Lucene search
K

67 matches found

ThreatPost
ThreatPost
added 2018/07/02 7:13 p.m.28 views

Navigating an Uncharted Future, Bug Bounty Hunters Seek Safe Harbors

When researcher Kevin Finisterre found a security error in drone-maker DJI’s systems enabling him to access flight log data and images of customers, he thought he had hit the $30,000 jackpot as part of the drone company’s newly announced bug bounty program. Instead, when the incident occurred in...

8.1AI score
Exploits0References13
ThreatPost
ThreatPost
added 2018/05/03 7:57 p.m.14 views

A Look Inside: Bug Bounties and Pen Testing

As more organizations turn to bug bounty programs, versus penetration testing, to weed out vulnerabilities in their products we ask Christie Terrill, partner at Bishop Fox, what she sees as the pros and cons of either approach. Threatpost’s Lindsey O’Donnell also asks Terrill what kind of compani...

7.4AI score
Exploits0References1
ThreatPost
ThreatPost
added 2018/05/02 8:13 p.m.13 views

Hacktivists, Tech Giants Protest Georgia’s ‘Hack-Back’ Bill

As Georgia Governor Nathan Deal considers whether to sign a controversial piece of legislation that would allow companies to “hack back” with offensive initiatives in the face of a cyberattack, companies from across the tech spectrum are lining up to protest the measure. Also, a hacktivist group...

1.6AI score
Exploits0References4
Wallarm Lab
Wallarm Lab
added 2018/03/01 9:45 p.m.96 views

Application Security Testing — The Wallarm Approach

Testing the security of the corporate applications is a part of every-day life for Ops and DevOps professionals. Larger companies have whole teams dedicated to independent security testing, called Red Teams. These folks use various tools at their disposal to discover the flaws in both application...

7AI score
Exploits0
Securelist
Securelist
added 2017/11/15 10:2 a.m.52 views

Threat Predictions for Automotive in 2018

The landscape in 2017 Modern cars are no longer just electro-mechanical vehicles. With each generation, they become more connected and incorporate more intelligent technologies to make them smarter, more efficient, comfortable and safe. The connected-car market is growing at a five-year compound...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/07/31 10:59 a.m.61 views

Measuring Vulnerability Rediscovery

New paper: "Taking Stock: Estimating Vulnerability Rediscovery," by Trey Herr, Bruce Schneier, and Christopher Morris: Abstract: How often do multiple, independent, parties discover the same vulnerability? There are ample models of vulnerability discovery, but little academic work on this issue o...

7AI score
Exploits0
MSRC
MSRC
added 2017/07/26 5:1 p.m.17 views

Announcing the Windows Bounty Program

Windows 10 represents the best and newest in our strong commitment to security with world-class mitigations. One of Microsoft’s longstanding strategies toward improving software security involves investing in defensive technologies that make it difficult and costly for attackers to find, exploit...

7.5AI score
Exploits0
ThreatPost
ThreatPost
added 2016/12/28 9:0 a.m.12 views

Four New Normals for 2017

Let’s not talk about cybersecurity predictions for 2017. Let’s talk instead about new normals, things that have ceased to be novel because, well, they happen all the time and everywhere. Let’s concede that things such as greedy ransomware, imposing IOT botnets, high-profile bug bounties and...

7.6AI score
Exploits0
exploitpack
exploitpack
added 2016/12/14 12:0 a.m.86 views

Apport 2.x (Ubuntu Desktop 12.10 16.04) - Local Code Execution

Apport 2.x Ubuntu Desktop 12.10 16.04 - Local Code Execution Both of these issues were reported to the Apport maintainers and a fix was released on 2016-12-14. The CrashDB code injection issue can be tracked with CVE-2016-9949 and the path traversal bug with CVE-2016-9950. An additional problem...

9.3CVSS7.1AI score0.17726EPSS
Exploits8
MSRC
MSRC
added 2016/04/29 7:0 a.m.13 views

Microsoft Bounty Programs Expansion - Nano Server Technical Preview Bounty

Microsoft is pleased to announce another expansion of the Microsoft Bounty Programs. Today we begin a bounty for the Nano Server installation option of Windows Server 2016Technical Preview 5. Please visit https://aka.ms/BugBounty to find more details. Nano Server is a remotely administered,...

