🚀 BugBounter News
Microsoft Webinar on December 22: Don’t forget to register
BugBounter presents the “Recap on Cyber 2022: Insights from Microsoft Digital Defense Report” webinar. The event will be held on December 22 at 14:00 / 2 PM (GMT+3). Our guest speaker will be Erdem Erdoğan from Microsoft Middle East and Africa HQ. The focus of the event will be the threat landscape of 2022, and key insights into good practices based on the “Digital Defense Report 2022” by Microsoft.
Heavy Demand on Bug Bounty
We started a national bug bounty call in Turkey. The purpose of this call is to help young people who are eager to become cyber security professionals. Our Community Manager Salih and top researchers from our platform gather with student club members to inform them about bug bounty, and to share their experiences and stories as cyber security researchers. So far, our call was answered by many student clubs including Istanbul University and Middle East Technical University, and it keeps getting answers from many more.
🌍 News from the Cyber Security World
Cisco Warns of High-Severity Unpatched Flaw Affecting IP Phones Firmware
“Cisco has released a new security advisory warning of a high-severity flaw affecting IP Phone 7800 and 8800 Series firmware that could be potentially exploited by an unauthenticated attacker to cause remote code execution or a denial-of-service (DoS) condition.” (HackerNews)
Researchers Detail New Attack Method to Bypass Popular Web Application Firewalls
“A new attack method can be used to circumvent web application firewalls (WAFs) of various vendors and infiltrate systems, potentially enabling attackers to gain access to sensitive business and customer information.” (HackerNews)
👩💻 Blog Post of the Month
Let’s refresh our knowledge: “What is Open Bug Bounty?”
Open Bug Bounty is not bound to a time or researcher profile. It is open to public where anyone can contribute at any time.
💡 Tips
Tip from Our Platform: “SQL Injections”
✔️ SQL injection vulnerabilities occur when requests sent to the web server can reach the database without being filtered.
✔️ For example, if the SQL requests that a person who wants to extract unauthorized data from the system writes in the input field can be run in the database, there is SQL Injection.
