programs

now browsing by tag

 
 

Gov. Kelly invites school-age programs to webinar on grant program eligibility | #tinder | #pof | romancescams | #scams

[ad_1] TOPEKA, Kan. (WIBW) – Governor Laura Kelly is inviting school-age programs and providers to webinars in order to learn about eligibility for $40 million of grant programs. Governor Laura […] View full post on National Cyber Security

#hacking | Bug Bounty Radar // The latest bug bounty programs for February 2020

Source: National Cyber Security – Produced By Gregory Evans

New web targets for the discerning hacker

Global awareness of hackers continued to ramp up throughout the month of February, with the launch of new and improved bug bounty programs and the realization that some heroes wear… black hoodies.

That was the feeling, at least, in the French city of Lille, which hosted a two-day live hacking event as part of the 2020 Forum International de la Cybersécurité, an annual security conference and trade show.

The event saw 100 hackers finding bugs in the systems of The Red Cross, Oui SNCF, secure messaging provider Olvid, and Cybermalveillance.gouv.fr, a cybersecurity division of the French government.

“Bug bounties are not only for Uber or Deezer, it’s for any organization inspired by cybersecurity and willing to address the bugs in its systems,” Rodolphe Harand, manager of YesWeHack, the bug bounty platform that hosted the live hacking competition, told The Daily Swig.

Not long after the event, French cyber awareness site Cybermalveillance.gouv.fr announced that it was going public with its bug bounty program, one that it had been running privately on the YesWeHack platform since December 2019.

Bounties awarded for high risk and critical flaws are also set to double under the program’s public scope, The Daily Swig reported this month, alongside an interview with the Belgium-based platform intigriti, which has its sights set on global expansion.

If you’re interested in bug bounty market news, February was full of statistics related to payouts and hacker insights, as Facebook highlighted the $2 million it paid out to security researchers through its bug bounty program in 2019.

Dropbox also patted itself on the back, having doled out $1 million in cash to security researchers since its vulnerability rewards program began in 2014.

In related news, HackerOne published its 2020 Hacker Report, which found that although bug bounty payouts across the platform continue to rise, nearly two-thirds of security researchers (63%) have withheld the disclosure of security vulnerabilities on at least one occasion.

The reasons behind this were multifaceted, but the factors that stood out were fear of reprimand, lack of a clear reporting channel, and organizations being unresponsive to previous bug reports.

“I think we really need to disambiguate what people mean by the term ‘bug bounty’,” Casey Ellis, founder of Bugcrowd, told The Daily Swig in a recent chat about the uptake of IoT bug bounty programs.

“They are usually thinking about a public bug bounty, which definitely is the last line of defense.”

Read the full interview with Bugcrowd founder Casey Ellis.

The latest bug bounty programs for February 2020

February saw the arrival of several new bug bounty programs. Here’s a list of the latest entries:

Celo

Program provider: HackerOne

Program type: Private bug bounty

Max reward: $15,000

Outline: Celo, an open banking platform, puts forward a private bug bounty program, with four of its domains in scope.

Notes: Quick responses to bug submissions and rewards based on the Common Vulnerability Scoring Standard are among Celo’s promises.

Visit the Celo bug bounty page at HackerOne for more info

Evernote

Program provider: HackerOne

Program type: Private bug bounty

Max reward: Undisclosed

Outline: The task management app has launched a private bug bounty program with few details aside from an expanded list of vulnerabilities it considers out of scope.

Notes: Evernote pitches itself as uber responsive, with plans to triage bugs within 10 business days of a successful report submission.

Visit the Evernote bug bounty page at HackerOne for more info

Google API Security Rewards Program

Program provider: HackerOne

Program type: Public bug bounty

Minimum reward: $50

Outline: Google has added another bug bounty program to its repertoire. Security researchers can now report vulnerabilities found in third-party applications accessing OAuth Restricted Scope.

Notes: “Developers of OAuth apps using restricted scopes, with more than 50,000 users, are automatically enrolled into the program after they have passed the security assessment requirement,” outlines the program. Theft of insecure private data through unauthorized access reaps a $1,000 reward. Vulnerabilities must be reported to the relevant app developer first.

Visit the Google API Security Rewards Program at Hackerone for more info

Kindred Group

Program provider: HackerOne

Program type: Public bug bounty

Max reward: $2,500

Outline: Online gambling operator Kindred Group has entered the bug bounty scene with HackerOne, putting its two platforms, which host brands like Unibet, bingo.com, iGame, and MariaCasino, in scope.

Notes: Remote code execution, SQL injection, and other critical bugs pay $2,500. Less severe vulnerabilities, such as Flash-based reflective XSS or captcha bypass, generate a $150 reward.

Visit the Kindred Group bug bounty page at HackerOne for full program details

Microsoft Azure – enhanced

Program provider: Independent

Program type: Public bug bounty

Max reward: $40,000

Outline: Microsoft’s established Azure Bounty Program has expanded its scope to include Azure Sphere to run alongside the general release of the IoT security platform.

