The Hacker News Logo
Subscribe to Newsletter
CrowdSec

The Hacker News - Cybersecurity News and Analysis: bug report

Tumblr Patches A Flaw That Could Have Exposed Users’ Account Info

Tumblr Patches A Flaw That Could Have Exposed Users' Account Info

October 17, 2018Swati Khandelwal
Tumblr today published a report admitting the presence of a security vulnerability in its website that could have allowed hackers to steal login credentials and other private information for users' accounts. The affected information included users email addresses, protected (hashed and salted) account passwords, self-reported location (a feature no longer available), previously used email addresses, last login IP addresses, and names of the blog associated with every account. According to the company, a security researcher discovered a critical vulnerability in the desktop version of its website and responsibly reported it to the Tumblr security team via its bug bounty program. Though the company has not revealed the researcher's name or any technical details about the vulnerability, Tumblr has disclosed that the flaw resided in the "Recommended Blogs" feature of its website. Recommended Blogs has been designed to display a short, rotating list of blogs o
Hack'em If You Can — U.S. Air Force launches Bug Bounty Program

Hack'em If You Can — U.S. Air Force launches Bug Bounty Program

April 27, 2017Mohit Kumar
With the growing number of data breaches and cyber attacks, a significant number of companies and organizations have started Bug Bounty programs for encouraging hackers and bug hunters to find and responsibly report vulnerabilities in their services and get rewarded. Now, following the success of the " Hack the Pentagon " and "Hack the Army" initiatives, the United States Department of Defense (DoD) has announced the launch of the "Hack the Air Force" bug bounty program. Hacking or breaking into Defense Department networks was illegal once, but after " Hack the Pentagon " initiative, the DoD started rewarding outsiders to finding and reporting weaknesses in its private networks. "This is the first time the AF [Air Force] has opened up...networks to such a broad scrutiny," Peter Kim, the Air Force Chief Information Security Officer said in a statement. "We have malicious hackers trying to get into our systems every day.&quo
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.