Pas d'actualité
L'Actu
Systemd Vulnerability Could Risk Denial-of-Service Across Major Linux Systems
A new vulnerability in the Systemd component risks Linux systems as it allows an adversary…
Systemd Vulnerability Could Risk Denial-of-Service Across Major Linux Systems on Latest Hacking News.
https://latesthackingnews.com/2021/07/23/systemd-vulnerability-could-risk-denial-of-service-across-major-linux-systems/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Law Firm Campbell Disclosed Data Breach Following Ransomware Attack
US law firm Campbell Conroy & O'Neil has disclosed a data breach affecting its customers,…
Law Firm Campbell Disclosed Data Breach Following Ransomware Attack on Latest Hacking News.
https://latesthackingnews.com/2021/07/23/law-firm-campbell-disclosed-data-breach-following-ransomware-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
MosaicLoader Malware Targets Users Looking For Pirated Software
A new malware threat is in the wild, targeting users looking for cracked or pirated…
MosaicLoader Malware Targets Users Looking For Pirated Software on Latest Hacking News.
https://latesthackingnews.com/2021/07/23/mosaicloader-malware-targets-users-looking-for-pirated-software/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Oil Firm Saudi Aramco Suffered Data Breach – Data Put For Sale On Dark Web
A major oil company fueling a majority of global activities has now fallen prey to…
Oil Firm Saudi Aramco Suffered Data Breach – Data Put For Sale On Dark Web on Latest Hacking News.
https://latesthackingnews.com/2021/07/23/oil-firm-saudi-aramco-suffered-data-breach-data-put-for-sale-on-dark-web/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New Windows Print Spooler Zero-Day Bug Triggers Remote Attacks
It looks like the Print Spooler fiasco continues as more bugs surface online, triggering different…
New Windows Print Spooler Zero-Day Bug Triggers Remote Attacks on Latest Hacking News.
https://latesthackingnews.com/2021/07/23/new-windows-print-spooler-zero-day-bug-triggers-remote-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Comparis Disclosed Data Breach Following Ransomware Attack
Another firm has suffered a cybersecurity incident. The latest report comes from the Swiss price…
Comparis Disclosed Data Breach Following Ransomware Attack on Latest Hacking News.
https://latesthackingnews.com/2021/07/22/comparis-disclosed-data-breach-following-ransomware-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
You don't want to miss these 7 cybersecurity trends of 2021
Every year we are on the cutting edge when it comes to cybersecurity. No matter…
You don’t want to miss these 7 cybersecurity trends of 2021 on Latest Hacking News.
https://latesthackingnews.com/2021/07/22/you-dont-want-to-miss-these-7-cybersecurity-trends-of-2021/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Do you want to start building your website? Here are 6 helpful tips.
You want to start building your own website? Well, this is mostly done by professionals.…
Do you want to start building your website? Here are 6 helpful tips. on Latest Hacking News.
https://latesthackingnews.com/2021/07/22/do-you-want-to-start-building-your-website-here-are-6-helpful-tips/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Top 7 Cybersecurity Strategies For Startup Businesses
People are said to oftentimes imagine that the most prominent targets of cyber threats and…
Top 7 Cybersecurity Strategies For Startup Businesses on Latest Hacking News.
https://latesthackingnews.com/2021/07/22/top-7-cybersecurity-strategies-for-startup-businesses/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Schneider Electric Patched Security Bugs In EVlink Charging Stations
The multinational energy and automation digital solutions firm Schneider electric (SE) has disclosed some security…
Schneider Electric Patched Security Bugs In EVlink Charging Stations on Latest Hacking News.
https://latesthackingnews.com/2021/07/20/schneider-electric-patched-security-bugs-in-evlink-charging-stations/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Nasty macOS Malware XCSSET Now Targets Google Chrome, Telegram Software
A malware known for targeting macOS operating system has been updated once again to add more features to its toolset that allows it to amass and exfiltrate sensitive data stored in a variety of apps, including apps such as Google Chrome and Telegram, as part of further "refinements in its tactics."
XCSSET was uncovered in August 2020, when it was found targeting Mac developers using an unusual
https://thehackernews.com/2021/07/nasty-macos-malware-xcsset-now-targets.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Wake up! Identify API Vulnerabilities Proactively, From Production Back to Code
After more than 20 years in the making, now it's official: APIs are everywhere. In a 2021 survey, 73% of enterprises reported that they already publish more than 50 APIs, and this number is constantly growing.
APIs have crucial roles to play in virtually every industry today, and their importance is increasing steadily, as they move to the forefront of business strategies. This comes as no
https://thehackernews.com/2021/07/wake-up-identify-api-vulnerabilities.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Dutch Police Arrest Two Hackers Tied to "Fraud Family" Cybercrime Ring
Law enforcement authorities in the Netherlands have arrested two alleged individuals belonging to a Dutch cybercriminal collective who were involved in developing, selling, and renting sophisticated phishing frameworks to other threat actors in what's known as a "Fraud-as-a-Service" operation.
The apprehended suspects, a 24-year-old software engineer and a 15-year-old boy, are said to have been
https://thehackernews.com/2021/07/dutch-police-arrest-two-hackers-tied-to.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Kaseya Gets Universal Decryptor to Help REvil Ransomware Victims
Nearly three weeks after Florida-based software vendor Kaseya was hit by a widespread supply-chain ransomware attack, the company on Thursday said it obtained a universal decryptor to unlock systems and help customers recover their data.
<!--adsense-->
"On July 21, Kaseya obtained a decryptor for victims of the REvil ransomware attack, and we're working to remediate customers impacted by the
https://thehackernews.com/2021/07/kaseya-gets-universal-decryptor-to-help.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
APT Hackers Distributed Android Trojan via Syrian e-Government Portal
An advanced persistent threat (APT) actor has been tracked in a new campaign deploying Android malware via the Syrian e-Government Web Portal, indicating an upgraded arsenal designed to compromise victims.
"To the best of our knowledge, this is the first time that the group has been publicly observed using malicious Android applications as part of its attacks," Trend Micro researchers Zhengyu
https://thehackernews.com/2021/07/apt-hackers-distributed-android-trojan.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Reduce End-User Password Change Frustrations
Organizations today must give attention to their cybersecurity posture, including policies, procedures, and technical solutions for cybersecurity challenges.
This often results in a greater burden on the IT service desk staff as end-users encounter issues related to security software, policies, and password restrictions.
One of the most common areas where security may cause challenges for
https://thehackernews.com/2021/07/reduce-end-user-password-change.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Oracle Warns of Critical Remotely Exploitable Weblogic Server Flaws
Oracle on Tuesday released its quarterly Critical Patch Update for July 2021 with 342 fixes spanning across multiple products, some of which could be exploited by a remote attacker to take control of an affected system.
Chief among them is CVE-2019-2729, a critical deserialization vulnerability via XMLDecoder in Oracle WebLogic Server Web Services that's remotely exploitable without
https://thehackernews.com/2021/07/oracle-warns-of-critical-remotely.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Another Hacker Arrested for 2020 Twitter Hack and Massive Bitcoin Scam
A U.K. citizen has been arrested in the Spanish town of Estepona over his alleged involvement in the July 2020 hack of Twitter, resulting in the compromise of 130 high-profile accounts.
Joseph O'Connor, 22, has been charged with intentionally accessing a computer without authorization and obtaining information from a protected computer, as well as for making extortive communications. The Spanish
https://thehackernews.com/2021/07/another-hacker-arrested-for-2020.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Malicious NPM Package Caught Stealing Users' Saved Passwords From Browsers
A software package available from the official NPM repository has been revealed to be actually a front for a tool that's designed to steal saved passwords from the Chrome web browser.
The package in question, named "nodejs_net_server" and downloaded over 1,283 times since February 2019, was last updated seven months ago (version 1.1.2), with its corresponding repository leading to non-existent
https://thehackernews.com/2021/07/malicious-npm-package-caught-stealing.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
XLoader Windows InfoStealer Malware Now Upgraded to Attack macOS Systems
A popular malware known for stealing sensitive information from Windows machines has evolved into a new strain capable of also targeting Apple's macOS operating system.
The upgraded malware, dubbed "XLoader," is a successor to another well-known Windows-based info stealer called Formbook that's known to vacuum credentials from various web browsers, capture screenshots, record keystrokes, and
https://thehackernews.com/2021/07/xloader-windows-infostealer-malware-now.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Several New Critical Flaws Affect CODESYS Industrial Automation Software
Cybersecurity researchers on Wednesday disclosed multiple security vulnerabilities impacting CODESYS automation software and the WAGO programmable logic controller (PLC) platform that could be remotely exploited to take control of a company's cloud operational technology (OT) infrastructure.
The flaws can be turned "into innovative attacks that could put threat actors in position to remotely
https://thehackernews.com/2021/07/several-new-critical-flaws-affect.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
[eBook] A Guide to Stress-Free Cybersecurity for Lean IT Security Teams
Today's cybersecurity landscape is enough to make any security team concerned. The rapid evolution and increased danger of attack tactics have put even the largest corporations and governments at heightened risk. If the most elite security teams can't prevent these attacks from happening, what can lean security teams look forward to?
Surprisingly, leaner teams have a much greater chance than
https://thehackernews.com/2021/07/ebook-guide-to-stress-free.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New Windows and Linux Flaws Give Attackers Highest System Privileges
Microsoft's Windows 10 and the upcoming Windows 11 versions have been found vulnerable to a new local privilege escalation vulnerability that permits users with low-level permissions access Windows system files, in turn, enabling them to unmask the operating system installation password and even decrypt private keys.
The vulnerability has been nicknamed "SeriousSAM.""Starting with Windows 10
https://thehackernews.com/2021/07/new-windows-and-linux-flaws-give.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
16-Year-Old Security Bug Affects Millions of HP, Samsung, Xerox Printers
Details have emerged about a high severity security vulnerability affecting a software driver used in HP, Xerox, and Samsung printers that has remained undetected since 2005.
Tracked as CVE-2021-3438 (CVSS score: 8.8), the issue concerns a buffer overflow in a print driver installer package named "SSPORT.SYS" that can enable remote privilege and arbitrary code execution. Hundreds of millions of
https://thehackernews.com/2021/07/16-year-old-security-bug-affects.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
This New Malware Hides Itself Among Windows Defender Exclusions to Evade Detection
Cybersecurity researchers on Tuesday lifted the lid on a previously undocumented malware strain dubbed "MosaicLoader" that singles out individuals searching for cracked software as part of a global campaign.
"The attackers behind MosaicLoader created a piece of malware that can deliver any payload on the system, making it potentially profitable as a delivery service," Bitdefender researchers
https://thehackernews.com/2021/07/this-new-malware-hides-itself-among.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
US and Global Allies Accuse China of Massive Microsoft Exchange Attack
The U.S. government and its key allies, including the European Union, the U.K., and NATO, formally attributed the massive cyberattack against Microsoft Exchange email servers to state-sponsored hacking crews working affiliated with the People's Republic of China's Ministry of State Security (MSS).
In a statement issued by the White House on Monday, the administration said, "with a high degree of
https://thehackernews.com/2021/07/us-and-global-allies-accuse-china-of.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Researchers Warn of Linux Cryptojacking Attackers Operating from Romania
A threat group likely based in Romania and active since at least 2020 has been behind an active cryptojacking campaign targeting Linux-based machines with a previously undocumented SSH brute-forcer written in Golang.
Dubbed "Diicot brute," the password cracking tool is alleged to be distributed via a software-as-a-service model, with each threat actor furnishing their own unique API keys to
https://thehackernews.com/2021/07/researchers-warn-of-linux-cryptojacking.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Turns Out That Low-Risk iOS Wi-Fi Naming Bug Can Hack iPhones Remotely
The Wi-Fi network name bug that was found to completely disable an iPhone's networking functionality had remote code execution capabilities and was silently fixed by Apple earlier this year, according to new research.
The denial-of-service vulnerability, which came to light last month, stemmed from the way iOS handled string formats associated with the SSID input, triggering a crash on any
https://thehackernews.com/2021/07/turns-out-that-low-risk-ios-wi-fi.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Five Critical Password Security Rules Your Employees Are Ignoring
According to Keeper Security's Workplace Password Malpractice Report, many remote workers aren't following best practices for password security.
Password security was a problem even before the advent of widespread remote work. So, what happened post-pandemic? Keeper Security's Workplace Password Malpractice Report sought to find out.
In February 2021, Keeper surveyed 1,000 employees in the U.S.
https://thehackernews.com/2021/07/five-critical-password-security-rules.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Researcher Uncovers Yet Another Unpatched Windows Printer Spooler Vulnerability
Merely days after Microsoft sounded the alarm on an unpatched security vulnerability in the Windows Print Spooler service, possibly yet another zero-day flaw in the same component has come to light, making it the fourth printer-related shortcoming to be discovered in recent weeks.
"Microsoft Windows allows for non-admin users to be able to install printer drivers via Point and Print," CERT
https://thehackernews.com/2021/07/researcher-uncover-yet-another.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New Leak Reveals Abuse of Pegasus Spyware to Target Journalists Globally
A sweeping probe into a data leak of more than 50,000 phone numbers has revealed an extensive misuse of Israeli company NSO Group's Pegasus "military-grade spyware" to facilitate human rights violations by surveilling heads of state, activists, journalists, and lawyers around the world.
Dubbed the "Pegasus Project," the investigation is a collaboration by more than 80 journalists from a
https://thehackernews.com/2021/07/new-leak-reveals-abuse-of-pegasus.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
China's New Law Requires Vendors to Report Zero-Day Bugs to Government
The Cyberspace Administration of China (CAC) has issued new stricter vulnerability disclosure regulations that mandate software and networking vendors affected with critical flaws to mandatorily disclose them first-hand to the government authorities within two days of filing a report.
The "Regulations on the Management of Network Product Security Vulnerability" are expected to go into effect
https://thehackernews.com/2021/07/chinas-new-law-requires-researchers-to.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Instagram Launches 'Security Checkup' to Help Users Recover Hacked Accounts
Instagram earlier this week introduced a new "Security Checkup" feature that aims to keep accounts safe and help users—whose accounts may have been compromised—to recover them.
In order to gain access to accounts, users will be prompted to perform a series of steps, which include checking recent login activity, reviewing profile information, and updating contact details such as phone numbers or
https://thehackernews.com/2021/07/instagram-launches-security-checkup-to.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CloudFlare CDNJS Bug Could Have Led to Widespread Supply-Chain Attacks
Web infrastructure and website security company Cloudflare last month fixed a critical vulnerability in its CDNJS library that's used by 12.7% of all websites on the internet.
CDNJS is a free and open-source content delivery network (CDN) that serves about 4,041 JavaScript and CSS libraries, making it the second most popular CDN for JavaScript after Google Hosted Libraries.
The weakness
https://thehackernews.com/2021/07/cloudflare-cdnjs-bug-could-have-led-to.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Israeli Firm Helped Governments Target Journalists, Activists with 0-Days and Spyware
Two of the zero-day Windows flaws rectified by Microsoft as part of its Patch Tuesday update earlier this week were weaponized by an Israel-based company called Candiru in a series of "precision attacks" to hack more than 100 journalists, academics, activists, and political dissidents globally.
The spyware vendor was also formally identified as the commercial surveillance company that Google's
https://thehackernews.com/2021/07/israeli-firm-helped-governments-target.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Week in security with Tony Anscombe
URL shortener services distributing Android malware – Week in security with Tony Anscombe
The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
https://www.welivesecurity.com/videos/week-security-tony-anscombe-134/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Protecting the hybrid workplace through Zero Trust security
The Zero Trust architecture offers an increasingly popular way to minimize cyber-risk in a world of hybrid cloud, flexible working and persistent threat actors.
