design of the program page and bounty table, which tells hackers how much they will be paid to find different types of vulnerabilities in different systems, you can concentrate the HackerOne community on hardening the applications, authentication, and access control systems that third parties use.
https://www.hackerone.com/blog/How-Hacker-Powered-Security-Protects-Your-Data-Even-When-Third-Parties-Dont
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Alibaba and HackerOne Join Forces in Global Vulnerability Testing Program
Alibaba, one of the world's largest Internet companies is joining HackerOne to tap into the technical expertise of the world's best cybersecurity experts to implement a global vulnerability disclosure program (VDP) to help boost security and better protect customers, transactions, and the Alibaba ecosystem. Today, Alibaba has announced that all participating cybersecurity researchers who submit valid vulnerabilities will receive a limited production physical challenge coin issued by Alibaba and HackerOne — a “metal medal of honor” – to recognize their contributions. The coin is awarded in addition to the incentives researchers receive as active members of the HackerOne community.
https://www.hackerone.com/blog/Alibaba-and-HackerOne-Join-Forces-Global-Vulnerability-Testing-Program
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Introducing My Programs
We're proud to announce the release of My Programs, the next iteration of Hacker Dashboard. My Programs is a completely new page in the dashboard that replaces the old “accepted invitations” page. In addition to the accepted invitations, My Programs now lists all public programs you have previously submitted a report to.
https://www.hackerone.com/blog/Introducing-My-Programs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Brace yourself: Million in Bounties is Coming—and we are celebrating the whole way there!
A huge milestone towards a safer internet, better lives, and communities for hackers, HackerOne is celebrating hackers and the path to M in bounties!
https://www.hackerone.com/blog/Brace-yourself-50-Million-Bounties-Coming-and-we-are-celebrating-whole-way-there
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Launching the Hacker Calendar, Never Miss a Challenge Again
Hacker Calendar is a small but useful feature to track important dates and events via your calendar app. You can easily see all running challenges that you're part of and know their respective start and end dates.
https://www.hackerone.com/blog/Launching-Hacker-Calendar-Never-miss-challenge-again
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

EU-FOSSA 2 Open Source Bug Bounty Programme Series | Q&A
Following the success of the European Commission's pilot bug bounty programme with HackerOne last year, they are announcing the launch of a new bug bounty initiative involving open source software on a much larger scale. This bug bounty programme run by the EU-Free and Open Source Software Auditing (EU-FOSSA 2) project, aims to help EU institutions better protect their critical software. We recently chatted separately with Marek Przybyszewski and Saranjit Arora who are leading the EU-FOSSA 2 project.
https://www.hackerone.com/blog/EU-FOSSA-2-Open-Source-Bug-Bounty-Programme-Series-QA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Riot Games Surpasses 1,000 Valid Reports: Q&A
At the end of 2018, Riot Games surpassed one of the biggest milestones of its bug bounty program to-date: 1,000 valid vulnerabilities reported to the program. Today, the League of Legends maker celebrates 1,000 issues fixed and 1,000 opportunities to better protect their over 80 million players worldwide. We connected with Riot Games Security Engineer Diarmaid McManus to learn more about what the milestone means to him and the team, as well as the greater impact HackerOne's community has had on their security practice.
https://www.hackerone.com/blog/Riot-Games-Surpasses-1000-Valid-Reports-QA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Open-Xchange Approaches 3 Years of Bug Bounties & 250 Valid Vulnerabilities
Just shy of their third anniversary of bug bounties, web-based communication, collaboration and office productivity software company Open-Xchange (OX) is sharing the results of their program to-date. OX has seen nearly 250 valid vulnerabilities reported through the program and paid out over ,000. Looking back, Security Officer Martin Heiland says bugs surfaced on HackerOne have cost about a tenth of what traditional pen testing has surfaced over the years.
https://www.hackerone.com/blog/Open-Xchange-Approaches-3-Years-Bug-Bounties-250-Valid-Vulnerabilities
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

