🏠 News from BugBounter

BugBounter is Now on Offensify

Two of the BugBounter’s cutting-edge cyber security solutions Bug Bounty and Red Team, are now available on the Offensify Cyber Security Marketplace for SME’s and enterprises. Head to Offensify now to check what we offer.

BugBounter Partnered with AlchemistAccelerator

Our company has partnered with Alchemist, the top US-based B2B accelerator, as we set our sights on the US market. With this partnership, we will gain the necessary resources and support to expand our reach and provide unparalleled cyber security solutions to our clients.

💡 Cyber Security Tip

Launching a New App or Version

Not verifying the security of the new version a mobile/web application might be risky for both your organization’s reputation, and your customers’ trust in your business. Discover unknown vulnerabilities and avoid costly breaches by conducting a bug bounty program before launching your app. Enhance your reputation and encourage responsible disclosure by ethical hackers. Improve your security posture and stay ahead of the game.

Get a demo

💻 Cyber Security Blog Post

Cyber Security in Technology & Software

Cyber security in technology and software is one of the hottest topics of our day. Read more to learn how bug bounty helps. Get a demo today.

🏠 News from BugBounter

BugBounter Community Reported Vulnerabilities for Humanitarian Aid

After the earthquake that occurred last month, we made a global call to all ethical hackers, and invited them to the BugBounter Platform for voluntarily reporting the vulnerabilities in the digital assets of the NGOs sending help to the earthquake-affected regions. Thanks to the hard work of many ethical hackers, we were able to contribute to the cyber security of the organizations working for the earthquake victims.

The Cyber Security Call Supports the Career of Students in Turkey

In November 2022, we started a country-wide call to the university student clubs who’d be interested in starting to bug bounty, improve their ethical hacking skills, and earn rewards while doing it. Since then more than 20 university student clubs across Turkey answered our call, and joined the BugBounter Platform. But however, specializing in bug bounty is a process that required devotion, and does not happen overnight. Thanks to the mentorship they received from one of the top cyber security researchers on the BugBounter Platform, and their hard work, three students from the Istanbul Technical University Cyber Security Club submitted their first reports on the BugBounter Platform. Therefore, we are happy to announce that the BugBounter Community is developing solidly.

💡 Cyber Security Tip: Donating as a Company

After the earthquake many companies and individuals decided to donate to the NGOs who send help to the disaster-affected areas. But it’s important to stay vigilant against the cyber criminals who want to manipulate transactions to redirect to donated funds to their account, or steal information of the donators. This month’s cyber security tip focuses on this matter:

Before donating to a disaster relief NGO, verify their legitimacy on their website and social media. Don’t click on links or download attachments in emails or social media messages. Use a secure payment gateway or donate directly on their site. Consider a virtual/low-limit credit card. Keep security software updated.

📄 Cyber Security Blog Post

Stronger Cyber Resilience: How to Build it?

Stronger cyber resilience is essential for an organization’s capacity to respond effectively to a cyber attack and bounce back from the attack’s impacts with no or very little damage.

❓Need to know more?

The BugBounter Team and the global Community of more 3.500 cyber security researcher are 24/7 available on our diverse and flexible bug bounty platform. If you have questions about how can you discover the most critical bugs in your digital assets, or why should you discover them, contact us to get your questions answered today.

I Want to Know More

🏡 News from BugBounter

2022 Reflections of our Team and Community

It is safe to say, both as a startup and a community, BugBounter made significant progress in 2022. From collaborating with new partners to growing our ethical hacker community through the events we held, we grew and learned so much. We’re looking forward to using what we’ve learned and experienced in 2022 to revolutionize the cyber security methods of today.

🌍 News from the Cyber Security World

“Twitter Denies Hacking Claims and Theft of 200 Million Users’ Email Address”

Twitter Inc. undertook a thorough investigation in response to recent media claims that the data of 200M Twitter users were being sold online, and the results suggest that there is no proof that the data that was recently sold was obtained by exploiting a flaw in the Twitter systems. (Source: Cyber Security News

“Britain’s Postal Service, Royal Mail Suffers Cyber Attack”

“An incident involving a cyber attack has caused severe service disruptions at Royal Mail, the British postal service and courier company. In the absence of any further details, it is not known what the nature of the incident was.” (Source: Cyber Security News)

💡 Cyber Security Tip

This month BugBounter Team has a tip for your company to avoid cyber risks:

“It’s important to remember that cybersecurity is a constant battle. No single strategy will be able to protect you from malicious hackers forever—you have to keep up with them as they develop new techniques and improve on old ones. Be a better malicious hacker than the actual ones.”

📌 BugBounter Blog

Cyber Security in Retail and eCommerce Industries

Retail and eCommerce companies are hot targets for the cyber criminals. What is the best way for them to protect their business and brand value, is bug bounty a convenient method for them?

🚀 BugBounter News

Microsoft Webinar on December 22: Don’t forget to register

BugBounter presents the “Recap on Cyber 2022: Insights from Microsoft Digital Defense Report” webinar. The event will be held on December 22 at 14:00 / 2 PM (GMT+3). Our guest speaker will be Erdem Erdoğan from Microsoft Middle East and Africa HQ. The focus of the event will be the threat landscape of 2022, and key insights into good practices based on the “Digital Defense Report 2022” by Microsoft.

Register Here

Heavy Demand on Bug Bounty

We started a national bug bounty call in Turkey. The purpose of this call is to help young people who are eager to become cyber security professionals. Our Community Manager Salih and top researchers from our platform gather with student club members to inform them about bug bounty, and to share their experiences and stories as cyber security researchers. So far, our call was answered by many student clubs including Istanbul University and Middle East Technical University, and it keeps getting answers from many more.

🌍 News from the Cyber Security World

Cisco Warns of High-Severity Unpatched Flaw Affecting IP Phones Firmware

“Cisco has released a new security advisory warning of a high-severity flaw affecting IP Phone 7800 and 8800 Series firmware that could be potentially exploited by an unauthenticated attacker to cause remote code execution or a denial-of-service (DoS) condition.” (HackerNews)

Researchers Detail New Attack Method to Bypass Popular Web Application Firewalls

“A new attack method can be used to circumvent web application firewalls (WAFs) of various vendors and infiltrate systems, potentially enabling attackers to gain access to sensitive business and customer information.” (HackerNews)

👩‍💻 Blog Post of the Month

Let’s refresh our knowledge: “What is Open Bug Bounty?”

Open Bug Bounty is not bound to a time or researcher profile. It is open to public where anyone can contribute at any time.

💡 Tips

Tip from Our Platform: “SQL Injections”

✔️ SQL injection vulnerabilities occur when requests sent to the web server can reach the database without being filtered.

✔️ For example, if the SQL requests that a person who wants to extract unauthorized data from the system writes in the input field can be run in the database, there is SQL Injection.

✍️ Sinem Şahin (Candidate Engineer at HAVELSAN).

🚀 BugBounter News

BugBounter connects with the university student clubs in Turkey for bug bounty awareness 🔎🪲

Turkey is home to many cyber security talents. That’s why, as the BugBounter Team, we’re connecting with the university student clubs across Turkey to introduce them to bug bounty, and raise awareness to bug bounty as a great career path, and an efficient cyber security method. We’re doing this only in Turkey for now, but who knows what the future holds? 👀

BugBounter is sailing to the UK ⛵️🇬🇧

Our CEO, Arif Gurdenli, was at the Fintech Talents Festival 2022 in London as the first step of introducing BugBounter to the UK market. We’re so excited meet the amazing people of the UK, and tell them how bug bounty can be the cyber security solution they need.

🌍 News from the Cyber Security World

FTX Says It May Have Been ‘Hacked’ as $600 Million in Crypto is Mysteriously Drained Overnight

“Hundreds of millions of dollars in funds were mysteriously siphoned out of the collapsing crypto exchange FTX on Friday, in what company executives have referred to as a potential hacking incident.

Already a company in a spectacular state of financial and reputational free fall, the once well-respected and heavily promoted cryptocurrency exchange issued a statement Friday that it was looking into a barrage of “abnormal” asset transfers sweeping through accounts. Subsequent analysis seemed to suggest that more than half a billion may have been stolen”, Gizmodo writes.

FTX Hack or Inside Job? Blockchain Experts Examine Clues and a ‘Stupid Mistake’

“The beleaguered crypto exchange FTX suffered a $400 million hack over the weekend, and at least one blockchain expert says the clues are point to a high-level insider who committed an amateur misstep that might have inadvertently revealed their identity.

The attacker appears to have “had access to all the cold wallet storages which he exploited,” Dyma Budorin, co-founder and chief executive of blockchain security auditing firm Hacken, said Monday in an interview with CoinDesk TV”, CoinDesk writes.

👩‍💻 Blog Posts of the Month

Startups are More Attractive to Hack When Funded

The more money startups raise, the more they’re likely to be targeted by malicious hackers. But why? Learn how BugBounter explains and helps.

