mail (18)

Can you believe PayPal? 🤦 | BugBounter Newsletter (August 2022)

Have a great August. Check the latest news from the cybersecurity world!

📰 NEWS TO STAY INFORMED

PayPal phishing kit added to hacked WordPress sites for full ID theft

A newly discovered phishing kit targeting PayPal users is trying to steal a large set of personal information from victims that includes government identification documents and photos. Over 400 million individuals and companies are using PayPal as an online payment solution.

Experts Claim Cyber Attacks On Crypto Firms Will Rise, What’s Ahead?

Regarding cryptocurrency cybercrimes and attacks, North Korea is a notable region with increased activities. Many groups are posing high threats through their attack on some crypto protocols. Also, a report in June disclosed that North Korea has 7 million active hackers.

🧑‍💻 BLOG POST OF THE MONTH

BIAS

The Cybersecurity Prejudice: The SEEDS Model

Up against thinking about same solutions for different cybersecurity issues, we discussed fixing this unconscious bias in cyber security with SEEDS model.

🤓 TIPS TO STAY SECURE

MentisSuit

Tip from a CISO

Conduct real time vulnerability assessment of the cybersecurity threats facing your organization: all access points, databases, and firewalls – 24/7.

GuvenlikUzmanı_Kadın

Tip from a Bounter

Create a secondary email address and use it for unimportant sites, research sites, one-time subscriptions, etc.

bb-01

Tip from Bugbounter

To maximize the RoI of your bounty program, make sure that the bounty levels of each scope are proportional to potential impact of the scope is compromised.

🎧 NEWEST BUGBOUNTER CONTENT

Our Latest Webinar is now on YouTube!

The 5th webinar of the Bugbounter Webinar Series, “Secure the Future – The Future of Cybersecurity Testing in South Africa”, with Futura International is now available on Bugbounter YouTube Channel for those who missed and want to rewatch! Click the thumbnail to watch!

Secure The Future: The Future of Cybersecurity Testing in South Africa

Our Latest Webinar is on Spotify as Podcast!

No time for watching videos? – It’s alright! Because our latest webinar is now on Spotify for you to listen anywhere you want! Click the cover artwork to listen!

Podcast_Kare 03_2
mail-_7_

Cyber criminals are targeting cryptocurrency users 😨 | BugBounter Newsletter (July 2022)

Get an iced coffee and check this month’s striking hack news.

Researchers Detail How Cyber Criminals Targeting Cryptocurrency Users

Cybercriminals are impersonating popular crypto platforms such as Binance, Celo, and Trust Wallet with spoofed emails and fake login pages in an attempt to steal login details and deceptively transfer virtual funds.

There are 24.6 Billion Pairs of Credentials for Sale on Dark Web

More than half of the 24.6 billion stolen credential pairs available for sale on the dark web were exposed in the past year, the Digital Shadows Research Team has found. Of the 24.6 billion credentials for sale, 6.7 billion of the pairs are unique, an increase of 1.7 billion over two years. This represents a 34 percent increase from 2020.

BLOG POST

hacker_types

Who Is a Hacker and What Are Hacker Colors?

There’s so many misinformation about hacking and hackers. In this article, we discussed hacker colors and the types of hackers.

TIPS

GuvenlikUzmanı_Kadın

Tip from a Bounter

Use two browsers. The default browser for web surfing and a secondary one for important stuff.

MentisSuit

Tip from a CISO

“S” in SDLC is not secure. You need SSDLC (Secure Software Development Lifecycle). Make sure you have secure DevOps processes in place as well.

bugbounter

Tip from Bugbounter

Hackers are lazy. They look for easy to hack opportunities, avoid unnecessary work. Make sure you’re (at least) one step better than your competitors’ security.

EVENTS

Upcoming webinar

The 5th webinar of Bugbounter webinar series is on July 28, 2022, Thursday at 13:00 / 1 PM (GM+3). Don’t forget to register for free.

Bugbounter_S Africa 16_9

The 5th Bugbounter webinar, “Secure the Future – The Future of Cybersecurity Testing in South Africa” with our South Africa partner Futura International, will be moderated by Bugbounter CEO Arif Gürdenli, and hosted by Bugbounter CTO Murat Lostar. Michiel Jonker, Director of Futura International, IT, Digital Advisor, and Auditor will be Murat Lostar’s guest. Together, they will be talking about cybersecurity  in South Africa with future and key insights into good practices.

Register for Free Here

Watch the previous webinar below while waiting

On June 16, Thursday, we hosted the 4th Bugbounter webinar “Cyber Secure Estonia: How to Reduce the Risk of Cyber-Attacks” with Cyberarch. Click the thumbnail on the right to watch.

Cyber Secure Estonia: Reducing the Risk of Cyber-Attacks
mail-_8_

New Zoom flaws could let attackers hack victims 😱 | BugBounter Newsletter (June 2022)

Hi there, check this month’s striking hacking news!

New Zoom Flaws Could Let Attackers Hack Victims Just by Sending them a Message

Popular video conferencing service Zoom has resolved as many as four security vulnerabilities, which could be exploited to compromise another user over chat by sending specially crafted Extensible Messaging and Presence Protocol (XMPP) messages and execute malicious code.

Brazilian e-commerce firm Americanas reports multimillion-dollar loss following cyberattack

Brazilian e-commerce conglomerate Americanas.com reported a multimillion-dollar loss in sales in its financial results on Friday after a major cyberattack earlier this year. The company’s transactional platforms were unavailable for a week following the incident in February.

CASE STUDY: How an E-Commerce Company Secured Its App Software Releases

New features in web/mobile applications and continuous tech investment are a threat for e-commerce businesses’ digital assets as they bring security vulnerabilities. Read to find out more….

BLOG POST

hunt-1

How do bug bounty programs contribute to your cyber security?

Bug bounty is the process of white hat hackers to discover security vulnerabilities. This process is vital for application security.

TIPS

GuvenlikUzmanı_Kadın

Tip from a Bounter

Create a secondary email address and use it for unimportant sites, research sites, one-time subscriptions, etc.

MentisSuit

Tip from a CISO

Forget your abstract security score, always communicate your most important cybersecurity risks with the Board. Own them as well.

bugbounter

Tip from Bugbounter

If your existing technology does not provide solid input validation, work on creating your own secure function and make sure to call it each time.

EVENT:This month’s Bugbounter Webinar is on June 16🚀

Bugbounter_ Estonia Webinar 16_9 (1)-3

In this month’s webinar titled “Cyber Secure Estonia: Reducing the Risk of Cyber-Attacks”, moderated by Arif Gürdenli and hosted by Murat Lostar, our guest will be Omkar Joshi from Coupa Software and guest speaker of Cyberarch (Estonia).

We will be talking about how to reduce the risk of cyber-attacks, with key insights into good practices, challenges we are facing globally, predictions about upcoming cyber threats, and mitigation advices in general.

The fourth webinar of Bugbounter webinar series is on June 16, Thursday at 13:00 / 1 PM (Estonian time, EEST & Turkey time, GMT+3). Don’t forget to register below. 👇🏻

Register for Webinar Here

mail-_9_

Striking Hacking News, Tips & more 🚀 | BugBounter Newsletter (May 2022)

STRIKING HACKING NEWS

Medical Software Firm Fined €1.5M for Leaking Data of 490k Patients

The French data protection authority (CNIL) fined medical software vendor Dedalus Biology with EUR 1.5 million for violating three articles of the GDPR (General Data Protection Regulation). Read more.

Hackers Breach Mailchimp Email Marketing Firm to Launch Crypto Phishing Scams

Email marketing service Mailchimp on Monday revealed a data breach that resulted in the compromise of an internal tool to gain unauthorized access to customer accounts and stage phishing attacks. Read more.

New Black Basta Ransomware Springs into Action with a Dozen Breaches

A new ransomware gang known as Black Basta has quickly catapulted into operation this month, breaching at least twelve companies in just a few weeks. Read more.

CASE STUDY: How We Supported a Fintech Client

A fintech company was in need of further coverage of its web applications, mobile applications and public APIs due to the pentests’ limited resources and uniformity.

Here’s how we solved their need …

BLOG POST

Security concept Lock on digital screen, illustration

All Companies Are Vulnerable To Cyber Attacks

Today, every institution has a website. In this case, they inevitably become targets of web server attacks. Every site has cyber security vulnerabilities. So how can you discover your cyber security vulnerabilities? Read More.

TIPS

Tip from a Bounter

Closeup of young male theift in sweatshirt with hood transfering money from bills of stolen creding cards

Using password managers for setting strong and unique passwords may help in avoiding cyberattacks. Select one with AES-256 encryption, the “zero-knowledge” technique, and 2FA authentication.

Tip from a CISO

Modern man with cyber technology target military eye concept

Conduct real time vulnerability assessment of the cybersecurity threats facing your organization: all access points, databases, and firewalls – 24/7.

Tip from Bugbounter

bugbounter

Encode HTML Tags: to prevent multiple XSS bugs in your websites, you can encode the string input using HtmlEncode method.

EVENT

Webinar

0G7yuq9kRJM-MQ

The health sector has become a more important target for cyberattacks with COVID-19. Watch our “Webinar on Cyber Security in South Africa: Digital Healthcare & IT” to find out more.

Watch on Youtube