5 Tips for an Effective AppSec Testing Strategy
Applications have become the lifeblood of businesses in today's connected world. Software is now the “front door” into your business for many people around the world. Caution is required, though. Applications exposed to the internet are also exposed to shady characters out to exploit your systems for their benefit, often at the expense of your customers and your business. This blog shares 5 tips for an effective application security testing strategy.
https://www.hackerone.com/blog/5-Tips-Effective-AppSec-Testing-Strategy
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Your First 90 Days as Security Lead, Part 2: Developing a Plan and Getting to Work
You've just been named the new security lead for your organization. You probably have many projects swirling through your mind, like addressing a critical issue, benchmarking your organization against peers, or developing a broad plan. This two-part blog series details best practices for developing your program and the key steps to take during the first three months in your new role.
https://www.hackerone.com/blog/Your-First-90-Days-Security-Lead-Part-2-Developing-Plan-and-Getting-Work
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hyatt Launches Public Bug Bounty Program: Q&A with CISO Benjamin Vaughn
Today, Hyatt is launching its first public bug bounty program at HackerOne. To learn more about Hyatt's program, their commitment to security and the hacker community, we sat down with Chief Information Security Officer Benjamin Vaughn.
https://www.hackerone.com/blog/Hyatt-Launches-Public-Bug-Bounty-Program-QA-CISO-Benjamin-Vaughn
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Introducing Indian Rupee payments: Cheaper and faster bank transfers
We're proud to announce that HackerOne now supports payments in Indian Rupees. The addition of Indian Rupees means we can now eliminate the roughly 5% conversion fee per bounty by using the “mid-market rate” to convert your bounties directly to Indian Rupees before sending them to your bank account.
https://www.hackerone.com/blog/Introducing-Indian-Rupee-payments-Cheaper-and-faster-bank-transfers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Your First 90 Days as Security Lead, Part 1: Building Your Security Foundation
You've just been named the new security lead for your organization. You probably have many projects swirling through your mind, like addressing a critical issue, benchmarking your organization against peers, or developing a broad plan. This two-part blog series details best practices for developing your program and the key steps to take during the first three months in your new role.
https://www.hackerone.com/blog/Your-First-90-Days-Security-Lead-Part-1-Building-Your-Security-Foundation
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

