The Record
SEC to require financial firms to have data breach incident plans
“The basic idea for covered firms is if you’ve got a breach, then you’ve got to notify,” SEC Chair Gary Gensler said. “That’s good for investors.”
The Record
“The basic idea for covered firms is if you’ve got a breach, then you’ve got to notify,” SEC Chair Gary Gensler said. “That’s good for investors.”
DarkReading
Exploit code is circulating for CVE-2024-4761, disclosed less than a week after a similar security vulnerability was disclosed as being used in the wild.
SecurityWeek
Ron Reiter was a childhood hacker in Israel and recruited into the IDF’s Unit 8200. Now he is CTO and co-founder of cybersecurity firm Sentra.
SC Magazine
Security pros say the industry can expect to see this bug exploited soon, so patch, monitor and conduct other measures, like browser isolation and sandboxing.
DarkReading
Patch now: Cyberattackers are exploiting CVE-2023-7028 (CVSS 10) to take over and lock users out of GitLab accounts, steal source code, and more.
CSO
Tools, platforms, and services that the CSO team recommends 2024 RSA Conference attendees check out.
Infosecurity News
Andrew Witty made the claims in a written testimony submitted before a House subcommittee hearing
CyberSecurity Dive
AlphV deployed ransomware nine days after it used access to a Citrix portal on Change’s network to move laterally within systems, CEO Andrew Witty said in testimony prepared for a House subcommittee hearing set for Wednesday.
HACKRead
A recent attack exploited vulnerabilities in systems running outdates Microsoft Office to deliver Cobalt Strike malware. Learn how to protect yourself!
SecurityWeek
SecurityWeek interviews Kevin O’Connor, a high school hacker who went on to work for NSA. He is now director of threat research at Adlumin.
SecurityWeek
SecurityWeek discusses the CISO role with CISOs from crowdsourced hacking firms: Nick McKenzie at Bugcrowd and Chris Evans at HackerOne.
SecurityWeek
Cybersecurity companies raised $2.3 billion in funding in Q1 2024, a 20% decrease compared to the same period of 2023, according to Pinpoint.
Infosecurity News
A backdoor in XZ Utils, a widely used file-compressing software in Linux systems, could have led to a critical supply chain attack had a Microsoft researcher not spotted it in time
SC Magazine
Following SEC filing, insurer says ransomware group stole personal data in February cyberattack.
CSO
The study by Diligent and Bitsight points to advanced security and strong risk or audit committees as good predictors of an enterprise’s financial success.
DarkReading
Government proposes more modern and comprehensive cybersecurity regulations for businesses, government, and critical infrastructures providers Down Under.
DarkReading
The White House urged operators of water and wastewater systems to review and beef up their security against attacks by Iran- and China-based groups.
Cyber Security News
The processing of over 50,000 vulnerability reports since the inception of its Vulnerability Disclosure Program (VDP) in November 2016.
Infosecurity News
Seven years into its ethical hacking program, the Pentagon received its 50,000th vulnerability report on March 15
SecurityWeek
Since 2016, the US Defense Department has received over 50,000 submissions through its vulnerability disclosure program.
SecurityWeek
SecurityWeek interviews Stephanie Carruthers, Chief People Hacker at X-Force Red, IBM Security, about social engineering.
SecurityWeek
Bugcrowd has raised $102 million in strategic growth funding, which it will use to accelerate growth and improve its platform.
SecurityWeek
Hacker Conversations Interview: SecurityWeek talks to hacker Rob Dyke to discuss corporate legal bullying of good faith researchers
DarkReading
Crypto theft, sextortion tactics, swattings, and ransomware: teenagers are increasingly taking up cybercrime for fun and profit — and experts credit an array of contributing factors.
HACKRead
The company claims that third-party cartridges can infect users' PCs with viruses or malware, which can then reach the printer and network.
Infosecurity News
Bugcrowd’s latest report also recorded a 30% surge in web submissions in 2023
SecurityWeek
SecurityWeek interviews Runa Sandvik, a cybersecurity researcher and focused on protecting journalists, defenders of human rights and lawyers.
Cyber Security News
Best Bug Bounty Platforms and bug bounty program. 1.HackerOne 2.Bugcrowd. 3.HACKRATE. 4. HackenProof. 5. Integrity
SecurityWeek
Cryptocurrency exchange hacker pleads guilty, rating LLM vulnerabilities, Intellexa spyware analysis by Cisco.
Bleeping Computer
Security researchers developed a new attack, which they named AutoSpill, to steal account credentials on Android during the autofill operation.
SC Magazine
Ethical hackers at AppOmni claimed a $5,000 bug bounty for discovering the Zoom Rooms vulnerability, disclosed at a conference last summer.
