The Record
SEC to require financial firms to have data breach incident plans
“The basic idea for covered firms is if you’ve got a breach, then you’ve got to notify,” SEC Chair Gary Gensler said. “That’s good for investors.”
DarkReading
Dangerous Google Chrome Zero-Day Allows Sandbox Escape
Exploit code is circulating for CVE-2024-4761, disclosed less than a week after a similar security vulnerability was disclosed as being used in the wild.
SecurityWeek
Hacker Conversations: Ron Reiter, and the Making of a Professional Hacker
Ron Reiter was a childhood hacker in Israel and recruited into the IDF’s Unit 8200. Now he is CTO and co-founder of cybersecurity firm Sentra.
SC Magazine
Google patches 6th Chrome zero-day of 2024, three days after last one
Security pros say the industry can expect to see this bug exploited soon, so patch, monitor and conduct other measures, like browser isolation and sandboxing.
DarkReading
Critical GitLab Bug Under Exploit Enables Account Takeover, CISA Warns
Patch now: Cyberattackers are exploiting CVE-2023-7028 (CVSS 10) to take over and lock users out of GitLab accounts, steal source code, and more.
CSO
Most interesting products to see at RSAC 2024
Tools, platforms, and services that the CSO team recommends 2024 RSA Conference attendees check out.
Infosecurity News
UnitedHealth CEO Confirms Breach Tied to Stolen Credentials, No MFA
Andrew Witty made the claims in a written testimony submitted before a House subcommittee hearing
CyberSecurity Dive
Change Healthcare, compromised by stolen credentials, did not have MFA turned on
AlphV deployed ransomware nine days after it used access to a Citrix portal on Change’s network to move laterally within systems, CEO Andrew Witty said in testimony prepared for a House subcommittee hearing set for Wednesday.
HACKRead
7-Year-Old 0-Day in Microsoft Office Exploited to Drop Cobalt Strike
A recent attack exploited vulnerabilities in systems running outdates Microsoft Office to deliver Cobalt Strike malware. Learn how to protect yourself!
SecurityWeek
Hacker Conversations: Kevin O’Connor, From Childhood Hacker to NSA Operative
SecurityWeek interviews Kevin O’Connor, a high school hacker who went on to work for NSA. He is now director of threat research at Adlumin.
SecurityWeek
CISO Conversations: Nick McKenzie (Bugcrowd) and Chris Evans (HackerOne)
SecurityWeek discusses the CISO role with CISOs from crowdsourced hacking firms: Nick McKenzie at Bugcrowd and Chris Evans at HackerOne.
SecurityWeek
Cybersecurity Firms Raised $2.3 Billion in Q1 2024: Report
Cybersecurity companies raised $2.3 billion in funding in Q1 2024, a 20% decrease compared to the same period of 2023, according to Pinpoint.
Infosecurity News
Trusted Contributor Plants Backdoor in Critical Open-Source Library
A backdoor in XZ Utils, a widely used file-compressing software in Linux systems, could have led to a critical supply chain attack had a Microsoft researcher not spotted it in time
SC Magazine
Prudential Financial: February incident exposed data of nearly 37K customers
Following SEC filing, insurer says ransomware group stole personal data in February cyberattack.
CSO
Report suggests cybersecurity investment, board involvement linked to better shareholder returns
The study by Diligent and Bitsight points to advanced security and strong risk or audit committees as good predictors of an enterprise’s financial success.
DarkReading
Australian Government Doubles Down On Cybersecurity in Wake of Major Attacks
Government proposes more modern and comprehensive cybersecurity regulations for businesses, government, and critical infrastructures providers Down Under.
DarkReading
Feds Warn About Vulnerability of US Water Systems
The White House urged operators of water and wastewater systems to review and beef up their security against attacks by Iran- and China-based groups.
.webp)
Cyber Security News
Pentagon Received 50,000+ Vulnerability Reports Since November 2016
The processing of over 50,000 vulnerability reports since the inception of its Vulnerability Disclosure Program (VDP) in November 2016.
Infosecurity News
50,000 Vulnerabilities Discovered in DoD Systems Through Bug Bounty
Seven years into its ethical hacking program, the Pentagon received its 50,000th vulnerability report on March 15
SecurityWeek
Pentagon Received Over 50,000 Vulnerability Reports Since 2016
Since 2016, the US Defense Department has received over 50,000 submissions through its vulnerability disclosure program.
