Security News > 2020

The sheer number of bug bounty programs in existence and the fact that the bounties occasionally reach tens or hundreds of thousands dollars has, as a result, lead many a bug hunter to concentrate on searching for vulnerabilities as their only occupation. For someone who already has a consistent, well paying job and maybe a couple of kids, bug hunting as a full-time occupation wouldn't be the best thing to just jump into, says Tommy DeVoss, a hacker from Virginia.

Inti De Ceukelaire of bug-bounty platform Intigriti claimed earlier this month hundreds of corporate service portals have been exposed to the internet, a 12 per cent increase since he scanned the internet for them last summer - an increase the COVID-19 crisis may have contributed to. As a proof of concept, De Ceukelaire targeted a set of corporate Atlassian service desk portals he found facing the internet.

Marriott International has experienced their second data breach

In the U.S and global communities, election security is a large concern.

A mysterious piece of Android malware that re-installs itself on infected devices even after users delete it or factory reset their devices-making it nearly impossible to remove. xHelper reportedly infected over 45,000 devices last year, and since then, cybersecurity researchers have been trying to unfold how the malware survives factory reset and how it infected so many devices in the first place.

Threats to web security are explained in this first of a three-part article series, and client-side security is shown to address a commonly missed class of cyber attack exemplified by Magecart. Traditional solutions to web security are outlined, including a new approach to web security based on client-side standards such as content security policy and subresource integrity.

Although these limitations were once put in place for good reason, they are absolutely constraining your ability to achieve the goal of maximizing business performance through optimization of your website capabilities. The security team may be actively monitoring third-party scripts, which is a great first step in client-side website protection.

A security researcher discovered multiple vulnerabilities in HP Support Assistant, a utility pre-installed on all HP computers sold after October 2012. While there are mitigations in place, HP Support Assistant is insecure by design, the researcher says.

VMDR continuously assesses these assets for the latest vulnerabilities and applies the latest threat intel analysis to prioritize actively exploitable vulnerabilities. The reason is, if you look at the statistics over the last 10 years, you would see that the total number of vulnerabilities which get discovered in a year, maybe let's say 15,000 to 16,000 of vulnerabilities that are getting discovered, out of those vulnerabilities, only a handful, like 1000 vulnerabilities get exploited.

Security Technology: A recommended list of product categories that should be installed and configured. Security Team: Every team, regardless of size and dedication level, has a set of procedures to handle ongoing security operations routinely.