More Hackers Means Less To Worry About
With enough hackers, all security vulnerabilities are shallow. There is no better way to know the security of your systems than inviting a diverse community to report your weaknesses. On behalf of grateful customers, we have awarded over M in rewards to the do-gooders — the hackers. We will end 2018 with a business that has grown 10X in just 3 years.
https://www.hackerone.com/blog/More-Hackers-Means-Less-Worry-About-0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Oath's Big Year of Bug Bounties Capped off with NYC Live Hacking Event
In 2018, Oath has received over 1,900 valid vulnerabilities through its private bug bounty program, over 300 of which were high or critical severity. Big numbers mean big rewards — Oath has paid million in bounties in 2018. It's been a record year, including four live hacking events all over the world — Goa, San Francisco, Argentina, and a 2018 finale live hacking event in New York City on November 27-29.
https://www.hackerone.com/blog/Oaths-Big-Year-Bug-Bounties-Capped-NYC-Live-Hacking-Event
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Grammarly's Bug Bounty Program Goes Public: Q&A with VP of Engineering Joe Xavier
It's been over a year since Grammarly launched its first bug bounty program on HackerOne. It's been a private, invite-only program ever since. That is, until today! We sat down with the company's VP of Engineering Joe Xavier to learn more about how the newly public bug bounty program fits into the team's overall security strategy, what it's like working with hackers, and any advice for other organizations considering the bug bounty model.
https://www.hackerone.com/blog/Grammarlys-Bug-Bounty-Program-Goes-Public-QA-VP-Engineering-Joe-Xavier
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacktivity Disclosure for Private Programs
With over 6,000 reports that have been disclosed on Hacktivity, we're proud to announce that we're launching Disclosure for Private Programs. Vulnerability reports can now be disclosed within a private program.
https://www.hackerone.com/blog/Hacktivity-Disclosure-Private-Programs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Q&A with Flickr's Senior Engineering Manager Alex Seville
As of November 2018, Flickr has been running its first independent bug bounty program, maintaining an average resolution time of just 4 days in the first month. We sat down with Flickr Senior Engineering Manager Alex Seville to learn more about his team's commitment to working with the hacker community, how it fits into Flickr's larger cybersecurity strategy, and what's to come.
https://www.hackerone.com/blog/QA-Flickrs-Senior-Engineering-Manager-Alex-Seville
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Easy and secure Credential Management
The new credential management functionality enables program owners to share credentials with hackers in the program easily. It's as simple as uploading a CSV with credentials, and a new button will appear on your program page from where hackers can download the credentials. When uploading the credentials, you can also give the hacker instructions on how to use them. This can be helpful in case the setup isn't straightforward.
https://www.hackerone.com/blog/Easy-and-secure-Credential-Management
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Test your hacking skills on real-world simulated bugs
Five sandbox environments of recently disclosed hacktivity reports available for anyone to test their hacking skills and see if they can replicate the same bug that was discovered. #hackon
https://www.hackerone.com/blog/Test-your-hacking-skills-real-world-simulated-bugs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Introducing Hacker Dashboard: Your personalized HackerOne overview
Earlier this month, we introduced the all-new Program Directory with fresh metrics and better filtering. Now, we're taking it a step further with the introduction of the Hacker Dashboard. Check it out!
https://www.hackerone.com/blog/Introducing-Hacker-Dashboard-Your-personalized-HackerOne-overview
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacker101 CTF++: Find flags, get private bug bounty program invitations
Get rewarded with private invitations and work through the CTF as a group with our new release.
https://www.hackerone.com/blog/Hacker101-CTF-Find-flags-get-private-bug-bounty-program-invitations
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Shopify Awards 6,000 to Hackers in Canada: h1-514 Recap
Forty top hackers met in Montréal over the weekend to hack Canada-based Shopify. The commerce platform helps more than a half-million merchants spread across 90% of the world's countries design, set-up, and manage their stores. During the live hacking event, dubbed h1-514, Shopify paid over 6,000 in bounties to hackers who helped surface 55 valid vulnerabilities to the program.
https://www.hackerone.com/blog/Shopify-Awards-116000-Hackers-Canada-h1-514-Recap
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Integrate HackerOne directly into your website with Embedded Submissions
Receiving vulnerabilities has never been easier with the release of our newest integration: Embedded Submissions! The form will be embedded directly on your website by simply adding one line of JavaScript on your web page.
https://www.hackerone.com/blog/Integrate-HackerOne-directly-your-website-Embedded-Submissions
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Security@ 2018: Oath, DoD Highlight Value in Bringing Bug Bounties to Life
Most hacker-powered security happens remotely, with digital messaging being the typical communication channel. There's no brainstorming together with a whiteboard, no chats over coffee, no conversations during the walk across the street for lunch. One of the many benefits of Security@ is the chance to bring hackers, developers, and security teams together to meet in real life.
https://www.hackerone.com/blog/Security-2018-Oath-DoD-Highlight-Value-Bringing-Bug-Bounties-Life
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Security@ 2018: Sumo Logic's CSO On Transparency and Using Hacker-Powered Pen Tests for Better Security and Complete Compliance
At Security@ 2018, held in San Francisco in late October, Gerchow took the stage to share how Sumo Logic works with HackerOne to take a decidedly modern approach to security, using bug bounties as a tool in the arsenal and transparency as the common thread. Transparency, according to Gerchow, means that organizations must admit not only that bugs will always exist, but that the best ways to reduce vulnerabilities is to share learnings and best practices with the broader community.
https://www.hackerone.com/blog/Security-2018-Sumo-Logics-CSO-Transparency-and-Using-Hacker-Powered-Pen-Tests-Better-Security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Discovering programs is easier than ever with the new and improved Program Directory
Today, we're excited to announce a complete overhaul of our Program Directory! The new directory features a fresh design and more granular filters to find programs faster than ever. Let us know what you think!
https://www.hackerone.com/blog/Discovering-programs-easier-ever-new-and-improved-Program-Directory
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What To Do When You're Stuck Hacking