SecurityWeek
Hacker Conversations: Stephanie ‘Snow’ Carruthers, Chief People Hacker at IBM X-Force Red
SecurityWeek interviews Stephanie Carruthers, Chief People Hacker at X-Force Red, IBM Security, about social engineering.
SecurityWeek
Bugcrowd Raises $102 Million
Bugcrowd has raised $102 million in strategic growth funding, which it will use to accelerate growth and improve its platform.
SecurityWeek
Hacker Conversations: Rob Dyke on Legal Bullying of Good Faith Researchers
Hacker Conversations Interview: SecurityWeek talks to hacker Rob Dyke to discuss corporate legal bullying of good faith researchers
DarkReading
Teens Committing Scary Cybercrimes, What's Behind the Trend?
Crypto theft, sextortion tactics, swattings, and ransomware: teenagers are increasingly taking up cybercrime for fun and profit — and experts credit an array of contributing factors.
HACKRead
HP Claims Monopoly on Ink, Alleges 3rd-Party Cartridge Malware Risk
The company claims that third-party cartridges can infect users' PCs with viruses or malware, which can then reach the printer and network.
Infosecurity News
Government Security Vulnerabilities Surge By 151%, Report Finds
Bugcrowd’s latest report also recorded a 30% surge in web submissions in 2023
SecurityWeek
Hacker Conversations: Runa Sandvik
SecurityWeek interviews Runa Sandvik, a cybersecurity researcher and focused on protecting journalists, defenders of human rights and lawyers.
.webp)
Cyber Security News
5 Best Bug Bounty Platforms for White-Hat Hackers - 2024
Best Bug Bounty Platforms and bug bounty program. 1.HackerOne 2.Bugcrowd. 3.HACKRATE. 4. HackenProof. 5. Integrity
SecurityWeek
In Other News: Crypto Exchange Hack Guilty Plea, Rating AI Vulnerabilities, Intellexa Spyware
Cryptocurrency exchange hacker pleads guilty, rating LLM vulnerabilities, Intellexa spyware analysis by Cisco.
Bleeping Computer
AutoSpill attack steals credentials from Android password managers
Security researchers developed a new attack, which they named AutoSpill, to steal account credentials on Android during the autofill operation.
SC Magazine
Zoom flaw enabled hijacking of accounts with access to meetings, team chat
Ethical hackers at AppOmni claimed a $5,000 bug bounty for discovering the Zoom Rooms vulnerability, disclosed at a conference last summer.
HACKRead
OwnCloud "graphapi" App Vulnerability Exposes Sensitive Data
OwnCloud has fixed the issue in version 10.9.01 but urges customers to change their OwnCloud admin password, database and mail server credentials.
Infosecurity News
Hackers Exploit Critical Vulnerability in ownCloud
Zero-day bug could allow remote control of servers
DarkReading
Scattered Spider Casino Hackers Evade Arrest in Plain Sight
The feds seem to know all about the hacking group brazenly breaking into corporate networks; so why are enterprise teams left on their own to stop their cybercrimes?
SecurityWeek
Hacker Conversations: Chris Wysopal, AKA Weld Pond
Chris Wysopal (AKA Weld Pond) founder and CTO of Veracode and member of the hacker collective L0pht Heavy Industries.
Infosecurity News
Biden Issues Executive Order on Safe, Secure AI
The order is designed to help ensure Ai systems are safe, secure and trustworthy
SecurityWeek
Hundreds Download Malicious NPM Package Capable of Delivering Rootkit
Threat actor uses typosquatting to trick hundreds of users into downloading a malicious NPM package that delivers the r77 rootkit.
CSO
Cybersecurity experts raise concerns over EU Cyber Resilience Act’s vulnerability disclosure requirements
Open letter claims current provisions will create new threats that undermine the security of digital products and individuals.
Infosecurity News
Russian Company Offers $20M For Non-NATO Mobile Exploits
Operation Zero will pay $20m for exploits like RCE, LPE and SBX, integral to a full-chain attack
Infosecurity News
Voting Equipment Giants Team Up For Security
The move aims to combat the rampant spread of misinformation among American voters
SecurityWeek
Hacker Conversations: Casey Ellis, Hacker and Ringmaster at Bugcrowd
SecurityWeek interviews Casey Ellis, founder, chairman and CTO at Bugcrowd, best known for operating bug bounty programs for organizations.
