June 21, 2024 at 04:36PM CISO Corner: Dark Reading offers articles to support cybersecurity strategies. France bids to acquire Atos to protect key technologies for defense interests. China’s offensive cybersecurity programs benefit from vulnerability research. NIST CSF 2.0 provides a roadmap for security initiatives. Threats to outer-space assets must be considered. Misinformation complicates understanding of … Read more
June 21, 2024 at 09:21AM SecurityWeek’s cybersecurity news roundup offers a concise collection of notable stories, including cybercriminals demanding ransom from Snowflake customers, widespread API security issues, NSO Group targeting military and government officials, Google switching to Bugcrowd for bug bounty payments, and vulnerabilities affecting Microsoft and other platforms. CISA has also released new guidance, … Read more
June 20, 2024 at 01:38PM Kraken, a major cryptocurrency exchange, accuses security researchers of exploiting a critical bug to steal millions in digital cash and attempt to extort more from the exchange. The bug allowed users to manipulate their account balance without completing deposits. Kraken labeled the researchers’ actions as extortion and is coordinating with … Read more
June 19, 2024 at 01:03PM Kraken, a crypto exchange, experienced a serious security breach when a researcher exploited a flaw to steal $3 million in digital assets. Although the issue was swiftly addressed, the attacker demanded payment in exchange for returning the funds. Kraken is treating the incident as a criminal case and is coordinating … Read more
June 19, 2024 at 07:21AM Google announced an update to Chrome 126 containing six security fixes, including four high-severity vulnerabilities reported by external researchers. The first bug, CVE-2024-6100, was reported by Seunghyun Lee at the TyphoonPWN 2024 hacking competition, earning a $20,000 bug bounty. The update also addresses other high-severity flaws and is now rolling … Read more
June 17, 2024 at 09:07PM Chinese cybersecurity experts have dramatically improved over the past decade, growing from hesitant participants to dominant players in global hack competitions and bug bounty programs. The Chinese government leverages its civilian hackers to strengthen its cyber-offensive capabilities. China’s cyber pipeline, focusing on practical cybersecurity and vulnerability disclosure, has significantly benefited … Read more
June 14, 2024 at 03:00AM YesWeHack, a French bug bounty and vulnerability disclosure policy company, has raised €26 million in a Series C funding round, bringing its total raised to over $52 million. The investment was led by Wendel, with additional capital from other partners. YesWeHack plans to use the funds to invest in AI, … Read more
June 14, 2024 at 03:00AM A Protect AI report has revealed a dozen critical vulnerabilities in open-source AI/ML tools, including issues that could lead to information exposure, privilege escalation, and server takeover. The most severe is CVE-2024-22476 in Intel Neural Compressor, allowing remote privilege escalation. The report emphasizes timely reporting to maintainers for fixes. Various … Read more
June 12, 2024 at 08:06AM GitHub’s bug bounty program, established 10 years ago, has paid out over $4 million. In 2023, the program reached this milestone and saw its largest single reward of $75,000 for a vulnerability. The total payout exceeded $850,000 in 2023, with GitHub aiming to enhance payout processes and public disclosures in … Read more
June 12, 2024 at 06:18AM Google and Mozilla released Chrome 126 and Firefox 127, respectively, with patches for high-severity memory safety vulnerabilities. Google awarded over $160,000 in bug bounty rewards to external researchers. The highest reward of $100,115 was for CVE-2024-5839, related to a medium-severity inappropriate Memory Allocator implementation. Firefox’s update addresses 15 vulnerabilities, including … Read more