By Bugcrowd Researcher Success Mar 2, 2022Kiteworks’ New Program Promotion Why is Kiteworks running this program promotion? Sensitive content communications remain largely an unrecognized risk-management gap. This gap would only continue to widen if it remains unaddressed and leave thousands of organizations vulnerable to the exposure of private, confidential, and… Read More
By Justin Kestelyn Feb 15, 2022Investing in Customer Success: Announcing Faster, More Agile Penetration Testing and More In a world where threats are unpredictable and organizations are constantly under siege–and where no amount of automation can replicate the attacker mindset or human ingenuity at scale–Bugcrowd gives customers a proactive, first line of defense against being blindsided by… Read More
By Eamon O'Neill Feb 10, 2022Making Apps React to Platform Events Through Webhooks At Bugcrowd, we are well aware that extensibility is a core concern for customers. Siloed solutions are a major source of fragmentation in cybersecurity environments, so seamless integrations with your existing development and security processes is one of the Bugcrowd… Read More
By Bugcrowd Jan 25, 2022Looking Back: Inside the Mind of a Hacker 2021 Report In a world where cybersecurity threats proliferate at an unprecedented rate, it’s no longer enough to simply understand that risk exists. Understanding what—and who—is capable of defending businesses against such cybersecurity threats can make the difference between a secure enterprise… Read More
By Santerra Holler Jan 6, 2022Submissions With Bugcrowd Submitting reports should be simple, efficient and easy. To be candid; we had some areas on our submission form that were about as useful as Sakura. #SASUKE 🗣 (iykyk). Our submission form was a little outdated. In an effort to… Read More
By Justin Kestelyn Jan 6, 2022Bugcrowd’s Log4j Response: Behind the Numbers The historic Log4j RCE vulnerability was discovered on approximately Dec. 9, 2021, and many security teams continue to grapple with it. It’s another reminder (as if we needed one) that cybersecurity is a team sport that requires intense, continuous collaboration… Read More
By Santerra Holler Jan 4, 2022Expert Advice You Don’t Want to Miss Picture this: it’s 2022. The holidays are over. Our bellies are a few pounds heavier than before (ok, maybe more than a few). And no one remembers how to do their job. But you know what we DO remember? The… Read More
By Justin Kestelyn Dec 20, 2021Avoiding “Blindside” Cloud Security Attacks If the last 18 months have taught us anything about cybersecurity, it’s that moving work environments and software supply chains to the cloud has attackers proverbially gunning their engines. Attack vectors like ransomware and N-day attacks are causing security leaders… Read More
By Nick Mckenzie Dec 16, 2021Living with and Learning from Log4Shell This is not a post on what Log4j is, or what controls you need to put in place. There are too many articles about that already. If that's what you’re looking for, please read this great post from our Founder,… Read More
By Bugcrowd Security Flash Dec 12, 2021Log4Shell, The Worst Java Vulnerability in Years Key Facts Affected: Systems and services using Apache Log4j versions 2.0-beta9 to 2.14.1 Severity: 10.0 Critical CVE Entry: CVE-2021-44228 NIST NVD Publish Date: 12/10/2021 Source: Apache Software Foundation On Dec. 9, 2021, a zero-day exploit (since dubbed "Log4Shell") was observed… Read More