hackerone | Breaking Cybersecurity News | The Hacker News

Vulnerability coordination and bug bounty platform HackerOne on Friday disclosed that a former employee at the firm improperly accessed security reports submitted to it for personal gain. "The person anonymously disclosed this vulnerability information outside the HackerOne platform with the goal of claiming additional bounties," it  said . "In under 24 hours, we worked quickly to contain the incident by identifying the then-employee and cutting off access to data." The employee, who had access to HackerOne systems between April 4 and June 23, 2022, for triaging vulnerability disclosures associated with different customer programs, has since been terminated by the San Francisco-headquartered company as of June 30. Calling the incident as a "clear violation" of its values, culture, policies, and employment contracts, HackerOne said it was alerted to the breach on June 22 by an unnamed customer, which asked it to "investigate a suspicious vulnerabi...

Last year, Uber received an email from an anonymous person demanding money in exchange for the stolen user database. It turns out that a 20-year-old Florida man, with the help of another, breached Uber's system last year and was paid a huge amount by the company to destroy the data and keep the incident secret. Just last week, Uber announced that a massive data breach in October 2016 exposed personal data of 57 million customers and drivers and that it paid two hackers $100,000 in ransom to destroy the information. However, the ride-hailing company did not disclose identities or any information about the hackers or how it paid them. Now, two unknown sources familiar with the incident have told Reuters that Uber paid a Florida man through HackerOne platform, a service that helps companies to host their bug bounty and vulnerability disclosure program. So far, the identity of the Florida man was unable to be obtained or another person who helped him carry out the hack. ...

The problem is simple: all breaches start with initial access, and initial access comes down to two primary attack vectors – credentials and devices. This is not news; every report you can find on the threat landscape depicts the same picture.  The solution is more complex. For this article, we'll focus on the device threat vector. The risk they pose is significant, which is why device management tools like Mobile Device Management (MDM) and Endpoint Detection and Response (EDR) are essential components of an organization's security infrastructure. However, relying solely on these tools to manage device risk actually creates a false sense of security. Instead of the blunt tools of device management, organizations are looking for solutions that deliver device trust . Device trust provides a comprehensive, risk-based approach to device security enforcement, closing the large gaps left behind by traditional device management solutions. Here are 5 of those limitations and how to ov...

The " Hack the Pentagon " bug bounty program by the United States Department of Defense (DoD) has been successful with more than 100 vulnerabilities uncovered by white hat hackers in Pentagon infrastructure. In March, the Defense Department launched what it calls " the first cyber Bug Bounty Program in the history of the federal government, " inviting hackers to take up the challenge of finding bugs in its networks and public faced websites that are registered under DoD. Around 1,400 whitehat (ethical) hackers participated in the Hack the Pentagon program and were awarded up to $15,000 for disclosures of the most destructive vulnerabilities in DoDs networks, Defense Secretary Ashton Carter said at a technology forum on Friday. "They are helping us to be more secure at a fraction of the cost," Carter said . "And in a way that enlists the brilliance of the white hatters, rather than waits to learn the lessons of the black hatters." ...