Hacking can be tedious work. Sometimes you're looking for hours, perhaps days, and you're unable to find a security vulnerability. It can be demotivating at times. This blog will give you multiple tips to power through it and regain that sweet, sweet feeling of submitting a security vulnerability.
https://www.hackerone.com/blog/What-To-Do-When-You-Are-Stuck-Hacking
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Financial Services: Tips for Bug Bounty Success
Jason Pubal is an appsec director at a large financial services firm. Over the past 2 years, he's prepared for and rolled out a successful bug bounty program with HackerOne. Here's what he's learned in the process and how you can prepare to launch your own bug bounty program.
https://www.hackerone.com/blog/Financial-Services-Tips-Bug-Bounty-Success
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Best is Yet To Come: DOD Awards New Hack the Pentagon Contract to HackerOne
Today we celebrate cyber defense. The U.S. Department of Defense's Defense Digital Service (DDS) announced expansion of the Hack the Pentagon crowdsourced security program and partnership with HackerOne. HackerOne is one of three vendors to be awarded a contract as part of the Hack the Pentagon expansion to run private assessments against sensitive, internal systems.
https://www.hackerone.com/blog/Best-Yet-Come-DOD-Awards-New-Hack-Pentagon-Contract-HackerOne
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Paranoids at Oath Take Bug Bounties to Argentina: h1-5411 Recap
HackerOne kicked off its first South America live hacking event in Buenos Aires, Argentina! Oath, a media and tech company, under which Yahoo, AOL, Verizon Digital Media Services, TechCrunch and many more dynamic brands fall, opened up their assets to 53 hackers in their second live hacking event in 2018. Eight hours later, Oath had paid out over 0,000 in bounties to hackers for their contributions. Thank you to our hackers that literally weathered a storm to join us in Argentina for the first time.
https://www.hackerone.com/blog/Paranoids-Oath-Take-Bug-Bounties-Argentina-h1-5411-Recap
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Say Yes To Cyber Help
We are seeing tremendous growth at HackerOne. Bug bounty programs, vulnerability disclosure policies, and crowdsourced pentests are needed by anyone entrusted with protecting customer data. To serve our rapidly expanding customer base, we have tripled our headcount in the past 12 months and opened new offices in New York, Washington D.C. and Singapore, in addition to our San Francisco, London and Netherlands offices.
https://www.hackerone.com/blog/Say-Yes-Cyber-Help
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The U.S. Marine Corps Resolves Nearly 150 Vulnerabilities Thanks to Hackers
Hack the Marine Corps, the U.S. Depart of Defense's (DoD) six public bug bounty challenge, officially concluded and the results are in! Over 100 ethical hackers tested public-facing Marine Corps websites and services in an effort to harden the defenses of the Marine Corps Enterprise Network (MCEN). Over the 20 days of the hacking challenge, hackers reported nearly 150 unique valid vulnerabilities to the U.S. Marine Corps Cyberspace Command (MARFORCYBER) team and were awarded over 0,000 for their findings.
https://www.hackerone.com/blog/US-Marine-Corps-Resolves-Nearly-150-Vulnerabilities-Thanks-Hackers-2
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The AWS Shared Responsibility Model: 3 Areas of Improvement to Make Today Part 3: Logging, Monitoring, and Alerting in AWS
Migrating to the cloud means sharing responsibility for security with the cloud provider. Read about one important part of the shared responsibility model: logging, monitoring, and alerting in an AWS environment. Discover the tools available to help you always know what is happening in your environment.
https://www.hackerone.com/blog/AWS-Shared-Responsibility-Model-3-Areas-Improvement-Make-Today-Part-3
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How Hacktivity Can Save Your Company: Experts Weigh In
Hacktivity can save your company.  Take help from hackers.  You can't do it alone.  Approach hackers with an assumption of benevolence, and develop relationships with them.  Don't find out about a vulnerability for the first time on Twitter.  How do you defend yourself against people who get up in the morning, put on their flip flops (or military uniform) and do nothing but think about how to attack you?  These were themes at the Atlantic Council's panel on coordinated vulnerability disclosure (CVD) on September 18 in Washington, D.C.
https://www.hackerone.com/blog/How-Hacktivity-Can-Save-Your-Company-Experts-Weigh-In
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacker Q&A with André Baptista: From CTF Champ to h1-202 MVH
From CTF Champ to H1-202 MVH. André applied the creativity of CTFs to find and escalate bugs in the wild and hack his way to to the Championship Belt less than a month after finding his first bug in the wild.
https://www.hackerone.com/blog/Hacker-QA-Andre-Baptista-CTF-Champ-h1-202-MVH
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Streamline Every Aspect of Your Responsible Disclosure Policy with HackerOne Response
HackerOne Response is our turnkey solution offering enterprise-grade security and conformance with ISO-29147 (vulnerability disclosure) and ISO-30111 (vulnerability handling). It allows vulnerability management teams to work directly with external third-parties to resolve critical security vulnerabilities before they can be exploited.
https://www.hackerone.com/blog/Streamline-Every-Aspect-Your-VDP-HackerOne-Response
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Top Firewall Misconfigurations that Lead to Easy Exploitations by Attackers
Migrating to the cloud means sharing responsibility for security with the cloud provider. Read about one important part of the shared responsibility model: keeping your cloud network secure. Discover how to protect your cloud networks from attackers.
https://www.hackerone.com/blog/Top-Firewall-Misconfigurations-that-Lead-to-Easy-Exploitations
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The AWS Shared Responsibility Model: 3 Areas of Improvement to Make Today, Part 1
Migrating to the cloud means sharing responsibility for security with the cloud provider. Read about one important part of the shared responsibility model: keeping your private keys private. Discover how to prevent your secrets from escaping the cloud.
https://www.hackerone.com/blog/AWS-Shared-Responsibility-Model-3-Areas-Improvement-Make-Today-Part-1-Keep-Your-Private-Keys
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Introducing the Hacker101 CTF
Capture flags all day and night in our newly launched CTF, available 24/7 at ctf.hacker101.com.
https://www.hackerone.com/blog/Introducing-Hacker101-CTF
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Highlights of New York's Cybersecurity Regulation 23 NYCRR Part 500
Effective March 1, 2017, the New York State Department of Financial Services (NYDFS) promulgated 23 NYCRR Part 500, a regulation establishing cybersecurity requirements for financial services companies. Beginning today, September 4, 2018, Sections 500.06, 500.08, 500.13, 500.14(a) and 500.15 of 23 NYCRR Part 500 will be enforceable.
https://www.hackerone.com/blog/Highlights-New-Yorks-Cybersecurity-Regulation-23-NYCRR-Part-500
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