6.9AI score
Exploits0
ThreatPost
ThreatPost
added 2016/04/15 8:0 a.m.15 views

Katie Moussouris on Free ISO 29147

Threatpost Op-Ed is a regular feature where experts contribute essays and commentary on what’s happening in security and privacy. Today’s contributor is Katie Moussouris @k8em0. Today marks an exciting development in the often monotonous rehashing of vulnerability disclosure. The ISO standard tha...

7.2AI score
Exploits0References17
MSRC
MSRC
added 2015/10/20 7:0 a.m.10 views

Microsoft Bounty Programs Expansion - .NET Core and ASP.NET Beta Bounty

Today, I have another exciting expansion of the Microsoft Bounty Programs to announce. Please visit https://aka.ms/bugbounty to find out more. I’ll be discussing this new bounty in my talk at SyScan360 on October 21, 2015. We are delighted to offer a bounty for the .NET Core and ASP.NET Beta whic...

6.9AI score
Exploits0
MSRC
MSRC
added 2015/08/05 7:0 a.m.12 views

Microsoft Bounty Programs Expansion - Bounty for Defense, Authentication Bonus, and RemoteApp

I am very pleased to be releasing additional expansions of the Microsoft Bounty Programs. Please stop by the Microsoft Networking Lounge at Black Hat, August 5-6, to learn more about these programs; or, visit https://aka.ms/BugBounty. We are raising the Bounty for Defense maximum from $50,000 USD...

7AI score
Exploits0
ThreatPost
ThreatPost
added 2015/07/24 1:29 p.m.84 views

Stakeholders Argue Against Restrictive Wassennaar Proposal

The commenting period regarding the Wassenaar Arrangement expired on Monday but the echo chamber around the largely maligned proposal continues to reverberate. Several stakeholders implicated in the proposal added their voices to that chamber on Friday morning, urging the government to revise...

9.3CVSS8.5AI score0.99945EPSS
Exploits33References11
MSRC
MSRC
added 2015/04/22 7:0 a.m.14 views

Microsoft Bounty Programs Expansion – Azure and Project Spartan

Update 2/22/17: Removed Guest-to-Host DoS non-distributed, from a single guest from Hyper-V escape bounty list. I am excited to announce significant expansions to the Microsoft Bounty Programs. We are evolving the 'Online Services Bug Bounty, launching a new bounty for Project Spartan, and updati...

7.2AI score
Exploits0
ThreatPost
ThreatPost
added 2015/03/06 9:49 a.m.12 views

Adobe Starts Vulnerability Disclosure Program on HackerOne

Update: Adobe is the latest tech vendor to begin a vulnerability disclosure program, but it seems they’re limping in at the outset. The program launched this week on the HackerOne platform, but there are no cash incentives being offered and certain Adobe products are not in scope for researchers...

8.3AI score
Exploits0References5
ThreatPost
ThreatPost
added 2014/04/08 6:3 a.m.137 views

Unpatched Bugs, Windows XP End of Life and Public Disclosure

Windows XP security support ends Tuesday and until now, most of the public hand-wringing over XP’s end-of-life has been about the potential for malware outbreaks against unpatched vulnerabilities that have been stockpiled by hackers anxiously awaiting April 8, 2014. But what about vulnerabilities...

9.3CVSS8.7AI score0.99945EPSS
Exploits33References3
ThreatPost
ThreatPost
added 2014/03/12 10:27 p.m.9 views

Vupen Cashes in Four Times at Pwn2Own 2014

VANCOUVER – It’s become a familiar walk for Chaouki Bekrar. Year after year at the Pwn2Own contest, the controversial Vupen founder is scurried from a small room in the basement of the Sheraton hotel to a suite several floors above. It’s a short journey from where a string of zero-day exploits ar...

0.2AI score
Exploits0References6
MSRC
MSRC
added 2013/10/07 7:0 a.m.11 views

An update on the bounty programs

Back in June of this year, we announced three new bounty programs that will pay researchers for techniques that bypass built-in OS mitigations and protections, for defenses that stop those bypasses and for vulnerabilities in Internet Explorer 11 Preview. This past Friday, we provided some...

7.2AI score
Exploits0
ThreatPost
ThreatPost
added 2013/07/10 12:12 p.m.11 views

Bug Bounty Programs Pay Economic Rewards

Bug bounty programs can be as much as 100 times more cost-effective for finding security vulnerabilities than hiring full-time security researchers to do the same thing. New research from the University of California at Berkeley, which focused on bug bounty programs run by Google and Mozilla, fou...

0.5AI score
Exploits0References5
Rows per page
Query Builder