The post Protecting the hybrid workplace through Zero Trust security appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/07/23/protecting-hybrid-workplace-zero-trust-security/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Popular Wi‑Fi routers still using default passwords making them susceptible to attacks
To mitigate the chances of their Wi-Fi home routers being compromised, users would do well to change the manufacturer's default access credentials
The post Popular Wi‑Fi routers still using default passwords making them susceptible to attacks appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/07/22/popular-wi-fi-router-vulnerable-default-password-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cybercriminals may target 2020 Tokyo Olympics, FBI warns
Cybercriminals may target the popular event with ransomware, phishing, or DDoS attacks in a bid to increase their notoriety or make money
The post Cybercriminals may target 2020 Tokyo Olympics, FBI warns appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/07/21/cybercriminals-2020-tokyo-olympics-fbi/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Some URL shortener services distribute Android malware, including banking or SMS trojans
On iOS we have seen link shortener services pushing spam calendar files to victims' devices.
The post Some URL shortener services distribute Android malware, including banking or SMS trojans appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/07/20/url-shortener-services-android-malware-banking-sms-trojans/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Week in security with Tony Anscombe
Lessons to learn from the Kaseya cyberincident to protect your business' data when doing business with a MSP. Our best tips to keep you safe while streaming, and more.
The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
https://www.welivesecurity.com/videos/week-security-tony-anscombe-133/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google patches Chrome zero‑day vulnerability exploited in the wild
The newest update fixes a total of eight vulnerabilities affecting the desktop versions of the popular browser.
The post Google patches Chrome zero‑day vulnerability exploited in the wild appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/07/16/google-patches-chrome-zero-day-vulnerability-exploited-in-the-wild/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vacationing? How to avoid the cybersecurity blues
From securing your devices to avoiding public Wi-Fi hotspots for logging into apps we look at measures you can take to remain safe while this holiday season.
The post Vacationing? How to avoid the cybersecurity blues appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/07/16/vacations-cybersecurity-blues-tips/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Sports events and online streaming: prepare your cybersecurity
If you'll be watching Sports Streaming events on your SmartTV, laptop, tablet or cell phone, learn the tips to keep you and your personal data safe.
The post Sports events and online streaming: prepare your cybersecurity appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/07/15/sports-streaming-events-cybersecurity/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft Patch Tuesday fixes 13 critical flaws, including 4 under active attack
The latest Patch Tuesday brings a new batch of security updates addressing a total of 117 vulnerabilities
The post Microsoft Patch Tuesday fixes 13 critical flaws, including 4 under active attack appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/07/14/microsoft-patch-tuesday-july/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Choosing your MSP: What the Kaseya incident tells us about third‑party cyber‑risk
Lessons to learn from the Kaseya cyberincident to protect your business' data when doing business with a MSP.
The post Choosing your MSP: What the Kaseya incident tells us about third‑party cyber‑risk appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/07/13/msp-kaseya-incident-third-party-cyber-risk/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The hybrid workplace: What does it mean for cybersecurity?
How can organizations mitigate the risk of damaging cyberattacks while juggling the constantly changing mix of office and off-site workers?
The post The hybrid workplace: What does it mean for cybersecurity? appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/07/13/hybrid-workplace-what-does-mean-cybersecurity/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Week in security with Tony Anscombe
The Kaseya VST supply-chain attack impacts hundreds of companies – ESET discovers a new version of Bandook malware – How the ransomware business model works
The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
https://www.welivesecurity.com/videos/week-security-tony-anscombe-132/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft issues patch to fix PrintNightmare zero‑day bug
The out-of-band update fixes a remote code execution flaw affecting the Windows Print Spooler service
The post Microsoft issues patch to fix PrintNightmare zero‑day bug appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/07/08/microsoft-rushes-out-patch-fix-printnightmare-zero-day-bug/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ransomware: To pay or not to pay? Legal or illegal? These are the questions …
Caught between a rock and a hard place, many ransomware victims cave in to extortion demands. Here's what might change the calculus.
The post Ransomware: To pay or not to pay? Legal or illegal? These are the questions … appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/07/08/ransomware-pay-not-pay-legal-illegal-these-are-questions/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bandidos at large: A spying campaign in Latin America
ESET Research uncovers an active malicious campaign that uses new versions of old malware, Bandook, to spy on its victims
The post Bandidos at large: A spying campaign in Latin America appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/07/07/bandidos-at-large-spying-campaign-latin-america/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Kaseya supply‑chain attack: What we know so far
As news breaks about the supply-chain ransomware attack against Kaseya's IT management software, here's what we know so far
The post Kaseya supply‑chain attack: What we know so far appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/07/03/kaseya-supply-chain-attack-what-we-know-so-far/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Week in security with Tony Anscombe
Remembering John McAfee, an antivirus software pioneer – Beware these Facebook scams – Data for almost all LinkedIn users scraped and up for sale
The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
https://www.welivesecurity.com/videos/week-security-tony-anscombe-131/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Twitter now lets users set security keys as the only 2FA method
You can now secure your account with a physical security key as your sole 2FA method, without any additional 2FA option
The post Twitter now lets users set security keys as the only 2FA method appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/07/02/twitter-users-set-security-keys-only-2fa-method/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Global police shut down VPN service favored by cybercriminals
A global operation takes down the infrastructure of DoubleVPN and seizes data about its customers
The post Global police shut down VPN service favored by cybercriminals appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/06/30/global-police-vpn-service-cybercriminals/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Common Facebook scams and how to avoid them
Are you on Facebook? So are scammers. Here are some of the most common con jobs on Facebook you should watch out for and how you can tell if you're being scammed.
The post Common Facebook scams and how to avoid them appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/06/30/common-facebook-scams-how-avoid-them/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Data for 700 million LinkedIn users up for grabs on hacker forum
Information scraped from LinkedIn user profiles includes full names, gender, email addresses and phone numbers
The post Data for 700 million LinkedIn users up for grabs on hacker forum appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/06/29/data-700-million-linkedin-users-hacker-forum/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
In Memoriam: John McAfee
What was it like to work for, and be friends with, the technology entrepreneur back when he helped shape the computer security industry?
The post In Memoriam: John McAfee appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/06/28/in-memoriam-john-mcafee/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Week in security with Tony Anscombe
Telling state-backed hackers apart from cybercriminals – How to check if a website is safe – Gaming firms plagued by cyberattacks amid the pandemic
The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
https://www.welivesecurity.com/videos/week-security-tony-anscombe-130/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Gaming industry under siege from cyberattacks during pandemic
Cyberattacks targeting the gaming industry skyrocket, with web attacks more than tripling year-on-year in 2020
The post Gaming industry under siege from cyberattacks during pandemic appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/06/24/gaming-industry-under-siege-cyberattacks-pandemic/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Brave launches its own, privacy‑focused search engine
Brave's search engine takes on Google, promising to let users surf the web without leaving a trace
The post Brave launches its own, privacy‑focused search engine appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/06/23/brave-launches-own-privacy-focused-search-engine/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to tell if a website is safe
It can be difficult to tell a legitimate website apart from an unsafe one – follow these steps to identify and protect yourself from bad websites
The post How to tell if a website is safe appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/06/23/how-tell-if-website-is-safe/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
State‑sponsored or financially motivated: Is there any difference anymore?
What does the increasingly fuzzy line between traditional cybercrime and attacks attributed to state-backed groups mean for the future of the threat landscape?
The post State‑sponsored or financially motivated: Is there any difference anymore? appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/06/21/state-sponsored-financially-motivated-is-there-any-difference-anymore/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Week in security with Tony Anscombe
5 steps to take to minimize damage from a ransomware attack – The double-edged sword of OSINT – Watch out for vishing scams
The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
https://www.welivesecurity.com/videos/week-security-tony-anscombe-129/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
5 essential things to do before ransomware strikes
By failing to prepare you are preparing to fail – here's what you can do today to minimize the impact of a potential ransomware attack in the future
The post 5 essential things to do before ransomware strikes appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/06/18/5-essential-things-do-before-ransomware-strikes/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Most health apps engage in unhealthy data‑harvesting habits
Most medical and fitness apps in Google Play have tracking capabilities enabled and their data collection practices aren't transparent
The post Most health apps engage in unhealthy data‑harvesting habits appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/06/17/most-health-apps-engage-unhealthy-data-harvesting-habits/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
OSINT 101: What is open source intelligence and how is it used?
OSINT can be used by anyone, both for good and bad ends – here's how defenders can use it to keep ahead of attackers
The post OSINT 101: What is open source intelligence and how is it used? appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/06/16/osint-101-what-is-open-source-intelligence-how-is-it-used/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft takes down large‑scale BEC operation
The fraudsters ran their campaigns from the cloud and used phishing attacks and email forwarding rules to steal financial information
The post Microsoft takes down large‑scale BEC operation appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/06/15/microsoft-takes-down-large-scale-bec-operation/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vishing: What is it and how do I avoid getting scammed?
How do vishing scams work, how do they impact businesses and individuals, and how can you protect yourself, your family and your business?
The post Vishing: What is it and how do I avoid getting scammed? appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/06/14/vishing-what-is-it-how-avoid-getting-scammed/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Week in security with Tony Anscombe
ESET Research dissects campaigns by the Gelsemium and BackdoorDiplomacy APT groups – Hacking an orbiting satellite isn't necessarily the stuff of Hollywood
The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
https://www.welivesecurity.com/videos/week-security-tony-anscombe-128/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Tracking ransomware cryptocurrency payments: What now for Bitcoin?
Should we expect cybercriminals to ditch the pseudonymous cryptocurrency for other forms of payment that may be better at throwing law enforcement off the scent?
The post Tracking ransomware cryptocurrency payments: What now for Bitcoin? appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/06/11/tracking-ransomware-cryptocurrency-payments/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google fixes actively exploited Chrome zero‑day
The latest Chrome update patches a bumper crop of security flaws across the browser's desktop versions
The post Google fixes actively exploited Chrome zero‑day appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/06/10/google-fixes-actively-exploited-chrome-zero-day/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
BackdoorDiplomacy: Upgrading from Quarian to Turian
ESET researchers discover a new campaign that evolved from the Quarian backdoor
The post BackdoorDiplomacy: Upgrading from Quarian to Turian appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/06/10/backdoordiplomacy-upgrading-quarian-turian/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Gelsemium: When threat actors go gardening
ESET researchers shed light on new campaigns from the quiet Gelsemium group
The post Gelsemium: When threat actors go gardening appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/06/09/gelsemium-when-threat-actors-go-gardening/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hundreds of suspected criminals arrested after being tricked into using FBI‑run chat app
Law enforcement around the world used a messaging app called AN0M to monitor the communications of alleged criminals
The post Hundreds of suspected criminals arrested after being tricked into using FBI‑run chat app appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/06/08/hundreds-arrested-tricked-using-fbi-run-chat-app/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hacking space: How to pwn a satellite
Hacking an orbiting satellite is not light years away – here's how things can go wrong in outer space
The post Hacking space: How to pwn a satellite appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/06/07/hacking-space-how-pwn-satellite/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Week in security with Tony Anscombe
New ESET Threat Report is out – How to deal with online trolls – Teens, beware these 5 common scams
The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
https://www.welivesecurity.com/videos/week-security-tony-anscombe-127/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Zero‑day in popular WordPress plugin exploited to take over websites
Websites using Fancy Product Designer are susceptible to remote code execution attacks even if the plugin is deactivated
The post Zero‑day in popular WordPress plugin exploited to take over websites appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/06/03/zero-day-popular-wordpress-plugin-exploited-take-over-websites/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ESET Threat Report T 1 2021
A view of the T 1 2021 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts
The post ESET Threat Report T 1 2021 appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/06/03/eset-threat-report-t12021/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
5 common scams targeting teens – and how to stay safe
From knock-off designer products to too-good-to-be-true job offers, here are five common schemes fraudsters use to trick teenagers out of their money and sensitive data
The post 5 common scams targeting teens – and how to stay safe appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/06/01/5-common-scams-targeting-teens-how-stay-safe/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Don't feed the trolls and other tips for avoiding online drama
You may not be able to escape internet trolls, but you have a choice about how you will deal with them – here's how you can handle trolls without losing your cool
The post Don't feed the trolls and other tips for avoiding online drama appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/05/31/dont-feed-trolls-tips-avoiding-online-drama/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Week in security with Tony Anscombe
You, too, may be vulnerable to SIM swap attacks – How to defend yourself against rom-cons – Zero day in macOS allowed malware to take secret screenshots
The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
https://www.welivesecurity.com/videos/week-security-tony-anscombe-126/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
I hacked my friend's website after a SIM swap attack
Here's how easily your phone number could be stolen, why a successful SIM swap scam is only the beginning of your problems, and how you can avoid becoming a victim of the attack
The post I hacked my friend's website after a SIM swap attack appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/05/27/i-hacked-friends-website-sim-swap-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bluetooth bugs could allow attackers to impersonate devices
Patches to remedy the vulnerabilities should be released over the coming weeks
The post Bluetooth bugs could allow attackers to impersonate devices appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/05/26/bluetooth-bugs-allow-attackers-impersonate-devices/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Apple fixes macOS zero‑day bug that let malware take secret screenshots
You would do well to update to macOS Big Sur 11.4 post-haste
The post Apple fixes macOS zero‑day bug that let malware take secret screenshots appeared first on WeLiveSecurity
https://www.welivesecurity.com/2021/05/25/apple-macos-zero-day-malware-screenshots/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What We Can Learn From Recent Ransomware Attacks
What can we learn from recent ransomware attacks where bad actors like REvil made over 0 million in 2020 alone? Organizations may have effective security but still fall prey to attacks due to supplier system vulnerabilities. Learn how you can use VDPs and hacker-powered security to stay safe.
https://www.hackerone.com/blog/what-we-can-learn-recent-ransomware-attacks
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to Use HackerOne and PagerDuty to Identify When Vulnerabilities Need Action
Organizations rely on security testing to identify vulnerabilities, but how do they know when a vulnerability is critical and needs immediate attention? HackerOne and PagerDuty partnered to create a workflow automation integration that identifies when critical vulnerabilities need action minimizing cyber risk and remediation time.
https://www.hackerone.com/blog/hackerone-and-pagerduty-partner-identify-when-vulnerabilities-need-action
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What Are Bug Bounties? How Do They Work? [With Examples]
Looking for bug bounty examples? We'll explain what bug bounties are, and show you how they work step-by-step using examples of actual bug bounties.
https://www.hackerone.com/blog/what-are-bug-bounties-how-do-they-work-examples
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How the Industry's First Hacker-Powered API Helps Hackers Automate Workflows
Today, HackerOne is launching the industry's first hacker API. This release is now out of beta and is available to the hacker community. It includes a collection of API endpoints that help automate common workflow tasks. In the past, hackers had to use the UI to complete repetitive tasks on the platform, with no supported mechanism to script or automate their workflows. With the new API, hackers can increase productivity and allocate more time towards creative bug hunting.
https://www.hackerone.com/blog/how-industrys-first-hacker-powered-api-helps-hackers-automate-workflows
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How HackerOne Positively Influences Zebra's Software Development Life Cycle
https://www.hackerone.com/blog/how-hackerone-positively-influences-zebras-software-development-life-cycle
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Top Cybersecurity Principles Every Board Member Must Know
https://www.hackerone.com/blog/top-top-cybersecurity-principles-every-board-member-must-know
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bug Bounty vs. CTF [Understanding Differences & Benefits]
Trying to understand the difference between a bug bounty vs. CTF? We explain the differences, the similarities, and the benefits of each.
https://www.hackerone.com/blog/bug-bounty-vs-ctf-understanding-differences-benefits
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bug Bounty vs. Penetration Testing: Differences Explained
Companies offer ongoing bug bounties to freelance ethical hackers to discover security vulnerabilities. Alternatively, penetration testing is a scheduled test of a system's security to identify weaknesses and vulnerabilities.
https://www.hackerone.com/blog/bug-bounty-vs-penetration-testing-differences-explained
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HackerOne in DevSecOps
Hundreds of HackerOne customers use our platform in their application security processes. For the most part, these are organizations using bug bounty to find vulnerabilities in their deployed applications. But there is so much more that we can do for development teams
https://www.hackerone.com/blog/hackerone-devsecops-0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What is Vulnerability Scanning? [And How to Do It Right]
Vulnerability scanning helps companies identify possible ways an attacker could exploit vulnerabilities that might cause outages, allow unauthorized network access, or acquisition of privileged information. Outdated software products, unpatched operating systems, and misconfigured hardware often lead to vulnerabilities.
https://www.hackerone.com/blog/what-vulnerability-scanning-and-how-do-it-right-0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How HackerOne and GitHub Now Work Better Together
https://www.hackerone.com/blog/how-hackerone-and-github-now-work-better-together
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Citrix's Hacker-Powered Security Growth Plan: Q&A with Abhijith Chandrashekar
We recently sat down with Abhijith Chandrashekar, PSIRT Manager at Citrix, to discuss why Citrix continues to expand their bug bounty program and learn about their cloud security and scope expansion plans. Read on to see what he had to say.
https://www.hackerone.com/blog/citrixs-hacker-powered-security-growth-plan-qa-abhijith-chandrashekar
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How Hackers Can Help Reduce Your Organization's Application Risk on AWS
HackerOne recently hosted AWS and a panel of expert ethical hackers to discuss how Server-Side Request Forgery (SSRF) vulnerabilities and cloud misconfiguration are ripe environments for hackers to discover vulnerabilities and improve their skills. In addition, they both represent significant and multi-layered security risks for many organizations.
https://www.hackerone.com/blog/how-hackers-can-help-reduce-your-organizations-application-risk-aws
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What is Penetration Testing? How Does It Work Step-by-Step?
