By Bugcrowd Security Flash Dec 12, 2021Log4Shell, The Worst Java Vulnerability in Years Key Facts Affected: Systems and services using Apache Log4j versions 2.0-beta9 to 2.14.1 Severity: 10.0 Critical CVE Entry: CVE-2021-44228 NIST NVD Publish Date: 12/10/2021 Source: Apache Software Foundation On Dec. 9, 2021, a zero-day exploit (since dubbed "Log4Shell") was observed… Read More
By Adam Foster Jul 23, 2021PrintNightmare: What You Need to Know PrintNightmare or PrinterNightmare is an interesting vulnerability currently impacting Microsoft systems. This vulnerability can be executed on remotely accessible systems and has a lot of potential for abuse by ransomware operators. Here are the basics: PrinterNightmare - CVE-2021-34527 CVE ID:… Read More
By Casey Ellis Mar 8, 2021NIST: Vulnerability Disclosure as a Requirement for Every Organization What is the NIST Cybersecurity Framework? The NIST Cybersecurity Framework is a set of policies meant to help the private sector in strengthening their cybersecurity readiness and awareness. The framework is published by the National Institute of Standards and Technology… Read More
By Erica Azad Nov 16, 20203 Cybersecurity Statistics That Give Us Hope In 2020 Ok, we get it, 2020 was a hot mess. This will be remembered as the year of failed sourdough starters, daytime versus nighttime pajamas, laundry room conference calls, and Zoom Happy Hours everyone pretended to like. Although many people are… Read More
By Bugcrowd Nov 25, 2019Bugcrowd Founder on Google Increasing Android Bounty to $1.5 Million Last week, Google announced a bug bounty reward of $1 million to anyone who could carry out a full chain remote code execution exploit on the Titan M secure chip within Pixel devices (this comes shortly after Apple launched its… Read More
By Bugcrowd Mar 15, 2019Bug Bytes: Hacking for Good, Malware, and Outages (x3) In early February, the Swiss government issued a reward for hacking its new electronic voting system. In just one short month, Motherboard has reported that a group of researchers have found a critical flaw in the code that would allow… Read More
By Bugcrowd Mar 8, 2019Bug Bytes: RSA, Equifax, and Auto – Oh my! Closing out from RSA this week, where nearly every cyber company was pulling out all the stops, we couldn’t help but notice the extra light shed and proactive efforts made around diversity. In lead up to the conference, the San… Read More
By Casey Ellis Feb 8, 2019How Governments are Running Effective Bug Bounty Programs If you’re reading this article, statistically speaking your organization might be getting hacked. In the private sector, the Equifax hack and Intel’s processor vulnerabilities took the mainstream media by storm. And over the past year, data breaches of U.S. government networks, once novel, have… Read More
By Ashish Gupta Jan 30, 2019IoT Security and Japan’s Bold Move to Improve Security IoT security is one of the greatest challenges we face today. Gartner predicts there will be 25 billion Internet of Things (IoT) devices connecting the world by 2021. And yet, IoT has gone unregulated and largely unsecured to date. That,… Read More
By Casey Ellis Jan 18, 2019The List: Making it Even Easier and Safer to Bug Hunt Since 2013, Bugcrowd has maintained “The List” -- a directory of public bug bounty and vulnerability disclosure programs. What started out as a crowdsourced blog post, has evolved to become the defacto resource for people looking for bug bounty and… Read More