Connect with us
X
Categories:

Technology

Bug Bounty Radar: November 2022’s newest bug bounty programs

Published

on

Bug Bounty Radar: August 2022's newest bug bounty programs
Share this post:

Last month two Italian security researchers revealed they had netted more than $46,000 in bug bounties after discovering a misconfiguration vulnerability in Akamai – despite receiving nothing from Akamai itself.

The exploit, which leveraged HTTP smuggling and hop-by-hop header abuse techniques, instead achieved payouts from several of the company’s customers. These included $25,200 from PayPal and rewards from Airbnb, Hyatt Hotels, Valve, Zomato, and Goldman Sachs.

In other payout news, researcher Saajan Bhujel bagged a $10,000 bounty from GitHub after finding a way to spoof the platform’s login interface. Bypassing HTML filtering in the MathJax display engine allowed him to inject form elements and change the website’s CSS, potentially fooling users into entering credentials into a fake login page.

Apple, meanwhile, has invited researchers to apply for the Apple Security Research Device Program, with applications open until the end of November.

Successful applications will receive a Security Research Device (SRD) – a specially-fused iPhone that allows iOS security research to be carried out without having to bypass its security features. Shell access is available, and researchers can run any tools, choose their own entitlements, and customize the kernel.

Apple has also revamped its ‘Apple Security Research’ website, with researchers now able to track bug reports via real-time status updates. The program has paid out nearly $20 million in bounties since launching 2.5 years ago.

Meanwhile, the Swiss National Cyber Security Centre (NCSC) has launched a private bug bounty program that involves probing the federal government’s web applications, APIs, and critical infrastructure.

Amazon’s new hardware-focused program, managed by HackerOne, is offering rewards ranging up to $25,00 for bugs in Fire, Echo, FireTV, Halo, Luna Controller, and Kindle devices, along with corresponding applications and firmware.

And finally, the US Department of Defense said it paid out a total of $75,000 in bounties for 648 bug reports submitted by 267 researchers during a hackathon that took place in July.

bigcommerce.com, and related iOS and Android apps.

Blend Labs

Program provider:
HackerOne

Program type:
Public

Max reward:
$5,000

Outline:
Blend Labs is a provider of cloud-based software for financial services firms in the US.

Notes:
Just one target is in scope – knox.beta.blendlabs.com – with blend.com not a viable target.

Critical bugs ordinarily fetch rewards of between $3,000-$4500, but submissions that “reflect an understanding of the platform and can describe the vulnerability and its impact and how to resolve it clearly and concisely” could net bounties of $5,000.

Stravito

Program provider:
Intigriti

Program type:
Public

Max reward:
Undisclosed

Outline:
The market research platform claims McDonalds, Electrolux, Comcast, and Carlsberg among its customers.

Notes:
Said Stravito founder and CEO Thor Olof Philogène: “Partnering with Intigriti, the leaders in this space, allows us to add an additional layer of stress testing to ensure we continue delivering the most robust and secure platform in our space.”

Swiss National Cybersecurity Centre

Program provider:
Bug Bounty Switzerland

Program type:
Private

Max reward:
Undisclosed

Outline:
The Swiss National Cybersecurity Centre (NCSC) is seeking submissions for bugs in the federal government’s web applications, APIs, and critical infrastructure.

Notes:
As previously reported by Daily Swig, the program follows a pilot project conducted in 2021 where ethical hackers probed IT systems of the Swiss parliament and Federal Department of Foreign Affairs for security vulnerabilities.

Other bug bounty and VDP news this month

  • HackerOne is expanding numbers of its ‘Hacker Success Managers’ to assist bug hunters, and has launched a new attack surface management platform, HackerOne Assets.
  • Bugcrowd is now a CVE numbering authority, and has also launched a program management platform to help customers coordinate pen test, bug bounty, VDP, and ASM assets.
  • European platform Intigriti has launched Hybrid Pentesting, which purports to combine the ‘pay-for-impact’ bug bounty model with the dedicated resourcing strategy of penetration testing.
  • YesWeHack has launched MyOpenVDP, a turnkey vulnerability disclosure program-hosting solution
  • Open Bug Bounty has surpassed the milestone of notching one million web security vulnerabilities (PDF) reported and patched eight years after the platform’s launch.


Get More Stories Like This On: Facebook: @AllNaijaEntertainment, Twitter: @AllNaijaEntertainment
Diya Can't Have Enough G-Wills
Music3 weeks ago

[Music] Diya – “Can’t Have Enough” Feat G-Wills

Email Newsletter Marketing Online Website
Technology4 weeks ago

The Vital Role of Email Fraud Detection Software

Roisea: Most Advanced Crypto Trading Platform for Bitcoin
Business1 month ago

The Role of Regulation in Crypto Investment: Navigating Legal Frameworks

Volatility in Commodities and How to Deal with It
Business2 months ago

Volatility in Commodities and How to Deal with It

Expanding Living Space
Lifestyle4 months ago

Expanding Living Space: Prefabricated Workshop Building Kits for Extra Rooms

BeBe Winans
Lyrics4 months ago

BeBe Winans – It All Comes Down to Love [Lyrics]

BeBe Winans
Music4 months ago

[Music] BeBe Winans – It All Comes Down to Love

The Countdown Begins to the Tournament That Has It All
ANE Football Analytical4 months ago