Notes: “The goal of the Microsoft Bug Bounty program is to uncover significant vulnerabilities that have a direct and demonstrable impact on the security of our customers,” Microsoft says. Many low-severity issues are out of scope.

Visit the latest Microsoft blog post for full program details

Microsoft Xbox

Program provider: Independent

Program type: Public bug bounty

Max reward: $20,000

Outline: Awards range from $500 to $20,000 for vulnerabilities found in the Xbox Live network and services, although Redmond says higher payouts are possible.

Notes: In-scope vulnerabilities include all the regular suspects with full PoC exploit: cross-site scripting, cross-site request forgery, insecure direct object references, insecure deserialization, code injection flaws, server-side code execution, significant security misconfiguration (when not caused by user), and exploits in third-party components.

Visit the Xbox bug bounty page for full program details

Monolith

Program provider: HackerOne

Program type: Public bug bounty

Max reward: $10,000

Outline: Ethereum-based banking alternative Monolith has linked with HackerOne to let hackers find bugs in its smart contract wallet and the internet-facing Monolith platform.

Notes: “The most important class of bugs we’re looking for are ones that would cause our users to lose their funds or have them rendered frozen and unusable within their Smart Contract Wallet,” Monolith says.

Visit the Monolith bug bounty page at HackerOne for full program details

TokenCoreX

Program provider: Independent

Program type: Public bug bounty

Max reward: $10,000

Outline: Developers at imToken, a popular cryptocurrency wallet, have launched a new bug bounty program covering the TokenCoreX library that underpins the application.

Notes: The program is a partnership with blockchain security specialists SlowMist, and covers defects in the implementation of the core encryption algorithm, along with vulnerabilities in chain-related logic code or the wallet application layer. Rewards are paid in Tether cryptocurrency, with critical vulnerabilities amounting to issues that result in an attacker stealing crypto-assets.

Visit the latest imToken blog post for more info

Visma

Program provider: HackerOne

Program type: Public bug bounty

Max reward: $2,500

Outline: Business software provider Visma wants security researchers to break their domains, with payouts ranging from $100 for low impact bugs to $2,500 for those defined as critical.

Notes: Critical exploits include RCE and SQL injection. Low-rated vulnerabilities such as open redirect or application level denial-of-service also warrant payouts. “Any reports outside these categories will be triaged on a case by case basis by Security Analysts from Visma,” the company adds.

Visit the Visma bug bounty page at HackerOne for more info

Other bug bounty and VDP news

  • Katie Moussouris, quite possible the Queen of the bug bounty, spoke on the Threatpost podcast about the challenges in implementing successful programs
  • The Hacker News ran an interview with the Open Bug Bounty project, a non-profit that’s demonstrated significant growth over the past year.
  • Bug hunter Alex Chapman published a blog post on his transition from pen tester to full-time bounty hunter.
  • Hyatt expanded its public bug bounty program on its one-year anniversary last month with HackerOne, widening its scope with  higher bounties.
  • Marriott is running a vulnerability disclosure program (unpaid) with HackerOne, as are mobile banking providers bunq, Canadian banking provider Koho, photo video editing app PicsArt, and Belgium-based REM-B Hydraulics.
  • Bugcrowd also saw the SoundCloud bug bounty program increase its rewards last month, now offering a maximum $4,500 for high priority bugs.

To have your program featured in this list next month, email dailyswig@portswigger.net with ‘Bug Bounty Radar’ in the subject line. Read more bug bounty news from The Daily Swig.

RELATED Bug Bounty Radar // January 2020

Source link

The post #hacking | Bug Bounty Radar // The latest bug bounty programs for February 2020 appeared first on National Cyber Security.

View full post on National Cyber Security

Cyber #hacks driving ‘bug bounty’ #jobs and #programs in #corporate #America

Source: National Cyber Security News

If you have the skills to stop a cyber hacker in their tracks, you may soon be getting calls from recruiters trying to fill a new crop of jobs throughout corporate America.

Criminal data breaches are predicted to cost businesses a total of $8 trillion over the next four years, outstripping worldwide IT security spending, which is expected to be upwards of $120 billion by 2021, according to Gartner. Meanwhile, there is a shortage of talent, and an anticipated 1.8 million cybersecurity jobs will be unfilled by 2022, with millennials likely playing a big role as cited in a report from the Center for Cyber Education and Safety. These jobs will be in demand as the the number of reported cybersecurity incidents (which doubled between 2016 and 2017) continues to rise. Even with expert cybersecurity firms on retainer to improve overall cyber resilience, companies are struggling to stay ahead in the battle against malicious hackers.

To help close the gap, more businesses are turning to another kind of hacker: the ‘white hats’. Through carefully implemented bug bounty programs, organizations can crowdsource the expertise of security researchers to help identify vulnerabilities in exchange for money and recognition, and fix vulnerabilities before they can be exploited.

