December 13, 2023 at 07:00AM Google announced the release of Chrome 120 security update addressing nine vulnerabilities, with six reported by external researchers. The most severe resolved vulnerability is a type confusion bug in the V8 JavaScript engine, with CVE-2023-6702. Google paid out bug bounties totaling $50,000 and has restricted access to vulnerability details. The … Read more
December 12, 2023 at 09:28AM Former Uber CISO Joe Sullivan disclosed details of the 2016 data breach at Black Hat Europe, reflecting on his firing and legal issues. The breach compromised 57 million accounts, and a $100,000 payment to attackers was considered a bug bounty. Sullivan emphasizes the importance of personal protections for security professionals … Read more
December 11, 2023 at 10:12AM Google announced patches for high- and moderate-severity vulnerabilities in Chromecast, disclosed at the HardPwn USA 2023 competition. Three exploits were recognized, with reward recipients named. Vulnerabilities include supply chain interception and Android TV streaming box malware injection. Exploits allow persistent code execution without the user’s knowledge. Additionally, researchers identified attack … Read more
November 28, 2023 at 03:53AM Researchers have discovered multiple critical vulnerabilities in the infrastructure used by AI models, exposing companies to risk as they adopt AI technology. The affected platforms include Ray, MLflow, ModelDB, and H20 version 3. The vulnerabilities could allow attackers unauthorized access to AI models and the network. Companies must prioritize security … Read more
November 22, 2023 at 09:06AM Microsoft has launched a new bug bounty program called the Microsoft Defender Bounty Program. The program invites researchers to find vulnerabilities in Defender products and services and earn rewards ranging from $500 to $20,000. The highest rewards are given for critical-severity remote code execution bugs. Researchers must report flaws within … Read more
November 22, 2023 at 06:02AM Microsoft’s bug bounty program, which pays out rewards to security researchers who discover vulnerabilities, has awarded a total of $63 million over the past decade. The program has experienced explosive growth since 2018, with Microsoft doubling the number of bounty reports, program participants, and awards. Despite this, bug bounty platforms … Read more
November 21, 2023 at 02:13PM Microsoft has launched a bug bounty program for its Microsoft Defender security platform, offering rewards between $500 and $20,000. The program initially focuses on Microsoft Defender for Endpoint APIs but is expected to expand. High-quality reports of critical severity remote code execution vulnerabilities have the highest reward. Microsoft paid $58.9 … Read more
November 21, 2023 at 07:03AM Microsoft has paid out $63 million in rewards to security researchers participating in its bug bounty programs. The company now runs 17 bug bounty programs, with rewards reaching up to $250,000 for high-impact bugs. Thousands of researchers from 70 countries are involved, including students, academics, and cybersecurity professionals. Microsoft states … Read more
November 16, 2023 at 12:49PM Researchers have discovered critical vulnerabilities in the infrastructure used for AI models, putting companies at risk. The affected platforms include Ray, MLflow, ModelDB, and H20 version 3. These vulnerabilities could potentially give unauthorized access to AI models and the rest of the network. Protect AI disclosed the results and informed … Read more
November 4, 2023 at 12:30PM SecurityWeek’s weekly cybersecurity roundup highlights several significant developments. Stanford University suffered a ransomware attack, resulting in 430 GB of data being stolen. The MOVEit hack compromised around 632,000 email addresses from the US Justice and Defense Departments. The Henry Schein cyberattack was claimed by the BlackCat ransomware group. A link … Read more