HACKRead
OwnCloud has fixed the issue in version 10.9.01 but urges customers to change their OwnCloud admin password, database and mail server credentials.
Infosecurity News
Zero-day bug could allow remote control of servers
DarkReading
The feds seem to know all about the hacking group brazenly breaking into corporate networks; so why are enterprise teams left on their own to stop their cybercrimes?
SecurityWeek
Chris Wysopal (AKA Weld Pond) founder and CTO of Veracode and member of the hacker collective L0pht Heavy Industries.
Infosecurity News
The order is designed to help ensure Ai systems are safe, secure and trustworthy
SecurityWeek
Threat actor uses typosquatting to trick hundreds of users into downloading a malicious NPM package that delivers the r77 rootkit.
CSO
Open letter claims current provisions will create new threats that undermine the security of digital products and individuals.
Infosecurity News
Operation Zero will pay $20m for exploits like RCE, LPE and SBX, integral to a full-chain attack
Infosecurity News
The move aims to combat the rampant spread of misinformation among American voters
SecurityWeek
SecurityWeek interviews Casey Ellis, founder, chairman and CTO at Bugcrowd, best known for operating bug bounty programs for organizations.
The Record
The U.S. federal government’s internal clearinghouse for cybersecurity vulnerabilities took in more than 1,300 valid reports in its first 18 months and prompted decisive action on most of them, saving as much as $4.35 million in estimated response and recovery efforts, according to the program’s first annual report.
The Record
Cybersecurity agencies in the U.S. and Australia warned Thursday of a specific brand of vulnerabilities that allow hackers to change or delete data by using the identities of users allowed to access the information.
SecurityWeek
Bugcrowd’s Inside the Mind of the Hacker report shows the speed and efficiency of hackers adopting new technologies to assist their hunting
SecurityWeek
A formal NATO Cyber Command could do as much for the cybersecurity of individual members of NATO as USCYBERCOM already does for the US.
Infosecurity News
MDSec ActiveBreach said the flaw affects versions 7.0 to 9.0 of the software
CyberSecurity Dive
In-restaurant purchases are still being processed on NCR Aloha, but other capabilities and business processes remain down, the company said Monday.
Latest Hacking News
While ChatGPT has drawn immense attention from digital users owing to its large list of features, it now begins to attract people from the cybersecurity world too. Recently, OpenAI – the parent firm behind ChatGPT
The Hacker News
OpenAI launches bug bounty program. Rewards range from $200 to $20,000 for discovering vulnerabilities in ChatGPT and related systems.
DarkReading
A wide-ranging campaign to inject malicious code into WordPress-run websites has been ongoing for at least five years.
Infosecurity News
Following criticisms around ChatGPT’ security and privacy practices, OpenAI has launched a bug bounty program to help identify vulnerabilities across its systems and services
CSO
Based on the severity and impact of the reported vulnerability, OpenAI will hand out cash rewards ranging from $200 for low-severity findings to up to $20,000 for exceptional discoveries.
Security Affairs
AI company OpenAI launched a bug bounty program and announced payouts of up to $20,000 for security flaws in its ChatGPT chatbot service. OpenAI launched a bug bounty program and it is offering up to $20,000 to bug hunters that will report vulnerabilities in its ChatGPT chatbot service. The company explained that ChatGPT is in […]
Bleeping Computer
AI research company OpenAI announced today the launch of a new bug bounty program to allow registered security researchers to discover vulnerabilities in its product line and get paid for reporting them via the Bugcrowd crowdsourced security platform.
Infosecurity News
Bugcrowd is concerned about a lack of protection for ethical hackers
Infosecurity News
It shows the threat actor trying to convince Royal Mail to pay the ransom using various techniques
SecurityWeek
The US Department of Defense is getting ready to launch the third installment of its ‘Hack the Pentagon’ bug bounty program, which will focus on the Facility Related Controls System network.
Infosecurity News
Cisco did not release updates to address the vulnerabilities and no workarounds address them
DarkReading
Unpatched Cisco bugs, tracked as CVE-2023-20025 and CVE-2023-20026, allow lateral movement, data theft, and malware infestations.
Infosecurity News
The September incident exposed names, social security numbers and driver's license numbers
SecurityWeek
More than 50 organizations have been added as a CVE Numbering Authority (CNA) in 2022, bringing the total to 260.
Infosecurity News
A total of roughly 100,000 people had their personal data stolen during the cyber-attack
Infosecurity News
Phosphorus published a report encapsulating five years of security research and device testing.
DarkReading
How far can its government — or any government or private company — go to proactively disrupt cyber threats without causing collateral damage?
Infosecurity News
The feature needs to be manually enabled by repository maintainers
The Record
CISOs are split on whether Wednesday’s conviction of Uber’s former security chief Joe Sullivan will have more wide-ranging consequences for people in their position.
