1693494422271

BugBounter Cybersecurity Newsletter | August 2023

BugBounter Cybersecurity Newsletter | August 2023

Hello there,

Check out this month’s cybersecurity newsletter for getting updated in no time.

Stats from BugBounter

Check out the distribution of the vulnerabilities and their severities on BugBounter.

Top Vulnerabilities Identified on BugBounter in August 2023

The data above shows that information leakage, business logic, and IDOR require attention for a strong cybersecurity posture (BugBounter data between 1-31 August, 2023).

Distribution of Severity (CVSS) of the Reports in August 2023

High and Medium risk findings predominate, constituting over 75% of identified issues. Prioritizing these vulnerabilities is crucial for robust cybersecurity (BugBounter data between 1-31 August, 2023).

August 2023 Threat Landscape: Explained Briefly

BugBounter sheds light on the current cybersecurity landscape in August 2023. Explore the latest cybersecurity incidents from around the world, based on real-time cybersecurity news. Read the article.

Keep Your Business with BugBounter Cybersecurity Tips

CISO

Bug bounties provide real-world testing, amplifying threat visibility and fortifying your digital airspace.

Researcher

Reward money is not our first motivation to find a vulnerability, but it definitely helps to stick to a program.

BugBounter

Bug bounties offer effortless and effective vulnerability detection. Elevate protection with user-friendly testing.

Read the Latest BugBounter Cybersecurity Articles

The Human Element in Cybersecurity: Archiving the Tech-Awareness Balance

Discover the pivotal role of human expertise in cybersecurity testing. Striking the tech-awareness balance for robust cyber defenses. Read here.

Elevating eCommerce Security: Navigating the Digital Landscape

Elevate eCommerce security with BugBounter’s bug bounty platform. Uncover the power of human expertise in cybersecurity. Read here.

Thank You for Reading

BugBounter invests in human intelligence as a cybersecurity for companies, regardless of their industries and sizes. Go to our Solutions page for learning more.

Bir başlık ekleyin (1500 × 845 piksel)

BugBounter Newsletter (July 2023)

BugBounter Newsletter (July 2023)

Hello, check out the BugBounter Cybersecurity Newsletter July 2023 edition for getting updated in second about the cybersecurity world and the BugBounter Platform.

Explained Briefly: Latest News & Threat Landscape

BugBounter explained the July 2023 cybersecurity threat landscape through the latest cybersecurity news.

Click here to get updated in seconds.

Updates from BugBounter

BugBounter’s First Customer in the US

BugBounter enters US market, closing deal with first customer, democratizing crowdsource cybersecurity for mid-market companies.

BugBounter Reaches 5.000 Followers

BugBounter celebrates 5,000 LinkedIn followers, grateful for social media amplifying the voice of our cybersecurity Platform and Community of cybersecurity experts.

The Power of Community

BugBounter’s bug bounty program’s budget exhausted in under 6 hours, showcasing the impressive speed of our Community of cybersecurity experts.

Tips for Your Company’s Cybersecurity: Human Intelligence

A trusted CISO, a cybersecurity researcher, we, as the BugBounter Team, have some tips for you to stay one step ahead of cyber criminals by leveraging the power of human intelligence.

CISO

“Invest in the training of employees, promote security culture to identify threats software may miss, like the phishing campaign detected by vigilant employees.”

Researcher

“Engage ethical hackers with expertise to uncover vulnerabilities automated tools miss, like the authorization bypass found through manual code review.”

BugBounter

“Choose a cybersecurity solution combining software and human intelligence for reliability, comprehensive threat detection, and reduced false results.”

Have You Seen Our LinkedIn Short Articles?

BugBounter posts daily short articles on LinkedIn to boost the cybersecurity awareness across companies. Click the thumbnails to read.

“BugBounter Explains Business Risks: Intellectual Property Theft Due to Cybersecurity Incidents”

What are the challenges companies face in terms of intellectual property theft, and what is at the stake for these companies?

Click here to read.

“BugBounter Explains #SalesTech: Cybersecurity Challenges and More”

SalesTech companies face unique challenges in safeguarding sensitive data. BugBounter explores the challenges SalesTech companies face everyday.

Click here to read.

Bir başlık ekleyin (1500 × 845 piksel) (1)

BugBounter Cybersecurity Newsletter (June 2023)

BugBounter Cybersecurity Newsletter (June 2023)

We hope you are doing well. Read the latest cybersecurity newsletter by BugBounter to stay updated about the cybersecurity world, keep your business secure, and reputation at its prime.

Updates from BugBounter

The New BugBounter Website Launch

The official BugBounter website has been renewed for the professionals and cybersecurity experts. Visit the new BugBounter website today, explore our cybersecurity solution and platform, designed for helping you keep your business secure and reputation at its prime. Click the button below to visit today.

If you’re reading this, that means you’ve already visited our new website. Keep exploring our website for more!

Updates from the Cybersecurity World

Data Breaches

  • MSI’s private code signing certificate was breached.
  • Western Digital exposed customer data.
  • Kodi had a breach compromising 400k user records.
  • FBI crackdown on Genesis Market led to 119 arrests.

Cyber-Attacks

  • Clop ransomware targets remote desktops.
  • Cyclops uses Go language for undetectable attacks.
  • Dark Pink APT conducts supply chain attacks.
  • China-Taiwan tensions fuel cyber-attacks.

Cybersecurity Tip for Your Company: “Why Human Intelligence Triumphs?”

From a CISO:

Amidst the ever-evolving cyber threats, embrace the power of human intelligence. Strategic planning, risk assessment, and adaptive decision-making are key strengths that humans possess. Proactive threat hunting, intuitive decision-making, and adaptive strategies set the human intelligence apart from AI and ML.

From a Cybersecurity Expert:

“AI and ML are valuable tools, but human intelligence is unmatched in detecting sophisticated attacks like APTs and social engineering. Trust in human expertise instead of algorithms to prevent zero-days, insider threats, and context-driven attacks.”

From BugBounter:

“Crowdsourced cybersecurity testing offers a diverse pool of cybersecurity experts for companies. Real-time human insights, creativity, and context provide superior value compared to algorithms alone.”

Cybersecurity Resources

Blog Post: “Customer Trust: How Crowdsourced Cybersecurity Testing Can Prevent the Loss?”

Customer Trust

The loss of customer trust due to inadequate cybersecurity measures is one of critical risks that often goes overlooked. Read this BugBounter Cybersecurity blog to learn more about how crowdsourced cybersecurity testing can prevent the loss.

Contact BugBounter today for learning more about cybersecurity solution and platform.

mail (21)

A Cyber Risk is not an April 1st Joke | BugBounter Newsletter (April 2023)

🏠 News from BugBounter

BugBounter is Now on Offensify

işbirliği

Two of the BugBounter’s cutting-edge cyber security solutions Bug Bounty and Red Team, are now available on the Offensify Cyber Security Marketplace for SME’s and enterprises. Head to Offensify now to check what we offer.

BugBounter Partnered with AlchemistAccelerator

Alchemist

Our company has partnered with Alchemist, the top US-based B2B accelerator, as we set our sights on the US market. With this partnership, we will gain the necessary resources and support to expand our reach and provide unparalleled cyber security solutions to our clients.

πŸ’‘ Cyber Security Tip

Launching a New App or Version

BugBounter x Offensify İş Birliği Gârselleri (1)

Not verifying the security of the new version a mobile/web application might be risky for both your organization’s reputation, and your customers’ trust in your business. Discover unknown vulnerabilities and avoid costly breaches by conducting a bug bounty program before launching your app. Enhance your reputation and encourage responsible disclosure by ethical hackers. Improve your security posture and stay ahead of the game.

Get a demo

πŸ’» Cyber Security Blog Post

Cyber Security in Technology and Software Industries (1)

Cyber Security in Technology & Software

Cyber security in technology and software is one of the hottest topics of our day. Read more to learn how bug bounty helps. Get a demo today.

mail (22)

We can do it!Β | BugBounter Newsletter (March 2023)

🏠 News from BugBounter

BugBounter Community Reported Vulnerabilities for Humanitarian Aid

After the earthquake that occurred last month, we made a global call to all ethical hackers, and invited them to the BugBounter Platform for voluntarily reporting the vulnerabilities in the digital assets of the NGOs sending help to the earthquake-affected regions. Thanks to the hard work of many ethical hackers, we were able to contribute to the cyber security of the organizations working for the earthquake victims.

The Cyber Security Call Supports the Career of Students in Turkey

In November 2022, we started a country-wide call to the university student clubs who’d be interested in starting to bug bounty, improve their ethical hacking skills, and earn rewards while doing it. Since then more than 20 university student clubs across Turkey answered our call, and joined the BugBounter Platform. But however, specializing in bug bounty is a process that required devotion, and does not happen overnight. Thanks to the mentorship they received from one of the top cyber security researchers on the BugBounter Platform, and their hard work, three students from the Istanbul Technical University Cyber Security Club submitted their first reports on the BugBounter Platform. Therefore, we are happy to announce that the BugBounter Community is developing solidly.

πŸ’‘ Cyber Security Tip: Donating as a Company

After the earthquake many companies and individuals decided to donate to the NGOs who send help to the disaster-affected areas. But it’s important to stay vigilant against the cyber criminals who want to manipulate transactions to redirect to donated funds to their account, or steal information of the donators. This month’s cyber security tip focuses on this matter:

Before donating to a disaster relief NGO, verify their legitimacy on their website and social media. Don’t click on links or download attachments in emails or social media messages. Use a secure payment gateway or donate directly on their site. Consider a virtual/low-limit credit card. Keep security software updated.

πŸ“„ Cyber Security Blog Post

cyber resilience

Stronger Cyber Resilience: How to Build it?

Stronger cyber resilience is essential for an organization’s capacity to respond effectively to a cyber attack and bounce back from the attack’s impacts with no or very little damage.

❓Need to know more?

The BugBounter Team and the global Community of more 3.500 cyber security researcher are 24/7 available on our diverse and flexible bug bounty platform. If you have questions about how can you discover the most critical bugs in your digital assets, or why should you discover them, contact us to get your questions answered today.

I Want to Know More

NEWSLETTER_JAN23_FINAL

New Year, New Me… And New Cyber Security Solutions | BugBounter Newsletter

🏑 News from BugBounter

2022 Reflections of our Team and Community

It is safe to say, both as a startup and a community, BugBounter made significant progress in 2022. From collaborating with new partners to growing our ethical hacker community through the events we held, we grew and learned so much. We’re looking forward to using what we’ve learned and experienced in 2022 to revolutionize the cyber security methods of today.


🌍 News from the Cyber Security World

“Twitter Denies Hacking Claims and Theft of 200 Million Users’ Email Address”

Twitter Inc. undertook a thorough investigation in response to recent media claims that the data of 200M Twitter users were being sold online, and the results suggest that there is no proof that the data that was recently sold was obtained by exploiting a flaw in the Twitter systems. (Source: Cyber Security News


“Britain’s Postal Service, Royal Mail Suffers Cyber Attack”

“An incident involving a cyber attack has caused severe service disruptions at Royal Mail, the British postal service and courier company. In the absence of any further details, it is not known what the nature of the incident was.” (Source: Cyber Security News)


πŸ’‘ Cyber Security Tip

This month BugBounter Team has a tip for your company to avoid cyber risks:

“It’s important to remember that cybersecurity is a constant battle. No single strategy will be able to protect you from malicious hackers foreverβ€”you have to keep up with them as they develop new techniques and improve on old ones. Be a better malicious hacker than the actual ones.”

πŸ“Œ BugBounter Blog

Cyber Security in Retail and eCommerce Industries

Retail and eCommerce companies are hot targets for the cyber criminals. What is the best way for them to protect their business and brand value, is bug bounty a convenient method for them?

Bugbounter_Newsletter_12-2022_ChristmasTheme

Where is Your Cyber Security Spirit? πŸŽ„ | BugBounter (December 2022)

πŸš€ BugBounter News

Microsoft Webinar on December 22: Don’t forget to registe
r

BugBounter presents the “Recap on Cyber 2022: Insights from Microsoft Digital Defense Report” webinar. The event will be held on December 22 at 14:00 / 2 PM (GMT+3). Our guest speaker will be Erdem Erdoğan from Microsoft Middle East and Africa HQ. The focus of the event will be the threat landscape of 2022, and key insights into good practices based on the “Digital Defense Report 2022” by Microsoft.

Register Here


Heavy Demand on Bug Bounty

We started a national bug bounty call in Turkey. The purpose of this call is to help young people who are eager to become cyber security professionals. Our Community Manager Salih and top researchers from our platform gather with student club members to inform them about bug bounty, and to share their experiences and stories as cyber security researchers. So far, our call was answered by many student clubs including Istanbul University and Middle East Technical University, and it keeps getting answers from many more.

🌍 News from the Cyber Security World

Cisco Warns of High-Severity Unpatched Flaw Affecting IP Phones Firmware

“Cisco has released a new security advisory warning of a high-severity flaw affecting IP Phone 7800 and 8800 Series firmware that could be potentially exploited by an unauthenticated attacker to cause remote code execution or a denial-of-service (DoS) condition.” (HackerNews)

Researchers Detail New Attack Method to Bypass Popular Web Application Firewalls

“A new attack method can be used to circumvent web application firewalls (WAFs) of various vendors and infiltrate systems, potentially enabling attackers to gain access to sensitive business and customer information.” (HackerNews)

πŸ‘©β€πŸ’» Blog Post of the Month

Let’s refresh our knowledge: “What is Open Bug Bounty?”

Open Bug Bounty is not bound to a time or researcher profile. It is open to public where anyone can contribute at any time.

πŸ’‘ Tips

Tip from Our Platform: “SQL Injections”

βœ”οΈ SQL injection vulnerabilities occur when requests sent to the web server can reach the database without being filtered.

βœ”οΈ For example, if the SQL requests that a person who wants to extract unauthorized data from the system writes in the input field can be run in the database, there is SQL Injection.

✍️ Sinem Şahin (Candidate Engineer at HAVELSAN).

mail (6)

We have so much to tell you πŸ€“ | BugBounter Newsletter (November 2022)

πŸš€ BugBounter News

BugBounter connects with the university student clubs in Turkey for bug bounty awareness πŸ”ŽπŸͺ²

Turkey is home to many cyber security talents. That’s why, as the BugBounter Team, we’re connecting with the university student clubs across Turkey to introduce them to bug bounty, and raise awareness to bug bounty as a great career path, and an efficient cyber security method. We’re doing this only in Turkey for now, but who knows what the future holds? πŸ‘€

BugBounter is sailing to the UK β›΅οΈπŸ‡¬πŸ‡§

Our CEO, Arif Gurdenli, was at the Fintech Talents Festival 2022 in London as the first step of introducing BugBounter to the UK market. We’re so excited meet the amazing people of the UK, and tell them how bug bounty can be the cyber security solution they need.

🌍 News from the Cyber Security World

FTX Says It May Have Been ‘Hacked’ as $600 Million in Crypto is Mysteriously Drained Overnight

“Hundreds of millions of dollars in funds were mysteriously siphoned out of the collapsing crypto exchange FTX on Friday, in what company executives have referred to as a potential hacking incident.

Already a company in a spectacular state of financial and reputational free fall, the once well-respected and heavily promoted cryptocurrency exchange issued a statement Friday that it was looking into a barrage of β€œabnormal” asset transfers sweeping through accounts. Subsequent analysis seemed to suggest that more than half a billion may have been stolen”, Gizmodo writes.

FTX Hack or Inside Job? Blockchain Experts Examine Clues and a β€˜Stupid Mistake’

“The beleaguered crypto exchange FTX suffered a $400 million hack over the weekend, and at least one blockchain expert says the clues are point to a high-level insider who committed an amateur misstep that might have inadvertently revealed their identity.

The attacker appears to have β€œhad access to all the cold wallet storages which he exploited,” Dyma Budorin, co-founder and chief executive of blockchain security auditing firm Hacken, said Monday in an interview with CoinDesk TV”, CoinDesk writes.

πŸ‘©β€πŸ’» Blog Posts of the Month

Startups are More Attractive to Hack When Funded

The more money startups raise, the more they’re likely to be targeted by malicious hackers. But why? Learn how BugBounter explains and helps.

Common Cyber Threats Digital Companies Face

Common cyber threats against digital companies have risen significantly in the last several years. BugBounter explains the 3 most common ones.

πŸ’‘ Tips

Tip from BugBounter

“Create a secondary email address. Use it for unimportant sites, one-time subscriptions, etc. Change the address by creating new ones as needed. Use strong hygiene rules for your primary (work) address to prevent SPAM and e-mail based attacks.”  

