Eric Wenger, Cisco’s Senior Director, Technology Policy, Global Government Affairs, joins Dave to discuss the issue of global network resilience. Ben’s story follows a Twitter thread that is looking at a new case involving cell phone searches at the border. Dave’s got the story of the EU passing a draft law, intended to restrict and add transparency requirements to the use of artificial intelligence (AI) in the twenty-seven-member bloc. Read More
Two sets of China-linked cyberespionage activities. Mirai’s new vectors. A Cozy Bear sighting. Anonymous Sudan gets less anonymous.
An update on Barracuda ESG exploitation. Camaro Dragon’s current cyberespionage tools spread through infected USB drives. The Mirai botnet is spreading through new vectors. Midnight Blizzard is out and about . Ukraine is experiencing a “wave” of cyberattacks during its counteroffensive. Karen Worstell from VMware shares her experience with technical debt. Rick Howard speaks with CJ Moses, CISO of Amazon Web Services. And Anonymous Sudan turns out to be no more anonymous or Sudanese than your Uncle Louie. Read More
Microsoft Defender Bounty Program: Rewards up to $20,000 USD
Microsoft has launched the Defender Bounty Program, which aims to improve the security of its customers’ experience by incentivizing researchers with rewards of up to USD 20,000.
Through this program, Microsoft encourages researchers to identify security vulnerabilities in its Defender suite of products, which includes anti-virus, endpoint protection, and cloud security services.
By working collaboratively with the security research community, Microsoft aims to identify and address potential security issues before they can be exploited by malicious actors.
Researchers from worldwide are invited to participate in the Microsoft Defender Bounty Program to find vulnerabilities in Defender services and products.
Over time, the Defender program will grow to include additional products under the Defender brand. Initially, it will only focus on Microsoft Defender for Endpoint APIs. Submissions that meet the requirements can earn bounty payments ranging from $500 to USD 20,000.
The main aim of this program is to uncover the significant vulnerabilities by using some criteria for bounty awards:
Identify a vulnerability in listed in-scope Defender products that was not previously reported to, or otherwise known by, Microsoft.
Such vulnerability must be of critical or important severity and reproducible on the latest, fully patched version of the product or service.
Include clear, concise, and reproducible steps in writing or video format.
Provide our engineers with the information necessary to quickly reproduce, understand, and fix the issue.
To evaluate researchers’ submissions more swiftly, Microsoft asks that they include the following information:
Submit through the MSRC Researcher Portal.
Indicate in the vulnerability submission which high-impact scenario (if any) your report qualifies for.
In the upcoming webinar, Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Products at Indusface demonstrate how APIs could be hacked. The session will cover: an exploit of OWASP API Top 10 vulnerability, a brute force account take-over (ATO) attack on API, a DDoS attack on an API, how a WAAP could bolster security over an API gateway
Awards:
Listed by severity range
Rules of Participation
Any Denial of Service testing.
Testing services that produce large volumes of traffic automatically.
Attempting to deceive others, including our staff, using phishing or other social engineering techniques. This program’s scope is restricted to technical flaws in the designated Microsoft Online Services.
Experience how StorageGuard eliminates the security blind spots in your storage systems by trying a 14-day free trial.
U.S. Sanctions 3 Cryptocurrency Exchanges for Helping Russia Evade Sanctions
[[{“value”:”The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned three cryptocurrency exchanges for offering services used to evade economic restrictions imposed on Russia following its invasion of Ukraine in early 2022.
This includes Bitpapa IC FZC LLC, Crypto Explorer DMCC (AWEX), and Obshchestvo S Ogranichennoy Otvetstvennostyu Tsentr Obrabotki Elektronnykh Platezhey (“}]] Read More
The Hacker News | #1 Trusted Cybersecurity News Site