Penetration testing, aka pen testing or ethical hacking, attempts to attempt to breach a system's security for the purpose of vulnerability identification. Testing is done in an authorized and structured manner to report and rectify so that weaknesses can be reported and rectified.
https://www.hackerone.com/blog/what-penetration-testing-how-does-it-work-step-step-0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
60 days of insights from the DoD's Defense Industrial Base Vulnerability Disclosure Program Pilot
It's been 60 days since the DoD's Defense Industrial Base Vulnerability Disclosure Program (DIB-VDP) pilot launched. In this blog, DC3 and HackerOne sit down to talk about the pilot's early successes, learnings to date, and their goals for the future.
https://www.hackerone.com/blog/60-days-insights-dods-defense-industrial-base-vulnerability-disclosure-program-pilot-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Announcing Hack the Army 3.0 Results: A Conversation with Defense Digital Service, U.S. Army, and Hack the Army 3.0's Top Hacker
HackerOne sat down with DDS and Army program leaders and one of the security researchers who hacked the Army. We discussed why Hack the matters, the results that were uncovered in Hack the Army 3.0, and their plans for the future of cybersecurity within the DoD and the U.S. Military. Read on to see what they had to say.
https://www.hackerone.com/blog/announcing-hack-army-30-results-conversation-defense-digital-service-us-army-and-hack-army-0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Build a Resilient Security Posture with Vulnerability Intelligence and Cybersecurity Ratings
Reducing risk is the fundamental reason organizations invest in cybersecurity. As the threat landscape grows and evolves, organizations need a proactive approach to building and protecting their security posture.
https://www.hackerone.com/blog/build-resilient-security-posture-vulnerability-intelligence-and-cybersecurity-ratings
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hack Hard. Have Fun. Increase Security
In March, Amazon sponsored HackerOne's 10-day, virtual hacking event, which attracted more than 50 security researchers to identify potential vulnerabilities across Amazon's core assets. Read on for highlights from the event.
https://www.hackerone.com/blog/hack-hard-have-fun-increase-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How Digital Transformation Changes An Organization's Security Challenges
Last week, HackerOne joined WhiteSource, AWS, and IGT for a roundtable discussion about the new security challenges of digital transformation. The panel discussed cloud security, software supply chain security, and vulnerability disclosure programs as examples of proactive approaches organizations can take to mitigate their risk.
https://www.hackerone.com/blog/how-digital-transformation-changes-organizations-security-challenges
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft Says: Russian SolarWinds Hackers Hit U.S. Government Agencies Again
Microsoft says the state-backed Russian hacker group Nobelium—the same actor behind the 2020 SolarWinds attacks—took control of the State Department's United States Agency for International Development email system. This bold attack, expected to be ongoing, breached federal government supplier systems sending out official-looking emails to over 3,000 accounts across more than 150 organizations.
https://www.hackerone.com/blog/microsoft-says-russian-solarwinds-hackers-hit-us-government-agencies-again
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Spotlight on the Server-Side
Server-side request forgery (or SSRF) vulnerabilities are particularly dangerous because they can lead to total system compromise. Discover where they're most common, explore real-world examples, and learn prevention tips from hackers.
https://www.hackerone.com/blog/spotlight-server-side
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Time to Issue Your Own Cyber Executive Order
Last week's U.S. Presidential Executive Order underscores the critical status of #cybersecurity in the U.S. Today, HackerOne CEO Marten Mickos shares his perspective on how private sector CEOs should take action and make security a collective internal priority for organizations.
https://www.hackerone.com/blog/time-issue-your-own-cyber-executive-order
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Celebrating todayisnew with the 100K CTF, AMA, and Giveaway
Todayisnew is currently at the top of our global leaderboard with 100,000+ reputation points, and we're celebrating this record-breaking milestone with an AMA, CTF, and giveaway! Read on to find out more.
https://www.hackerone.com/blog/celebrating-todayisnew-100k-ctf-ama-and-giveaway
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hacker Spotlight AMA: ralamosm
Hacking veteran @ralamosm has been in the business of bug hunting for 20+ years. In this week's Hacker Spotlight, he dives into his hacking journey and provides inspiration on living up to your hacking potential.
https://www.hackerone.com/blog/hacker-spotlight-ama-ralamosm
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
So This Is How They Tell Me The World Ends?
I was still digesting last week's fascinating roundtable with Nicole Perlroth, cybersecurity journalist and author of This Is How They Tell Me The World Ends, when the news broke that the US's biggest fuel pipeline had been taken out by a ransomware attack. Nicole's closing prediction that cyber criminals, emboldened by their success in targeting hospitals with ransomware, would move onto other critical infrastructure, was coming true before my eyes.
https://www.hackerone.com/blog/so-how-they-tell-me-world-ends
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What To Do When You Don't Know You've Been Compromised
On World Password Day, I'm not going to talk about passwords. At the end of last year, HackerOne ran an exclusive campaign with a select group of hackers in which we challenged them to look for information exposures for 11 customers. The data found by the hackers included everything from passwords and authentication tokens to sensitive documents. No matter how secure your passwords are, your data is out there in different clouds and across various third-party vendors — it's only a matter of time before a leak puts your brand at risk.
https://www.hackerone.com/blog/what-do-when-you-dont-know-youve-been-compromised
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The 5 Secrets Of A Mature Vulnerability Management Program
During HackerOne's recent series of webinars, we caught up with Matt Southworth, CISO of Priceline, and Matt Adams, Global Security Architect at Costa Coffee, to learn their 5 secrets to building a highly effective vulnerability management program.
https://www.hackerone.com/blog/5-secrets-mature-vulnerability-management-program
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Saxo Bank Celebrates One Year of Bug Bounties: Q&A with CISO Mads Syska Hasling
One year after launching their private bug bounty program on HackerOne, we sat down with financial services provider Saxo Bank's CISO, Mads Syska Hasling, to get his insights and learnings from 12 months with a bug bounty program. Read on to see how Saxo Bank thinks about digital security as a non-negotiable for their customers and partners, how bug bounty fits into the broader security program, and advice to other CISOs and stakeholders on leveraging hacker-powered security.
https://www.hackerone.com/blog/saxo-bank-celebrates-one-year-bug-bounties-qa-ciso-mads-syska-hasling-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hacker Spotlight AMA: Wolf101
Hacker @Wolf101 shares his predictions on the future of bug bounties and tips on getting started.
https://www.hackerone.com/blog/hacker-spotlight-ama-wolf101
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How HackerOne Helps the Vulnerability Management Process
HackerOne sees vulnerability management as a process combining software tools and security analyst actions to reduce risk. In many cases, successful Vulnerability Management requires a joint effort between security operations, who find vulnerabilities, and IT operations responsible for fixing, or patching, vulnerabilities.
https://www.hackerone.com/blog/how-hackerone-helps-vulnerability-management-process-2
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A Security Engineer and Hacker Share Their Experiences with Security Assessments
A few weeks ago, HackerOne and PortSwigger teamed up to shine a light on the innovative ways that customers and security analysts are scaling risk assessments. Read on for key learnings.
https://www.hackerone.com/blog/security-engineer-and-hacker-share-their-experiences-security-assessments
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hacker Spotlight AMA: debsec
Chilean hacker @debsec shares his secrets to program selection and the best way to choose your scope in this week's Hacker Spotlights.
https://www.hackerone.com/blog/hacker-spotlight-ama-debsec
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HackerOne Product Enhancements Help Detect, Remediate, and Analyze Cloud Misconfigurations
HackerOne has rolled out new product features to secure cloud workloads, investigate and respond to vulnerability trends, and answer auditors' questions all in one place. Read on for details!
https://www.hackerone.com/blog/hackerone-product-enhancements-help-detect-remediate-and-analyze-cloud-misconfigurations
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why we sold our founding vulnerability as an NFT
HackerOne sold our founding vulnerability as an NFT and donated the proceeds — 3.3 ETH / ,086.19 — to Hack the Hood. Read on to learn why!
https://www.hackerone.com/blog/why-we-sold-our-founding-vulnerability-nft-0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hacker Spotlight AMA: none_of_the_above
This week's Hacker Spotlight features @none_of_the_above, a Latin American hacker who shares his tips to succeed in cybersecurity.
https://www.hackerone.com/blog/hacker-spotlight-ama-noneoftheabove
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Reddit's Public Bug Bounty Program Kicks Off: Q&A with Reddit's Allison Miller and Spencer Koch, and top program hacker @renekroka
HackerOne sat down with Reddit's CISO and VP of Trust, resident Security Wizard, and top hacker to discover the secrets to Reddit's bug bounty success, explore their goals and key results, delve into how they use hackers to scale security across software development, and gain a unique perspective about what it's like to hack one of the world's leading social networks.
https://www.hackerone.com/blog/reddits-public-bug-bounty-program-kicks-qa-reddits-allison-miller-and-spencer-koch-and-top
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hacker Spotlight AMA: niemand_sec
Pentester, independent consultant and bug hunter, @niemand_sec is featured in this week's edition of Hacker Spotlights.
https://www.hackerone.com/blog/hacker-spotlight-ama-niemandsec
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Security@ 2021 Call for Speakers is Open
HackerOne's global hacker-powered security conference, Security@, is back for its fifth year. This year's virtual event will take place September 20, 2021. The call for speakers is now open! You have until May 15, 2021, to submit your talk.
https://www.hackerone.com/blog/security-2021-call-speakers-open
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hacker Spotlight: Interview with edduu
Latin America hacker, @edduu shares his in-depth thinking on how to maximize reports for larger bounty earnings and what it means to be a hacker in Latin America.
https://www.hackerone.com/blog/hacker-spotlight-interview-edduu
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Rise of IDOR
Insecure Direct Object References (or IDOR) is a simple bug that packs a punch. Discover where they're most common, explore real-world examples, and learn prevention tips from hackers.
https://www.hackerone.com/blog/rise-idor
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hacker Spotlight: Interview with manoelt
Brazillian CTF player and hacker, @maneolt is featured in this week's Hacker Spotlight.
https://www.hackerone.com/blog/hacker-spotlight-interview-manoelt
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hacker Spotlight: Interview with p3rr0
Latin America based hacker, @p3rr0 shares his story from not knowing about bug bounties to making an income.
https://www.hackerone.com/blog/hacker-spotlight-interview-p3rr0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hacker Spotlight: Interview with Samux
Hacker from Santiago, Chile shares his journey in pentesting and bug bounties in this edition of Hacker Spotlights.
https://www.hackerone.com/blog/hacker-spotlight-interview-samux
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Discovering Three Personas within the Hacker Community
With over one million hackers making up the HackerOne community, there's more diversity of skill, approach, and personality than any security team in the world. At the launch of the 2021 Hacker Report, we catch up with three hackers, representing three very different approaches to hacking: the pentester, the VDP hacker and the bounty hunter.
https://www.hackerone.com/blog/discovering-three-personas-within-hacker-community
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hacker Spotlight: Interview with bugdiscloseguys
Your neighborhood hacker as he claims himself, @bugdiscloseguys is featured in this week's Hacker Spotlight blog post series.
https://www.hackerone.com/blog/hacker-spotlight-interview-bugdiscloseguys
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Commerce Giant Shopify Kicks Off 2021 with HackerOne (Virtual) Live Hacking Event: h1-2102
HackerOne's first virtual live hacking event of the year kicked off with Shopify in January 2021. Read this blog post to learn more about how Shopify builds relationships with hackers through live events like h1-2102, and find out who the award winners are.
https://www.hackerone.com/blog/commerce-giant-shopify-kicks-2021-hackerone-virtual-live-hacking-event-h1-2102
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hacker Spotlight: Interview with Geekboy
“Always be curious about what you're trying to learn.” @Geekboy is featured in this week's Hacker Spotlight sharing his background and insights on hacking and bug bounties.
https://www.hackerone.com/blog/hacker-spotlight-interview-geekboy
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Rise of Misconfiguration and Supply Chain Vulnerabilities
The vulnerability of supply chains has been top of mind since the SolarWinds attack, which still dominates headlines, but last week's Singtel breach also reflects the rise of breaches triggered by misconfiguration vulnerabilities.
https://www.hackerone.com/blog/rise-misconfiguration-and-supply-chain-vulnerabilities
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hacker Spotlight: Interview with dkd
This week's hacker spotlight features @dkd, a generally private hacker who was excited to share his experience!
https://www.hackerone.com/blog/hacker-spotlight-interview-dkd
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hacker Spotlight: Interview with notnaffy
Entrepreneur and hacker, @notnaffy talks about his journey in hacking through the years and his methodologies. Read this epic Q&A in this week's hacker spotlights!
https://www.hackerone.com/blog/hacker-spotlight-interview-notnaffy
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
2020 Hacker Community Year in Review
From CTF's to virtual live hacking events and more, check out this recap of the initiatives HackerOne hosted for the hacker community in 2020.
https://www.hackerone.com/blog/2020-hacker-community-year-review
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hacker Spotlight: Interview with hazimaslam
This week's hacker spotlight, we virtually travel to Pakistan to get to know @hazimaslam and how he hacks and his motivations to continue hacking.
https://www.hackerone.com/blog/hacker-spotlight-interview-hazimaslam
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Announcing The Hacker of The Hill
https://www.hackerone.com/blog/announcing-hacker-hill
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hacker Spotlight: Interview with pnig0s
Detailed, meticulous and precise. @pnig0s shares his hacking style and successes from his bug bounty experience in this latest Hacker Spotlight.
https://www.hackerone.com/blog/hacker-spotlight-interview-pnig0s
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
5 Learnings From A Conversation With OP Financial Group's CISO And @mrtuxracer
On 20 January, HackerOne's CEO, Marten Mickos, sat down for a chat with European hacker, Julien Ahrens a.k.a @mrtuxracer, and Teemu Ylhäisi, CISO at OP Financial Group. The discussion ranged from the recent SolarWinds attacks to the best way to prevent phishing. Here are our top takeaways from the webinar.
https://www.hackerone.com/blog/5-learnings-conversation-op-financial-groups-ciso-and-mrtuxracer
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hacker Spotlight: Interview with filedescriptor
“It's challenging and rewarding, and I get to help companies become more secure. It's challenging and rewarding, and I get to help companies become more secure.” Read this week's Hacker Spotlight on filedescriptor.
https://www.hackerone.com/blog/hacker-spotlight-interview-filedescriptor
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hacker Spotlight: Interview with samengmg
Read about @samengmg and his self-taught bug bounty experience hacking the Singaporean government and huge global corporations.
https://www.hackerone.com/blog/hacker-spotlight-interview-samengmg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
LINE on Securing the Application Development Lifecycle with Bug Bounties
HackerOne has a large hacker community and the platform necessary to operate LINE's bug bounty program. By using HackerOne's platform and welcoming the community, LINE can increase operational efficiency. Through the partnership with HackerOne, we can share new bugs and learn from the vulnerability trends on the Platform while also getting a guide that helps us create a successful bug bounty program.
https://www.hackerone.com/blog/line-securing-application-development-lifecycle-bug-bounties
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What Years of AWS Hacking Tells Us About Building Secure Apps
Years of AWS bug bounties have exposed SSRF vulnerabilities, misconfigurations, and dangling DNS records. What can we learn from these vulnerabilities about mitigating risk?
https://www.hackerone.com/blog/what-years-aws-hacking-tell-us-about-building-secure-apps
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hacker Spotlight: Interview with jin0ne
We kick off this year's hacker spotlight with @jin0ne from Shanghai with over 200 valid vulnerabilities submitted. Read more about him in this newest blog post.
https://www.hackerone.com/blog/hacker-spotlight-interview-jin0ne
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hacker Spotlight: Interview with benteveo
From developer to founder, father and hacker, read about this week's hacker spotlight on @benteveo.
https://www.hackerone.com/blog/hacker-spotlight-interview-benteveo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Grab Celebrates 5 Years on HackerOne
"Just five years ago, leading rideshare, food delivery, and payments company Grab, became one of the first companies in Southeast Asia to implement a hacker-powered security program. In just three years Grab became one of the Top 20 bug bounty programs on HackerOne worldwide."
https://www.hackerone.com/blog/grab-celebrates-5-years-hackerone
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HackerOne Policies Update
HackerOne's Policies Received Updates - check them out now!
https://www.hackerone.com/blog/hackerone-policies-update
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The World's Largest Live Hacking Event
HackerOne and The Paranoids partnered to bring you the largest live hacking event in the world
https://www.hackerone.com/blog/worlds-largest-live-hacking-event
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hacker Spotlight: Interview with tolo7010
Tolo7010 takes the hacker spotlight this week - learn about his story.
https://www.hackerone.com/blog/hacker-spotlight-interview-tolo7010
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Quantifying Risk: How do you measure success in security?