Read More….

advertisement:

View full post on National Cyber Security Ventures

Advocates urge Texas to prevent child abuse by expanding ‘home visitor’ programs

Texas needs to ramp up spending on proven child-abuse prevention programs, child advocates and several lawmakers said Tuesday.
Sending “home visitors” such as nurses, teachers and social workers to work with disadvantaged pregnant women and high-risk young families can avert huge state costs, several speakers said at a “Home Visiting and Child Protection Day” rally at the Capitol.
The programs improve future graduation rates and avoid social ills such as incarceration, they said.

But the state is spending only about $70 million, including federal funds, on Home Visiting and Nurse-Family Partnership programs in the current two-year cycle, said Sen. Carlos Uresti, D-San Antonio.

Read More

The post Advocates urge Texas to prevent child abuse by expanding ‘home visitor’ programs appeared first on Parent Security Online.

View full post on Parent Security Online

“Virtual Infant Programs” Actually Increase Teen Pregnancies

In some communities, teens participate in “virtual infant parenting,” where they must care for robotic dolls that look and act like real babies. Participants spend a few days feeding, changing diapers, and supporting the dolls to experience the challenges of life as a teen parent. However, a new study of Australian girls has found these programs are not effective. Seventeen percent of girls who cared for virtual babies ended up becoming pregnant during their teen years, compared to 11 percent of those outside of the program. Teen pregnancies are at an all-time low in the United States. Experts believe the reason is education and use of contraception.

Read More

The post “Virtual Infant Programs” Actually Increase Teen Pregnancies appeared first on Parent Security Online.

View full post on Parent Security Online

20 Arkansas workforce programs get more than $15M in grants – Education Week

View full post on Education Week: Bullying







#pso #htcs #b4inc

Read More

The post 20 Arkansas workforce programs get more than $15M in grants – Education Week appeared first on Parent Security Online.

View full post on Parent Security Online

At summer lunch programs, schools see hungry parents, too – Education Week

View full post on Education Week: Bullying







#pso #htcs #b4inc

Read More

The post At summer lunch programs, schools see hungry parents, too – Education Week appeared first on Parent Security Online.

View full post on Parent Security Online

New Mexico grant aimed at STEM afterschool programs – Education Week

View full post on Education Week: Bullying







#pso #htcs #b4inc

Read More

The post New Mexico grant aimed at STEM afterschool programs – Education Week appeared first on Parent Security Online.

View full post on Parent Security Online

The NSA ended one of its contentious spying programs this weekend

Source: National Cyber Security – Produced By Gregory Evans

The NSA ended one of its contentious spying programs this weekend

Over the weekend, the NSA finally ended its contentiousPHONEmetadata spying program. It was first brought to public scrutiny after NSA contractor-turned-whistleblower Edward Snowden leaked documents to journalists about the scale of the US government’s spying, provoking a global debate over privacy andSECURITY. Though hailed as a hero by privacy activists, Snowden is viewed as a traitor by many in the US establishment, and would face trial if he returned home (he’s currently in exile in Russia.) But his leaks have provoked some politicalCHANGES. Key among these is the USA Freedom Act. It means that the NSA is no longer directly collecting millions of Americans’PHONE RECORDS. It actually came into effect this summer — but there was an 180-day grace period. That period ended just before midnight on Saturday, November 28. If the NSA wants this data, it will now have to apply to a FISA (foreign intelligence service) court to get it from one of thePHONE companies. Ewan MacAskill, a Guardian journalist who did some of the earliest reporting on Snowden’s leaks, describes it as a “first step but a modest one.” And he points out a “major” problem for privacy activists: “The reform applies only toPHONE RECORDS. The NSA can continue […]

For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com

The post The NSA ended one of its contentious spying programs this weekend appeared first on National Cyber Security.

View full post on National Cyber Security

Spying programs turning US into a fascist state: Analyst

Source: National Cyber Security – Produced By Gregory Evans

The inadequate judicial oversight of the US spying programs is leading the country toward a “type of fascist state,” says a former American intelligence linguist from Orlando. The federal court monitoring the spying operations issued the final order on Friday permitting the National Security Agency (NSA) to collect millions of Americans’ phone records. The Foreign Intelligence Surveillance Court (FISA) ruled that the bulk data collection program does not violate Americans’ privacy rights. The secretive court contended that the program concerns the metadata of US citizens, which entails the numbers people dial in a phone call, the length of the call and when it takes place. Metadata does not include the actual contents of a phone conversation. The Office of the Director of National Intelligence announced on Friday that the collected data “will not be used or accessed for any other purpose” other than an ongoing legal battle over the program. It also said that the NSA will destroy the records “upon expiration of its litigation preservation obligations.” In an interview with Press TV on Saturday, Scott Rickard complained of the poor judicial process behind the secretive courts. Rickard said that the Supreme Court has “handpicked” 14 judges to preside over the […]

For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com

The post Spying programs turning US into a fascist state: Analyst appeared first on National Cyber Security.

View full post on National Cyber Security