Netflix announced on Wednesday the launch of a public bug bounty program with rewards of up to $15,000, and Dropbox has made some changes to its vulnerability disclosure policy, promising not to sue researchers. Netflix has had a vulnerability disclosure policy for the past 5 years and a private bug bounty program since September 2016. ..
Tag : Vulnerabilities
Researchers at cybersecurity technology and services provider Digital Defense have identified another round of vulnerabilities affecting products from Zoho-owned ManageEngine. ManageEngine provides network, data center, desktop, mobile device, and security solutions to more than 40,000 customers, including three out of every five Fortune 500 company. Earlier this year, Digital Defense reported finding several potentially serious ..
German industrial giant Siemens has released security patches for several of its SIMATIC products, including some controllers and a mobile application. Organizations using SIMATIC products were informed by both Siemens and ICS-CERT this week of a denial-of-service (DoS) vulnerability that can be exploited by sending specially crafted PROFINET DCP packets to affected systems. The flaw, ..
AMD Chip Vulnerabilities to be Addressed Through BIOS Updates – No Performance Impact Expected After investigating recent claims from a security firm that its processors are affected by more than a dozen serious vulnerabilities, chipmaker Advanced Micro Devices (AMD) on Tuesday said patches are coming to address several security flaws in its chips. In its ..
Many oil and gas companies in the Middle East reported suffering at least one serious security incident in the past year, according to a study conducted by Ponemon Institute on behalf of German industrial giant Siemens. Nearly 200 individuals responsible for overseeing cybersecurity risk in oil and gas companies in the Middle East have taken ..
Another cybersecurity firm has independently confirmed some of the AMD processor vulnerabilities discovered by Israel-based CTS Labs, but the controversial disclosure has not had a significant impact on the value of the chip giant’s stock. CTS Labs last week published a brief description of 13 allegedly critical vulnerabilities and backdoors found in EPYC and Ryzen ..
A cyberespionage group believed to be operating out of Russia hijacked a Cisco router and abused it to obtain credentials that were later leveraged in attacks targeting energy companies in the United Kingdom, endpoint security firm Cylance reported on Friday. The United States last week announced sanctions against Russian spy agencies and more than a ..
Cisco Meraki, a provider of cloud-managed IT solutions, announced last week the launch of a public bug bounty program with rewards of up to $10,000 per vulnerability. Cisco Meraki, which resulted from Cisco’s acquisition of Meraki in late 2012, started with a private bug bounty program on the Bugcrowd platform. The private program led to ..
Git repository hosting service GitHub paid a total of $166,495 in rewards in 2017 to security researchers reporting vulnerabilities as part of its four year old bug bounty program. Total payouts more than doubled compared to the $81,700 paid in 2016 and were nearly equal to the total bounties paid during the first three years ..
VMware informed customers on Thursday that it has patched a denial-of-service (DoS) vulnerability in its Workstation and Fusion products. Details of the flaw and proof-of-concept code have been made public. In its advisory, VMware said the vulnerability affects Workstation 12.x and 14.x on all platforms, and Fusion 8.x and 10.x on OS X. Patches are ..