Brian Gorenc, senior director of vulnerability research and director of Trend Micro’s ZDI program, says he’s been observing increased bug bounty activity in 2020. A new report from HackerOne presents data suggesting that the bug bounty business might be recession-proof, citing increases in hacker registrations, monthly vulnerability disclosures and payouts in the midst
Data Breach
‘Insensitive’ phishing test stirs debate over ethics of security training
An email sent to employees of Chicago-based Tribune Publishing, parent company of the Chicago Tribune, told recipients that they would receive $5,000 to $10,000 in bonus payments, “as a direct result of the success created by the ongoing efforts to cut our costs.” (Adam Jones, Ph.D. via Creative Commons Attribution-Share
What one company’s deal with the feds tells us about the long tail of data breaches
It’s no secret that recovering from a data breach can get very expensive, very fast. In addition to lawsuits and legal costs, companies often end up hiring crisis PR firms, setting up call centers to notify affected victims, dealing with insurance costs and taking a big hit to their reputation. After
Twitter bug may have exposed API keys, access tokens
Instagram flaw shows importance of managing third-party apps, images
A remote code execution (RCE) flaw found in Instagram that lets bad actors potentially take over a victim’s phone by sending a malicious image shines a spotlight on the vulnerabilities tied to third-party apps and image files. Researchers from Check Point crashed Mozjpeg, open source software that Instagram uses as a
Shopify breach: Help center employees are a unique breed of insider threat
Shopify’s Toronto office. (Raysonho @ Open Grid Scheduler / Grid Engine) A data breach at Shopify perpetrated by two “rogue employees” who worked on the e-commerce platform’s support team illustrates how certain roles within an organization may require more stringent monitoring. Based on Shopify’s online support page, the “support team” appears to refer
Security teams struggle with ransomware, cloud services
Ransomware, insecure internet-facing systems and attacks against cloud-based services are among the top threats facing industry this year, according to new and recent threat intelligence reporting. The Q2 threat report released today by Rapid7 and detailing the latest tools and tactics used in cyber campaigns targeting the private sector, pegged
Critical Zerologon bug uses weak cryptography to spoof network users
Zerologin exploits a flaw in the customized cryptographic protocol used by Netlogon to authenticate communications between a client and Windows domain server and update passwords. (Microsoft)more Organizations should prioritize patching over detection when it comes to Zerologon, a recently disclosed privilege escalation vulnerability in Microsoft’s Windows server operating system. The bug, which
Oracle will inherit TikTok security, privacy headaches
By partnering with the popular Chinese videosharing platform TikTok, Oracle will inherit a laundry list of security and privacy issues once the deal is approved, as soon as Sept. 20, by TikTok parent company ByteDance. TikTok boasts 100 million users in the U.S. and 689 million globally. Earlier this year President Trump
Commerce imposes prohibitions on TikTok, WeChat
After previously expressing support for Oracle’s planned partnering with TikTok, the Trump administration took a step back from the deal Friday with the Commerce Department putting prohibitions on transactions related to the video-sharing platform and, separately, on the mobile communications app WeChat, both owned by Chinese companies. President Trump had said