January 12, 2024 at 12:11AM Trend Micro’s Zero Day Initiative (ZDI) disclosed 1,913 bugs in 2023 with 74% rated as Critical/High risk. The program identified vulnerabilities in attacks using zero-day exploits and provided early virtual patches to protect customers. ZDI also contributed 20% of bugs to Microsoft and 78% to Adobe, supporting both vendors in … Read more
January 4, 2024 at 10:13AM Google announced the first Chrome security update of 2024, resolving six vulnerabilities, including high-severity memory safety flaws reported by external researchers. Bug bounty rewards were handed out for some of the reported flaws. The update strengthens Chrome’s defenses against exploitation and is available for macOS, Linux, and Windows. No current … Read more
January 3, 2024 at 10:39AM Cybersecurity researcher Runa Sandvik, known for her ‘situative’ approach, emphasizes the need for contextual understanding in cybersecurity. She believes curiosity, stubbornness, and an interest in the topic are vital for aspiring researchers. Sandvik discusses revenue sources for researchers, the ethics of bug bounties, responsible disclosure, and its legal implications. She … Read more
December 20, 2023 at 08:21AM Bugcrowd has updated its Vulnerability Rating Taxonomy with a new system for categorizing and prioritizing vulnerabilities in large language models. The open-source VRT initiative, launched in 2016, aids Bugcrowd and its customer organizations in standardizing vulnerability classification and assessing cybersecurity risks. The update was influenced by the OWASP Top 10 … Read more
December 18, 2023 at 03:42PM Zoom developed the Vulnerability Impact Scoring System (VISS) as a more objective approach to assess the severity of vulnerabilities found during bug bounty programs. This system, providing a transparent and defensible way to calculate potential rewards for vulnerabilities, aims to prioritize critical and high-severity issues. VISS received positive feedback from … Read more
December 15, 2023 at 06:16PM Google has expanded its Bug Hunters program to include third-party discovery and reporting of issues and vulnerabilities specific to its AI systems. The program includes rewards for various attacks, model manipulations, adversarial perturbations, and model theft/exfiltration. Rewards are based on severity and target affected. To report a qualifying issue, visit … Read more
December 15, 2023 at 08:36AM Zoom unveiled an open source Vulnerability Impact Scoring System (VISS) to help organizations assess and prioritize vulnerabilities based on actual exploitation. The system, designed to complement the Common Vulnerability Scoring System, led to increased reports of critical vulnerabilities during testing and analyzes vulnerabilities based on 13 impact aspects. It remains … Read more
December 14, 2023 at 09:03AM Zoom has introduced a new Vulnerability Impact Scoring System (VISS) to help cybersecurity teams prioritize threats. It analyzes 13 impact aspects, produces a 0-100 score, and can be adjusted using compensating controls. In testing, critical vulnerabilities increased by 28%, while medium-severity ones decreased by 57%. Zoom aims to enhance security … Read more
December 13, 2023 at 07:00AM Google announced the release of Chrome 120 security update addressing nine vulnerabilities, with six reported by external researchers. The most severe resolved vulnerability is a type confusion bug in the V8 JavaScript engine, with CVE-2023-6702. Google paid out bug bounties totaling $50,000 and has restricted access to vulnerability details. The … Read more
December 12, 2023 at 09:28AM Former Uber CISO Joe Sullivan disclosed details of the 2016 data breach at Black Hat Europe, reflecting on his firing and legal issues. The breach compromised 57 million accounts, and a $100,000 payment to attackers was considered a bug bounty. Sullivan emphasizes the importance of personal protections for security professionals … Read more