Organizations should consider red, blue and purple teaming, penetration testing services, and bug bounty programs to expose attackers and strengthen their security posture.
Do security researchers and ethical hackers learn more about cybersecurity from their employer, schooling or bug bounty experience? The Ethical Hacker Insights Report 2022 surveyed 1,181 people with cybersecurity experience to learn more.
Foregrounding transparency can go a long way in securing your organization's technology and workforce, according to four cybersecurity experts from Intel. Suzy Greenberg, Vice President of Communications and Incident Response; Maggie Jauregui, Offensive Security Researcher; Katie Noble, Director of Intel's Product Security Incident Response Team (PSIRT) and Bug Bounty; and Amit Elazari, Director of Global Cybersecurity Policy discussed transparency in bug bounty and vulnerability disclosure programs, as well as gender parity in cybersecurity.
To celebrate the anniversary of its Vulnerability Reward Program and ensure the next 10 years are just as successful and collaborative, Google announced the launch of its new platform, bughunters.google.com. The new site brings all VRPs (Google, Android, Abuse, Chrome and Play) closer together and provides a single intake form that makes it easier for bug hunters to submit issues.
Researchers at at Positive Technologies have published a proof-of-concept exploit for CVE-2020-3580. There are reports of researchers pursuing bug bounties using this exploit.
After auditing the security of Helpdesk Software solution Deskpro in accordance with the company's Responsible Disclosure Bug Bounty Program, the Checkmarx Security Research Team discovered a severe cross-site scripting (XSS) issue that can be exploited multiple ways.
Facebook has fixed a critical flaw in the Facebook Messenger for Android messaging app. Natalie Silvanovich of Google’s Project Zero reported the bug to the Facebook bug bounty program. The bug could have allowed a sophisticated attacker logged in on Messenger for Android to simultaneously initiate a call and send an unintended message type to someone logged in on Messenger for Android and another Messenger client (i.e. web browser).
