Security News

Security researchers in Adobe's bug bounty program can now pick up rewards for finding vulnerabilities in Adobe Firefly and Content Credentials. Members of Adobe's public bug bounty program will be eligible to work with Adobe Firefly and Content Credentials in the second half of 2024, and applications for the private program are open.

In this Help Net Security interview, Roy Davis, Manager - Vulnerability Management & Bug Bounty at Zoom, discusses the role bug bounty programs play in identifying security vulnerabilities and facilitating collaboration with researchers. Disputes over bug classifications: Bug bounty programs usually have guidelines for classifying the severity of reported vulnerabilities, and determining the reward amount.

Google awarded $10 million to 632 researchers from 68 countries in 2023 for finding and responsibly reporting security flaws in the company's products and services.Though this is lower than the $12 million Google's Vulnerability Reward Program paid to researchers in 2022, the amount is still significant, showcasing a high level of community participation in Google's security efforts.

The U.S. State Department has announced monetary rewards of up to $15 million for information that could lead to the identification of key leaders within the LockBit ransomware group and the...

The U.S. State Department is now also offering rewards of up to $15 million to anyone who can provide information about LockBit ransomware gang members and their associates. 10 million is offered for information that could lead to locating or identifying LockBit leadership, and an extra $5 million is available for tips that could lead to the apprehension of LockBit ransomware affiliates.

The Department of State announced last week that it was offering $10 million for information identifying key leaders in the ALPHV ransomware gang or their locations, and $5 million for information leading to the arrest or conviction of anyone "Participating in or conspiring or attempting" to use the gang's notorious ransomware. ALPHV has made a habit of going after critical infrastructure targets, and last week claimed responsibility for an attack on the company operator of the Canadian Trans-Northern Pipelines, allegedly stealing around 190GB of data.

The U.S. Department of State has announced monetary rewards of up to $10 million for information about individuals holding key positions within the Hive ransomware operation. It is also giving...

The US government has placed an extra $5 million bounty on Hive ransomware gang members - its second such reward in a year. The FBI has also put up an additional $5 million award for information leading to the arrest and/or conviction of any person "Conspiring to participate in or attempting to participate in Hive ransomware activity."

Microsoft has announced a new bug bounty program aimed at unearthing vulnerabilities in Defender-related products and services, and is offering participants the possibility to earn up to $20,000 for the most critical bugs. Microsoft Defender includes various products and services that are build to secure and protect Microsoft users.

Interview Microsoft's bug bounty program celebrated its tenth birthday this year, and has paid out $63 million to security researchers in that first decade - with $60 million awarded to bug hunters in the past five years alone, according to Redmond. She credited Katie Moussouris, who played a key role in convincing Redmond's top brass that Microsoft needed a bug bounty program - despite execs vowing never to pay researchers for bugs.