Bug Bounty Program | Breaking Cybersecurity News | The Hacker News

Facebook pays Millions of dollars every year to researchers and white hat hackers from all around the world to stamp out security holes in its products and infrastructure under its Bug Bounty Program. Facebook recognizes and rewards bug hunters to encourage more people to help the company keep Facebook users safe and secure from outside entities, malicious hackers or others. Recently, the social media giant revealed that India is on top of all countries to report the maximum number of vulnerabilities or security holes in the Facebook platform as well as holds the top position in the country receiving the most bug bounties paid. "India is home to the largest population of security researchers participating in the Facebook bug bounty program since its inception in 2011. The country also holds the top spot for most bounties paid," Adam Ruddermann, Facebook's technical program manager notes . If you are one of the Facebook's bug hunters, you might be aware of the fact t

Hacking Facebook account is one of the major queries of the Internet user today. It's hard to find — how to hack Facebook account , but an Indian hacker just did it. A security researcher discovered a 'simple vulnerability' in the social network that allowed him to easily hack into any Facebook account, view message conversations, post anything, view payment card details and do whatever the real account holder can. Facebook bounty hunter Anand Prakash from India recently discovered a Password Reset Vulnerability , a simple yet critical vulnerability that could have given an attacker endless opportunities to brute force a 6-digit code and reset any account's password. Here's How the Flaw Works The vulnerability actually resides in the way Facebook's beta domains handle 'Forgot Password' requests. Facebook lets users change their account password through Password Reset procedure by confirming their Facebook account with a 6-digit c

The need for vCISO services is growing. SMBs and SMEs are dealing with more third-party risks, tightening regulatory demands and stringent cyber insurance requirements than ever before. However, they often lack the resources and expertise to hire an in-house security executive team. By outsourcing security and compliance leadership to a vCISO, these organizations can more easily obtain cybersecurity expertise specialized for their industry and strengthen their cybersecurity posture. MSPs and MSSPs looking to meet this growing vCISO demand are often faced with the same challenge. The demand for cybersecurity talent far exceeds the supply. This has led to a competitive market where the costs of hiring and retaining skilled professionals can be prohibitive for MSSPs/MSPs as well. The need to maintain expertise of both security and compliance further exacerbates this challenge. Cynomi, the first AI-driven vCISO platform , can help. Cynomi enables you - MSPs, MSSPs and consulting firms

Update: ' Hack The Pentagon ' has opened registration for its pilot bug bounty program of $150,000 for hackers in return for the vulnerabilities they find in its public facing websites. The Defense Department has enlisted the bug bounty startup HackerOne to manage the pilot program. Interested hackers can Register Now to participate in the Bug Bounty program. The United States Department of Defense (DoD) has the plan to boost their internal and network security by announcing what it calls "the first cyber Bug Bounty Program in the history of the federal government," officially inviting hackers to take up the challenge. Dubbed " Hack the Pentagon ," the bug bounty program invites the hackers and security researchers only from the United States to target its networks as well as the public faced websites which are registered under DoD. The bug bounty program will begin in April 2016, and the participants could win money (cash rewards)

The non-profit organization behind TOR – the largest online anonymity network that allows people to hide their real identity online – will soon be launching a " Bug Bounty Program " for researchers who find loopholes in Tor apps. The bounty program was announced during the recurring ' State of the Onion' talk by Tor Project at Chaos Communication Congress held in Hamburg, Germany. Bug bounty programs are cash rewards gave by companies or organizations to white hat hackers and researchers who hunt for serious security vulnerabilities in their website or products and then responsibly disclose them. Bug bounties are designed to encourage security researchers and hackers to responsibly report the vulnerabilities they discovered, rather than exploiting it. Here's what one of the founders of the Tor Project, Nick Mathewson , said about the bug bounty program as reported by Motherboard: "We are grateful to the people who have looked at ou

Ever wonder how to hack Instagram or how to hack a facebook account? Well, someone just did it! But, remember, even responsibly reporting a security vulnerability could end up in taking legal actions against you. An independent security researcher claims he was threatened by Facebook after he responsibly revealed a series of security vulnerabilities and configuration flaws that allowed him to successfully gained access to sensitive data stored on Instagram servers , including: Source Code of Instagram website SSL Certificates and Private Keys for Instagram Keys used to sign authentication cookies Personal details of Instagram Users and Employees Email server credentials Keys for over a half-dozen critical other functions However, instead of paying him a reward, Facebook has threatened to sue the researcher of intentionally withholding flaws and information from its team. Wesley Weinberg , a senior security researcher at Synack, participated in Facebook's b

