Security News

Google awarded $10 million to 632 researchers from 68 countries in 2023 for finding and responsibly reporting security flaws in the company's products and services.Though this is lower than the $12 million Google's Vulnerability Reward Program paid to researchers in 2022, the amount is still significant, showcasing a high level of community participation in Google's security efforts.

The U.S. State Department has announced monetary rewards of up to $15 million for information that could lead to the identification of key leaders within the LockBit ransomware group and the...

The U.S. State Department is now also offering rewards of up to $15 million to anyone who can provide information about LockBit ransomware gang members and their associates. 10 million is offered for information that could lead to locating or identifying LockBit leadership, and an extra $5 million is available for tips that could lead to the apprehension of LockBit ransomware affiliates.

The Department of State announced last week that it was offering $10 million for information identifying key leaders in the ALPHV ransomware gang or their locations, and $5 million for information leading to the arrest or conviction of anyone "Participating in or conspiring or attempting" to use the gang's notorious ransomware. ALPHV has made a habit of going after critical infrastructure targets, and last week claimed responsibility for an attack on the company operator of the Canadian Trans-Northern Pipelines, allegedly stealing around 190GB of data.

The U.S. Department of State has announced monetary rewards of up to $10 million for information about individuals holding key positions within the Hive ransomware operation. It is also giving...

The US government has placed an extra $5 million bounty on Hive ransomware gang members - its second such reward in a year. The FBI has also put up an additional $5 million award for information leading to the arrest and/or conviction of any person "Conspiring to participate in or attempting to participate in Hive ransomware activity."

Microsoft has announced a new bug bounty program aimed at unearthing vulnerabilities in Defender-related products and services, and is offering participants the possibility to earn up to $20,000 for the most critical bugs. Microsoft Defender includes various products and services that are build to secure and protect Microsoft users.

Interview Microsoft's bug bounty program celebrated its tenth birthday this year, and has paid out $63 million to security researchers in that first decade - with $60 million awarded to bug hunters in the past five years alone, according to Redmond. She credited Katie Moussouris, who played a key role in convincing Redmond's top brass that Microsoft needed a bug bounty program - despite execs vowing never to pay researchers for bugs.

Microsoft has unveiled a new bug bounty program aimed at the Microsoft Defender security platform, with rewards between $500 and $20,000.Currently, the Microsoft Defender Bounty Program is limited in scope and will focus solely on Microsoft Defender for Endpoint APIs.

Google has expanded its bug bounty program, aka Vulnerability Rewards Program, to cover threats that could arise from Google's generative AI systems. Following the voluntary commitment to the Biden-⁠Harris Administration to develop responsible AI and manage its risks, Google has added AI-related risks to its bug bounty program, which gives recognition and compensation to ethical hackers who successfully find and disclose vulnerabilities in Google's systems.