The Record
CISA touts ‘tremendous growth’ in vulnerability disclosure platform
The U.S. federal government’s internal clearinghouse for cybersecurity vulnerabilities took in more than 1,300 valid reports in its first 18 months and prompted decisive action on most of them, saving as much as $4.35 million in estimated response and recovery efforts, according to the program’s first annual report.
The Record
CISA, Australia warn of IDOR vulnerabilities after major breaches
Cybersecurity agencies in the U.S. and Australia warned Thursday of a specific brand of vulnerabilities that allow hackers to change or delete data by using the identities of users allowed to access the information.
SecurityWeek
Inside the Mind of the Hacker: Report Shows Speed and Efficiency of Hackers in Adopting New Technologies
Bugcrowd’s Inside the Mind of the Hacker report shows the speed and efficiency of hackers adopting new technologies to assist their hunting
SecurityWeek
A Cybersecurity Wish List Ahead of NATO Summit
A formal NATO Cyber Command could do as much for the cybersecurity of individual members of NATO as USCYBERCOM already does for the US.
Infosecurity News
Critical Flaw Exposes ArcServe Backup to Remote Code Execution
MDSec ActiveBreach said the flaw affects versions 7.0 to 9.0 of the software
CyberSecurity Dive
NCR in recovery as ransomware disrupts widely used point-of-sale system
In-restaurant purchases are still being processed on NCR Aloha, but other capabilities and business processes remain down, the company said Monday.
Latest Hacking News
OpenAI ChatGPT Bug Bounty Program Rewards Upto $20k
While ChatGPT has drawn immense attention from digital users owing to its large list of features, it now begins to attract people from the cybersecurity world too. Recently, OpenAI – the parent firm behind ChatGPT
The Hacker News
ChatGPT Security: OpenAI's Bug Bounty Program Offers Up to $20,000 Prizes
OpenAI launches bug bounty program. Rewards range from $200 to $20,000 for discovering vulnerabilities in ChatGPT and related systems.
DarkReading
1M+ WordPress Sites Hacked via Zero-Day Plug-in Bugs
A wide-ranging campaign to inject malicious code into WordPress-run websites has been ongoing for at least five years.
Infosecurity News
Ethical Hackers Could Earn up to $20,000 Uncovering ChatGPT Vulnerabilities
Following criticisms around ChatGPT’ security and privacy practices, OpenAI has launched a bug bounty program to help identify vulnerabilities across its systems and services
CSO
OpenAI starts bug bounty program with cash rewards up to $20,000
Based on the severity and impact of the reported vulnerability, OpenAI will hand out cash rewards ranging from $200 for low-severity findings to up to $20,000 for exceptional discoveries.
Security Affairs
OpenAI launched a bug bounty program
AI company OpenAI launched a bug bounty program and announced payouts of up to $20,000 for security flaws in its ChatGPT chatbot service. OpenAI launched a bug bounty program and it is offering up to $20,000 to bug hunters that will report vulnerabilities in its ChatGPT chatbot service. The company explained that ChatGPT is in […]
Bleeping Computer
OpenAI launches bug bounty program with rewards up to $20K
AI research company OpenAI announced today the launch of a new bug bounty program to allow registered security researchers to discover vulnerabilities in its product line and get paid for reporting them via the Bugcrowd crowdsourced security platform.
Infosecurity News
Call for Submissions to UK's New Computer Misuse Act
Bugcrowd is concerned about a lack of protection for ethical hackers
Infosecurity News
LockBit and Royal Mail Ransomware Negotiation Leaked
It shows the threat actor trying to convince Royal Mail to pay the ransom using various techniques
SecurityWeek
Hack the Pentagon 3.0 Bug Bounty Program to Focus on Facility Control Systems
The US Department of Defense is getting ready to launch the third installment of its ‘Hack the Pentagon’ bug bounty program, which will focus on the Facility Related Controls System network.
Infosecurity News
Cisco Warns of Critical Vulnerability in End-of-Life Routers
Cisco did not release updates to address the vulnerabilities and no workarounds address them
DarkReading
Critical Cisco SMB Router Flaw Allows Authentication Bypass, PoC Available
Unpatched Cisco bugs, tracked as CVE-2023-20025 and CVE-2023-20026, allow lateral movement, data theft, and malware infestations.
