By Casey Ellis Jul 7, 2021The Kaseya/REvil Attack Explained Why it Matters and How to Protect Yourself What Happened? At around 1400 EDT on July 2, attackers appear to have used a 0-day authentication bypass vulnerability in Internet-exposed instances of the Kaseya Virtual System Administrator (VSA) server software, a… Read More
By Casey Ellis Mar 8, 2021NIST: Vulnerability Disclosure as a Requirement for Every Organization What is the NIST Cybersecurity Framework? The NIST Cybersecurity Framework is a set of policies meant to help the private sector in strengthening their cybersecurity readiness and awareness. The framework is published by the National Institute of Standards and Technology… Read More
By Casey Ellis Dec 14, 2020Priority One: Insights into Submission and Payment Trends 2020: Chaos is a Ladder As 2020 comes to a close, I’ve started to see summaries of the year pop up, covering lessons learned from the year nobody saw coming... As years go, 2020 was full of those! While I… Read More
By Casey Ellis Oct 7, 2020NIST SP 800-53 R5 adds Vulnerability Disclosure Programs to Federal Security and Privacy Controls Earlier this week, the National Institute of Science and Technology (NIST) released Revision 5 of NIST Special Publication (800–53) Guidelines Security and Privacy Controls for Information Systems and Organizations. This revision makes a tremendous step toward bringing the role of… Read More
By Casey Ellis Aug 6, 2020DEF CON Black Hat 2020: Top 10 Tips While it feels illegal to hang out with your friends right now, the pandemic is no match for the dedicated folks who unite for Black Hat and DEF CON every year. In 2020, both conferences are running virtually, highlighting the… Read More
By Casey Ellis Mar 5, 2020Election Security 2020: Don’t Let Disinformation Undermine Your Right to Vote A population that is fearful of interference in ways they might not necessarily understand is more vulnerable to manipulation through disinformation strategies. This is particularly true of election security as we enter the last few months of the 2020 Presidential… Read More
By Casey Ellis Dec 12, 2019The Future is Now: 2020 Cybersecurity Predictions How is it 2020 already? We're in the last month of the decade, and the year that has long held a “futurist bookmark” in people’s minds is now upon us. We may not have hoverboards and flying cars yet, but… Read More
By Casey Ellis Nov 19, 20197 years and counting… In 2012, Bugcrowd set out to create a radical cybersecurity advantage and level the playing field between attackers and defenders. As one of the first steps on that journey, seven years ago today, we launched our first "Proof of Concept"… Read More
By Casey Ellis Mar 11, 2019On disclosure, confidentiality, and norms… A few weeks ago I was tagged by Art Manion of the CERT Coordination Center (CERT/CC) in a tweet asking about Bugcrowd’s approach to disclosure policy defaults. The short version of the thread was concern about a statement in our… Read More
By Casey Ellis Feb 8, 2019How Governments are Running Effective Bug Bounty Programs If you’re reading this article, statistically speaking your organization might be getting hacked. In the private sector, the Equifax hack and Intel’s processor vulnerabilities took the mainstream media by storm. And over the past year, data breaches of U.S. government networks, once novel, have… Read More