H1-702 2018 makes history with over 0K in bounties paid!
Five straight nights of hacking with over 75 hackers representing 20+ countries hacked five targets earning over 0,000. It was the largest and most successful live hacking event ever.
https://www.hackerone.com/blog/H1-702-2018-makes-history-over-500K-bounties-paid
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacker Q&A with Matthew Bryant: Good Artists Copy, Great Artists Steal
“Seeing an exploit without understanding how any of it works felt like witnessing someone doing actual magic.” In his search to understand new-to-him security vulnerabilities, Matthew Bryant (@iammandatory) has found some iconic bugs. He chatted with us about those finds, collaboration, and the tools he builds as a modern-day security magician.
https://www.hackerone.com/blog/Hacker-QA-Matthew-Bryant-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What is a Responsible Disclosure Policy and Why You Need One
This article will answer the simple question of what a vulnerability disclosure policy is, what's included in a good policy, which organizations have a VDP today, and which government agencies have published guidance on VDPs.
https://www.hackerone.com/blog/What-Vulnerability-Disclosure-Policy-and-Why-You-Need-One
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

118 Fascinating Facts from HackerOne's Hacker-Powered Security Report 2018
Read 118 of the most intriguing data points from HackerOne's Hacker-Powered Security Report 2018. Get the facts to learn how security teams are working with hackers to crush more bugs and make the internet safer for everyone.
https://www.hackerone.com/blog/118-Fascinating-Facts-HackerOnes-Hacker-Powered-Security-Report-2018
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

7 Common Security Pitfalls to Avoid When Migrating to the Cloud
Read about the seven common security pitfalls to avoid when considering a migration to the cloud. Get actionable steps you should take now to ensure the best security possible for your customers.
https://www.hackerone.com/blog/7-Common-Security-Pitfalls-Avoid-When-Migrating-Cloud
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Oath Bug Bounty Program Update: M in payouts and expansion of the program
Oath has surpassed over ,000,000 bounties paid to hackers for their help to significantly decrease risk and reduce Oath's attack surface. However, bugs aren't all Oath received from the security community. They also heard a ton of feedback that they've accounted for in five changes to their program policy. Check them out!
https://www.hackerone.com/blog/Oath-Bug-Bounty-Program-Update-1M-payouts-and-expansion-program
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Improve Credential Sharing with Hacker Email Aliases
New hacker email aliases feature makes credential sharing, and whitelisting domains simple for programs
https://www.hackerone.com/blog/Improve-Credential-Sharing-Hacker-Email-Aliases
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

A Guide To Subdomain Takeovers
Technical guide on how to understand, find, exploit, and report subdomain misconfigurations by EdOverflow
https://www.hackerone.com/blog/Guide-Subdomain-Takeovers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Software Vulnerability Disclosure in Europe: Summary and Key Highlights of the European Parliament CEPS Task Force Report
HackerOne's summary review of the Software Vulnerability Disclosure in Europe Technology, Policies and Legal Challenges report.
https://www.hackerone.com/blog/Software-Vulnerability-Disclosure-Europe-Summary-and-Key-Highlights-European-Parliament-CEPS
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Sumo Logic Looks to Hacker-Powered Pen Testing for Security and Compliance
In late 2017, Sumo Logic CSO George Gerchow faced a challenge most only dream of — pen testing reports kept coming back clean. While this seems like good knews, it meant Sumo Logic's attack surface was hardening, Gerchow knew nothing is bulletproof. Three bug bounty challenges later, Sumo Logic is sharing the results and inner workings of its open line of communication with the hacker community for the first time.
https://www.hackerone.com/blog/Sumo-Logic-Looks-Hacker-Powered-Pen-Testing-Security-and-Compliance
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Zomato's First Anniversary with Bug Bounties: Q&A with Security Lead, Prateek Tiwari
This month, Zomato is celebrating the first anniversary of its bug bounty program. Since launching in July 2017, the company has paid out over 0,000 to over 350 hackers for their efforts, all while maintaining an average response time of 4 hours. We recently caught up with Prateek to celebrate the milestone and give you a chance to learn more about Zomato's approach to bug bounties and security.
https://www.hackerone.com/blog/Zomatos-First-Anniversary-Bug-Bounties-QA-Security-Lead-Prateek-Tiwari
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Hacker-Powered Security Report 2018
The Hacker-Powered Security Report 2018 is the most comprehensive report on hacker-powered security. Analysis of 78,275 security vulnerability reports received in the past year from ethical hackers that reported them to over 1,000 organizations through HackerOne.
https://www.hackerone.com/blog/Hacker-Powered-Security-Report-2018
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

