Security News
HackerOne has announced that its bug bounty programs have awarded over $300 million in rewards to ethical hackers and vulnerability researchers since the platform's inception. Thirty hackers have earned over a million USD for their submissions, and one has broken the record, receiving over $4 million for his bug reports.
Security experts from HackerOne and beyond weigh in on malicious prompt engineering and other attacks that could strike through LLMs. HackerOne, a security platform and hacker community forum, hosted a roundtable on Thursday, July 27, about the way generative artificial intelligence will change the practice of cybersecurity. How threat actors take advantage of generative AI. "We have to remember that systems like GPT models don't create new things - what they do is reorient stuff that already exists stuff it's already been trained on," said Klondike.
HackerOne published the results of its new study, which reveals that half of the organizations surveyed experienced increased cybersecurity vulnerabilities in the last year as they faced security budget cuts and layoffs. HackerOne's survey shows that economic reductions, such as budget cuts, layoffs and freezing new hires and investments, related to security are negatively impacting the ability to manage cybersecurity efficiently for 75% of the companies surveyed.
Vulnerability coordination and bug bounty platform HackerOne on Friday disclosed that a former employee at the firm improperly accessed security reports submitted to it for personal gain. The employee, who had access to HackerOne systems between April 4 and June 23, 2022, for triaging vulnerability disclosures associated with different customer programs, has since been terminated by the San Francisco-headquartered company as of June 30.
A HackerOne employee stole vulnerability reports submitted through the bug bounty platform and disclosed them to affected customers to claim financial rewards. The rogue worker had contacted about half a dozen HackerOne customers and collected bounties "In a handful of disclosures," the company said on Friday.
Bug bounty platform HackerOne disabled Kaspersky's bug bounty program on Friday following sanctions imposed on Russia and Belarus after the invasion of Ukraine. Kaspersky also added that its bug bounty program was disabled indefinitely following "Unilateral action from HackerOne."
Today, Chris Evans, the CISO of bug bounty platform HackerOne, apologized to Ukrainian hackers after erroneously blocking their bug bounty payouts following sanctions imposed on Russia and Belarus after Ukraine's invasion. "Due to current economic sanctions and export controls, if you are based in Ukraine, Russia, or Belarus all communications and transactions have been paused for the time being," an email received by Ukrainian hackers from HackerOne read. The decision to freeze accounts for Ukrainians on the bug bounty platforms was also shared by HackerOne CEO Mårten Mickos via a now-deleted tweet saying that the company would re-route all rewards to UNICEF for all hackers from sanctioned areas.
The United Kingdom’s Ministry of Defence (MoD) announced the conclusion of its first bug bounty challenge with HackerOne. The Ministry of Defence program was a 30-day, hacker-powered security test...
HackerOne announced a new workflow automation integration with GitHub that enables the tracking and synchronization of high-priority vulnerability reports between HackerOne and GitHub. HackerOne is making its debut on GitHub's Marketplace.
HackerOne announced that it is doubling down on its investment in innovation with the hiring of new leaders to drive the product roadmap. HackerOne is investing in innovative solutions for customers and hackers, integrations into existing security operations workflows, and a broader use of vulnerability data.