CyberSecurity Dive
Text message and email-based authentication aren’t just the weakest variants of MFA. Cybersecurity professionals say they are broken.
DarkReading
Initial reports suggest a basic security error allowed the attacker to access the company's live customer database via an unauthenticated API.
Infosecurity News
The report also found that 89% of them experienced an average of 43 attacks in the past 12 months
Bleeping Computer
Atlassian has published a security advisory warning Bitbucket Server and Data Center users of a critical security flaw that attackers could leverage to execute arbitrary code on vulnerable instances.
DarkReading
The state-sponsored group particularly targets organizations working on behalf of the Uyghurs, Tibet, and Taiwan, looking to gather intel that could lead to human-rights abuses, researchers say.
Latest Hacking News
A white-hacker demonstrated how he hacked SpaceX’s satellite-based internet system Starlink. The researcher could successfully compromise the target Starlink User Terminal using a $25 tool. Starlink User Terminal Hacked Via Fault Injection Attack Security researcher Lennert Wouters
Infosecurity News
Campaign coincides with speaker Pelosi’s trip
Ars Technica
Advisory had already warned hardcoded password was "trivial to obtain."
The Record
Atlassian is warning its customers and partners about three different critical vulnerabilities affecting Confluence Server, Confluence Data Center as well as several other products from Bamboo, BitBucket, Fisheye and Jira.
SecurityWeek
The LockBit 3.0 ransomware operation has been launched and it includes a bug bounty program offering up to $1 million.
The Record
The highly active LockBit ransomware group released what it is calling “LockBit 3.0” over the weekend, and announced a bug bounty program that offers rewards for ways to improve the ransomware operation.
The Record
Microsoft has published guidance addressing CVE-2022-30190 – a zero-day vulnerability affecting several kinds of Office documents.
Bleeping Computer
The hacker of 'ctx' and 'PHPass' libraries has now broken silence and explained the reasons behind this hijack to BleepingComputer. According to the hacker, this was a bug bounty exercise and no malicious activity was intended.
Bleeping Computer
The hacker of 'ctx' and 'PHPass' libraries has now broken silence and explained the reasons behind this hijack to BleepingComputer. According to the hacker, this was a bug bounty exercise and no malicious activity was intended.
ThreatPost
The DoJ is charging its founder, 21-year-old Portuguese citizen Diogo Santos Coelho, on six criminal counts, including conspiracy, access device fraud and aggravated identity theft.
SecurityWeek
Neurodivergents could be a valuable addition to the general diversity of a security team, and are potentially top-grade, problem-solving threat hunters and policy analysts.
CSO
Breach Forums launches as alternative to mysteriously torpedoed illicit cybercrime community.
DarkReading
Among them is the operator of the Ghostwriter misinformation campaign, with a new browser-in-browser phishing technique, according to Google's research team.
ThreatPost
The internet giant issued an update for the bug, which is found in the open-source V8 JavaScript engine.
Latest Hacking News
The popular password management solution 1Password has announced expanding its highest bounty reward limits. Onwards, 1Password bug bounty program on Bugcrowd will offer rewards of up to $1 million. 1Password $1 Million Bug Bounty According to a
SecurityWeek
Password management software vendor 1Password today announced that it is willing to pay up to $1 million to researchers able to steal secrets from its vault.
ZDNet
1Password has paid out $103,000 to Bugcrowd researchers since 2017.
ZDNet
The report said one had a "critical" severity score and the other had a "high" severity score.
ZDNet
A researcher shares his thoughts on the challenges of responsible vulnerability disclosure.
ThreatPost
A pro-Ukraine Conti member spilled 13 months of the ransomware group's chats, while cyber actors are rushing to align with both sides.
DarkReading
A lot of the recommended preparation involves measures organizations should have in place already.
ZDNet
Experts expressed concerns about the influx of non-government cyber groups taking sides in the Russian invasion of Ukraine.
ThreatPost
Attackers are sending email blasts with malware links in embedded PDFs as a way to evade email filters, lying about having fictional "video evidence."
ThreatPost
A collection of five security vulnerabilities with a collective CVSS score of 10 out of 10 threaten critical infrastructure environments that use Moxa MXview.
ZDNet
Collectively, ICS-CERT scored these vulnerabilities a 10.0, its highest criticality score.
Bleeping Computer
ExpressVPN has updated its bug bounty program to make it more inviting to ethical hackers, now offering a one-time $100,000 bug bounty to whoever can compromise its systems.
ZDNet
CISA urged government agencies to patch the vulnerability by Feb 18.
ZDNet
The White House and Department of Homeland Security announced the creation of a 15-person Cyber Safety Review Board.
The Record
Ukrainian ethical hackers prefer to work with clients abroad: foreigners are more open to investing in cybersecurity—and they pay more.
Loading more articles....