Malware, Network Security, Threat Management, Vulnerability Management

Google to offer up to 20K prize for bug finds

April 25, 2012

Google has significantly increased its finder's fee for vulnerability researchers. The web giant announced Monday that it is now offering $20,000 for bugs that could permit code execution on its production systems; $10,000 for flaws that can lead to issues like SQL injection, information disclosure and authorization bypass; and up to $3,133.70 for identifying cross-site scripting and cross-site request forgery weaknesses in applications. For less critical vulnerabilities, researchers will be paid based on the level of risk to users. Google's bug bounty program formally was launched roughly two years ago and rewards individuals who find security defects in Chrome, Google, YouTube, Wallet, among other properties.

An In-Depth Guide to Network Security

Get essential knowledge and practical strategies to fortify your network security.

Learn More

Dan Kaplan

North Korea hacking concept of a computer keyboard and a key painted with the North Korean flag

Threat Intelligence

Novel OtterCookie malware added to Contagious Interview attack arsenal

SC StaffDecember 27, 2024

BleepingComputer reports that intrusions with the new OtterCookie malware and its updated iteration have been launched by North Korean threat actors against software developers as part of the Contagious Interview campaign, which initially involved the deployment of the BeaverTail and InvisibleFerret payloads.

IoT

Vulnerable devices subjected to ongoing attacks with updated Mirai botnet

SC StaffDecember 26, 2024

BleepingComputer reports that intrusions involving a new Mirai-based botnet have been targeting Teltonika RUT9XX routers impacted by the CVE-2018-17532 flaw, TP-Link devices affected by CVE-2023-1389, and DigiEver DS-2105 Pro network video recorders with a yet-to-be patched remote code execution vulnerability as part of an attack campaign believed to have commenced in September.

Network Security

Novel BellaCiao malware variant launched by Charming Kitten

SC StaffDecember 26, 2024

Attacks with an updated C++ variant of the BellaCiao dropper malware dubbed "BellaCPP" have been deployed by Iranian state-backed threat operation Charming Kitten — also known as APT35, CharmingCypress, CALANQUE, Mind Sandstorm, TA453, Newscaster, and Yellow Garuda — to facilitate further payload delivery, according to The Hacker News.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news