28 May 2020

$100 million in bounties paid by HackerOne to ethical hackers

HackerOne recently announced that as of May 26, they have paid out $100,000,000 in rewards to ethical hackers around the world. Since the beginning of HackerOne’s white hat hacking program, bug bounty hunters have uncovered and reported an estimated 170,000 security vulnerabilities. HackerOne uses information gathered from its bug bounty

Read More
14 May 2020

Cyberwar Was Coming: A Reflection on the 25 Year Old Thesis that Predicted a Generation of Cyberconflict

“You’ve got to read what this kid is writing out of his basement at the University of Vermont…”  – recently retired CIA officer to intelligence and military colleagues in 1994. A candid 25 year retrospective on a thesis that launched a tremendous amount of dialogue and action on the issues of information warfare, cyberterrorism, and cybersecurity.

Read More
17 Apr 2020

Zoom Revamps Bug Bounty Program

On Wednesday, the video conferencing platform Zoom announced that it is re-launching its bug bounty program in collaboration with Luta Security. The company aims to make significant changes to the program amid security alerts regarding the platform’s cybersecurity practices and safety. Researchers have reported finding potentially serious vulnerabilities in the

Read More
06 Apr 2020

Researcher Hijacks iOS, macOS Camera with Three Safari Zero-Days

Ryan Pickren, a security researcher, has been awarded $75,000 by Apple for uncovering seven zero-days in Safari, three of which Pickren used to access the camera. The discoveries were shared with Apple in December of 2019 and were subsequently patched. Using the three flaws, Pickren was able to build an

Read More
30 Mar 2020

GitHub Paid Out Over $1 Million in Bug Bounties

This week, GitHub announced that it had paid hackers over $1 million in bug bounties across all of its programs in 2020 alone. The security bug program was launched in 2016 but has been accepting vulnerability reports since February of 2014. In 2019, the Microsoft owned company paid almost $600,000

Read More
06 Feb 2020

Bug hunter finds cryptocurrency-mining botnet on DOD network

Last month, a security researcher who was searching for bugs as a part of a bounty program discovered a cryptocurrency mining botnet inside a web server operated by the US Department of Defense. The researcher, Nitesh Surana, reported the big through the DOD’s official bug bounty program. The bug report was

Read More
17 Jan 2020

Kubernetes bug bounty program open to anyone, rewards up to $10,000

Kubernetes has announced that they plan to launch a bug bounty program with rewards as high as $10,000. The company was originally designed by Google but has since been open-sourced and handed over to the Cloud Native Computing Foundation, becoming a community project. The bounty program will be managed by

Read More
12 Dec 2019

How Commercial Bug Hunting Changed the Boutique Security Consultancy Landscape

It’s been almost 10 years since the first commercial for-profit bug bounty program was launched. Bug bounty programs have transformed the information security sector, and its negative impacts have been advertised as driving down companies’ consulting rates and raising ethics questions within the cybersecurity community. However, boutique security consultancies, particularly

Read More
21 Nov 2019

Phineas Fisher Offers $100,000 Bounty to Hack Banks and Oil Companies

Phineas Fisher, notorious hacktivist, is launching a new kind of bug bounty incentivizing crime. Fisher announced on Friday that he would pay hackers up to $100,000 to reward hackers for public interest hacks and leaks. Fisher aims to encourage hacktivists to carry out politically motivated attacks and leak documents in

Read More
20 Nov 2019

Huawei Beats Google—Offers $220,000 For ‘Zero-Click’ Android Phone Hacks

Chinese tech giant Huawei launched a bug bounty program last week that will reward bug hunters up to $220,000 for detecting critical weaknesses in its Android devices. This program beats Google’s, who offers up to $200,000 for demonstrations of similar attacks on its Pixel phones. Huawei revealed the program in

Read More