AFCON 2023: A Sporting Spectacle Set to Captivate the World

Litecoin: What Makes It The Crypto Winner?
Technology5 months ago

Runny Inflation Can Drive Cryptocurrency Adoption

Black and White French Bulldog puppies Frenchie Joy
Lifestyle6 months ago

Black and White French Bulldog puppies Frenchie Joy

3 Serious Reasons to Keep Your Teenager Away From Social Media
Lifestyle6 months ago

3 Serious Reasons to Keep Your Teenager Away From Social Media

Boxing vs MMA What Makes Them So Different
Sports7 months ago

Boxing vs MMA: What Makes Them So Different

Roisea: Most Advanced Crypto Trading Platform for Bitcoin
Technology7 months ago

NFTs and Intellectual Property Rights: Shaping Creative Ownership

The Birth of a Rugby Nation South Africas Love Affair with the Sport
Sports11 months ago

The Birth of a Rugby Nation: South Africa’s Love Affair with the Sport

A Beginner's Guide to Radicle (RAD): The Future of Peer-to-Peer Development
Technology12 months ago

A Beginner’s Guide to Radicle (RAD): The Future of Peer-to-Peer Development

Analysis of Nigeria's Renewable Energy Sector: Opportunities and Challenges
Technology1 year ago

Analysis of Nigeria’s Renewable Energy Sector: Opportunities and Challenges

Casino Gaming Poker
Sports1 year ago

What Are The Various Types Of Online Slots?

Luka Modric celebrates after scoring Real Madrid's second goal against Celta Vigo.
Sports1 year ago

Luka Modric set to join Ronaldo in Saudi Arabia’s Al Nassr

WHO World Health Organization
Health1 year ago

WHO debunks claims that tuberculosis is caused by witchcraft, poison

Atiku Abubakar
News1 year ago

2023 Election: Why DSS must arrest Fani-Kayode – Atiku

PDP Logo Umbrella
News1 year ago

PDP suspends National Chairman

The Pastor Daughter Story by Miriam Edem _ ANE Story
ANE Stories1 year ago

[STORY] THE PASTOR’S DAUGHTER (Final Episode 13)

The Pastor Daughter Story by Miriam Edem _ ANE Story
ANE Stories1 year ago

[STORY] THE PASTOR’S DAUGHTER (Episode 12)

The Pastor Daughter Story by Miriam Edem _ ANE Story
ANE Stories1 year ago

[STORY] THE PASTOR’S DAUGHTER (Episode 11)

The Pastor Daughter Story by Miriam Edem _ ANE Story
ANE Stories1 year ago

[STORY] THE PASTOR’S DAUGHTER (Episode 10)

The Pastor Daughter Story by Miriam Edem _ ANE Story
ANE Stories1 year ago

[STORY] THE PASTOR’S DAUGHTER (Episode 09)

The Pastor Daughter Story by Miriam Edem _ ANE Story
ANE Stories1 year ago

[STORY] THE PASTOR’S DAUGHTER (Episode 08)

The Pastor Daughter Story by Miriam Edem _ ANE Story
ANE Stories1 year ago

[STORY] THE PASTOR’S DAUGHTER (Episode 07)

The Pastor Daughter Story by Miriam Edem _ ANE Story
ANE Stories1 year ago

[STORY] THE PASTOR’S DAUGHTER (Episode 06)

The Pastor Daughter Story by Miriam Edem _ ANE Story
ANE Stories1 year ago

[STORY] THE PASTOR’S DAUGHTER (Episode 05)

The Pastor Daughter Story by Miriam Edem _ ANE Story
ANE Stories1 year ago

[STORY] THE PASTOR’S DAUGHTER (Episode 04)

The Pastor Daughter Story by Miriam Edem _ ANE Story
ANE Stories1 year ago

[STORY] THE PASTOR’S DAUGHTER (Episode 03)

The Pastor Daughter Story by Miriam Edem _ ANE Story
ANE Stories1 year ago

[STORY] THE PASTOR’S DAUGHTER (Episode 02)

The Pastor Daughter Story by Miriam Edem _ ANE Story
ANE Stories1 year ago

[STORY] THE PASTOR’S DAUGHTER (Episode 01)

The Pastor Daughter Story by Miriam Edem _ ANE Story
ANE Stories1 year ago

[STORY] THE PASTOR’S DAUGHTER (Complete Episodes)

Papa Loves His Girls by Opeyemi Ojerinde Akintunde_ANE Stories
ANE Stories1 year ago

[STORY] PAPA LOVES HIS GIRLS (Episode 16)

Papa Loves His Girls by Opeyemi Ojerinde Akintunde_ANE Stories
ANE Stories1 year ago

[STORY] PAPA LOVES HIS GIRLS (Episode 15)

Papa Loves His Girls by Opeyemi Ojerinde Akintunde_ANE Stories
ANE Stories1 year ago

[STORY] PAPA LOVES HIS GIRLS (Episode 14)

Papa Loves His Girls by Opeyemi Ojerinde Akintunde_ANE Stories
ANE Stories1 year ago

[STORY] PAPA LOVES HIS GIRLS (Episode 13)

Papa Loves His Girls by Opeyemi Ojerinde Akintunde_ANE Stories
ANE Stories1 year ago

[STORY] PAPA LOVES HIS GIRLS (Episode 12)

ANE Billboard Hots