Tip from a Bounter

“Information disclosure vulnerabilities can arise in countless different ways, but these can broadly be categorized as follows:

1. Failure to remove internal content from public content.

2. Insecure configuration of the website and related technologies.

3. Flawed design and behavior of the application.”

Tip by Prajit Sindhkar, Cyber Security Researcher

Tip from a CISO

“Input validation can be the most important single source or prevention against many security vulnerabilities. For new projects, make this one of your fundamental criteria selecting  language/framework.  For existing projects, if your existing technology does not provide solid input validation, evaluate creating your own function and make sure to call it each time.”

mail (13)

What an October, huh? | BugBounter Newsletter (October 2022)

The BugBounter Team wishes a happy Cybersecurity Awareness Month!

πŸ“° Stay Updated with the Latest Cybersecurity News

Former Uber Security Chief Found Guilty of Data Breach Coverup

“A U.S. federal court jury has found former Uber Chief Security Officer Joseph Sullivan guilty of not disclosing a 2016 breach of customer and driver records to regulators and attempting to cover up the incident”, writes The Hacker News.

Hackers gain access to personal data of more than 290,000 hotel guests in Hong Kong

“More than 290,000 people are at risk of having their personal information leaked after staying at three hotels in Hong Kong, the city’s privacy watchdog has warned”, writes South China Morning Post.

πŸ§‘β€πŸ’» Stay Informed with This Month’s BugBounter Blogs

“How to Build a Cyber Security Culture”

Build a cyber security culture has become the norm for all organizations in all industries today. Read now to get the tips from BugBounter.

“Losing Reputation: Cyber Attack Tsunami”

Reputation management is a vital component of running a successful business, but a cyber-attack can ruin it irredeemably.

πŸ€“ Stay Secure with a Small Tip from BugBounter

Tip from BugBounter

“Think of VPN like a mask. While the pandemic restrictions continued, we were wearing masks to avoid being infected with the virus in crowded places. VPN can also be considered as a mask we wear to protect our device from unsecured devices when we connect to a public wireless network.” 

Tip from a CISO

“I recommend publishing your company Vulnerability Disclosure Program on either your own website or a platform. This is like an early warning system. Let security enthusiasts engage with you.”

Tip from a Bounter

“I love searching for business logic errors. They are there because most security people think automated tests find bugs – no, not these ones.”

🎧 Stay Inspired with a BugBounter Podcast

Podcast_Kare 03

Women in Cybersecurity

The 6th episode of BugBounter Webinar Series, “Women in Cybersecurity” focuses on the gender-related challenges in the cybersecurity industry. Guest speakers: Utku Sertlek (Datassist) and Confidence Staveley (CyberSafe Foundation). Listen here.

Happy Cybersecurity Awareness Month,

Can from the BugBounter Team

mail (16)

Hackers targeting financial services 😰 | BugBounter Newsletter (September 2022)

How was your summer?

πŸ“° NEWS TO STAY INFORMED

Hackers Repeatedly Targeting Financial Services in French-Speaking African Countries

Major financial and insurance companies located in French-speaking nations in Africa have been targeted over the past two years as part of a malicious campaign codenamed DangerousSavanna, writes The Hacker News.

GIFShell – New Attack Method That Allows Attackers to Steal Data Using Microsoft Teams GIFs

A cybersecurity consultant and pentester, Bobby Rauch recently discovered that threat actors are abusing Microsoft Teams by executing phishing attacks using a new attack technique known as GIFshell, writes Cyber Security News .

πŸ§‘β€πŸ’» BLOG POST OF THE MONTH

Why Would You Invest in Cybersecurity?

Why cybersecurity is crucial for today’s business world, and why should an investor invest in cybersecurity? Read our blog post to learn more.

πŸ€“ A TIP TO STAY SECURE

bb-01

Consider pentests like a yearly ordinary health checkup. They are ok but if you’re a grown-up person (organization) you’ll need specialists. Bug bounty experts prevent you from a sudden unexpected death (hack).

– The BugBounter Team

πŸ“… EVENTS

Upcoming Webinar: “Women in Cybersecurity”

women_in_CS_webinar_banner-1

BugBounter will be celebrating women empowerment, and women’s impact on the cybersecurity industry on September 22, Thursday at 13:00 (GMT +3); 12:00 (WAT)!

This month’s webinar is featuring Confidence Staveley from Nigeria, founder and executive director of CyberSafe Foundation, and Utku Sertlek from Turkey, chief technology officer of Datassist Payroll Services.

Register for your spot in the event today!