Infosecurity News
Five Guys Discloses Data Breach Affecting Employee PII
The September incident exposed names, social security numbers and driver's license numbers
SecurityWeek
Over 50 New CVE Numbering Authorities Announced in 2022
More than 50 organizations have been added as a CVE Numbering Authority (CNA) in 2022, bringing the total to 260.
Infosecurity News
HSE Cyber-Attack Costs Ireland $83m So Far
A total of roughly 100,000 people had their personal data stolen during the cyber-attack
Infosecurity News
Security Risks Found in Millions of XIoT Devices
Phosphorus published a report encapsulating five years of security research and device testing.
DarkReading
Australia's Hack-Back Plan Against Cyberattackers Raises Familiar Concerns
How far can its government — or any government or private company — go to proactively disrupt cyber threats without causing collateral damage?
Infosecurity News
GitHub Now Supports Private Vulnerability Reporting For Public Repositories
The feature needs to be manually enabled by repository maintainers
The Record
Security chiefs fear ‘CISO scapegoating’ following Uber-Sullivan verdict
CISOs are split on whether Wednesday’s conviction of Uber’s former security chief Joe Sullivan will have more wide-ranging consequences for people in their position.
CyberSecurity Dive
Multifactor authentication is not all it’s cracked up to be
Text message and email-based authentication aren’t just the weakest variants of MFA. Cybersecurity professionals say they are broken.
DarkReading
FBI Helping Australian Authorities Investigate Massive Optus Data Breach: Reports
Initial reports suggest a basic security error allowed the attacker to access the company's live customer database via an unauthenticated API.
Infosecurity News
Increased Mortality Rates Linked to Cyber-Attacks Against Healthcare Organizations
The report also found that 89% of them experienced an average of 43 attacks in the past 12 months
Bleeping Computer
Atlassian Bitbucket Server vulnerable to critical RCE vulnerability
Atlassian has published a security advisory warning Bitbucket Server and Data Center users of a critical security flaw that attackers could leverage to execute arbitrary code on vulnerable instances.
DarkReading
China-Backed RedAlpha APT Builds Sprawling Cyber-Espionage Infrastructure
The state-sponsored group particularly targets organizations working on behalf of the Uyghurs, Tibet, and Taiwan, looking to gather intel that could lead to human-rights abuses, researchers say.
Latest Hacking News
Researcher Hacked Space-X Starlink Via A $25 Tool
A white-hacker demonstrated how he hacked SpaceX’s satellite-based internet system Starlink. The researcher could successfully compromise the target Starlink User Terminal using a $25 tool. Starlink User Terminal Hacked Via Fault Injection Attack Security researcher Lennert Wouters
Infosecurity News
DDoS Attacks Pepper Taiwanese Government Sites
Campaign coincides with speaker Pelosi’s trip
Ars Technica
Hardcoded password in Confluence app has been leaked on Twitter
Advisory had already warned hardcoded password was "trivial to obtain."
The Record
Atlassian warns of several new critical vulnerabilities potentially being exploited in wild
Atlassian is warning its customers and partners about three different critical vulnerabilities affecting Confluence Server, Confluence Data Center as well as several other products from Bamboo, BitBucket, Fisheye and Jira.
SecurityWeek
LockBit 3.0 Ransomware Emerges With Bug Bounty Program
The LockBit 3.0 ransomware operation has been launched and it includes a bug bounty program offering up to $1 million.
The Record
LockBit adds a bug bounty program in its revamped ransomware-as-a-service operation
The highly active LockBit ransomware group released what it is calling “LockBit 3.0” over the weekend, and announced a bug bounty program that offers rewards for ways to improve the ransomware operation.
The Record
Microsoft releases guidance for Office zero-day used to target orgs in Russia, India, Tibet
Microsoft has published guidance addressing CVE-2022-30190 – a zero-day vulnerability affecting several kinds of Office documents.
Bleeping Computer
Hacker says hijacking libraries, stealing AWS keys was ethical research
The hacker of 'ctx' and 'PHPass' libraries has now broken silence and explained the reasons behind this hijack to BleepingComputer. According to the hacker, this was a bug bounty exercise and no malicious activity was intended.