When your job is all about avoiding costly incidents and mistakes, it's hard to put a dollar value on your work. At HackerOne's recent Security@ conference, Slack and Hyatt's CISOs sat down for a chat about their challenges and the hacks they use to quantify risk:
https://www.hackerone.com/blog/quantifying-risk-how-do-you-measure-success-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
12 Days of Hacky Holidays CTF
https://www.hackerone.com/blog/12-days-hacky-holidays-ctf
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
VDPs are at the Heart of the Australian Cyber Security Centre's Recommendations
https://www.hackerone.com/blog/vdps-are-heart-australian-cyber-security-centres-recommendations
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hacker Spotlight: Interview with jensec
Security and finance enthusiast, @jensec is featured in this week's hacker spotlight talking about his passion for cybersecurity and why he hacks.
https://www.hackerone.com/blog/hacker-spotlight-interview-jensec
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HackerOne Joins AWS Marketplace as Cloud Vulnerabilities Rise
HackerOne reveals the most common and critical vulnerabilities found in cloud infrastructure and announces its debut in AWS Marketplace.
https://www.hackerone.com/blog/hackerone-joins-aws-marketplace-cloud-vulnerabilities-rise
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Announcing the HackerOne Brand Ambassadors
Announcing the first group of Hacker Brand Ambassadors who will lead hackers in their local area.
https://www.hackerone.com/blog/announcing-hackerone-brand-ambassadors
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hacker Spotlight: Interview with bagipro
Take a look in this week's hacker spotlight on @bagipro, bug bounty hunger and founder of Oversecured.
https://www.hackerone.com/blog/hacker-spotlight-interview-bagipro
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
US Government Mandates Vulnerability Disclosure for IoT
https://www.hackerone.com/blog/us-government-mandates-vulnerability-disclosure-iot
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hacker Spotlight: Interview with insiderphd
PhD Student and bug bounty hunter Katie Paxton-Fear talks about her story of defense and security starting with the first time we met her in London.
https://www.hackerone.com/blog/hacker-spotlight-interview-insiderphd
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hacker Spotlight: Interview with fisher
Half hacker, half daydreamer @fisher shares his insight as a hacker - how he got here, what he hacks on and why he does it.
https://www.hackerone.com/blog/hacker-spotlight-interview-fisher
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Announcing new leaderboards: More ways to engage, compete and win
https://www.hackerone.com/blog/announcing-new-leaderboards-more-ways-engage-compete-and-win
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hacker Spotlight: Interview with putsi
Finnish hacker, putsi, takes on this week's hacker spotlight sharing how he got into cybersecurity.
https://www.hackerone.com/blog/hacker-spotlight-interview-putsi
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HackerOne is Excited to Launch Triage Ratings for Customers and Hackers
https://www.hackerone.com/blog/hackerone-excited-launch-triage-ratings-customers-and-hackers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
NIST Overhauls “Security and Privacy Controls” and Emphasizes VDP as a Best Practice
https://www.hackerone.com/blog/nist-overhauls-security-and-privacy-controls-publication-heres-what-you-need-know
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hacker Spotlight: Interview with yassineaboukir
This week's hacker spotlight showcases Yassine Aboukir who doesn't stop adventure both on his computer and his life.
https://www.hackerone.com/blog/hacker-spotlight-interview-yassineaboukir
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Snap's Security Team on Nearly 6 Years of Collaborating with Hackers
https://www.hackerone.com/blog/snaps-security-team-nearly-6-years-collaborating-hackers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Organizations Paid Hackers .5 Million for These 10 Vulnerabilities in One Year
HackerOne report reveals cross-site scripting, improper access control, and information disclosure top list of most common and impactful vulnerabilities
https://www.hackerone.com/blog/organizations-paid-hackers-235-million-these-10-vulnerabilities-one-year-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hacker Spotlight: Interview with MrTuxRacer
German hacker, Julien Ahrens or @mrtuxracer tells us how he got started in security and what it's like to be a full time bug bounty hunter.
https://www.hackerone.com/blog/hacker-spotlight-interview-mrtuxracer
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HackerOne Expands Integrations Ecosystem to Connect and Defend Customers
https://www.hackerone.com/blog/hackerone-expands-integrations-ecosystem-connect-and-defend-customers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hacker Spotlight: Interview with inhibitor181
From a full-stack developer to a million-dollar hacker, read this week's hacker spotlight of @inhibitor181 and his motivating story.
https://www.hackerone.com/blog/hacker-spotlight-interview-inhibitor181
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hacker Spotlight: Interview with arneswinnen
Read this week's Hacker Spotlight featuring Belgium @arneswinnen on how he became a full time bug bounty hunter and why he hacks for good.
https://www.hackerone.com/blog/hacker-spotlight-interview-arneswinnen
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HackerOne Integrates with ServiceNow to Streamline Vulnerability Lifecycle Management
We're excited to announce our integration with ServiceNow Incident Management. This integration allows customers to escalate vulnerability reports with ServiceNow incidents and synchronize any updates in the vulnerability workflow that happen in ServiceNow or HackerOne.
https://www.hackerone.com/blog/hackerone-integrates-servicenow-streamline-vulnerability-lifecycle-management
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hacker Spotlight: Interview with albinowax
We hear from PortSwigger's Director of Research on why he enjoys hacking.
https://www.hackerone.com/blog/hacker-spotlight-interview-albinowax
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AT&T Celebrates Million Awarded to Hackers in One Year
AT&T recently celebrated its first anniversary on HackerOne, passing million in payouts to more than 850 researchers worldwide. Read on to learn more about their program and successes over the last year.
https://www.hackerone.com/blog/att-celebrates-1-million-awarded-hackers-one-year
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hacker Spotlight: Interview with ajxchapman
From pentester to full time bug bounty hunter, read about @ajxchapman and his story behind hacking.
https://www.hackerone.com/blog/hacker-spotlight-interview-ajxchapman
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Introducing the 4th Annual Hacker-Powered Security Report
https://www.hackerone.com/blog/introducing-4th-annual-hacker-powered-security-report
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
H1-2010 FAQ's
FAQ's from HackerOne's biggest virtual live hacking event with The Paranoids from Verizon Media, H1-2010.
https://www.hackerone.com/blog/h1-2010-faqs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hacker Spotlight: Interview with bitK
Puzzle master and bug bounty hunter @bitK is featured on this week's Hacker Spotlight to share his story.
https://www.hackerone.com/blog/hacker-spotlight-interview-bitk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Disclosure is Now Mandatory for Federal Agencies - Here's How to Make it Happen
https://www.hackerone.com/blog/federal-agencies-directed-quickly-publish-vdps-5-steps-make-it-happen-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Smartsheet Celebrates One Year with HackerOne
To mark Smartsheet's one-year anniversary with HackerOne, we sat down with Nolan Gibb, Information Security Engineer at Smartsheet, to discuss how bug bounties enable his team to scale and collaborate with software developers to create more secure products.
https://www.hackerone.com/blog/smartsheet-celebrates-one-year-hackerone-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HackerOne Rolls Out Pentest Review System for Customers and Pentesters
https://www.hackerone.com/blog/hackerone-rolls-out-pentest-review-system-customers-and-pentesters
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hacker Spotlight: Interview with honoki
Bug bounty hunter and security consultant Pieter or @honoki is featured on this week's Hacker Spotlight to talk about programs and what makes them exciting.
https://www.hackerone.com/blog/hacker-spotlight-interview-honoki
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Are Election Hacking Fears Driving Voters To The Polls?
If people fear that the American electoral infrastructure could be hacked, will they withhold their votes in November? Not according to research commissioned by HackerOne.
https://www.hackerone.com/blog/are-election-hacking-fears-driving-voters-polls
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hacker Spotlight: Interview with dki
Mobile security research engineer and bug bounty hacker Dawn Isabel is featured in this week's Hacker Spotlight.
https://www.hackerone.com/blog/hacker-spotlight-interview-dki
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hacker Spotlight: Interview with mayonaise
@mayonaise is the embodiment of our rallying cry to hack for good. Read this week's Hacker Spotlight AMA blog post about Jon Colston's impact on the world of bug bounties.
https://www.hackerone.com/blog/hacker-spotlight-interview-mayonaise
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Become a HackerOne Brand Ambassador
Announcing the Hacker Brand Ambassador Program: lead hackers in your city, get exclusive perks, further your career.
https://www.hackerone.com/blog/become-hackerone-brand-ambassador
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
National University of Singapore Taps Students to Hack for Good
In an inaugural InterUni Bug Bounty Challenge jointly organized by the National University of Singapore (NUS) and Singapore Management University (SMU) from 12 August to 9 September 2020, students and staff from the two universities will get to hone their hacking skills by looking for vulnerabilities (or ‘bugs') across the digital assets of their respective universities in exchange for monetary rewards, or bounties.
To kick off the InterUni Bug Bounty Challenge, we sat down with NUS Chief Information Technology Officers Tommy Hor to learn more about the Challenge, why cybersecurity is so important to educational institutions like NUS, and more.
https://www.hackerone.com/blog/national-university-singapore-taps-students-hack-good
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Recap of h@cktivitycon 2020
HackerOne's first-ever hacker conference, h@cktivitycon streamed from Twitch on Friday, July 31st - August 1st, 2020 recapped in this blog post.
https://www.hackerone.com/blog/recap-hcktivitycon-2020
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hacker Spotlight: Interview with todayisnew
Hear from the top hacker ranked number 1 on the all-time HackerOne leaderboard, @todayisnew in this week's Hacker Spotlight AMA Blog Post.
https://www.hackerone.com/blog/hacker-spotlight-interview-todayisnew
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hacker Spotlight: Interview with dawgyg
Million dollar hacker, @dawgyg answers this week's Q&A on his thoughts behind bug bounties.
https://www.hackerone.com/blog/hacker-spotlight-interview-dawgyg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Adobe and HackerOne Celebrate Five Years of Continued Collaboration
To celebrate five years with HackerOne, we sat down with Adobe's Senior Security Program Manager Pieter Ockers to discuss how their program has evolved over the last five years and the role that hacker-powered security, both bug bounties and response programs, plays into their overall security strategy.
https://www.hackerone.com/blog/adobe-and-hackerone-celebrate-five-years-continued-collaboration
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
COVID Confessions of a CISO
The COVID-19 crisis has shifted life online. As companies rush to meet remote work requirements and customer demands for digital services, attack surfaces have dramatically expanded, leaving security teams stretched thin and not staffed to cope. HackerOne dug into this concept to identify COVID-19 impacts on security and business. Read on for our findings.
https://www.hackerone.com/blog/covid-confessions-ciso
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Security Engineers by Day, Hackers by Night – An Interview with Two of Singapore's Top Ethical Hackers
https://www.hackerone.com/blog/security-engineers-day-hackers-night-interview-two-singapores-top-ethical-hackers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hacker Spotlight: Interview with Ziot
Challenge and puzzle connoisseur is on this week's Hacker Spotlights. Read his story on this AMA blog post.
https://www.hackerone.com/blog/hacker-spotlight-interview-ziot
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Human vs. Machine: Three-Part Virtual Series on the Human Element of AppSec
https://www.hackerone.com/blog/man-vs-machine-three-part-virtual-series-human-element-appsec
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Securing video streaming in sub-Saharan Africa
Maintaining a video streaming service across the whole of Africa is challenge enough, without the added pressure of potential security issues. Showmax turns to hackers to secure their customer data and protect the security of their shows and movies.
https://www.hackerone.com/blog/securing-video-streaming-sub-saharan-africa
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hacker Spotlight: Interview with cdl
cdl: student, researcher, bug hunter and founder. Read this week's Hacker Spotlight AMA on why and how cdl hacks for good.
https://www.hackerone.com/blog/hacker-spotlight-interview-cdl
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Security@ 2020 Call for Speakers is Open
HackerOne's global hacker-powered security conference, Security@, is back for its fourth year. This year's virtual event will take place October 20-22, 2020. The call for speakers is now open! You have until August 21, 2020, to submit your talk.
https://www.hackerone.com/blog/security-2020-call-speakers-open
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Costa Coffee prepares for global expansion with bug bounty program
As the coffee chain prepares for global expansion, Costa Coffee joins the likes of Hyatt, Deliveroo, and Zomato in launching its first private bug bounty program. Costa Coffee will shore up its digital defenses using the combined expertise and experience of HackerOne's hacker community.
https://www.hackerone.com/blog/costa-coffee-prepares-global-expansion-bug-bounty-program
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A Warm Welcome To Our New SVP of Customer Success
We are delighted to announce that Amanda Berger — former Chief Customer Officer at Lucidworks — has joined HackerOne as our new SVP of Customer Success. In this article, Amanda introduces herself and shares what she hopes to achieve at HackerOne.
https://www.hackerone.com/blog/warm-welcome-our-new-svp-customer-success
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hacker Spotlight: Interview with zlz
This week's Hacker Spotlight on zlz, the hacker who started at 12 years old and is now a successful security consultant and professional.
https://www.hackerone.com/blog/hacker-spotlight-interview-zlz
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Pentesting basics video series launched on Hacker101
Learn the basics of pentesting to further your career and develop core competencies required in one of the hottest job markets in cybersecurity: Penetration testing.
https://www.hackerone.com/blog/pentesting-basics-video-series-launched-hacker101
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cybersecurity Vendor Consolidation: Securing More with Less
Discover how hacker-powered security solutions can help identify the gaps and consolidate point-solution tools into a single platform for easier management and measured ROI.
https://www.hackerone.com/blog/cybersecurity-vendor-consolidation-securing-more-less
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Visma's Ioana Piroska on Securing the Development Lifecycle Through Bug Bounties
Having recently taken their bug bounty program public, we caught up with Visma Security Analyst Ioana Piroska about the program's results so far and Visma's plans for the future.
