Windows, Ubuntu, and VMWare Workstation hacked on last day of Pwn2Own


On the third day of the Pwn2Own hacking contest, security researchers were awarded $185,000 after demonstrating 5 zero-day exploits targeting Windows 11, Ubuntu Desktop, and the VMware Workstation virtualization software. [...]


https://www.bleepingcomputer.com/news/se...f-pwn2own/

Russia’s Rostec allegedly can de-anonymize Telegram users


Russia's Rostec has reportedly bought a platform that allows it to uncover the identities of anonymous Telegram users, likely to be used to tamp down on unfavorable news out of the country. [...]


https://www.bleepingcomputer.com/news/se...ram-users/

Inaudible ultrasound attack can stealthily control your phone, smart speaker


American university researchers have developed a novel attack which they named "Near-Ultrasound Inaudible Trojan" (NUIT) that can launch silent attacks against devices powered by voice assistants, like smartphones, smart speakers, and other IoTs. [...]


https://www.bleepingcomputer.com/news/se...t-speaker/

New Dark Power ransomware claims 10 victims in its first month


A new ransomware operation named 'Dark Power' has appeared, and it has already listed its first victims on a dark web data leak site, threatening to publish the data if a ransom is not paid. [...]


https://www.bleepingcomputer.com/news/se...rst-month/

Microsoft pushes OOB security updates for Windows Snipping tool flaw

Microsoft released an emergency security update for the Windows 10 and Windows 11 Snipping tool to fix the Acropalypse privacy vulnerability. [...]


https://www.bleepingcomputer.com/news/mi...tool-flaw/

What Years of AWS Hacking Tells Us About Building Secure Apps

Years of AWS bug bounties have exposed SSRF vulnerabilities, misconfigurations, and dangling DNS records. What can we learn from these vulnerabilities about mitigating risk?


https://www.hackerone.com/application-se...ecure-apps

LINE on Securing the Application Development Lifecycle with Bug Bounties

HackerOne has a large hacker community and the platform necessary to operate LINE’s bug bounty program. By using HackerOne’s platform and welcoming the community, LINE can increase operational efficiency. Through the partnership with HackerOne, we can share new bugs and learn from the vulnerability trends on the Platform while also getting a guide that helps us create a successful bug bounty program.


https://www.hackerone.com/application-se...g-bounties

5 Learnings From A Conversation With OP Financial Group's CISO And @mrtuxracer

On 20 January, HackerOne’s CEO, Marten Mickos, sat down for a chat with European hacker, Julien Ahrens a.k.a @mrtuxracer, and Teemu Ylhäisi, CISO at OP Financial Group. The discussion ranged from the recent SolarWinds attacks to the best way to prevent phishing. Here are our top takeaways from the webinar.


https://www.hackerone.com/application-se...mrtuxracer

Announcing The Hacker of The Hill




https://www.hackerone.com/ethical-hacker...acker-hill

2020 Hacker Community Year in Review

From CTF’s to virtual live hacking events and more, check out this recap of the initiatives HackerOne hosted for the hacker community in 2020.


https://www.hackerone.com/community-blog...ear-review