#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

Pwnium competition | Breaking Cybersecurity News | The Hacker News

Category — Pwnium competition
Google adds its Chrome apps and extensions to Bug Bounty Program

Google adds its Chrome apps and extensions to Bug Bounty Program

Feb 06, 2014
Google's Vulnerability Reward Program which started in November 2010, offers a hefty reward to the one who find a good vulnerability in its products.  Now Google is getting a little more serious about the security of its Chrome Browser and has expanded its Bug Bounty Program to include all Chrome apps, extensions developed and branded as " by Google ". The Internet is a platform which has become a necessary medium for performing our daily tasks like reading news, paying bills, playing games, scheduling meetings and everything we perform on this platform is possible only because of the various applications maintained by the service providers. " We think developing Chrome extensions securely is relatively easy, but given that extensions like Hangouts and GMail are widely used, we want to make sure efforts to keep them secure are rewarded accordingly. " Google said in a blog post . Not only this, to improve the security of open-source proje
Google Chrome added pop-up warning to prevent users from Browser hijacking

Google Chrome added pop-up warning to prevent users from Browser hijacking

Feb 04, 2014
GOOGLE, one of the most trusted brands continuously trying to keep its products more robust and secure for keeping its users safe. Google honors vulnerability hunters under its Bug bounty program and not only that, the company also offer a huge amount of reward to hackers in ' Pwnium ' hacking competition for finding critical vulnerability. Google Chrome , Browser from Google product family, has been added with a new feature that it will warn the user whenever browser's setting get altered by any malware . Browser hijacking is the modification of browser's settings, and the term " hijacking " is used when the changes performed without the user's permission. A browser hijacker may replace the existing home page, error page, or search page with its own. These are generally used to force hits to a particular website, increasing its advertising revenue i.e. Click jacking and Adware . A hijacker uses malicious software to change your internet s
Shining a Light on Shadow Apps: The Invisible Gateway to SaaS Data Breaches

Shining a Light on Shadow Apps: The Invisible Gateway to SaaS Data Breaches

Sep 10, 2024SaaS Security / Risk Management
Shadow apps, a segment of Shadow IT, are SaaS applications purchased without the knowledge of the security team. While these applications may be legitimate, they operate within the blind spots of the corporate security team and expose the company to attackers.  Shadow apps may include instances of software that the company is already using. For example, a dev team may onboard their own instance of GitHub to keep their work separate from other developers. They might justify the purchase by noting that GitHub is an approved application, as it is already in use by other teams. However, since the new instance is used outside of the security team's view, it lacks governance. It may store sensitive corporate data and not have essential protections like MFA enabled, SSO enforced, or it could suffer from weak access controls. These misconfigurations can easily lead to risks like stolen source code and other issues. Types of Shadow Apps  Shadow apps can be categorized based on their interac
Google announces $2.7 million Reward for hacking Chrome OS at Pwnium Contest

Google announces $2.7 million Reward for hacking Chrome OS at Pwnium Contest

Jan 27, 2014
Pwnium is the annual Hacking competition where Google invites coders from around the world to find security holes in Google Chrome. Google has announced its 4th Pwnium Hacking Contest hosted at the Canadian Security conference in March, offering more than $2.7 million in potential rewards for hacking Chrome OS-running ARM and Intel Chromebook. This year the security researchers have a choice in between an ARM-based Chromebook, the HP Chromebook 11 (WiFi) and the Acer C720 Chromebook (2GB WiFi) based on Intel's Haswell microarchitecture . The attack must be demonstrated against one of these devices running " then-current " stable version of Chrome OS. " Security is a core tenet of Chromium, which is why we hold regular competitions to learn from security researchers. Contests like Pwnium help us make Chromium even more secure ," Jorge Lucángeli Obes, Google Security Engineer said. Amongst the payouts are $110,000 for the browser or s
cyber security

DevOps Security Best Practices

websiteWizDevOps / Secure Coding
Develop securely from code to cloud with this DevOps Security Cheat Sheet from Wiz. Take a deep dive into secure coding, infrastructure security, and vigilant monitoring and response.
‘Pinkie Pie’ discovered second Chrome exploit worth $60k at Pwnium 2

'Pinkie Pie' discovered second Chrome exploit worth $60k at Pwnium 2

Oct 10, 2012
Hacker known as " Pinkie Pie " produced the first Chrome vulnerability at the Hack In the Box conference on Wednesday, just ahead of the deadline for the competition this afternoon. The exploit, if later confirmed by Google's US headquarters, will have earned the teenage hacker known as Pinkie Pie the top US$60,000 cash reward. In March, Pinkie Pie and Sergey Glazunov both won $60,000 for their exploits at the first Pwnium competition. Google established the Pwnium competition as an alternative to the Pwn2own contest in order to add the requirement that participants provide details of their exploit. Google will give away up to a total of US$2 million during the event. $60,000 - "Full Chrome exploit": Chrome / Win7 local OS user account persistence using only bugs in Chrome itself. $40,000 - "Partial Chrome exploit": Chrome / Win7 local OS user account persistence using at least one bug in Chrome itself, plus other bugs. For example, a WebKit bug combined with a Windows
Expert Insights / Articles Videos
Cybersecurity Resources