August 6, 2024 at 01:16PM Samsung has introduced the new ‘Important Scenario Vulnerability Program’ for its mobile devices, offering bug bounty rewards of up to $1,000,000 for critical attack demonstrations. Highlighted payouts include rewards for arbitrary code execution and unlocks with data extraction. In 2023, Samsung paid security researchers $827,925 and aims to break records … Read more
August 6, 2024 at 11:30AM In 2023, Samsung paid nearly $5 million through its bug bounty program, with $828,000 disbursed. 113 researchers received rewards for reporting vulnerabilities in Galaxy mobile devices. The highest single reward of over $57,000 went to TASZK Security Labs. Samsung also increased the maximum reward to $1 million and introduced bonus … Read more
August 6, 2024 at 06:12AM Microsoft announced that it paid out $16.6 million through its bug bounty programs over the past year, an increase from the previous annual average of $13 million. They rewarded 343 researchers from 55 countries for over 1,300 eligible reports, with the largest single reward being $200,000. Microsoft plans to continue … Read more
July 17, 2024 at 06:03AM Google announced security updates for Chrome 126, addressing ten vulnerabilities, including high-severity bugs reported by external researchers. The release resolves various flaws in V8, Screen Capture, Media Stream, Audio, and Navigation. Google paid over $32,000 in bug bounty rewards and advises users to update their browsers to the latest versions. … Read more
July 11, 2024 at 02:20PM Google has increased bug payouts through its Vulnerability Reward Program by up to 5x, with a maximum reward of $151,515 for a single security flaw. The new rewards apply to vulnerability reports submitted on or after July 11th. In addition, the company has expanded payment options and updated its rules … Read more
July 1, 2024 at 12:24PM Chris Evans, CISO of HackerOne, challenges common perceptions of hackers. He defines a hacker as someone who creatively overcomes limitations and believes computer hacking is about improving life. He argues that most hackers naturally use their skills for good and emphasizes the positive impact of hacking on society. Evans also … Read more
July 1, 2024 at 10:06AM Google has introduced kvmCTF, a bug bounty program for the KVM hypervisor, offering significant rewards for vulnerabilities. Participants can attempt to conduct guest-to-host attacks in a lab environment, with potential payouts including $250,000 for a full VM escape. The program aims to enhance the security of widely used virtualization technology. … Read more
June 25, 2024 at 03:54AM Google announced a new Chrome security update addressing four high-severity memory safety vulnerabilities. 3 defects were reported by ‘wgslfuzz’ & the 4th by Cassidy Kim. wgslfuzz received a $10,000 reward for CVE-2024-6290 & Kim $4,000 for CVE-2024-6291. The update, version 126.0.6478.126 for Linux and 126.0.6478.126/127 for Windows and macOS, includes … Read more
June 21, 2024 at 04:36PM CISO Corner: Dark Reading offers articles to support cybersecurity strategies. France bids to acquire Atos to protect key technologies for defense interests. China’s offensive cybersecurity programs benefit from vulnerability research. NIST CSF 2.0 provides a roadmap for security initiatives. Threats to outer-space assets must be considered. Misinformation complicates understanding of … Read more
June 21, 2024 at 09:21AM SecurityWeek’s cybersecurity news roundup offers a concise collection of notable stories, including cybercriminals demanding ransom from Snowflake customers, widespread API security issues, NSO Group targeting military and government officials, Google switching to Bugcrowd for bug bounty payments, and vulnerabilities affecting Microsoft and other platforms. CISA has also released new guidance, … Read more