https://www.hackerone.com/blog/vismas-ioana-piroska-securing-development-lifecycle-through-bug-bounties
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hacker Spotlight: Interview with hogarth45
From a bug hunting hobby to a security engineer, hogarth45 has hacked his way into a career in cybersecurity. Read this week's hacker spotlight blog post with hogarth45.
https://www.hackerone.com/blog/hacker-spotlight-interview-hogarth45
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Pentesting Beyond Compliance: A Tool to Improve Your Security Posture
https://www.hackerone.com/blog/pentesting-beyond-compliance-tool-improve-your-security-posture
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Meet APAC Hacker @jin0ne: A Next Generation Cyber Defender
Meet @jin0ne, 20-year old hacker from Asia Pacific, a region experiencing a cybersecurity talent shortfall of 2.6 million. Thanks to the rise of bug bounty programs, ethical hackers like @jin0ne are helping to fill the gap.
https://www.hackerone.com/blog/meet-apac-hacker-jin0ne-next-generation-cyber-defender
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hacker Spotlight: Interview with rijalrojan
This week's Hacker Spotlight is rijalrojan, a California State University Fullerton student with an extensive background in hacking. He shares his perspective on programs
https://www.hackerone.com/blog/hacker-spotlight-interview-rijalrojan
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hacker Spotlight: Interview with meals
Hacker Spotlight is a weekly AMA with a new hacker. This week, we hear from meals on his career and hobby in hacking.
https://www.hackerone.com/blog/hacker-spotlight-interview-meals
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What Juneteenth Means at HackerOne
https://www.hackerone.com/blog/what-juneteenth-means-hackerone
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Reputation, Signal & Impact Calculation Enhancements
Reputation, Signal and Impact changes and how this will affect hacker stats going forward.
https://www.hackerone.com/blog/reputation-signal-impact-enhancements-whats-changing-and-why-it-matters
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mail.ru Group pays out over million in bounties
https://www.hackerone.com/blog/mailru-group-pays-out-over-1-million-bounties
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mayonaise Joins The Ranks of The Seven-Figure-Earning Hackers
Congratulations to @mayonaise, the ninth hacker to earn Million hacking for good on the HackerOne platform! Read on for more about his unique approach, focus, and journey to being one of the top hackers in the world.
https://www.hackerone.com/blog/mayonaise-joins-ranks-seven-figure-earning-hackers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hacker Spotlight: Interview with randomdeduction
Hacker Spotlight is a weekly AMA with a new hacker. This week, randomdeduction takes the spotlight to share her journey.
https://www.hackerone.com/blog/hacker-spotlight-interview-randomdeduction
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Celebrating Pride at HackerOne
https://www.hackerone.com/blog/celebrating-pride-hackerone
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What to Look For in a Penetration Testing Company
Penetration testing is one of the most widely used techniques to comply with security regulations and protect network and computing systems and users. Hacker-powered penetration tests are emerging as a more cost-effective way to harden applications. With HackerOne Challenge, selected hackers from our community are invited to find vulnerabilities in your systems, and you only pay for the verified vulnerabilities found.
https://www.hackerone.com/blog/What-Look-Penetration-Testing-Company-0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Announcing the PlayStation Bug Bounty Program
Today, PlayStation launched a public bug bounty program on HackerOne because the security of their products is a fundamental part of creating amazing experiences for the PlayStation community. Read on to learn more about their program, bounties, and more.
https://www.hackerone.com/blog/announcing-playstation-bug-bounty-program-0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hacker Spotlight: Interview with Corb3nik
Hacker Spotlight is a weekly AMA with a new hacker. Corb3nik takes the spotlight to share his journey.
https://www.hackerone.com/blog/hacker-spotlight-interview-corb3nik
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Juneteenth: HackerOne's Day for Action
https://www.hackerone.com/blog/juneteenth-hackerones-day-action
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Scaling & Prioritizing Product Security with Zendesk
In a recent virtual roundtable, we sat down with Scott Reed, Senior Manager of Product Security at Zendesk, to discuss how they incorporate bug bounties throughout their product security strategy and scaling security at a high-growth organization. Take a look at some of the highlights of our conversation below.
https://www.hackerone.com/blog/scaling-prioritizing-product-security-zendesk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Q & A With Singaporean Hacker @Kactros_n
Meet @kactros_n, a Singaporean hacker and top 3 on the recent GovTech bug bounty program. He is known for his rare bug findings, including a side channel timing attack.
https://www.hackerone.com/blog/q-singaporean-hacker-kactrosn
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hacking the Singapore Government: Q&A with Hacker Personality Samuel Eng
Meet @samengmg, a Singaporean hacker and top 3 on the recent GovTech Bug Bounty program. In this blog, he discusses how ethical hacking is gaining recognition as a viable career choice that is both niche and desirable.
https://www.hackerone.com/blog/hacking-singapore-government-qa-hacker-personality-samuel-eng-singapore
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How does Pentesting fit into your overall security strategy?
As digital technologies and data transform the way business gets done, a cybersecurity strategy is fundamental in helping your company save time and money while protecting your brand. How should organizations think about penetration testing within their overall security strategy?
https://www.hackerone.com/blog/how-does-pentesting-fit-your-overall-security-strategy
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hacker Spotlight: Interview with Cache-Money
Hacker Spotlight is a weekly AMA with a new hacker. This week we hear from cache-money!
https://www.hackerone.com/blog/hacker-spotlight-interview-cache-money
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
h1-2006 CTF
h1-2006 CTF Winner Announcement
https://www.hackerone.com/blog/h1-2006-ctf
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hacker Spotlight: Interview with alyssa_herrera
Hacker Spotlight is a weekly AMA with a new hacker. This week we hear from alyssa_herrera on her journey and perspective!
https://www.hackerone.com/blog/hacker-spotlight-interview-alyssaherrera
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Crowdsourcing Racial Justice and Equality
https://www.hackerone.com/blog/crowdsourcing-racial-justice-and-equality
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
There is no room for racism or inequality here.
At HackerOne we say No to racism. We are here to democratize opportunity across the world. We believe in the aspirations and possibilities of every human being. Hacker-powered security is proof that by working together across all boundaries we accomplish what otherwise would remain unachievable.
https://www.hackerone.com/blog/there-no-room-racism-or-inequality-here
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
100 Hacking Tools and Resources
As part of our 0 Million in bounties celebration, we want to share a list of 100 tools and resources that will help hackers continue hacking!
https://www.hackerone.com/blog/100-hacking-tools-and-resources
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Journey in Data: HackerOne Hits 100 Million Dollars in Bounties
Yesterday, hackers on HackerOne hit a major milestone: they have earned a total of 0 million in bounties over the past 8 years, with nearly half in the past year alone! Let's take a look at some of the numbers that have taken us to the 0 million milestone.
https://www.hackerone.com/blog/journey-data-hackerone-hits-100-million-dollars-bounties
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
0 Million Paid - One Billion in Sight for Hackers
Today we celebrate with all our hackers the phenomenal milestone of a hundred million dollars in bounties. Hack for Good! Yet we should know that we are only getting going. The digital world is not safe and secure yet. Much more work awaits us. We have one hundred million more bugs to find.
https://www.hackerone.com/blog/100-million-paid-one-billion-sight-hackers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Thanks For Being Part Of The Journey to 0 Million in Bounties!
Reaching 0 Million in bounties is a reason to celebrate what this community has achieved. It also gave us a chance to reflect on the journey to this point and the enduring values that will get us to the next milestone.
https://www.hackerone.com/blog/thanks-being-part-journey-100-million-bounties
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
10 Ways to Hack Your “New Normal” Workweek
As a company inspired by hackers, HackerOne is taking this unique time to hack our programs to provide our people with additional support to ensure the wellbeing of all Hackeronies and their families. Here's a peek at the fun programs and perks we've implemented at HackerOne based on input from our people.
https://www.hackerone.com/blog/10-ways-hack-your-new-normal-workweek
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How Federal Agencies Use Vulnerability Disclosure Policies to Level Up Security
https://www.hackerone.com/blog/how-federal-agencies-use-vulnerability-disclosure-policies-level-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Security by the People: Announcing HackerOne's FedRAMP Authorization
Since 2016, we've been proud to help secure critical U.S. Department of Defense and GSA applications. As we achieve FedRAMP Tailored Authorization, we are excited to expand this important work.
https://www.hackerone.com/blog/security-people-announcing-hackerones-fedramp-authorization
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Stay Ahead of Threats With Hacker-Powered Retesting
Introducing Hacker-Powered Retesting! Retesting is designed to scale with capabilities to keep your critical assets safe from increasingly sophisticated attacks.
https://www.hackerone.com/blog/stay-ahead-threats-hacker-powered-retesting
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
PayPal on Creating Strong Relationships with Security Researchers
https://www.hackerone.com/blog/paypal-creating-strong-relationships-security-researchers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hackers take on San Francisco for the 4th Year in a Row
HackerOne hosted its first flagship event of the year with Verizon Media in San Francisco.
https://www.hackerone.com/blog/hackers-take-san-francisco-4th-year-row
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Shopify Celebrates 5 Years on HackerOne
https://www.hackerone.com/blog/shopify-celebrates-5-years-hackerone
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hackweek: An insider's look at HackerOne culture
https://www.hackerone.com/blog/hackweek-insiders-look-hackerone-culture
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Slack Increases Bounty Minimums For the Next 90 Days
https://www.hackerone.com/blog/slack-increases-bounty-minimums-next-90-days
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Live Hacking Goes Virtual
https://www.hackerone.com/blog/live-hacking-goes-virtual
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hack for Good: Easily Donate Bounties to WHO's COVID-19 Response Fund
Collaboration and bounty splitting have been possible for years, and now you can easily donate bounties by adding the user “hackforgood” as a collaborator to a report submission on HackerOne.
https://www.hackerone.com/blog/hack-good-easily-donate-bounties-whos-covid-19-response-fund
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Six years of the GitHub Security Bug Bounty program
https://www.hackerone.com/blog/six-years-github-security-bug-bounty-program
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Live hacking the U.S. Air Force, UK Ministry of Defence and Verizon Media in Los Angeles at h1-213
HackerOne hosted its final flagship live hacking event of 2019 in Los Angeles, CA
https://www.hackerone.com/blog/live-hacking-us-air-force-uk-ministry-defence-and-verizon-media-los-angeles-h1-213
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
My Career Just Got Hacked: Rana Robillard Joins HackerOne
https://www.hackerone.com/blog/my-career-just-got-hacked-rana-robillard-joins-hackerone
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Live Hacking Events | 2019 Recap and the Road Ahead
A look at where we've been and where we're going in 2020...
https://www.hackerone.com/blog/live-hacking-events-2019-recap-and-road-ahead
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Q&A with Hacker Personality Shivam Vashisht
https://www.hackerone.com/blog/qa-hacker-personality-shivam-vashisht
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Confessions of European CISOs
Ever wondered what's been keeping your CISO up at night? Well, wonder no more. We did some research to find out what worries European CISOs who are tasked with shoring up their digital infrastructure.
https://www.hackerone.com/blog/confessions-european-cisos
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
LINE Security Bug Bounty Program Report 2019
https://www.hackerone.com/blog/line-security-bug-bounty-program-report-2019-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
#AndroidHackingMonth Q&A With Android Hacker bagipro
Mobile hacking has become an essential part of the bug bounty hunter's tool belt, and no one knows the space better than Android hacker bagipro.
https://www.hackerone.com/blog/AndroidHackingMonth-qa-with-bagipro
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Todayisnew Crosses M in Bounties at h1-415 in San Francisco
This past Friday at h1-415 — HackerOne's first live hacking event of the year — todayisnew became the eighth hacker to join the ranks of seven-figure-earning hackers.
https://www.hackerone.com/blog/todayisnew-crosses-1m-bounties-h1-415-san-francisco
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Congratulations, Cosmin! The world's seventh million-dollar bug bounty hacker
The ranks of seven-figure-earning hackers have now risen to eight. Meet @inhibitor181 — the world's seventh million-dollar bug bounty hacker.
https://www.hackerone.com/blog/congratulations-cosmin-worlds-seventh-million-dollar-bug-bounty-hacker
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Dropbox bug bounty program has paid out over ,000,000
https://www.hackerone.com/blog/dropbox-bug-bounty-program-has-paid-out-over-1000000
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hyatt Celebrates its First Anniversary on HackerOne
https://www.hackerone.com/blog/hyatt-celebrates-its-first-anniversary-hackerone
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
#AndroidHackingMonth: Introduction to Android Hacking by @0xteknogeek
https://www.hackerone.com/blog/androidhackingmonth-intro-to-android-hacking
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Guess what's coming!? #AndroidHackingMonth on @Hacker0x01
February is Android Hacking Month! That means new resources, new CTFs, and, of course, swag. Learn more about how to get involved.
https://www.hackerone.com/blog/AndroidHackingMonth
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
h1-415 CTF Winners Announced!
Thanks to all who participated in our #h1415 CTF, and congratulations to our winners @p4fg and @manoelt! Here's how it went down.
https://www.hackerone.com/blog/h1-415-ctf-winners-announced
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Meet InnoGames' Top Hacker
https://www.hackerone.com/blog/meet-innogames-top-hacker
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
InnoGames Models Avatar After Top Ethical Hacker
Kevin Heseler, Security Engineer at InnoGames, tells us about how InnoGames leverages their bug bounty program to secure their games and the unique approach they have taken to awarding their most valuable hacker with their very own avatar in the ‘Forge of Empires' game
https://www.hackerone.com/blog/innogames-models-avatar-after-top-ethical-hacker-0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why Every Federal Agency Needs a VDP
https://www.hackerone.com/blog/why-every-federal-agency-needs-vdp
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HackerOne Launches Bug Bounty Program for Kubernetes
The Cloud Native Computing Foundation (CNCF) today launched the Kubernetes bug bounty program on HackerOne. The Kubernetes bug bounty program is yet another layer of security assurance that will reward researchers who find vulnerabilities in the container orchestration system. Bounties will range from 0 to ,000. All reports will be thoroughly investigated by the Kubernetes Product Security Committee, a set of security-minded Kubernetes community volunteers.
https://www.hackerone.com/blog/hackerone-launches-bug-bounty-program-kubernetes
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hacking for Good
We start the new year of 2020 with great prospects. First of all, 2019 turned out to be a massive success for hacker-powered security. HackerOne paid out over ,000,000 in bounties to hackers all over the world. These bounties are the thank-yous from nearly two thousand companies and government agencies for tens of thousands of valid vulnerability reports voluntarily submitted by willing and able security experts. There may be no more effective way of reducing cyber risk than coordinated vulnerability disclosure and bug bounties.
https://www.hackerone.com/blog/hacking-good
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
This Season, Give the Gift of Data-Driven Insight
https://www.hackerone.com/blog/season-give-gift-data-driven-insight
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Using Bug Bounty Talent Pools to Attract and Maintain Top Talent
https://www.hackerone.com/blog/using-bug-bounty-talent-pools-attract-and-maintain-top-talent
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Transparency Builds Trust
Someone called it a “breach,” and the world took notice. Here is the story.
https://www.hackerone.com/blog/transparency-builds-trust
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How Bug Bounties Help You Shift Left
https://www.hackerone.com/blog/how-bug-bounties-help-you-shift-left
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HackerOne is a 2019 Cyber Catalyst Designated Cybersecurity Solution
https://www.hackerone.com/blog/hackerone-2019-cyber-catalyst-designated-cybersecurity-solution
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
8 High-impact Bugs and How HackerOne Customers Avoided a Breach: SQL Injection
https://www.hackerone.com/blog/8-high-impact-bugs-and-how-hackerone-customers-avoided-breach-sql-injection
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How the Risk-Averse DoD Learned to Stop Worrying and Love the Hackers
https://www.hackerone.com/blog/how-risk-averse-dod-learned-stop-worrying-and-love-hackers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The World's Elite Hackers Share Tips and Insights
https://www.hackerone.com/blog/conversation-three-elite-hackers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
LINE Launches Public Bug Bounty Program: Q&A with Security Engineer Robin Lunde
Today, after three successful years running an independent bug bounty program, LINE launched a public bug bounty program on HackerOne. To learn more about the popular messaging app's security strategy and commitment to the hacker community, we sat down with security engineers Robin Lunde, Koh You Liang and Keitaro Yamazaki. Read on for a glimpse into our conversation.
