July 17, 2024 at 06:03AM Google announced security updates for Chrome 126, addressing ten vulnerabilities, including high-severity bugs reported by external researchers. The release resolves various flaws in V8, Screen Capture, Media Stream, Audio, and Navigation. Google paid over $32,000 in bug bounty rewards and advises users to update their browsers to the latest versions. … Read more
July 11, 2024 at 02:20PM Google has increased bug payouts through its Vulnerability Reward Program by up to 5x, with a maximum reward of $151,515 for a single security flaw. The new rewards apply to vulnerability reports submitted on or after July 11th. In addition, the company has expanded payment options and updated its rules … Read more
July 1, 2024 at 12:24PM Chris Evans, CISO of HackerOne, challenges common perceptions of hackers. He defines a hacker as someone who creatively overcomes limitations and believes computer hacking is about improving life. He argues that most hackers naturally use their skills for good and emphasizes the positive impact of hacking on society. Evans also … Read more
July 1, 2024 at 10:06AM Google has introduced kvmCTF, a bug bounty program for the KVM hypervisor, offering significant rewards for vulnerabilities. Participants can attempt to conduct guest-to-host attacks in a lab environment, with potential payouts including $250,000 for a full VM escape. The program aims to enhance the security of widely used virtualization technology. … Read more
June 25, 2024 at 03:54AM Google announced a new Chrome security update addressing four high-severity memory safety vulnerabilities. 3 defects were reported by ‘wgslfuzz’ & the 4th by Cassidy Kim. wgslfuzz received a $10,000 reward for CVE-2024-6290 & Kim $4,000 for CVE-2024-6291. The update, version 126.0.6478.126 for Linux and 126.0.6478.126/127 for Windows and macOS, includes … Read more
June 21, 2024 at 04:36PM CISO Corner: Dark Reading offers articles to support cybersecurity strategies. France bids to acquire Atos to protect key technologies for defense interests. China’s offensive cybersecurity programs benefit from vulnerability research. NIST CSF 2.0 provides a roadmap for security initiatives. Threats to outer-space assets must be considered. Misinformation complicates understanding of … Read more
June 21, 2024 at 09:21AM SecurityWeek’s cybersecurity news roundup offers a concise collection of notable stories, including cybercriminals demanding ransom from Snowflake customers, widespread API security issues, NSO Group targeting military and government officials, Google switching to Bugcrowd for bug bounty payments, and vulnerabilities affecting Microsoft and other platforms. CISA has also released new guidance, … Read more
June 20, 2024 at 01:38PM Kraken, a major cryptocurrency exchange, accuses security researchers of exploiting a critical bug to steal millions in digital cash and attempt to extort more from the exchange. The bug allowed users to manipulate their account balance without completing deposits. Kraken labeled the researchers’ actions as extortion and is coordinating with … Read more
June 19, 2024 at 01:03PM Kraken, a crypto exchange, experienced a serious security breach when a researcher exploited a flaw to steal $3 million in digital assets. Although the issue was swiftly addressed, the attacker demanded payment in exchange for returning the funds. Kraken is treating the incident as a criminal case and is coordinating … Read more
June 19, 2024 at 07:21AM Google announced an update to Chrome 126 containing six security fixes, including four high-severity vulnerabilities reported by external researchers. The first bug, CVE-2024-6100, was reported by Seunghyun Lee at the TyphoonPWN 2024 hacking competition, earning a $20,000 bug bounty. The update also addresses other high-severity flaws and is now rolling … Read more