Varonis and HackerOne launch vulnerability disclosure program

Varonis has launched its public vulnerability disclosure program via HackerOne. The VDP enables the entire HackerOne community to report potential security issues related to Varonis’ corporate and cloud environments, including Varonis SaaS products. Varonis CISO Guy Shamilov said, “Varonis has had tremendous success with our private bug disclosure program, and the logical next step for […]

Continue Reading

Uber hacked, attacker tears through the company’s systems

Uber has been hacked, again – this time by an 18-year-old (allegedly). According to The New York Times, the breach happened on Thursday. The hacker claims to have gotten in by social-engineering an Uber employee: Apparently there was an internal network share that contained powershell scripts… “One of the powershell scripts contained the username and […]

Continue Reading

Darktrace and HackerOne join forces to help organizations close their security gap

At Black Hat USA 2022, Darktrace and HackerOne announced a partnership combining Darktrace PREVENT/Attack Surface Management technology with the continuous security assessment capabilities of the HackerOne platform. The partnership expands HackerOne’s OpenASM initiative and delivers on a shared vision with Darktrace to help organizations secure their digital estate through technology and a community of ethical […]

Continue Reading

Unfaithful HackerOne employee steals bug reports to claim additional bounties

Bug bounty platform HackerOne disclosed that a former employee improperly accessed security reports submitted to claim additional bounties The vulnerability coordination and bug bounty platform HackerOne disclosed that a former employee improperly accessed security reports submitted by white-hat hackers to claim additional bounties. The investigation started on June 22nd, 2022, when a customer asked the […]

Continue Reading

HackerOne OpenASM enables customers to leverage scan data from multiple vendors

HackerOne announced OpenASM, an initiative that combines scan data from customers’ attack surface management (ASM) tools with security testing efforts. Attack surface scans can be used to better set scopes for bug bounties, penetration tests, and vulnerability disclosure programs. In addition, ethical hackers can enrich, risk rank, and prioritize assets, helping organizations reduce risk more […]

Continue Reading

HackerOne acquires PullRequest to help users integrate code security reviews during workflows

HackerOne announced its acquisition of PullRequest, the pioneer of code-review-as-a-service. PullRequest’s technology and code reviewers will enable developer-first security testing solutions. These changes will ultimately help customers release trustworthy software faster by embedding expert security reviewers within their software development lifecycles (SDLCs). “Developer-first is the future of application and cloud security. Over 70% of organizations […]

Continue Reading

Hacker-powered pentests gaining momentum

Hackers have reported over 66,000 valid vulnerabilities this year – over 20% more than 2020 – with hacker-powered pentests seeing a 264% increase in reported vulnerabilities, HackerOne has announced. Pandemic-led digital transformation and cloud migration continue to create vulnerabilities as attack surfaces expand and services are outsourced. This year’s report revealed bounty prices for high […]

Continue Reading