https://www.hackerone.com/blog/line-launches-public-bug-bounty-program-qa-security-engineer-robin-lunde
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Supporting the Source: Why HackerOne is Upgrading its Free Tools for Open Source
Open source software powers HackerOne. As part of our mission to make the internet safer, we want to make it easier for your open source project to remain secure, so we're joining GitHub Security Lab. Read on for more on why we're joining, new free offerings for open source projects from HackerOne, and new open source targets for hackers from GitHub and HackerOne.
https://www.hackerone.com/blog/supporting-source-why-hackerone-upgrading-its-free-tools-open-source
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Announcing Program Audit Log
As our customers' security teams grow, it's important for us to sustain their growth with new features. Today we're announcing the Program Audit Log. It enables customers to audit important actions that were taken in their program, such as permission updates, new members, bounty rewards, and program settings. Read on for more!
https://www.hackerone.com/blog/announcing-program-audit-log
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Reducing Risk With a Bug Bounty Program
https://www.hackerone.com/blog/reducing-risk-bug-bounty-program
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
U.S. Department of Defense VDP Wins Prestigious 2019 DoD Chief Information Officer Award
On Nov. 3, 2019 in the Pentagon Auditorium, the DoD Cyber Crime Center (DC3) Vulnerability Disclosure Program (VDP) was awarded the 2019 DoD Chief Information Officer (CIO) award for Cybersecurity. Over the past three years, the VDP on HackerOne has processed more than 11,000 vulnerabilities discovered by researchers within DoD's public facing websites.
https://www.hackerone.com/blog/us-department-defense-vdp-wins-prestigious-2019-dod-chief-information-officer-award-0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hacking the Singapore Government: A Q&A With A Top Hacker & MINDEF 2.0 Results
On Friday, HackerOne announced the results of the second bug bounty challenge with the Ministry of Defence, Singapore (MINDEF). The three-week challenge ran from September 30, 2019 to October 21, 2019, and saw participation from over 300 trusted hackers from around the world — 134 local Singaporean-hackers and 171 international ethical hackers. HackerOne sat down with @SpaceRacoon to chat MINDEF Singapore's bug bounty challenge, what it takes to be a top hacker, the future of bug bounty, and more. Read on to hear more!
https://www.hackerone.com/blog/hacking-singapore-government-qa-top-hacker-mindef-20-results
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
8 High-Impact Bugs and How HackerOne Customers Avoided a Breach: Information Disclosure
https://www.hackerone.com/blog/8-high-impact-bugs-and-how-hackerone-customers-avoided-breach-information-disclosure
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Scaling Security: From Startup to Unicorn
https://www.hackerone.com/blog/scaling-security-startup-unicorn
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why Laurie Mercer Became a Security Engineer at HackerOne
https://www.hackerone.com/blog/why-laurie-mercer-became-security-engineer-hackerone
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Security@ Fireside Chat: Insights from Phil Venables of Goldman Sachs
https://www.hackerone.com/blog/security-fireside-chat-insights-phil-venables-goldman-sachs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Keynote with Phil Venables of Goldman Sachs
https://www.hackerone.com/blog/keynote-phil-venables-goldman-sachs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Q&A with HackerOne's New Vice President, APAC, Attley Ng
https://www.hackerone.com/blog/qa-hackerones-new-vice-president-apac-attley-ng
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Lowering Your Pentesting Fees with HackerOne
https://www.hackerone.com/blog/lowering-your-pentesting-fees-hackerone-challenge
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Slack Increases Minimum Bounties for High and Critical Bugs for 30 Days
Over the past five years, Slack and HackerOne have established a partnership and commitment to ensure Slack's platform is secure for its over 12 million daily active users. To build on this momentum and engage top researchers from the HackerOne community, Slack is increasing its minimum bounties for High and Critical findings to 00 and 00 respectively for a limited time. Read on to learn more!
https://www.hackerone.com/blog/slack-increases-minimum-bounties-high-and-critical-bugs-30-days
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
8 High-Impact Bugs and How HackerOne Customers Avoided a Breach: Privilege Escalation
https://www.hackerone.com/blog/8-high-impact-bugs-and-how-hackerone-customers-avoided-breach-privilege-escalation
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HackerOne Congratulates the Department of Defense on 11K Vulnerability Reports
https://www.hackerone.com/blog/hackerone-congratulates-department-defense-11k-vulnerability-reports
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Through a Hacker's Eyes: Recapping h1-604
For the first time ever, a hacker writes a live hacking recap blog, highlighting what it is like to attend a live event. Katie (@InsiderPhD) gives a first-person narrative of h1-604. From seeing a bear for the first time to collaborating closely with peers, Katie covers all the adventures of heading to Vancouver, Canada to hunt bugs.
https://www.hackerone.com/blog/through-hackers-eyes-recapping-h1-604
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Tell Your Hacker Story with the Redesigned Profile Pages
https://www.hackerone.com/blog/tell-your-hacker-story-redesigned-profile-pages
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
3 Ways Hacker-Powered Security Helps the Agile CISO
https://www.hackerone.com/blog/3-ways-hacker-powered-security-helps-agile-ciso
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
More Than Bounty: Beating Burnout with Hacker-Powered Security
https://www.hackerone.com/blog/more-bounty-beating-burnout-hacker-powered-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Breaking Down the Benefits of Hacker-Powered Pentests
https://www.hackerone.com/blog/breaking-down-benefits-hacker-powered-pentests
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
PayPal Celebrates Its First Anniversary on HackerOne
It's been a year since PayPal transitioned its Bug Bounty program to HackerOne. During that time, PayPal has paid out more than .5 million in bounties to the hacker community. In this post Ray Duran, manager of PayPal's Bug Bounty team, reflects on PayPal's journey, shares some exciting changes to the program and discusses what's to come.
https://www.hackerone.com/blog/paypal-celebrates-its-first-anniversary-hackerone
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Announcing the Security@ San Francisco 2019 Agenda
The agenda for the third annual hacker-powered security conference, Security@ San Francisco, is live! Security@ is the only conference dedicated to the booming hacker-powered security industry, where hackers and leaders come together to build a safer internet. The conference takes place on October 15, 2019 at the Palace of Fine Arts and will include talks by security leaders from some of the most innovative security teams. In addition, hackers from all over the world will discuss lessons learned from defending the front lines, scaling security teams, and addressing the talent gap. 2019 promises to be our largest event yet!
https://www.hackerone.com/blog/announcing-security-san-francisco-2019-agenda
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How HackerOne Fits into the Dev Tools You Know and Love
https://www.hackerone.com/blog/how-hackerone-fits-dev-tools-you-know-and-love
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How Companies Like Facebook Find the Bugs that Matter
https://www.hackerone.com/blog/how-companies-facebook-find-bugs-matter
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hacking with Valor: Why We Raised .4M with Valor Equity Partners
Our civilization is going digital. That's fantastic. Unfortunately, our software is not secure enough to carry a digital and connected civilization. When systems get breached, people can't trust the digital world. In a way, we try to do too much. Our innovation is outpacing security and privacy. Something must be done. This is the HackerOne commitment: As long as our digital world is plagued by vulnerabilities, we will continue to hack for the good of our connected society.
https://www.hackerone.com/blog/investors-love-hackers-why-we-raised-364m-valor-equity-partners
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Upserve Resolves Over 85 Bugs in Two Years Thanks to Hackers
It's been two years since Upserve launched its public bug bounty program on HackerOne. During that time, Upserve's security team has resolved over 85 valid vulnerabilities thanks to hackers, paying ,000 in bounties along the way. To celebrate the milestone, we sat down with Upserve's Information Security Officer Bryan Brannigan to look back on humble beginnings, learn more about how they incorporate hackers in their security initiatives, and discuss how they've increase engagement through public disclosures. Take a look!
https://www.hackerone.com/blog/upserve-resolves-over-85-bugs-two-years-thanks-hackers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bringing the Heat to Vegas: Recapping record-breaking h1-702
HackerOne hosted their largest live hacking event to date in Las Vegas Nevada. With Hacker Summer Camp in the background, h1-702 broke several records. This included paying out nearly two million in bounties to hackers over the three days.
https://www.hackerone.com/blog/bringing-heat-vegas-recapping-record-breaking-h1-702
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HackerOne Praised By An Original Hacker
Steve Gibson, a security researcher who started hacking technology as a child, recently gave HackerOne high praise for helping to secure companies with bug bounty programs. We're proud when our dedicated team gets the praise they deserve from those in the industry.
https://www.hackerone.com/blog/hackerone-praised-original-hacker
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Meet Six Hackers Making Seven Figures
A mere five months after 19-year-old Argentinian Santiago Lopez crossed the million bounty mark, five more hackers from across the globe have now each earned over million in bounties with HackerOne.
https://www.hackerone.com/blog/meet-six-hackers-making-seven-figures
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hacker-Powered Data - Security Weaknesses and Embracing Risk with HackerOne
Vulnerabilities are a fact of life; risk comes with it. Today, companies, enterprises, & governments are embracing collaboration with hackers to find vulnerabilities before criminals have a chance to exploit them. Using 7 years of data from 1,400 bug bounty programs & 360,000+ valid vulnerabilities, this post offers a new analysis of the most common vulnerabilities not found on the OWASP top 10.
https://www.hackerone.com/blog/hacker-powered-data-security-weaknesses-and-embracing-risk-hackerone
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Don't Believe These 4 Bug Bounty Myths
https://www.hackerone.com/blog/dont-believe-these-4-bug-bounty-myths
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Black Hat 2019: Highlights from the Biggest and Best Yet
Black Hat 2019 was the biggest and best yet. Over 20,000 attendees heated up Las Vegas with provocative training sessions, innovative presentations, and record-breaking live hacking events.
https://www.hackerone.com/blog/black-hat-2019-highlights-biggest-and-best-yet
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Security Vendors Startups like Lob Can't Live Without
https://www.hackerone.com/blog/security-vendors-startups-lob-cant-live-without
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
GraphQL Week on The Hacker101 Capture the Flag Challenges
Recently we rolled out 3 separate GraphQL-basd Hacker101 Capture the Flag challenges. These are valuable educational resources for hackers and developers alike, improving bug hunting capability and helping developers prevent security missteps when implementing GraphQL.
https://www.hackerone.com/blog/graphql-week-hacker101-capture-flag-challenges
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Live Hacking Events: Stats, invitations, and what's next
Live hacking events are an experience unlike any other. This post is about how you can increase your chances of being invited to hack. We dive into the history of live hacking events and some of the criteria that's taken into consideration
https://www.hackerone.com/blog/live-hacking-events-stats-invitations-and-whats-next
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
London Called, Hackers Answered: Recapping h1-4420
Uber partnered with us for their third live hacking event in London, paying out over 5,000 in bounties to hackers who found more than 150 unique vulnerabilities across Uber, Uber Restaurants and Uber Freight.
https://www.hackerone.com/blog/london-called-hackers-answered-recapping-h1-4420
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Verizon Media Webinar Recap: Attack Surface Visibility & Reducing Risk
Bug bounty tips from a Paranoid: hackers as an extension of your security team, honoring the security page as a contract with hackers, investing in the community through things like Live Hacking events, and using the outside perspective from the hacker community to strengthen their entire SDLC.
https://www.hackerone.com/blog/verizon-media-webinar-recap-attack-surface-visibility-reducing-risk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Breaking Down the Benefits of Hacker-Powered Pen Tests
Breaking down the benefits of hacker-powered pen tests from the recent Forrester report. The most important benefit was finding more vulnerabilities, both in terms of numbers and criticality, in order to remediate them and create better system security.
https://www.hackerone.com/blog/breaking-down-benefits-hacker-powered-pen-tests
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The HackerOne Top 10 Most Impactful and Rewarded Vulnerability Types
We've put together a list of the most impactful vulnerabilities on the HackerOne platform so you can see where to aim your security efforts and how to better align your security team to today's biggest risks. Learn which vulnerabilities aren't in the OWASP Top 10 and see the top vulnerabilities submitted by volume, bounty awards, and more.
https://www.hackerone.com/blog/hackerone-top-10-most-impactful-and-rewarded-vulnerability-types
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Improving Your Workflows and Analysis with Custom Fields
HackerOne is thrilled to release Custom Fields, the latest way to sharpen security workflows and software development cycles. Custom Fields empowers teams to gain new insights into data by adding details such as ownership, risk category and root cause to vulnerability reports.
https://www.hackerone.com/blog/improving-your-workflows-and-analysis-custom-fields
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cloud Security Alliance Webinar Recap: Avoid the Breach with Shopify's Andrew Dunbar
Security is a top priority for e-commerce giant Shopify, with over 600,000 businesses in 175 countries trusting them to sell online and everywhere in the world. Shopify's Vice President of Security Engineering and IT, Andrew Dunbar and HackerOne's Luke Tucker discuss best practices for testing and securing cloud-based web applications.
https://www.hackerone.com/blog/cloud-security-alliance-webinar-recap-avoid-breach-shopifys-andrew-dunbar
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
When Moving To the Cloud, Don't Leave Basic Security Behind
How to break into a serverless application, a TestLabs blog review. We'll also discuss why changes in technology don't change security best practices.
https://www.hackerone.com/blog/when-moving-cloud-dont-leave-basic-security-behind
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Grand Rounds VP InfoSec: Achieving SOC 2 Type II Compliance with Hacker-Powered Security
Grand Rounds is an innovative new healthcare company using hacker-powered security for better, more effective pen tests. Learn how HackerOne Compliance meets HIPPA, SOC2, and other security testing needs.
https://www.hackerone.com/blog/grand-rounds-vp-infosec-achieving-soc-2-type-ii-compliance-hacker-powered-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Automate Workflows with Enhanced Jira Integration
Integrating with Jira has always been an important piece of integrating HackerOne into the SDLC of our customers. HackerOne's bi-directional Jira integration is currently in use by many of our customers and today we're announcing how it's getting even better.
https://www.hackerone.com/blog/automate-workflows-enhanced-jira-integration
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Taking The Guesswork Out of Vulnerability Reporting
To make vulnerability disclosure easier on open source maintainers, GitHub and HackerOne are collaborating to help close the gap between the hacker community and software engineers.
https://www.hackerone.com/blog/taking-guesswork-out-of-vulnerability-reporting
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
See Your Success In Real Time with the new Program Dashboard
Effective security programs are more efficient when backed with clear reports that both technical and business teams understand. The HackerOne program dashboard delivers real-time insights into the program metrics that matter most to your programs, such as submission status, bounty spent, exploit severity, asset weaknesses, program health, and more.
https://www.hackerone.com/blog/see-your-success-in-real-time-with-the-new-program-dashboard
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hacking Dropbox Live in the Heart of Singapore at h1-65
Dropbox joined us as the participating company, paying out over 0,000 in bounties to hackers who found 264 vulnerabilities across Dropbox, Dropbox Paper, newly-acquired HelloSign, and third-party vendors that work with Dropbox.
https://www.hackerone.com/blog/hacking-dropbox-live-heart-singapore-h1-65
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
PayPal Thanks Hackers with Million in 7 Months on HackerOne
Since launching an independently run bug bounty program in 2012, PayPal's program has evolved several times over, including transitioning to a platform, HackerOne, in 2018 to expand participation from 2,000 hackers to over 300,000 hackers on the platform. In just 6 months, we're proud to announce that PayPal has paid over million to hackers through HackerOne. It's quite a milestone for us, and so much more the a dollar figure.
https://www.hackerone.com/blog/paypal-thanks-hackers-1-million-7-months-hackerone-0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Priceline Launches Public Bug Bounty Program: Q&A with Matt Southworth
Today, Priceline launched its public bug bounty program on HackerOne, including Priceline's e-commerce site, Priceline.com, PPN affiliate sites and mobile apps. We sat down with Matt to learn more about their program, prioritizing customer trust, what it's like working with hackers, and more. Check it out!
https://www.hackerone.com/blog/priceline-launches-public-bug-bounty-program-qa-matt-southworth
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Announcing the Community T-shirt Winner(s)
Hackers submitted amazing designs for the first ever community t-shirt contest! @akaash2397 received the most votes among the three finalists for his Bug Hunter design.
https://www.hackerone.com/blog/announcing-community-t-shirt-winners-0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Learn How HackerOne Can Help You Crawl, Walk, or Run Your Way to a Bug Bounty Program
No matter your company size or security team bandwidth, learn how to get a bug bounty program started with advice from those who've launched hundreds of new programs. This webinar explains how to get a program started at your own pace, what you need to think about before you start, and how you can control the program's impact on your existing infrastructure. It's only 25 minutes, so grab a coffee, take a break, and watch it now.
https://www.hackerone.com/blog/learn-how-hackerone-can-help-you-crawl-walk-or-run-your-way-bug-bounty-program
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What the California Consumer Privacy Act Means For You
The collection of personal data and the privacy issues surrounding it have been a hot topic the past several years, especially in the security industry. Governments are taking notice and new regulations are appearing. The new California Consumer Privacy Act (CCPA) is a regulation requiring certain organizations to protect the personal data and privacy of California consumers. HackerOne can help you.
https://www.hackerone.com/blog/What-CCPA-Means-You
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hackers have earned more than M in bug bounty cash on HackerOne: Time to celebrate!