H1-702 CTF Winners Announced!
Thanks to all the hackers who participated in the H1-702 2018 CTF! For the first time ever, we had both web and mobile challenges. Our six winners were selected from a pool of 750 registered participants and over 30 submissions received. Congratulations on winning your way to Las Vegas for the biggest live hacking event ever!
https://www.hackerone.com/blog/H1-702-CTF-Winners-Announced
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Lawfully Hacked
The best way to prevent getting hacked is to try to get hacked. Paradoxical as this may sound, evidence shows it is true. The worst data breaches the world has seen were with companies that did not invite external security researchers to report their findings. But by hunting for their security vulnerabilities, organizations can ensure the weak points are found and fixed before they are identified by criminals. Open sourcing security is the way.
https://www.hackerone.com/blog/Lawfully-Hacked
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Journey to 100% Responsive Programs
Unresponsive programs are a drain on your time and your sanity. We are committed to ensure programs on the platform will be responsive and their performance metrics will be transparent.
https://www.hackerone.com/blog/Journey-100-Responsive-Programs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Webinar: Learn How Hacker-Powered Pentests Give You More For Less
Join us on July 17 to learn how hacker-powered pen tests give you more. More bugs, faster, and cheaper.
https://www.hackerone.com/blog/Webinar-Learn-How-Hacker-Powered-Pentests-Give-You-More-Less
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Morrison & Foerster's David Newman: How Corporate Counsel Should Approach Hacker-Powered Security
Interview with MoFo's David Newman, of counsel in the National Security and Global Risk & Crisis Management practices. We asked David a few questions related to his work for clients on hacker-powered security, as well as what he's seeing in the field as more and more organizations launch both vulnerability disclosure policies (VDP) and bug bounty programs.
https://www.hackerone.com/blog/Morrison-Foersters-David-Newman-How-Corporate-Counsel-Should-Approach-Hacker-Powered-Security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hackers Descend on London for First Ever UK Live Hacking Event: H1-4420
Saturday, June 16, almost 50 hackers gathered from across the world to hack one of the most popular and mature bug bounty programs on the planet at HackerOne's first live-hacking event in London, H1-4420. Nine hours, 71 valid bugs and ,753 later...you could say our community of elite hackers exceeded all expectations.
https://www.hackerone.com/blog/Hackers-Descend-London-First-Ever-UK-Live-Hacking-Event-H1-4420
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Advanced triggers feature launches to further improve signal
Triggers are simple but powerful tools for executing automated responses to new, incoming reports. With triggers, you can set up an automated action when your program receives a report with or without a given trigger word. Triggers aid in reducing noise as they can flag certain reports.
https://www.hackerone.com/blog/Advanced-triggers-feature-launches-further-improve-signal
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Live-hacking Dropbox in Amsterdam for H1-3120
At H1-3120, Dropbox received more than 90 reports and paid out ,383 with an average bounty of ,318, over two times on their largest bounty day ever and almost three times their average bounty. Geweldig!
https://www.hackerone.com/blog/Live-hacking-Dropbox-Amsterdam-H1-3120
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Jackpot! The h1-702 2018 CTF is here! Win a Trip to the Biggest Live-hacking Event of 2018
H1-702 2018 is happening in Las Vegas from Wednesday, August 8 to Sunday, August 12! Any hacker from around the world who wants to attend can earn their way there. All you need to do is solve our CTF and write a great report. Six lucky winners will earn round trip airfare, seven nights at a hotel on the Las Vegas strip, and access to all five days of h1-702.
https://www.hackerone.com/blog/Jackpot-h1-702-2018-CTF-here-Win-Trip-Biggest-Live-hacking-Event-2018
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hey Startups, Check Your GDPR Progress with this GDPR Checklist
The GDPR Checklist is just that: a checklist to make sure you've covered the basics concerning GDPR. It's aimed at SaaS startups, but every company can benefit from its simple, easy to understand guidance.
https://www.hackerone.com/blog/Hey-Startups-Check-Your-GDPR-Progress-GDPR-Checklist
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacker-Powered pen tests at the U.S. Federal Government
When looking for a model to inform your own security posture, the Department of Defense would be a good place to look. Not only were they the first branch of the U.S. Federal Government to use white-hat hackers back in 2016, they've been using hacker-powered security in new and interesting ways ever since. They've also blazed a trail for other public organizations.
https://www.hackerone.com/blog/Hacker-Powered-pen-tests-US-Federal-Government
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