Yes, you heard it right. Mark Zuckerberg has left his job at Facebook. Don't believe me? I can prove it to you. —  Check this Facebook Post by yourself  — This is weird, Isn't it? But, don't be surprised or shocked, because what you just saw was only an illusion. This is actually a minor bug in the popular social media website that allows anyone to manipulate the life event of any user who has his work status posted on Facebook. The bug, uncovered by the independent hacker Sachin Thakuri , is not a technical flaw. So how was he able to do this? All Thakuri did is took the original URL of Mark Zuckerberg life event: https://www.facebook.com/zuck/timeline/story?ut=32&wstart=-2051193600&wend=2147483647&hash=971179541251&pagefilter=3 &ustart=1 &__mref=message_bubble ...and remove the ustart=1 parameter, which left him with: https://www.facebook.com/zuck/timeline/story?ut=32&wstart=-2051193600&wend=2147483647&ha

Well, here's some terrible news for all Apple iOS users… Someone just found an iOS zero-day vulnerability that could allow an attacker to remotely hack your iPhone running the latest version of iOS, i.e. iOS 9. Yes, an unknown group of hackers has sold a zero-day vulnerability to Zerodium , a startup by French-based company Vupen that Buys and Sells zero-day exploits. And Guess what, in How much? $1,000,000. Yes, $1 Million. Last month, a Bug bounty challenge was announced by Zerodium for finding a hack that must allow an attacker to remotely compromise a non-jailbroken Apple device through: A web page on Safari or Chrome browser, In-app browsing action, or Text message or MMS. Zerodium's Founder Chaouki Bekrar confirmed on Twitter that an unnamed group of hackers has won this $1 Million Bounty for sufficiently submitting a remote browser-based iOS 9.1/9.2b Jailbreak (untethered) Exploit. NO More Fun. It's Serious Threat to iOS Use

Here we are with our weekly roundup, showcasing last week's top cyber security threats and challenges. Just in case you missed any of them (ICYMI), THN Weekly Round-Up helps you provide all important stories of last week in one shot. We advise you to read the full story (just click ' Read More ' because there's some valuable advice in it as well). Here's the list: 1. Facebook to Launch Its Own Satellite to Beam Free Internet Facebook has revealed its plans to launch a  $500 Million Satellite  by next year in an effort to provide free or cheap Internet access in the developing countries. The social network giant has teamed up with the French satellite provider  Eutelsat  Communications to  beam free Internet  access to several parts of countries in Sub-Saharan Africa. For detailed information on Facebook's Satellite Project –  Read more … 2. Angler Exploit Kit Campaign Generating $30 Million Took Down Researchers took down a large ran

Sanmay Ved – the man who actually managed to buy Google.com got a huge reward from Google, but he donated all money to charity. Last week, an ex-Google employee and now-Amazon employee managed to buy the world's most-visited domain Google.com via Google's own Domains service for only $12 . However, Ved owned Google.com for one whole minute before the Mountain View company realized it was a mistake and cancelled the transaction. After acknowledging the mistake, Google rewarded Ved with some unknown amount of cash, but when Ved generously suggested donating his prize money to charity instead, Google just doubled the reward. Google Rewarded Ved with More than $10,000 Ved believed that his real reward was just being the person who bought Google.com for a whole minute. "I do not care about the money," Ved told in an interview with Business Insider. "It was never about the money. I also want to set an example that [there are] people who [wi

Facebook bounty hunter Laxman Muthiyah from India has recently discovered his third bug of this year in the widely popular social network website that just made a new record by touching 1 Billion users in a single day. At the beginning of the year, Laxman discovered a serious flaw in Facebook graphs that allowed him to view or probably delete others photo album on Facebook, even without having authentication. Just after a month, Laxman uncovered another critical vulnerability in the social network platform that resided in the Facebook Photo Sync feature , that automatically uploads photos from your mobile device to a private Facebook album, which isn't visible to any of your Facebook friends or other Facebook users. However, the flaw discovered by Laxman could allowed any third-party app to access and steal your personal photographs from the hidden Facebook Photo Sync album. Hacking Any Facebook Page Now, the latest bug in Laxman's list could allow atta