Hackers, congratulate yourselves on an incredible milestone, earning M+ for your contributions to a safer internet. HackerOne's mission is to empower the world to build a safer internet, and you are the heroic individuals making that mission a day-to-day reality. Thank you for inspiring us with your creativity and talents. Keep pursuing the flags, squashing the bugs, and sharing the knowledge. Together. We. Hit. Harder. Happy hacking one and all!
https://www.hackerone.com/blog/Hackers-have-earned-more-50M-bug-bounty-cash-HackerOne-Time-celebrate
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How Hackers Define “Hacker”
Dictionary definitions tend to conflate “hacker” with “criminal”. We know that's definitely not the case, but we wanted to know what hackers think. We combed through more than three dozen interviews to determine and share the true definition of “hacker” from hackers themselves.
https://www.hackerone.com/blog/How-Hackers-Define-Hacker
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hacker-Powered Security, Government Support Needed to Protect Financial Services Consumers from Application Vulnerabilities
What is the current state of security in the financial sector? How can governments contribute to this security? These questions were addressed by Christopher Parsons in his testimony before the Standing Committee on Public Safety and National Security (SECU) in Canada. His testimony shines a light on some major issues facing the security community in Canada and across the world.
https://www.hackerone.com/blog/Hacker-Powered-Security-Government-Support-Needed-Protect-Financial-Services-Consumers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Product Updates and Enhancements
https://www.hackerone.com/blog/Product-Update-Q1-2019
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Airbnb and Verizon Media participate in 3rd annual h1-415 live hacking event including a cybersecurity mentorship program
The power of collaboration came through full-force in our first live hacking event of 2019. Hosted over three days, we partnered with Airbnb and Verizon Media for hacking, mentoring, and celebrating the community.
https://www.hackerone.com/blog/Airbnb-and-Verizon-Media-participate-3rd-annual-h1-415-live-hacking-event-including
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Xiaomi Security Center Welcomes Security Research with HackerOne Partnership
Please welcome the Xiaomi Security Center to HackerOne! Xiaomi, one of the world's largest consumer electronics manufacturers, is launching a vulnerability disclosure program (VDP) on April 1, 2019, welcoming vulnerability submissions for products and services under the brands of Xiaomi, Mijia, Mitu, and Redmi. Check it out!
https://www.hackerone.com/blog/Xiaomi-Security-Center-Welcomes-Security-Research-HackerOne-Partnership
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Security at Startup Speed: Enterprise Grade Security from the Start
Startups today must adapt to a rapidly changing environment, completing security tasks along with code deploys and automating security scans as much as possible. But even with these measures, security vulnerabilities find a way to slip through the cracks. That's where hacker-powered security can put out the embers of the fire you may have missed. Learn how hacker-powered security allows startups to launch smart.
https://www.hackerone.com/blog/Security-Startup-Speed-Enterprise-Grade-Security-Start
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Q&A with Brian Neely, CIO & CISO of AMERICAN SYSTEMS
As a defense contractor, AMERICAN SYSTEMS provides IT and engineering solutions for complex national priority programs for the U.S. government. As you can imagine, the sensitive programs and data they hold makes them heavily targeted by sophisticated, determined, highly resourced nation-state threat actors. Losing data would mean losing a competitive advantage on the battlefield. In short, lives could be at stake. That's not your average security breach. We sat down with CIO and CISO Brian Neely to learn a bit more about how he's seen the industry evolve, what's next and how hacker-powered security fits into the matrix.
https://www.hackerone.com/blog/QA-Brian-Neely-CIO-CISO-AMERICAN-SYSTEMS
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The 2019 Hacker Report: Celebrating The World's Largest Community of Hackers
The third annual Hacker Report includes the largest survey conducted to date of the ethical hacking community with hackers participating from over 100 countries and territories. Hackers are heroes, they are in it for the good and there is more opportunity than ever before. The 2019 Hacker Report shares the stories and celebrates the impact of the hacker community.
https://www.hackerone.com/blog/2019-Hacker-Report-Celebrating-Worlds-Largest-Community-Hackers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
@try_to_hack Makes History as First Bug Bounty Hacker to Earn over Million
19-year-old Argentinian @try_to_hack just made history as the first to earn over ,000,000 in bounty awards on HackerOne. We connect with him to learn more about how he reached this impressive milestone. We hope you are just inspired as we are!
https://www.hackerone.com/blog/trytohack-Makes-History-First-Bug-Bounty-Hacker-Earn-over-1-Million
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Q&A with HackerOne's VP of Customer Success Jeff McBride
We sat down with HackerOne's VP of Customer Success, Jeff McBride, to get more acquainted with his style of leadership, what customer success means to him, and his view of hacker-powered program management. Take a look at our conversation.
https://www.hackerone.com/blog/QA-HackerOnes-VP-Customer-Success-Jeff-McBride
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Program Insights from the PayPal Security Team
PayPal's security team is tasked with helping to protect personal financial information for millions of account holders every day. We sat down with PayPal Information Security Engineers Ray Duran, Sonal Shrivastava, and Pax Whitmore, and Project Manager Rebecca Francom to learn more about how PayPal works with researchers, what the journey of a bug looks like once it gets reported, and what findings are most impactful.
https://www.hackerone.com/blog/Program-Insights-QA-PayPal-Security-Team
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Introducing Hacker Task Manager and Statistics
We're proud to announce the latest iteration of Hacker Dashboard today- Hacker Task Manager and Statistics! The Hacker Task Manager underlines our focus on helping new and upcoming hackers to onboard themselves on our platform. With the help of the Task Manager, hackers can educate themselves with help from Hacker101 and other educational resources to get closer to the goal of submitting a valid vulnerability report.
https://www.hackerone.com/blog/Introducing-Hacker-Task-Manager-and-Statistics
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Design the next HackerOne T-Shirt
We are very excited to open the first ever HackerOne community T-shirt design contest. Like crafting a creative exploit or spinning up photoshop to create a perfect meme, we know you've got some amazing ideas and we want to see them. We are looking for designs that reflect the spirit of our community. This can include ingenuity, diversity and the collaborative forces that make #TogetherWeHitHarder.
https://www.hackerone.com/blog/Design-next-HackerOne-T-Shirt
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Five years of the GitHub Bug Bounty program
Over the past five years, GitHub has been continuously impressed by the hard work and ingenuity of the hacker community. Last year was no different. GitHub paid out 5,000 to researchers through their public bug bounty program in 2018. They decided to share some of their highlights from the past year and introduce some big changes in 2019: full legal protection for researchers, more GitHub properties eligible for rewards, and increased reward amounts.
https://www.hackerone.com/blog/Five-years-GitHub-Bug-Bounty-program
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HackerOne Hosts Rails Girls in Groningen
Following months of preparation, the day was finally here. HackerOne's office in Groningen was hosting a Rails Girls global coding event. Born in Finland, Rails Girls is a global, non-profit volunteer community that aims to provide the right tools and a community for women to understand technology and to build their ideas. I am Stuti Srivastava, a senior product engineer at HackerOne and one of the organisers for the event, and this was my first experience at a Rails Girls event.
https://www.hackerone.com/blog/HackerOne-Hosts-Rails-Girls-Groningen
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
FanDuel's Liam Somerville on Prioritising Researchers as an Extension of the Security Team
FanDuel, the web-based fantasy sports game with traditional season-long fantasy sports leagues compressed into daily or weekly games of skill, is used by over 8 million members across the globe. With hundreds of millions of dollars being exchanged through weekly games, the small but mighty FanDuel security is tasked with defending enormous amounts of sensitive data all while meeting rigorous state and national regulations. Over the course of their bug bounty program, FanDuel has resolved about 85 vulnerabilities and paid out over ,000 in gratitude to researchers. We dove a little deeper with Liam to learn more about how his security team of seven works with the researcher community to boost security and how researchers can maximize their earnings by being creative.
https://www.hackerone.com/blog/FanDuels-Liam-Somerville-Prioritising-Researchers-Extension-Security-Team
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How Hacker-Powered Security Protects Your Data, Even When Third Parties Don't
Providing third parties with access to privileged sites and information can expose companies to greater risk of data theft, with all the financial and reputational costs such breaches bring. Hacker-powered security programs like HackerOne Bounty let you focus tens to thousands of security researchers on the precise systems you care about most. Through careful design of the program page and bounty table, which tells hackers how much they will be paid to find different types of vulnerabilities in different systems, you can concentrate the HackerOne community on hardening the applications, authentication, and access control systems that third parties use.
https://www.hackerone.com/blog/How-Hacker-Powered-Security-Protects-Your-Data-Even-When-Third-Parties-Dont
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Alibaba and HackerOne Join Forces in Global Vulnerability Testing Program
Alibaba, one of the world's largest Internet companies is joining HackerOne to tap into the technical expertise of the world's best cybersecurity experts to implement a global vulnerability disclosure program (VDP) to help boost security and better protect customers, transactions, and the Alibaba ecosystem. Today, Alibaba has announced that all participating cybersecurity researchers who submit valid vulnerabilities will receive a limited production physical challenge coin issued by Alibaba and HackerOne — a “metal medal of honor” – to recognize their contributions. The coin is awarded in addition to the incentives researchers receive as active members of the HackerOne community.
https://www.hackerone.com/blog/Alibaba-and-HackerOne-Join-Forces-Global-Vulnerability-Testing-Program
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Introducing My Programs
We're proud to announce the release of My Programs, the next iteration of Hacker Dashboard. My Programs is a completely new page in the dashboard that replaces the old “accepted invitations” page. In addition to the accepted invitations, My Programs now lists all public programs you have previously submitted a report to.
https://www.hackerone.com/blog/Introducing-My-Programs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Brace yourself: Million in Bounties is Coming—and we are celebrating the whole way there!
A huge milestone towards a safer internet, better lives, and communities for hackers, HackerOne is celebrating hackers and the path to M in bounties!
https://www.hackerone.com/blog/Brace-yourself-50-Million-Bounties-Coming-and-we-are-celebrating-whole-way-there
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Launching the Hacker Calendar, Never Miss a Challenge Again
Hacker Calendar is a small but useful feature to track important dates and events via your calendar app. You can easily see all running challenges that you're part of and know their respective start and end dates.
https://www.hackerone.com/blog/Launching-Hacker-Calendar-Never-miss-challenge-again
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
EU-FOSSA 2 Open Source Bug Bounty Programme Series | Q&A
Following the success of the European Commission's pilot bug bounty programme with HackerOne last year, they are announcing the launch of a new bug bounty initiative involving open source software on a much larger scale. This bug bounty programme run by the EU-Free and Open Source Software Auditing (EU-FOSSA 2) project, aims to help EU institutions better protect their critical software. We recently chatted separately with Marek Przybyszewski and Saranjit Arora who are leading the EU-FOSSA 2 project.
https://www.hackerone.com/blog/EU-FOSSA-2-Open-Source-Bug-Bounty-Programme-Series-QA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Riot Games Surpasses 1,000 Valid Reports: Q&A
At the end of 2018, Riot Games surpassed one of the biggest milestones of its bug bounty program to-date: 1,000 valid vulnerabilities reported to the program. Today, the League of Legends maker celebrates 1,000 issues fixed and 1,000 opportunities to better protect their over 80 million players worldwide. We connected with Riot Games Security Engineer Diarmaid McManus to learn more about what the milestone means to him and the team, as well as the greater impact HackerOne's community has had on their security practice.
https://www.hackerone.com/blog/Riot-Games-Surpasses-1000-Valid-Reports-QA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Open-Xchange Approaches 3 Years of Bug Bounties & 250 Valid Vulnerabilities
Just shy of their third anniversary of bug bounties, web-based communication, collaboration and office productivity software company Open-Xchange (OX) is sharing the results of their program to-date. OX has seen nearly 250 valid vulnerabilities reported through the program and paid out over ,000. Looking back, Security Officer Martin Heiland says bugs surfaced on HackerOne have cost about a tenth of what traditional pen testing has surfaced over the years.
https://www.hackerone.com/blog/Open-Xchange-Approaches-3-Years-Bug-Bounties-250-Valid-Vulnerabilities
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
5 Tips for an Effective AppSec Testing Strategy
Applications have become the lifeblood of businesses in today's connected world. Software is now the “front door” into your business for many people around the world. Caution is required, though. Applications exposed to the internet are also exposed to shady characters out to exploit your systems for their benefit, often at the expense of your customers and your business. This blog shares 5 tips for an effective application security testing strategy.
https://www.hackerone.com/blog/5-Tips-Effective-AppSec-Testing-Strategy
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Your First 90 Days as Security Lead, Part 2: Developing a Plan and Getting to Work
You've just been named the new security lead for your organization. You probably have many projects swirling through your mind, like addressing a critical issue, benchmarking your organization against peers, or developing a broad plan. This two-part blog series details best practices for developing your program and the key steps to take during the first three months in your new role.
https://www.hackerone.com/blog/Your-First-90-Days-Security-Lead-Part-2-Developing-Plan-and-Getting-Work
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hyatt Launches Public Bug Bounty Program: Q&A with CISO Benjamin Vaughn
Today, Hyatt is launching its first public bug bounty program at HackerOne. To learn more about Hyatt's program, their commitment to security and the hacker community, we sat down with Chief Information Security Officer Benjamin Vaughn.
https://www.hackerone.com/blog/Hyatt-Launches-Public-Bug-Bounty-Program-QA-CISO-Benjamin-Vaughn
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Introducing Indian Rupee payments: Cheaper and faster bank transfers
We're proud to announce that HackerOne now supports payments in Indian Rupees. The addition of Indian Rupees means we can now eliminate the roughly 5% conversion fee per bounty by using the “mid-market rate” to convert your bounties directly to Indian Rupees before sending them to your bank account.
https://www.hackerone.com/blog/Introducing-Indian-Rupee-payments-Cheaper-and-faster-bank-transfers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Your First 90 Days as Security Lead, Part 1: Building Your Security Foundation
You've just been named the new security lead for your organization. You probably have many projects swirling through your mind, like addressing a critical issue, benchmarking your organization against peers, or developing a broad plan. This two-part blog series details best practices for developing your program and the key steps to take during the first three months in your new role.