New Hacker101 Content: Threat modeling, Burp basics, and more
Since January, thousands of hackers have expressed their enthusiasm about the first Hacker101 content drop (almost 80,000 total video views and 8,800+ stars on GitHub in just six months!); and now it's time to take things to the next level.
https://www.hackerone.com/blog/New-Hacker101-Content-Threat-modeling-Burp-basics-and-more
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CISOs and GDPR: The Top 3 Concerns
In “The CISOs Guide to GDPR”, expert Thomas Fischer offered up the three main concerns he's hearing most often from CISOs regarding GDPR.
https://www.hackerone.com/blog/CISOs-and-GDPR-the-top-3-concerns
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacker Q&A with Rachel Tobac: Hacking Companies Through Their People
CEO and Co-founder of SocialProof Security, Rachel Tobac hacks people. Using a phone, email, and an approachable persona, Rachel discovers vital information that can be used to craft successful exploits.
https://www.hackerone.com/blog/Hacker-QA-Rachel-Tobac-Hacking-Companies-Through-Their-People
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Introducing The 90 day Hacker Leaderboard and Revamped Invitations
Hackers can now see how they ranked by their Reputation, Signal, and Impact in the last 90 days. Invitations going forward will be based on your activity during the last 90 days.
https://www.hackerone.com/blog/Introducing-90-day-Hacker-Leaderboard-and-Revamped-Invitations
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacker Q&A with Alyssa: We are all still learning
At 16 Alyssa Herrera discovered BugBounties and HackerOne--she hasn't looked back since. Now a full time bug hunter, Alyssa makes sure to give back to the community by sharing the knowledge she gained on her way to the number two spot on the DoD leaderboards.
https://www.hackerone.com/blog/Hacker-QA-Alyssa-We-are-all-still-learning
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hursti hacks, DEF CON villages, and the Dubious state of electronic voting
Harri Hursti is one of the world's leading authorities on election voting security. His work has exposed gaping security flaws in electronic voting machines and the electronic voting industry as a whole. He answered some of our questions on his hacking roots and why electronic voting is so easily hacked.
https://www.hackerone.com/blog/Hursti-hacks-DEF-CON-villages-and-Dubious-state-electronic-voting
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

H1-415 Recap: Oath Pays Over 0,000 to Hackers in One Day
Forty-one hackers representing 11 countries. More than 0,000 paid in bounties. All in nine hours. HackerOne's second annual live-hacking event in San Francisco broke multiple records on Saturday, April 14, 2018. The target? Oath, a media and tech company, under which Yahoo, AOL, Verizon Digital Media Services, TechCrunch and many more dynamic brands fall.
https://www.hackerone.com/blog/H1-415-Recap-Oath-Pays-Over-400000-Hackers-One-Day
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

H1-202 Recap: Mapbox Pays Out Nearly ,000 in One Day
Twenty-seven hackers representing nine countries gathered at the U.S. capitol March 23-25, 2018 for HackerOne's first live hacking event in Washington, D.C. The weekend consisted of a community day with Virginia-based high schoolers and a live hacking day — nine hours of hacking at Mapbox HQ, resulting in over 100 bugs reported and nearly ,000 paid in rewards.
https://www.hackerone.com/blog/H1-202-Recap-Mapbox-Pays-Out-Nearly-65000-One-Day
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Q&A with CRANIUM: Easing Compliance with “GDPR in a Box”
CRANIUM, an international consulting company specializing in privacy, data protection and information security, sells a GDPR in a Box to guide organizations through their GDPR challenge. It's a combination of do-it-yourself plus online support, and we talked with one of their GDPR experts to learn more about it.
https://www.hackerone.com/blog/QA-CRANIUM-Easing-Compliance-GDPR-Box
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Shopify Thanks Over 300 Hackers, Pays 0,000+ to Hackers in Three Years
This month, Shopify celebrates the three year anniversary of its bug bounty program with HackerOne. To-date the commerce platform has paid over 0,000 in rewards to hackers, resolved 759 vulnerabilities and has thanked over 300 hackers for their contributions.
https://www.hackerone.com/blog/Shopify-Thanks-Over-300-Hackers-Pays-850000-Hackers-Three-Years
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Q&A with HackerOne's New Board Member: Kathryn Haun
We are thrilled to introduce HackerOne's new board member Kathryn Haun. Katie is a former U.S. Department of Justice (DOJ) federal prosecutor, Stanford Business School Lecturer and serves on the board of Coinbase. With cybersecurity affecting every industry, every entity, and every person who is digitally connected, Katie thinks one of the best ways to protect against nefarious actors is to provide a safe environment for ethical hackers to beat them to the punch.
https://www.hackerone.com/blog/QA-HackerOnes-New-Board-Member-Kathryn-Haun
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The CISO's Guide to GDPR: Q&A with Thomas Fischer
We recently caught up with GDPR expert Thomas Fischer for his help in answering some questions for us on the hot topic of GDPR.
https://www.hackerone.com/blog/CISOs-Guide-GDPR-QA-Thomas-Fischer
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

