Found 16 bookmarks
Newest
Google Paid Out $10 Million via Bug Bounty Programs in 2023
Google Paid Out $10 Million via Bug Bounty Programs in 2023
Google on Tuesday announced that it paid out a total of $10 million through its bug bounty programs in 2023, bringing the total amount awarded by the tech giant for vulnerabilities found in its products since 2010 to $59 million. The total paid out in 2023 is less than the $12 million handed out in 2022, but it’s still a significant amount. The money was earned last year by 632 researchers from 68 countries. The highest single reward was $113,337.
#securityweek#EN#2024#Google#bugbounty#2023#paid
·securityweek.com·
Google Paid Out $10 Million via Bug Bounty Programs in 2023
How I Hacked the Dutch Government: Exploiting an Innocent Image for Remote Code Execution | by Mukund Bhuva
How I Hacked the Dutch Government: Exploiting an Innocent Image for Remote Code Execution | by Mukund Bhuva
I began my search for opportunities and stumbled upon a list of eligible websites for bug hunting at https://gist.github.com/R0X4R/81e6c50c091a20b060afe5c259b58cfa. This list became my starting…
#mukundbhuva#EN#2024#redteam#howto#CVE-2022–24816#hack#bugbounty#Netherlands#hack-description
·medium.com·
How I Hacked the Dutch Government: Exploiting an Innocent Image for Remote Code Execution | by Mukund Bhuva
Google Online Security Blog: Expanding our exploit reward program to Chrome and Cloud
Google Online Security Blog: Expanding our exploit reward program to Chrome and Cloud
In 2020, we launched a novel format for our vulnerability reward program (VRP) with the kCTF VRP and its continuation kernelCTF. For the first time, security researchers could get bounties for n-day exploits even if they didn’t find the vulnerability themselves. This format proved valuable in improving our understanding of the most widely exploited parts of the linux kernel. Its success motivated us to expand it to new areas and we're now excited to announce that we're extending it to two new targets: v8CTF and kvmCTF.
#googleblog#EN#2023#exploit#reward#program#bugbounty
·security.googleblog.com·
Google Online Security Blog: Expanding our exploit reward program to Chrome and Cloud
CVD, EU-DSGVO and revDSG - A personal responsible disclosure experience of a data breach in the Swiss cyber landscape in 2022/23
CVD, EU-DSGVO and revDSG - A personal responsible disclosure experience of a data breach in the Swiss cyber landscape in 2022/23
n late November 2022, a few days after ETH Alumni launched their new feature “Who is who” which allows them to look up and connect to other members, I came across a severe access control vulnerability. Without any authorization over the internet, it allowed extracting at least 35418 member profiles, including full name, postal address, nationality, title, graduation field, study start year, gender, profile picture and hashed passwords.
#andreaskuster#EN#2023#ETHZ#Zurich#bugbounty#blog#vulnerability#disclosure#CH
·andreaskuster.ch·
CVD, EU-DSGVO and revDSG - A personal responsible disclosure experience of a data breach in the Swiss cyber landscape in 2022/23
CVD, EU-DSGVO and revDSG - A personal responsible disclosure experience of a data breach in the Swiss cyber landscape in 2022/23
CVD, EU-DSGVO and revDSG - A personal responsible disclosure experience of a data breach in the Swiss cyber landscape in 2022/23
n late November 2022, a few days after ETH Alumni launched their new feature “Who is who” which allows them to look up and connect to other members, I came across a severe access control vulnerability. Without any authorization over the internet, it allowed extracting at least 35418 member profiles, including full name, postal address, nationality, title, graduation field, study start year, gender, profile picture and hashed passwords.
#andreaskuster#EN#2023#ETHZ#Zurich#bugbounty#blog#vulnerability#disclosure#CH
·andreaskuster.ch·
CVD, EU-DSGVO and revDSG - A personal responsible disclosure experience of a data breach in the Swiss cyber landscape in 2022/23
Turning Google smart speakers into wiretaps for $100k
Turning Google smart speakers into wiretaps for $100k
I was recently rewarded a total of $107,500 by Google for responsibly disclosing security issues in the Google Home smart speaker that allowed an attacker within wireless proximity to install a “backdoor” account on the device, enabling them to send commands to it remotely over the Internet, access its microphone feed, and make arbitrary HTTP requests within the victim’s LAN (which could potentially expose the Wi-Fi password or provide the attacker direct access to the victim’s other devices). These issues have since been fixed.
#downrightnifty#bugbounty#Google#Home#smart-speaker#responsible-disclosure#wiretaps
·downrightnifty.me·
Turning Google smart speakers into wiretaps for $100k
Turning Google smart speakers into wiretaps for $100k
Turning Google smart speakers into wiretaps for $100k
I was recently rewarded a total of $107,500 by Google for responsibly disclosing security issues in the Google Home smart speaker that allowed an attacker within wireless proximity to install a “backdoor” account on the device, enabling them to send commands to it remotely over the Internet, access its microphone feed, and make arbitrary HTTP requests within the victim’s LAN (which could potentially expose the Wi-Fi password or provide the attacker direct access to the victim’s other devices). These issues have since been fixed.
#downrightnifty#bugbounty#Google#Home#smart-speaker#responsible-disclosure#wiretaps
·downrightnifty.me·
Turning Google smart speakers into wiretaps for $100k
Google Online Security Blog: Vulnerability Reward Program: 2021 Year in Review
Google Online Security Blog: Vulnerability Reward Program: 2021 Year in Review
Last year was another record setter for our Vulnerability Reward Programs (VRPs). Throughout 2021, we partnered with the security researcher community to identify and fix thousands of vulnerabilities – helping keep our users and the internet safe.
#Google#reward#bugbounty#2021#vulnerabilities#data#report#EN
·security.googleblog.com·
Google Online Security Blog: Vulnerability Reward Program: 2021 Year in Review
Google Online Security Blog: Vulnerability Reward Program: 2021 Year in Review
Google Online Security Blog: Vulnerability Reward Program: 2021 Year in Review
Last year was another record setter for our Vulnerability Reward Programs (VRPs). Throughout 2021, we partnered with the security researcher community to identify and fix thousands of vulnerabilities – helping keep our users and the internet safe.
#Google#reward#bugbounty#2021#vulnerabilities#data#report#EN
·security.googleblog.com·
Google Online Security Blog: Vulnerability Reward Program: 2021 Year in Review
Google Online Security Blog: Vulnerability Reward Program: 2021 Year in Review
Google Online Security Blog: Vulnerability Reward Program: 2021 Year in Review
Last year was another record setter for our Vulnerability Reward Programs (VRPs). Throughout 2021, we partnered with the security researcher community to identify and fix thousands of vulnerabilities – helping keep our users and the internet safe.
#Google#reward#bugbounty#2021#vulnerabilities#data#report#EN
·security.googleblog.com·
Google Online Security Blog: Vulnerability Reward Program: 2021 Year in Review