Bug Bounty Giant Criticizes Vendor Patching Quality

The largest, vendor-agnostic bug bounty program in the world has warned that poor vendor patching could expose organizations to extra risk. This could lead to them spending upwards of $400,000 per upgrade. Trend Micro’s Zero Day Initiative, (ZDI), was responsible for almost 64% of vulnerabilities that were disclosed in 2021. The organization warned however of […]

Air Gap Attack Exploits Gyroscope Ultrasonic Channel to Leak Data

The new technique of data exfiltration uses an ultrasonic channel to leak sensitive information to nearby smartphones from air-gapped computer. “Gairoscope”, the adversarial model, is named after Dr. Mordechai Guri who is head of research and development (R&D), in the Cyber Security Research Center at the Ben Gurion University of the Negev. In a paper, Guri’s research […]

DoJ: White Hat Hackers will no longer face prosecution

The US Department of Justice (DoJ), has announced that it will not prosecute hackers in good faith under the Computer Fraud and Abuse Act. Yesterday’s statement announced a historic policy shift that said white-hat hackers would not face prosecution for accessing computers to improve cybersecurity. Good-faith hacking is defined by the DoJ as “accessing a machine solely […]

BlackCat Ransomware Group Deploys Brute Ratel Pen Testing Kit

According to security company Sophos, the BlackCat ransomware group deployed a new binary in order to aid its intrusion efforts. The company discovered that it is using Brute ratel, which includes remote access features for attackers. Numerous Sophos customers called the company to inquire about BlackCat ransomware infections. New analysis revealed that the group exploits unpatched VPNs and firewalls to access […]

Grafana vulnerabilities that could allow admin accounts to be taken over

Researchers have warned that malicious actors could seize control of Grafana’s administrator account due to a vulnerability in the OAuth login function. This security flaw (codename CVE-2022-3107) could allow an attacker access to another user’s account via the open-source analytics platform. A team of researchers discovered the bug in the platform’s login function. This bug allows attackers to […]

Inducted into Infosecurity Europe’s Hall of Fame as “The People Hacker” Jenny Radcliffe

Jenny Radcliffe, also known as “The People Hacker”, has been inducted into Infosecurity Europe’s hall of fame for 2022. Radcliffe will be inducted into the Hall of Fame at the keynote session during this year’s Infosecurity Europe 2023. This session will take place at ExCel London from June 21-23 2023. Eleanor Dallaway, editor of Infosecurity magazine, will host the […]

Cyber-Attackers Target Modern Smart Farm Machinery

Today’s risk analysis shows that “smart” modern farm machinery is susceptible to malicious hackers. This leaves global supply chains at risk. The study, published in the journal Nature Machine Intelligence, warned that hackers could exploit flaws within agricultural hardware used for planting and harvesting crops. It also warned that hackers could exploit flaws in agricultural hardware such […]

Bug Bounty Radar // All the latest information about August 2022’s bug bounty programs

Hacker scouts will be pleased to learn about new web targets The northern hemisphere is experiencing summer, but that hasn’t stopped the steady flow of new bug bounty programs hitting the market. Apple revealed vulnerabilities in its anti-spyware technology via the Security Bounty program during the teaser video for the new Lockdown mode. There are rewards up to $2,000,000 available. […]