General Motors Celebrates Second Anniversary with Hackers
Just over two years ago, General Motors became the first major automaker to launch a public vulnerability disclosure program (VDP). Its purpose? To protect its customers by working with hackers to safely identify and resolve security vulnerabilities. Since the program launched in 2016, GM has resolved more than 700 vulnerabilities across the entire supply chain, with help from hackers.
https://www.hackerone.com/blog/General-Motors-Celebrates-Second-Anniversary-Hackers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Mr. Chairman, we need hackers!
The more the world gets hacked, the more we need hackers. We need white hats. They will find vulnerabilities so we can fix them and not get breached.
https://www.hackerone.com/blog/Mr-Chairman-we-need-hackers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

GitHub Celebrates Four Years of Bug Bounties: Q&A with VP of Security, Shawn Davenport
GitHub celebrated the fourth anniversary of its Security Bug Bounty program and released a comprehensive recap of a record-breaking 2017 to mark the moment. To join the celebration and give you a chance to learn more about GitHub's approach to bug bounties and security, we recently caught up with Shawn Davenport, VP of Security at GitHub.
https://www.hackerone.com/blog/GitHub-Celebrates-Four-Years-Bug-Bounties-QA-VP-Security-Shawn-Davenport
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

GDPR: Let's kill the FUD
It seems everywhere you look, the talk about GDPR is designed to scare you into action. Fear, uncertainty, and doubt (FUD) are powerful motivators. Probably the scariest thing of all: the potential fines. GDPR, on paper, allows for fines of up to €20 million (.5 million) or 4% of a company's global annual revenue. Here's a quick (non-FUD-ified) list of some of what we see happening and how it may impact you.
https://www.hackerone.com/blog/GDPR-Lets-kill-FUD
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

OWASP Top 10 Web Security Risks of 2017 - Flashcards
There's no such thing as perfectly secure software. Learn about the top 10 web security risks of 2017 with our print-ready flashcard guide
https://www.hackerone.com/blog/OWASP-Top-10-Web-Security-Risks-2017-Flashcards
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Calling All “Bureaucracy Hackers”
Lisa Wiswell, a HackerOne advisor and a principal at GRIMM cybersecurity firm, thinks the government needs more help from hackers. Not just with hacking or security, but with simply understanding the basics of technology and the internet.
https://www.hackerone.com/blog/Calling-All-Bureaucracy-Hackers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

h1-202 CTF Winners Announced (and links to write-ups)
Our h1-202 CTF attracted 450 participants and we chose three winners that will be sent to Washington, DC for our live-hacking event, h1-202! Find out who won and read their solution write-ups in this post.
https://www.hackerone.com/blog/h1-202-CTF-Winners-Announced
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Q&A with Faye Francy: How Auto-ISAC Puts Security in the Driver's Seat
Faye Francy is executive director of Auto-ISAC, an industry-operated organization created to enhance cybersecurity awareness and collaboration across the global automotive industry. We interviewed Faye to learn more about the work Auto-ISAC is doing to make all of our vehicles more secure.
https://www.hackerone.com/blog/QA-Faye-Francy-How-Auto-ISAC-Puts-Security-Drivers-Seat
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacker Q&A with Shubham Gupta: Patience and Passion
Shubham Gupta ranks in the 96th percentile when it comes to signal and has helped secure brands like Ubiquiti Networks, Twitter, Slack and others. Shubham is enthusiastic, eager to learn and challenging himself daily. We caught up with him to learn more about his story, what drives him and why he hacks for good.
https://www.hackerone.com/blog/Hacker-QA-Shubham-gupta-Patience-and-Passion
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hack Your Way to the White House
The h1-202 CTF is here! On March 25th, 2018, h1-202 will be happening in Washington, D.C. (at a top secret location!). We are opening up the event to any hacker around the world who wants to attend. All you need to do is solve our CTF and write up a great report. The individuals who submit the best write ups as determined by our judges will be invited to attend h1-202.
https://www.hackerone.com/blog/Hack-Your-Way-White-House
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Alexa, ask HackerOne...
Alexa, ask HackerOne what's in the news?
https://www.hackerone.com/blog/Alexa-ask-HackerOne
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How Hackers Spend Their Bounties
At our poolside h1-702 live-hacking event in Las Vegas we asked some of our top hackers about how they spend their bounty earnings. Responses varied - from saving money for college, to buying a family car, to helping their parents purchase a home to: headphones, snowblowers, and more.
https://www.hackerone.com/blog/How-Hackers-Spend-Their-Bounties
Partager : LinkedIn / Twitter / Facebook / View /