More

    The Latest Bug Bounty Programs For December 2021

    Moving into conventional bug bounty payments, a URL parsing insect that made security researcher David Schütz greater than $10,000 in bug bounty benefits left an interior Google Shadow project available to server-side request forgery (SSRF) assaults.

    The most acceptable (and worst) methods for susceptibility disclosure were under the spotlight this month via an occasion held by Microsoft and a damning new report exploring the customer IoT community.

    Security experts offered praise, advice, and constructive objection about how the Microsoft Security Reaction Facility (MSRC) and security scientists handle vulnerability records throughout an online panel debate.

    Dr. Nestori Syynimaa, the elderly primary security researcher at Secureworks, recommended to his peers that determination sometimes settles, remembering one circumstance where an at first declined record eventually netted him $20,000 after he convinced MSRC to take a 2nd look into the issue.

    And Prevailing CTO Nate Warfield, an ex-MSRC staffer, actors Microsoft’s sometimes slow patching process in an understanding light: “You are discussing a community that is measured in billions of desktop computers and servers, so if something fails, the whole world is affected,” he said.

    Pwn2Own Austin 2021 produced several lucrative “CVSS 10-level insects” (critical vulnerabilities) inning accordance with Brian Gorenc that goings up Pattern Micro’s No Day Effort (ZDI), organizer of the yearly hacking contest.

    This year’s Masters of Pwn crown is most likely to French outfit Synacktiv, which pwned the Sonos One wise audio speaker and network-attached storage space (NAS) device from Western Electronic, to name a few types of equipment.

    Total payments surpassed $1 million for bugs that consisted of 61 unique zero-days.

    Together with TVs, routers, and home automation devices, the 2021 version also saw the launching of a customer printer category.

    “This issue seems like an industry-wide problem since various applications are parsing URLs based upon various specs,” Schütz informed The Everyday Swig, including that he’d “seen this obtaining fixed in items from various companies also.”

    Schütz made three separate Bug Bounty Programs after bypassing the initial fix and finding that previous variations of a proxy application containing an accessibility token required for exploitation were still working.

    A worrying susceptibility in Google’s GSuite going back to 2018 made the information after the security researcher found the defect launched report as a section of a broader project to review his previously Google and Microsoft bug-hunting ventures.

    The long-since-covered susceptibility, which enabled assailants to include themselves as very admins on any organization’s account, made Cameron Vincent a bounty under Google’s Susceptibility Reward Program.

    On the other hand, scientist Ashish Dhone made a $1,000 Bug Bounty Program reward for the exploration of a cross-site scripting (XSS) susceptibility that enabled assailants to run approximate JavaScript code on Chrome’s ‘New Tab’ web page.

    The assailant could use the bug by sending out an HTML file to the sufferer which contains a cross-site request forgery (CSRF), which sends out a harmful JavaScript code snippet as a browse inquiry to Google.

    When the user opens the file, the CSRF manuscript runs, and the inquiry is kept in the browser’s browse background. When the user opens a New Tab Web page and clicks on the Google browse bar, the harmful code is set off.

    Finally, IoT research from UK security firm Copper Equine has revealed that nearly four of 5 IoT customer suppliers still show up to lack a susceptibility disclosure program (VDP).

    Released by the IoT Security Structure, the record also found that one in 3 VDPs cannot offer coordinated susceptibility disclosure. Scientists are openly attributed, associated with patching bugs, and permitted to reveal defects post-remediation.

    Also read about How To Find Or Reset Your Wi-Fi Password when You Forgot It.

    The latest Bug Bounty Programs for December 2021

    The previous month saw the arrival of several new bug bounty programs. Here is a listing of the latest entries:

    Agric Bug Bounty Program

    Program provider:

    HackerOne

    Program kind:

    Public

    Max reward:

    $5,000

    Outline:

    Agric is a JavaScript-based wise contract platform that improved the Universes SDK.

    Keeps in mind:

    Agric includes a $250 Mainnet 1 bonus to every legitimate bug while dealing with the next phase of the general public mainnet rollout.

    Check out the Agoric Bug Bounty web page at HackerOne for more information.

    Bitrue Bug Bounty Program

    Bitrue bug bounty program

    Program provider:

    HackenProof

    Program kind:

    Public

    Max reward:

    $1,500

    Outline:

    Bitrue is a cryptocurrency trade whose supposed objective is to use the blockchain and new technologies to assist users worldwide access advanced monetary solutions.

    Keep in mind:

    Four possessions remain in range, consisting of bitrue.com, the Bitrue API, and the Android and iOS applications.

