Security News
The $10 million is for intel that leads to the identification or location of anyone who holds a leadership position in the DarkSide group. Any bounty hunters out there could potentially score a cool $10 million if they help the US government snag one of the leaders of the DarkSide ransomware gang.
The federal government has upped the ante in its fight against ransomware by offering a $10 million reward for information leading to the identification or location of leaders of the DarkSide ransomware group. The U.S. Department of State unveiled the reward on Thursday, adding a $5 million reward for for information that leads to the arrest and conviction of individuals participating in a DarkSide attack.
Google has announced the launch of its first vulnerability rewards program for Android Enterprise with bounties of up to $250,000. "And since we believe scrutiny and transparency are key to improving security, we've launched our first Android Enterprise Vulnerability Rewards Program," said Rajeev Pathak, Senior Product Manager at Google.
As more businesses rely on open-source software for mission-critical infrastructure, HackerOne, along with sponsors including Elastic, Facebook, Figma, GitHub, Shopify and TikTok, announced they are throwing a new round of resources behind an Internet Bug Bounty Program to lure threat hunters' attention to open-source supply chains. Following a spate of spectacular software supply-chain breaches, market leaders have decided to throw in some cash to fund the IBB to incentivize bug hunters to take a closer look at open-source code.
Singapore's governmental digital services arm, GovTech, has launched a "Rewards programme" to further crowdsource tests of the nation's cybersecurity. The Vulnerability Rewards Programme joins the Government Bug Bounty Programme and the Vulnerability Disclosure Programme, all of which work alongside the government's own security checks.
Bugcrowd announced Audiomack, a free music sharing and discovery platform, is launching a public Bug Bounty program to strengthen the security of its internet-connected assets. Audiomack has also operated a Vulnerability Disclosure Program through the Bugcrowd platform over the last year, helping them streamline the process of triaging and validating potential issues so that they can focus their security efforts on remediation.
The mysterious miscreant who exploited a software vulnerability in Poly Network to drain $600m in crypto-assets, claims the Chinese blockchain company offered them $500,000 as a reward for discovering the weakness. "We appreciate you sharing your experience and believe your action constitutes white hat behaviour ... Since, we believe your action is white hat behaviour, we plan to offer you a $500,000 bug bounty after you complete the refund fully," the thief wrote in their transaction metadata, seemingly quoting or paraphrasing a message received from Poly Network.
The United Kingdom’s Ministry of Defence (MoD) announced the conclusion of its first bug bounty challenge with HackerOne. The Ministry of Defence program was a 30-day, hacker-powered security test...
Google has revealed that its bug bounty program - which it styles a "Vulnerability Reward Program" - has paid out for 11,055 bugs found in its services since 2010. 11,055 bugs seems like a lot, but it's not out of step with other vendors.
Google says it has paid more than $29 million in rewards for pre-patch vulnerability data over the past 10 years. Since the launch of Google Vulnerability Rewards Program 10 years ago, the company said it paid bounties on 11,055 vulnerabilities that were reported by 2,022 researchers from 84 countries.