Security News
Said bugs 'can have significant implications' – glad to hear that from Redmond Microsoft is so concerned about security in its Copilot products for folks that it’s lifted bug bounty payments for...
Microsoft announced over the weekend that it has expanded its Microsoft Copilot (AI) bug bounty program and increased payouts for moderate severity vulnerabilities. [...]
The Browser Company has introduced an Arc Bug Bounty Program to encourage security researchers to report vulnerabilities to the project and receive rewards. [...]
Google has more than doubled payouts for Google Chrome security flaws reported through its Vulnerability Reward Program, with the maximum possible reward for a single bug now exceeding $250,000. [...]
Samsung has dangled its first $1 million bug bounty for anyone who successfully compromises Knox Vault - the isolated subsystem the Korean giant bakes into its smartphones to store info like credentials and run authentication routines. Folks who can unlock a Samsung device and plunder user data before the handset is first unlocked will net up to $400,000 - although that is dependent on the amount of information that can be snaffled.
Good luck, crackers: It's an isolated processor and storage enclave, and top dollar only comes from a remote attack Samsung has dangled its first $1 million bug bounty for anyone who successfully...
Google has announced a fivefold increase in payouts for bugs found in its systems and applications reported through its Vulnerability Reward Program, with a new maximum bounty of $151,515 for a single security flaw."As our systems have become more secure over time, we know it is taking much longer to find bugs - with that in mind, we are very excited to announce that we are updating our reward amounts by up to 5x," Google said.
Tenable thinks these tags can be abused by a rogue Azure customer to access other customers' stuff - a cross-tenant attack - if those victims rely on Service Tags in their firewall rules. "We appreciate the collaboration with Tenable to responsibly disclose the inherent risk in using Service Tags as a single mechanism for vetting secure network traffic," a Microsoft spokesperson told The Register.
Security researchers in Adobe's bug bounty program can now pick up rewards for finding vulnerabilities in Adobe Firefly and Content Credentials. Members of Adobe's public bug bounty program will be eligible to work with Adobe Firefly and Content Credentials in the second half of 2024, and applications for the private program are open.
In this Help Net Security interview, Roy Davis, Manager - Vulnerability Management & Bug Bounty at Zoom, discusses the role bug bounty programs play in identifying security vulnerabilities and facilitating collaboration with researchers. Disputes over bug classifications: Bug bounty programs usually have guidelines for classifying the severity of reported vulnerabilities, and determining the reward amount.