    Check out the Bitrue Bug Bounty web page at HackenProof for more information.

    Bluehost Bug Bounty Program

    Program provider:

    Bugcrowd

    Program kind:

    Public

    Max reward:

    $2,500

    Outline:

    Powering countless websites, Bluehost is just one of the biggest service companies of internet holding for WordPress.

    Keeps in mind:

    Four internet domain names remain in range, and critical bugs will attract benefits in the range of $2,100 to $2,500.

    Boson Bug Bounty Program

    Boson bug bounty program

    Program provider:

    Independent

    Program kind:

    Public

    Max reward:

    Undisclosed

    Outline:

    Boson Procedure, decentralized facilities for enabling autonomous industrial exchanges of anything, is most interested in vulnerability records associated with its agreements repo and interface that could mean users shed access to their funds.

    Keeps in mind:

    “On the planet of DeFi where millions go to risk, accountable jobs put themselves for examination via their insect programs,” says Boson.

    Favorable Trade Bug Bounty Program

    Program provider:

    Bugcrowd

    Program kind:

    Public

    Max reward:

    $25,000

    Outline:

    Favorable Trade claims to be “an effective new exchange for electronic possessions that offers deep liquidity, automated market production, and industry-leading security.”

    Keeps in mind:

    Two domain names remain in the range: bugbounty.favorable.com and api.bugbounty.favorable.com.

    Club Bug Bounty Program

    Program provider:

    HackerOne

    Program kind:

    Public

    Max reward:

    $3,000

    Outline:

    Club, the audio-based chatroom application, is especially eager on hardening its applications versus security flaws leading to access control bypasses, escalation of consents, and disclosure of delicate user information.

    Keeps in mind:

    The club said: “While lots of bug bounty programs promise high benefits for catastrophic-level discoveries, our approach keeps the range-wide so we can address as lots of insects as feasible.”

    CoinDCX Bug Bounty Program

    CoinDCX bug bounty program

    Program provider:

    Bugcrowd

    Program kind:

    Public

    Max reward:

    $2,500

    Outline:

    CoinDCX, India’s most significant cryptocurrency trade, has invited bug seekers to probe its manufacturing systems for security flaws.

    Keeps in mind:

    The most significant benefits will be made for defects that enable attackers to compromise wallets, access various other users’ individual or financial information, or take out funds as a below account.

    Check out the CoinDCX bug bounty web page at Bugcrowd for more information.

    Kubernetes – Short-Term Bug Bounty Program

    Program provider:

    Google

    Program kind:

    Public

    Max reward:

    $50,337 (or $250,000 for ventures that work on Android)

    Outline:

    For a three-month duration wrapping up at completion of January 2022, Google is tripling payments for its CTF VRP, CTF facilities written in addition to Kubernetes.

    Keeps in mind:

    Google will pay $31,337 to security scientists that make use of privilege escalation in its laboratory environment with a covered susceptibility and $50,337 to those that take advantage of a formerly unpatched susceptibility or unique make use of the method.

    Horizon Bug Bounty Program

    horizen bug bounty program

    Program provider:

    HackerOne

    Program kind:

    Public

    Max reward:

    $10,000

    Outline:

    Horizon is described as “the zero-knowledge-enabled network of blockchains,” sustained by its Zendoo sidechain technology enabling businesses and developers to develop their public or private blockchains.

    Keeps in mind:

    The Zen Blockchain Structure, which handles the Horizen community, offers $1,000 for ‘medium’ seriousness insects, $3,000 for ‘big’ seriousness problems, and $10,000 for ‘critical’ susceptibilities.

    Openware Bug Bounty Program

    Program provider:

    HackenProof

    Program kind:

    Public

    Max reward:

    $5,000

    Outline:

    Openwave, a San Francisco-based designer of blockchain facilities and fintech jobs, is offering between $3,000 and $5000 for susceptibilities that it considers critical.

    Keeps in mind:

    A solitary possession remains in the range: yellow.com, an electronic possession trade system.

    Vend by Lightspeed Bug Bounty Program

    Program provider:

    HackerOne

    Program kind:

    Public

    Max reward:

    $6,250

    Outline:

    Vend by Lightspeed, a point-of-sale, stock management, and ecommerce system targeted at sellers, has five possessions in range.

    Keeps in mind:

    The supplier pays between $2,500 and $6,250 for critical bugs, and $750 and $2,000 for ‘high’ seriousness defects.

    Check out the Vend by Lightspeed Bug Bounty web page at HackerOne for more information.

    Recent Articles

    spot_img

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox