Windows 11 Snipping Tool privacy bug exposes cropped image content


A severe privacy flaw named 'acropalypse' has also been found to affect the Windows Snipping Tool, allowing people to partially recover content that was edited out of an image. [...]


https://www.bleepingcomputer.com/news/mi...e-content/

Microsoft: Defender update behind Windows LSA protection warnings


Microsoft says the KB5007651 Microsoft Defender Antivirus update triggers Windows Security warnings on Windows 11 systems saying that Local Security Authority (LSA) Protection is off. [...]


https://www.bleepingcomputer.com/news/mi...-warnings/

Windows 10 KB5023773 preview update released with 10 fixes

Microsoft has released the optional KB5023773 Preview cumulative update for Windows 10 20H2, Windows 10 21H2, and Windows 10 22H2, with ten fixes for various issues. [...]


https://www.bleepingcomputer.com/news/mi...-10-fixes/

Q&A with Flickr’s Senior Engineering Manager Alex Seville

As of November 2018, Flickr has been running its first independent bug bounty program, maintaining an average resolution time of just 4 days in the first month. We sat down with Flickr Senior Engineering Manager Alex Seville to learn more about his team’s commitment to working with the hacker community, how it fits into Flickr’s larger cybersecurity strategy, and what’s to come.


https://www.hackerone.com/application-se...ex-seville

Hacktivity Disclosure for Private Programs

With over 6,000 reports that have been disclosed on Hacktivity, we’re proud to announce that we’re launching Disclosure for Private Programs. Vulnerability reports can now be disclosed within a private program.


https://www.hackerone.com/ethical-hacker...e-programs

Grammarly’s Bug Bounty Program Goes Public: Q&A with VP of Engineering Joe Xavier

It’s been over a year since Grammarly launched its first bug bounty program on HackerOne. It’s been a private, invite-only program ever since. That is, until today! We sat down with the company’s VP of Engineering Joe Xavier to learn more about how the newly public bug bounty program fits into the team’s overall security strategy, what it’s like working with hackers, and any advice for other organizations considering the bug bounty model.


https://www.hackerone.com/company-news/g...joe-xavier

GitLab’s Public Bug Bounty Program Kicks Off: Q&A with GitLab’s Kathy Wang & Jam

Today, GitLab is launching their first public bug bounty program. After running a private bug bounty program and public vulnerability disclosure program (VDP) on HackerOne for over a year, the company resolved nearly 250 vulnerabilities thanks to the over 100 participating hackers. We sat down with GitLab's Director of Security Kathy Wang and Senior Application Security Engineer James Ritchey to dive into the evolution of GitLab's program over time, their decision to go public with their program, and how leveraging HackerOne's community has helped to find and fix security issues quickly.


https://www.hackerone.com/vulnerability-...wang-james

Oath’s Big Year of Bug Bounties Capped off with NYC Live Hacking Event

In 2018, Oath has received over 1,900 valid vulnerabilities through its private bug bounty program, over 300 of which were high or critical severity. Big numbers mean big rewards — Oath has paid $5 million in bounties in 2018. It’s been a record year, including four live hacking events all over the world — Goa, San Francisco, Argentina, and a 2018 finale live hacking event in New York City on November 27-29.


https://www.hackerone.com/ethical-hacker...king-event

More Hackers Means Less To Worry About

With enough hackers, all security vulnerabilities are shallow. There is no better way to know the security of your systems than inviting a diverse community to report your weaknesses. On behalf of grateful customers, we have awarded over $42M in rewards to the do-gooders — the hackers. We will end 2018 with a business that has grown 10X in just 3 years.


https://www.hackerone.com/ceo/more-hacke...orry-about

Your First 90 Days as Security Lead, Part 1: Building Your Security Foundation

You’ve just been named the new security lead for your organization. You probably have many projects swirling through your mind, like addressing a critical issue, benchmarking your organization against peers, or developing a broad plan. This two-part blog series details best practices for developing your program and the key steps to take during the first three months in your new role.


https://www.hackerone.com/vulnerability-...foundation