Common Cyber Threats Digital Companies Face

Common cyber threats against digital companies have risen significantly in the last several years. BugBounter explains the 3 most common ones.

💡 Tips

Tip from BugBounter

“Create a secondary email address. Use it for unimportant sites, one-time subscriptions, etc. Change the address by creating new ones as needed. Use strong hygiene rules for your primary (work) address to prevent SPAM and e-mail based attacks.”  

Tip from a Bounter

“Information disclosure vulnerabilities can arise in countless different ways, but these can broadly be categorized as follows:

1. Failure to remove internal content from public content.

2. Insecure configuration of the website and related technologies.

3. Flawed design and behavior of the application.”

Tip by Prajit Sindhkar, Cyber Security Researcher

Tip from a CISO

“Input validation can be the most important single source or prevention against many security vulnerabilities. For new projects, make this one of your fundamental criteria selecting  language/framework.  For existing projects, if your existing technology does not provide solid input validation, evaluate creating your own function and make sure to call it each time.”

The BugBounter Team wishes a happy Cybersecurity Awareness Month!

📰 Stay Updated with the Latest Cybersecurity News

Former Uber Security Chief Found Guilty of Data Breach Coverup

“A U.S. federal court jury has found former Uber Chief Security Officer Joseph Sullivan guilty of not disclosing a 2016 breach of customer and driver records to regulators and attempting to cover up the incident”, writes The Hacker News.

Hackers gain access to personal data of more than 290,000 hotel guests in Hong Kong

“More than 290,000 people are at risk of having their personal information leaked after staying at three hotels in Hong Kong, the city’s privacy watchdog has warned”, writes South China Morning Post.

🧑‍💻 Stay Informed with This Month’s BugBounter Blogs

“How to Build a Cyber Security Culture”

Build a cyber security culture has become the norm for all organizations in all industries today. Read now to get the tips from BugBounter.

“Losing Reputation: Cyber Attack Tsunami”

Reputation management is a vital component of running a successful business, but a cyber-attack can ruin it irredeemably.

🤓 Stay Secure with a Small Tip from BugBounter

Tip from BugBounter

“Think of VPN like a mask. While the pandemic restrictions continued, we were wearing masks to avoid being infected with the virus in crowded places. VPN can also be considered as a mask we wear to protect our device from unsecured devices when we connect to a public wireless network.” 

Tip from a CISO

“I recommend publishing your company Vulnerability Disclosure Program on either your own website or a platform. This is like an early warning system. Let security enthusiasts engage with you.”

Tip from a Bounter

“I love searching for business logic errors. They are there because most security people think automated tests find bugs – no, not these ones.”

🎧 Stay Inspired with a BugBounter Podcast

Women in Cybersecurity

The 6th episode of BugBounter Webinar Series, “Women in Cybersecurity” focuses on the gender-related challenges in the cybersecurity industry. Guest speakers: Utku Sertlek (Datassist) and Confidence Staveley (CyberSafe Foundation). Listen here.

Happy Cybersecurity Awareness Month,

Can from the BugBounter Team

How was your summer?

📰 NEWS TO STAY INFORMED

Hackers Repeatedly Targeting Financial Services in French-Speaking African Countries

Major financial and insurance companies located in French-speaking nations in Africa have been targeted over the past two years as part of a malicious campaign codenamed DangerousSavanna, writes The Hacker News.

GIFShell – New Attack Method That Allows Attackers to Steal Data Using Microsoft Teams GIFs

A cybersecurity consultant and pentester, Bobby Rauch recently discovered that threat actors are abusing Microsoft Teams by executing phishing attacks using a new attack technique known as GIFshell, writes Cyber Security News .

🧑‍💻 BLOG POST OF THE MONTH

Why Would You Invest in Cybersecurity?

Why cybersecurity is crucial for today’s business world, and why should an investor invest in cybersecurity? Read our blog post to learn more.

🤓 A TIP TO STAY SECURE

Consider pentests like a yearly ordinary health checkup. They are ok but if you’re a grown-up person (organization) you’ll need specialists. Bug bounty experts prevent you from a sudden unexpected death (hack).

– The BugBounter Team

📅 EVENTS

Upcoming Webinar: “Women in Cybersecurity”

BugBounter will be celebrating women empowerment, and women’s impact on the cybersecurity industry on September 22, Thursday at 13:00 (GMT +3); 12:00 (WAT)!

This month’s webinar is featuring Confidence Staveley from Nigeria, founder and executive director of CyberSafe Foundation, and Utku Sertlek from Turkey, chief technology officer of Datassist Payroll Services.

Register for your spot in the event today!