https://www.hackerone.com/blog/Your-First-90-Days-Security-Lead-Part-1-Building-Your-Security-Foundation
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
More Hackers Means Less To Worry About
With enough hackers, all security vulnerabilities are shallow. There is no better way to know the security of your systems than inviting a diverse community to report your weaknesses. On behalf of grateful customers, we have awarded over M in rewards to the do-gooders — the hackers. We will end 2018 with a business that has grown 10X in just 3 years.
https://www.hackerone.com/blog/More-Hackers-Means-Less-Worry-About-0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Oath's Big Year of Bug Bounties Capped off with NYC Live Hacking Event
In 2018, Oath has received over 1,900 valid vulnerabilities through its private bug bounty program, over 300 of which were high or critical severity. Big numbers mean big rewards — Oath has paid million in bounties in 2018. It's been a record year, including four live hacking events all over the world — Goa, San Francisco, Argentina, and a 2018 finale live hacking event in New York City on November 27-29.
https://www.hackerone.com/blog/Oaths-Big-Year-Bug-Bounties-Capped-NYC-Live-Hacking-Event
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Grammarly's Bug Bounty Program Goes Public: Q&A with VP of Engineering Joe Xavier
It's been over a year since Grammarly launched its first bug bounty program on HackerOne. It's been a private, invite-only program ever since. That is, until today! We sat down with the company's VP of Engineering Joe Xavier to learn more about how the newly public bug bounty program fits into the team's overall security strategy, what it's like working with hackers, and any advice for other organizations considering the bug bounty model.
https://www.hackerone.com/blog/Grammarlys-Bug-Bounty-Program-Goes-Public-QA-VP-Engineering-Joe-Xavier
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hacktivity Disclosure for Private Programs
With over 6,000 reports that have been disclosed on Hacktivity, we're proud to announce that we're launching Disclosure for Private Programs. Vulnerability reports can now be disclosed within a private program.
https://www.hackerone.com/blog/Hacktivity-Disclosure-Private-Programs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Q&A with Flickr's Senior Engineering Manager Alex Seville
As of November 2018, Flickr has been running its first independent bug bounty program, maintaining an average resolution time of just 4 days in the first month. We sat down with Flickr Senior Engineering Manager Alex Seville to learn more about his team's commitment to working with the hacker community, how it fits into Flickr's larger cybersecurity strategy, and what's to come.
https://www.hackerone.com/blog/QA-Flickrs-Senior-Engineering-Manager-Alex-Seville
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Easy and secure Credential Management
The new credential management functionality enables program owners to share credentials with hackers in the program easily. It's as simple as uploading a CSV with credentials, and a new button will appear on your program page from where hackers can download the credentials. When uploading the credentials, you can also give the hacker instructions on how to use them. This can be helpful in case the setup isn't straightforward.
https://www.hackerone.com/blog/Easy-and-secure-Credential-Management
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Test your hacking skills on real-world simulated bugs
Five sandbox environments of recently disclosed hacktivity reports available for anyone to test their hacking skills and see if they can replicate the same bug that was discovered. #hackon
https://www.hackerone.com/blog/Test-your-hacking-skills-real-world-simulated-bugs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Introducing Hacker Dashboard: Your personalized HackerOne overview
Earlier this month, we introduced the all-new Program Directory with fresh metrics and better filtering. Now, we're taking it a step further with the introduction of the Hacker Dashboard. Check it out!
https://www.hackerone.com/blog/Introducing-Hacker-Dashboard-Your-personalized-HackerOne-overview
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hacker101 CTF++: Find flags, get private bug bounty program invitations
Get rewarded with private invitations and work through the CTF as a group with our new release.
https://www.hackerone.com/blog/Hacker101-CTF-Find-flags-get-private-bug-bounty-program-invitations
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Shopify Awards 6,000 to Hackers in Canada: h1-514 Recap
Forty top hackers met in Montréal over the weekend to hack Canada-based Shopify. The commerce platform helps more than a half-million merchants spread across 90% of the world's countries design, set-up, and manage their stores. During the live hacking event, dubbed h1-514, Shopify paid over 6,000 in bounties to hackers who helped surface 55 valid vulnerabilities to the program.
https://www.hackerone.com/blog/Shopify-Awards-116000-Hackers-Canada-h1-514-Recap
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Integrate HackerOne directly into your website with Embedded Submissions
Receiving vulnerabilities has never been easier with the release of our newest integration: Embedded Submissions! The form will be embedded directly on your website by simply adding one line of JavaScript on your web page.
https://www.hackerone.com/blog/Integrate-HackerOne-directly-your-website-Embedded-Submissions
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Security@ 2018: Oath, DoD Highlight Value in Bringing Bug Bounties to Life
Most hacker-powered security happens remotely, with digital messaging being the typical communication channel. There's no brainstorming together with a whiteboard, no chats over coffee, no conversations during the walk across the street for lunch. One of the many benefits of Security@ is the chance to bring hackers, developers, and security teams together to meet in real life.
https://www.hackerone.com/blog/Security-2018-Oath-DoD-Highlight-Value-Bringing-Bug-Bounties-Life
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Security@ 2018: Sumo Logic's CSO On Transparency and Using Hacker-Powered Pen Tests for Better Security and Complete Compliance
At Security@ 2018, held in San Francisco in late October, Gerchow took the stage to share how Sumo Logic works with HackerOne to take a decidedly modern approach to security, using bug bounties as a tool in the arsenal and transparency as the common thread. Transparency, according to Gerchow, means that organizations must admit not only that bugs will always exist, but that the best ways to reduce vulnerabilities is to share learnings and best practices with the broader community.
https://www.hackerone.com/blog/Security-2018-Sumo-Logics-CSO-Transparency-and-Using-Hacker-Powered-Pen-Tests-Better-Security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Discovering programs is easier than ever with the new and improved Program Directory
Today, we're excited to announce a complete overhaul of our Program Directory! The new directory features a fresh design and more granular filters to find programs faster than ever. Let us know what you think!
https://www.hackerone.com/blog/Discovering-programs-easier-ever-new-and-improved-Program-Directory
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What To Do When You're Stuck Hacking
Hacking can be tedious work. Sometimes you're looking for hours, perhaps days, and you're unable to find a security vulnerability. It can be demotivating at times. This blog will give you multiple tips to power through it and regain that sweet, sweet feeling of submitting a security vulnerability.
https://www.hackerone.com/blog/What-To-Do-When-You-Are-Stuck-Hacking
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Financial Services: Tips for Bug Bounty Success
Jason Pubal is an appsec director at a large financial services firm. Over the past 2 years, he's prepared for and rolled out a successful bug bounty program with HackerOne. Here's what he's learned in the process and how you can prepare to launch your own bug bounty program.
https://www.hackerone.com/blog/Financial-Services-Tips-Bug-Bounty-Success
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Best is Yet To Come: DOD Awards New Hack the Pentagon Contract to HackerOne
Today we celebrate cyber defense. The U.S. Department of Defense's Defense Digital Service (DDS) announced expansion of the Hack the Pentagon crowdsourced security program and partnership with HackerOne. HackerOne is one of three vendors to be awarded a contract as part of the Hack the Pentagon expansion to run private assessments against sensitive, internal systems.
https://www.hackerone.com/blog/Best-Yet-Come-DOD-Awards-New-Hack-Pentagon-Contract-HackerOne
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Paranoids at Oath Take Bug Bounties to Argentina: h1-5411 Recap
HackerOne kicked off its first South America live hacking event in Buenos Aires, Argentina! Oath, a media and tech company, under which Yahoo, AOL, Verizon Digital Media Services, TechCrunch and many more dynamic brands fall, opened up their assets to 53 hackers in their second live hacking event in 2018. Eight hours later, Oath had paid out over 0,000 in bounties to hackers for their contributions. Thank you to our hackers that literally weathered a storm to join us in Argentina for the first time.
https://www.hackerone.com/blog/Paranoids-Oath-Take-Bug-Bounties-Argentina-h1-5411-Recap
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Say Yes To Cyber Help
We are seeing tremendous growth at HackerOne. Bug bounty programs, vulnerability disclosure policies, and crowdsourced pentests are needed by anyone entrusted with protecting customer data. To serve our rapidly expanding customer base, we have tripled our headcount in the past 12 months and opened new offices in New York, Washington D.C. and Singapore, in addition to our San Francisco, London and Netherlands offices.
https://www.hackerone.com/blog/Say-Yes-Cyber-Help
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The U.S. Marine Corps Resolves Nearly 150 Vulnerabilities Thanks to Hackers
Hack the Marine Corps, the U.S. Depart of Defense's (DoD) six public bug bounty challenge, officially concluded and the results are in! Over 100 ethical hackers tested public-facing Marine Corps websites and services in an effort to harden the defenses of the Marine Corps Enterprise Network (MCEN). Over the 20 days of the hacking challenge, hackers reported nearly 150 unique valid vulnerabilities to the U.S. Marine Corps Cyberspace Command (MARFORCYBER) team and were awarded over 0,000 for their findings.
https://www.hackerone.com/blog/US-Marine-Corps-Resolves-Nearly-150-Vulnerabilities-Thanks-Hackers-2
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The AWS Shared Responsibility Model: 3 Areas of Improvement to Make Today Part 3: Logging, Monitoring, and Alerting in AWS
Migrating to the cloud means sharing responsibility for security with the cloud provider. Read about one important part of the shared responsibility model: logging, monitoring, and alerting in an AWS environment. Discover the tools available to help you always know what is happening in your environment.
https://www.hackerone.com/blog/AWS-Shared-Responsibility-Model-3-Areas-Improvement-Make-Today-Part-3
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How Hacktivity Can Save Your Company: Experts Weigh In
Hacktivity can save your company. Take help from hackers. You can't do it alone. Approach hackers with an assumption of benevolence, and develop relationships with them. Don't find out about a vulnerability for the first time on Twitter. How do you defend yourself against people who get up in the morning, put on their flip flops (or military uniform) and do nothing but think about how to attack you? These were themes at the Atlantic Council's panel on coordinated vulnerability disclosure (CVD) on September 18 in Washington, D.C.
https://www.hackerone.com/blog/How-Hacktivity-Can-Save-Your-Company-Experts-Weigh-In
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hacker Q&A with André Baptista: From CTF Champ to h1-202 MVH
From CTF Champ to H1-202 MVH. André applied the creativity of CTFs to find and escalate bugs in the wild and hack his way to to the Championship Belt less than a month after finding his first bug in the wild.
https://www.hackerone.com/blog/Hacker-QA-Andre-Baptista-CTF-Champ-h1-202-MVH
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Streamline Every Aspect of Your Responsible Disclosure Policy with HackerOne Response
HackerOne Response is our turnkey solution offering enterprise-grade security and conformance with ISO-29147 (vulnerability disclosure) and ISO-30111 (vulnerability handling). It allows vulnerability management teams to work directly with external third-parties to resolve critical security vulnerabilities before they can be exploited.
https://www.hackerone.com/blog/Streamline-Every-Aspect-Your-VDP-HackerOne-Response
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Top Firewall Misconfigurations that Lead to Easy Exploitations by Attackers
Migrating to the cloud means sharing responsibility for security with the cloud provider. Read about one important part of the shared responsibility model: keeping your cloud network secure. Discover how to protect your cloud networks from attackers.
https://www.hackerone.com/blog/Top-Firewall-Misconfigurations-that-Lead-to-Easy-Exploitations
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The AWS Shared Responsibility Model: 3 Areas of Improvement to Make Today, Part 1
Migrating to the cloud means sharing responsibility for security with the cloud provider. Read about one important part of the shared responsibility model: keeping your private keys private. Discover how to prevent your secrets from escaping the cloud.
https://www.hackerone.com/blog/AWS-Shared-Responsibility-Model-3-Areas-Improvement-Make-Today-Part-1-Keep-Your-Private-Keys
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Introducing the Hacker101 CTF
Capture flags all day and night in our newly launched CTF, available 24/7 at ctf.hacker101.com.
https://www.hackerone.com/blog/Introducing-Hacker101-CTF
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Highlights of New York's Cybersecurity Regulation 23 NYCRR Part 500
Effective March 1, 2017, the New York State Department of Financial Services (NYDFS) promulgated 23 NYCRR Part 500, a regulation establishing cybersecurity requirements for financial services companies. Beginning today, September 4, 2018, Sections 500.06, 500.08, 500.13, 500.14(a) and 500.15 of 23 NYCRR Part 500 will be enforceable.
https://www.hackerone.com/blog/Highlights-New-Yorks-Cybersecurity-Regulation-23-NYCRR-Part-500
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
H1-702 2018 makes history with over 0K in bounties paid!
Five straight nights of hacking with over 75 hackers representing 20+ countries hacked five targets earning over 0,000. It was the largest and most successful live hacking event ever.
https://www.hackerone.com/blog/H1-702-2018-makes-history-over-500K-bounties-paid
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hacker Q&A with Matthew Bryant: Good Artists Copy, Great Artists Steal
“Seeing an exploit without understanding how any of it works felt like witnessing someone doing actual magic.” In his search to understand new-to-him security vulnerabilities, Matthew Bryant (@iammandatory) has found some iconic bugs. He chatted with us about those finds, collaboration, and the tools he builds as a modern-day security magician.
https://www.hackerone.com/blog/Hacker-QA-Matthew-Bryant-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What is a Responsible Disclosure Policy and Why You Need One
This article will answer the simple question of what a vulnerability disclosure policy is, what's included in a good policy, which organizations have a VDP today, and which government agencies have published guidance on VDPs.
https://www.hackerone.com/blog/What-Vulnerability-Disclosure-Policy-and-Why-You-Need-One
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
118 Fascinating Facts from HackerOne's Hacker-Powered Security Report 2018
Read 118 of the most intriguing data points from HackerOne's Hacker-Powered Security Report 2018. Get the facts to learn how security teams are working with hackers to crush more bugs and make the internet safer for everyone.
https://www.hackerone.com/blog/118-Fascinating-Facts-HackerOnes-Hacker-Powered-Security-Report-2018
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
7 Common Security Pitfalls to Avoid When Migrating to the Cloud
Read about the seven common security pitfalls to avoid when considering a migration to the cloud. Get actionable steps you should take now to ensure the best security possible for your customers.
https://www.hackerone.com/blog/7-Common-Security-Pitfalls-Avoid-When-Migrating-Cloud
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Oath Bug Bounty Program Update: M in payouts and expansion of the program
Oath has surpassed over ,000,000 bounties paid to hackers for their help to significantly decrease risk and reduce Oath's attack surface. However, bugs aren't all Oath received from the security community. They also heard a ton of feedback that they've accounted for in five changes to their program policy. Check them out!
https://www.hackerone.com/blog/Oath-Bug-Bounty-Program-Update-1M-payouts-and-expansion-program
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Improve Credential Sharing with Hacker Email Aliases
New hacker email aliases feature makes credential sharing, and whitelisting domains simple for programs
https://www.hackerone.com/blog/Improve-Credential-Sharing-Hacker-Email-Aliases
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A Guide To Subdomain Takeovers
Technical guide on how to understand, find, exploit, and report subdomain misconfigurations by EdOverflow
https://www.hackerone.com/blog/Guide-Subdomain-Takeovers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Software Vulnerability Disclosure in Europe: Summary and Key Highlights of the European Parliament CEPS Task Force Report
HackerOne's summary review of the Software Vulnerability Disclosure in Europe Technology, Policies and Legal Challenges report.
https://www.hackerone.com/blog/Software-Vulnerability-Disclosure-Europe-Summary-and-Key-Highlights-European-Parliament-CEPS
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Sumo Logic Looks to Hacker-Powered Pen Testing for Security and Compliance
In late 2017, Sumo Logic CSO George Gerchow faced a challenge most only dream of — pen testing reports kept coming back clean. While this seems like good knews, it meant Sumo Logic's attack surface was hardening, Gerchow knew nothing is bulletproof. Three bug bounty challenges later, Sumo Logic is sharing the results and inner workings of its open line of communication with the hacker community for the first time.
https://www.hackerone.com/blog/Sumo-Logic-Looks-Hacker-Powered-Pen-Testing-Security-and-Compliance
Partager : LinkedIn /