A group of China-backed hackers believed to be responsible for high-profile data breaches, including the U.S. Office of Personnel Management and the insurance giant Anthem , has now hit another high-profile target –  United Airlines . United detected a cyber attack into its computer systems in May or early June; Bloomberg reported , citing some unnamed sources familiar with the matter. The same sources say that the hackers responsible for the data breach in United's systems are the same group of China-backed hackers that successfully carried out several other large heists, including the United States' Office of Personnel Management and the health insurer Anthem Inc. Dangerous Intentions: United Airlines Data Breach The stolen data includes manifests, which contain information on flights' passengers and their origins and destinations, meaning that the hackers have " data on the movements of Millions of Americans ." Since United Airlines

A critical vulnerability has been discovered in the official Apple's App Store and iTunes Store, affecting millions of Apple users. Vulnerability-Lab Founder and security researcher Benjamin Kunz Mejri discovered an Application-Side input validation web vulnerability that actually resides in the Apple App Store invoice module and is remotely exploitable by both sender as well as the receiver. The vulnerability, estimated as high in severity, has been reported to Apple Security team on June 9, 2015 and the company patched the issue within a month. How the vulnerability works? By exploiting the flaw, a remote hacker can manipulate the name value ( device cell name ) by replacing it with a malicious script code. Now, if the attacker buys any product in the App Store or iTunes Store, the internal app store service takes the device value ( which is actually the malicious code ) and generates the invoice which is then sends to the seller account. This results in

What if you get 1 Million Frequent Flyer Miles for Free? Yes, 1 Million Air Miles… …I think that would be enough for several first-class trips to Europe or up to 20 round-trips in the United States. Two Computer Hackers have earned more than 1 Million frequent-flyer miles each from United Airlines for finding multiple security vulnerabilities in the Airline's website. Back in May this year, Chicago-based ' United Airlines ' launched a bug bounty program and invited security researchers and bug hunters to find and report security vulnerabilities in its websites, software, apps and web portals. Jordan Wiens , a security researcher from Florida and one of two bounty winners, tweeted last week that he earned United Airlines' top reward of 1 Million Miles for finding a flaw that could have allowed a hacker to seize control of one of the airline's websites. Wiens is not allowed to disclose the technical details regarding the vulnerabilities, but

If you are a security researcher and fond of traveling from one conference to another, then United Airlines' bug bounty program would be of great interest for you. United Airlines has launched a new bug bounty program inviting security researchers and bug hunters to report vulnerabilities in its websites, apps and web portals. Bug bounty programs are very common among technology firms, including Google and Facebook, who offer you hundreds of thousands of dollars as rewards for exposing security flaws and errors in their products. So, what's different in United Airlines new bug bounty? The most interesting part of this bug bounty program is – Instead of offering cold, hard cash, United Airlines is offering air miles as the reward for yours . Let's see what United Airlines says about its bug bounty program: " At United, we take your safety, security and privacy seriously. We utilize best practices and are confident that our systems are secure ,"

If you're a bug hunter and love playing with codes than you could grab as much as US$15,000 from Microsoft for finding out vulnerabilities in its latest Project Spartan browser . Yes, $15,000! It seems like Redmond don't want to take a chance to let hackers and cyber criminals get their hands on the company's latest Windows 10 operating system. On Wednesday, Microsoft announced that the company will be expanding its bug bounty program ahead of the release of Windows 10, which will include a two-month hunt for vulnerabilities in its new web browser, Project Spartan. So, it's time for security researchers and hackers to earn extra cash from Microsoft. For those who are unaware… What's Project Spartan? Project Spartan is Microsoft's project for its new web browser to replace the oldest Internet Explorer from its Windows operating system. Though the project is still very much under the developmental stage, Microsoft is making every effort to make Spartan

A security researcher has discovered a critical vulnerability in Google-owned YouTube that could allow anyone to make the comment posted by any celebrity or public figure on some YouTube video appear on his or her own YouTube video, impersonating that celeb. Just a few weeks ago we reported about a simple logical vulnerability in YouTube that could have been exploited by anyone to delete any video from YouTube in just one shot . Now: Again a small trick in the popular video sharing website could allow anyone to play with the comments posted by users on YouTube videos. Ahmed Aboul-Ela and  Ibrahim M. El-Sayed , two Egyptian security researcher, found a simple trick that allowed him to copy any comments from any video on the popular video sharing website to his video, even without any user-interaction. Not only this, but also: This vulnerability allows you to spoof, duplicate or copy the comments on discussion boards from any YouTube channel and make it appe