Bleeping Computer
Hacker of Python, PHP libraries: no "malicious activity" was intended
The hacker of 'ctx' and 'PHPass' libraries has now broken silence and explained the reasons behind this hijack to BleepingComputer. According to the hacker, this was a bug bounty exercise and no malicious activity was intended.
ThreatPost
Feds Shut Down RaidForums Hacking Marketplace
The DoJ is charging its founder, 21-year-old Portuguese citizen Diogo Santos Coelho, on six criminal counts, including conspiracy, access device fraud and aggravated identity theft.
SecurityWeek
Harnessing Neurodiversity Within Cybersecurity Teams
Neurodivergents could be a valuable addition to the general diversity of a security team, and are potentially top-grade, problem-solving threat hunters and policy analysts.
CSO
Upstart crime site woos Raid Forums orphans
Breach Forums launches as alternative to mysteriously torpedoed illicit cybercrime community.
DarkReading
Nation-State Hackers Ramp Up Ukraine War-Themed Attacks
Among them is the operator of the Ghostwriter misinformation campaign, with a new browser-in-browser phishing technique, according to Google's research team.
ThreatPost
Google Chrome Bug Actively Exploited as Zero-Day
The internet giant issued an update for the bug, which is found in the open-source V8 JavaScript engine.
Latest Hacking News
1Password Raise Bug Bounty Rewards To $1 Million
The popular password management solution 1Password has announced expanding its highest bounty reward limits. Onwards, 1Password bug bounty program on Bugcrowd will offer rewards of up to $1 million. 1Password $1 Million Bug Bounty According to a
SecurityWeek
1Password Increases Top Bug Bounty Reward to $1 Million
Password management software vendor 1Password today announced that it is willing to pay up to $1 million to researchers able to steal secrets from its vault.
ZDNet
Bugcrowd's top bug bounty reward increases to $1 million | ZDNet
1Password has paid out $103,000 to Bugcrowd researchers since 2017.
ZDNet
Palo Alto: More than 100,000 infusion pumps vulnerable to 2 vulnerabilities | ZDNet
The report said one had a "critical" severity score and the other had a "high" severity score.
ZDNet
These are the problems that cause headaches for bug bounty hunters | ZDNet
A researcher shares his thoughts on the challenges of responsible vulnerability disclosure.
ThreatPost
Ukraine-Russia Cyber Warzone Splits Cyber Underground
A pro-Ukraine Conti member spilled 13 months of the ransomware group's chats, while cyber actors are rushing to align with both sides.
DarkReading
7 Steps to Take Right Now to Prepare for Cyberattacks by Russia
A lot of the recommended preparation involves measures organizations should have in place already.
ZDNet
Anonymous hacktivists, ransomware groups get involved in Ukraine-Russia conflict | ZDNet
Experts expressed concerns about the influx of non-government cyber groups taking sides in the Russian invasion of Ukraine.
ThreatPost
Sextortion Rears Its Ugly Head Again
Attackers are sending email blasts with malware links in embedded PDFs as a way to evade email filters, lying about having fictional "video evidence."
ThreatPost
Critical MQTT-Related Bugs Open Industrial Networks to RCE Via Moxa
A collection of five security vulnerabilities with a collective CVSS score of 10 out of 10 threaten critical infrastructure environments that use Moxa MXview.
ZDNet
Moxa customers urged to patch five vulnerabilities found in MXview network management software | ZDNet
Collectively, ICS-CERT scored these vulnerabilities a 10.0, its highest criticality score.
Bleeping Computer
ExpressVPN offering $100,000 to first person who hacks its servers
ExpressVPN has updated its bug bounty program to make it more inviting to ethical hackers, now offering a one-time $100,000 bug bounty to whoever can compromise its systems.
ZDNet
Microsoft Win32k bug added to CISA's exploited vulnerabilities list | ZDNet
CISA urged government agencies to patch the vulnerability by Feb 18.
ZDNet
White House creates board to review cybersecurity incidents, members to start with Log4J | ZDNet
The White House and Department of Homeland Security announced the creation of a 15-person Cyber Safety Review Board.
The Record
Ukraine reconsiders bug bounties after latest cyberattacks. But are they enough? - The Record by Recorded Future
Ukrainian ethical hackers prefer to work with clients abroad: foreigners are more open to investing in cybersecurity—and they pay more.
Loading more articles....