By Adam Foster Jul 23, 2021PrintNightmare: What You Need to Know PrintNightmare or PrinterNightmare is an interesting vulnerability currently impacting Microsoft systems. This vulnerability can be executed on remotely accessible systems and has a lot of potential for abuse by ransomware operators. Here are the basics: PrinterNightmare - CVE-2021-34527 CVE ID:… Read More
By Casey Ellis Mar 8, 2021NIST: Vulnerability Disclosure as a Requirement for Every Organization What is the NIST Cybersecurity Framework? The NIST Cybersecurity Framework is a set of policies meant to help the private sector in strengthening their cybersecurity readiness and awareness. The framework is published by the National Institute of Standards and Technology… Read More
By Erica Azad Nov 16, 20203 Cybersecurity Statistics That Give Us Hope In 2020 Ok, we get it, 2020 was a hot mess. This will be remembered as the year of failed sourdough starters, daytime versus nighttime pajamas, laundry room conference calls, and Zoom Happy Hours everyone pretended to like. Although many people are… Read More
By Bugcrowd Nov 25, 2019Bugcrowd Founder on Google Increasing Android Bounty to $1.5 Million Last week, Google announced a bug bounty reward of $1 million to anyone who could carry out a full chain remote code execution exploit on the Titan M secure chip within Pixel devices (this comes shortly after Apple launched its… Read More
By Bugcrowd Mar 15, 2019Bug Bytes: Hacking for Good, Malware, and Outages (x3) In early February, the Swiss government issued a reward for hacking its new electronic voting system. In just one short month, Motherboard has reported that a group of researchers have found a critical flaw in the code that would allow… Read More
By Bugcrowd Mar 8, 2019Bug Bytes: RSA, Equifax, and Auto – Oh my! Closing out from RSA this week, where nearly every cyber company was pulling out all the stops, we couldn’t help but notice the extra light shed and proactive efforts made around diversity. In lead up to the conference, the San… Read More
By Casey Ellis Feb 8, 2019How Governments are Running Effective Bug Bounty Programs If you’re reading this article, statistically speaking your organization might be getting hacked. In the private sector, the Equifax hack and Intel’s processor vulnerabilities took the mainstream media by storm. And over the past year, data breaches of U.S. government networks, once novel, have… Read More
By Ashish Gupta Jan 30, 2019IoT Security and Japan’s Bold Move to Improve Security IoT security is one of the greatest challenges we face today. Gartner predicts there will be 25 billion Internet of Things (IoT) devices connecting the world by 2021. And yet, IoT has gone unregulated and largely unsecured to date. That,… Read More
By Casey Ellis Jan 18, 2019The List: Making it Even Easier and Safer to Bug Hunt Since 2013, Bugcrowd has maintained “The List” -- a directory of public bug bounty and vulnerability disclosure programs. What started out as a crowdsourced blog post, has evolved to become the defacto resource for people looking for bug bounty and… Read More
By Bugcrowd Jan 11, 2019Bug Bytes for January 11: Device security is top of mind as CES wraps Australia’s disaster alert system was targeted by cyber attackers this week, gaining access to the country’s early warning network (EWN) and sending out false emergency texts, emails and landline messages across Australia. ITPro reported that the EWN staff were quick… Read More
