Google told researcher 'Nice catch!' Then denied bug bounty for flaw it still hasn't fixed
EXCLUSIVE 'Working as intended' for the win … again
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
EXCLUSIVE 'Working as intended' for the win … again
Google paid researcher a tidy $55K bounty for its discovery
Google dumped io_uring after $1M in bug bounties A proof-of-concept program has been released to demonstrate a so-called monitoring "blind spot" in how some Linux antivirus and other endpoint protection tools use the kernel's io_uring interface.…
Chocolate Factory downgrades risk, citing the need for attacker access Overly permissive settings in Google Cloud's Document AI service could be abused by data thieves to break into Cloud Storage buckets and steal sensitive information.…
Chocolate Factory paid a record $12m in 2022 Bug hunters who found security holes in Google — and also responsibly disclosed details of those flaws to the Chocolate Factory — earned more than $12 million in bounty rewards in 2022, marking a record year for the corporation's Vulnerability Reward Programs (VRPs) in terms of payouts and number of vulnerabilities found and fixed.…
Also, hackers publish RaidForum user data, Google's $180k Chrome bug bounty, and this week's vulnerabilities infosec in brief Japanese automaker Toyota is again apologizing for spilling customer records online due to a misconfigured cloud environment – the same explanation it gave when the same thing happened a couple of weeks ago. It's like a pattern.…
Also, a phishing gang goes Royal, while another employee at Snowden's old haunt gets caught nabbing data In brief A security researcher whose Google Pixel battery died while sending a text is probably thankful for the interruption - powering it back up led to a discovery that netted him a $70,000 bounty from Google for a lock screen bypass bug.…
Will it be enough to prevent the next software supply-chain attack? Google has created a bug bounty program that will reward those who find and report vulnerabilities in its open-source projects, thereby hopefully strengthening software supply-chain security.…
Another $13.7m handed out to researchers, but then again it does have an awful lot of attack surfaces Microsoft appears to have beat Google on the bug bounty front, with $13.7 million in rewards spread out over 335 researchers.…
Disclosing exploits, however, will earn you $100k Simply finding vulnerabilities and patching them "is totally useless," according to Google's Eduardo Vela, who heads the cloud giant's product security response team.…