By Bugcrowd Jan 25, 2022Looking Back: Inside the Mind of a Hacker 2021 Report In a world where cybersecurity threats proliferate at an unprecedented rate, it’s no longer enough to simply understand that risk exists. Understanding what—and who—is capable of defending businesses against such cybersecurity threats can make the difference between a secure enterprise… Read More
By Santerra Holler Jan 6, 2022Submissions With Bugcrowd Submitting reports should be simple, efficient and easy. We realized our submission process could be improved, so we did just that. To be candid; we had some areas on our submission form that were about as useful as Sakura. #SASUKE… Read More
By Justin Kestelyn Jan 6, 2022Bugcrowd’s Log4j Response: Behind the Numbers The historic Log4j RCE vulnerability was discovered on approximately Dec. 9, 2021, and many security teams continue to grapple with it. It’s another reminder (as if we needed one) that cybersecurity is a team sport that requires intense, continuous collaboration… Read More
By Santerra Holler Jan 4, 2022Expert Advice You Don’t Want to Miss Picture this: it’s 2022. The holidays are over. Our bellies are a few pounds heavier than before (ok, maybe more than a few). And no one remembers how to do their job. But you know what we DO remember? The… Read More
By Justin Kestelyn Dec 20, 2021Avoiding “Blindside” Cloud Security Attacks If the last 18 months have taught us anything about cybersecurity, it’s that moving work environments and software supply chains to the cloud has attackers proverbially gunning their engines. Attack vectors like ransomware and N-day attacks are causing security leaders… Read More
By Nick Mckenzie Dec 16, 2021Living with and Learning from Log4Shell This is not a post on what Log4j is, or what controls you need to put in place. There are too many articles about that already. If that's what you’re looking for, please read this great post from our Founder,… Read More
By Bugcrowd Security Flash Dec 12, 2021Log4Shell, The Worst Java Vulnerability in Years Key Facts Affected: Systems and services using Apache Log4j versions 2.0-beta9 to 2.14.1 Severity: 10.0 Critical CVE Entry: CVE-2021-44228 NIST NVD Publish Date: 12/10/2021 Source: Apache Software Foundation On Dec. 9, 2021, a zero-day exploit (since dubbed "Log4Shell") was observed… Read More
By Michael Hamel Dec 1, 2021Excellerate your Hunting with Bugcrowd and Microsoft! — The Sequel Looking for some extra cash in your pocket? We’ve got a limited-run incentive made just for you. As a proud partner with Microsoft as a bounty payment provider since 2019, Bugcrowd is excited to announce the return of our Excellerate… Read More
By Murtaza Hafizji Nov 18, 2021Vulnerability Disclosure Program or Managed Bug Bounty: How to Determine which Program is Best for You Security isn’t a technology problem—it’s a people problem. To compete against an army of adversaries and stay ahead of cyber attacks, we need an army of human allies (aka the Crowd). Vulnerability Disclosure Programs (VDPs) and Managed Bug Bounty (MBB)… Read More
By Santerra Holler Nov 17, 2021Todayisnew and Hx01 on Collaboration Unless you’ve been living under a rock, Bugcrowd expanded our Collaboration feature this year. To complement this extraordinarily convenient feature we also announced our first-ever #TeamHunt2021 challenge! 15 teams, 5 weeks, one grand prize! Before the competition, we caught up… Read More
