Tag Archive for: bounty

Bugcrowd snaps up $102M for a ‘bug bounty’ security platform that taps 500K+ hackers

/in


Bugcrowd — the startup that taps into a database of half a million hackers to help organizations like OpenAI and the U.S. government set up and run bug bounty programs, cash rewards to freelancers who can identify bugs and vulnerabilities in their code — has picked up a big cash award of its own to grow its business further: an equity round of $102 million.

General Catalyst is leading the investment, with previous backers Rally Ventures and Costanoa Ventures also participating.

Bugcrowd has raised over $180 million to date, and while valuation is not being disclosed, CEO Dave Gerry said in an interview it is “significantly up” on its last round back in 2020, a $30 million Series D. As a point of comparison, one of the startup’s bigger competitors, HackerOne, was last valued at $829 million in 2022, according to PitchBook data.

The plan will be to use the funding to expand operations in the U.S. and beyond, including potentially M&A, and to build more functionality into its platform, which — in addition to bug bounty programs — also offers services including penetration testing and attack surface management, as well as training to hackers to increase their skiilsets.

That functionality is both of a technical but also human nature.

Gerry jokingly describes Bugcrowd’s premise as “a dating service for people who break computers” but in more formal terms, it is built around a two-sided security marketplace: Bugcrowd crowdsources coders, who apply to join the platform by demonstrating their skills. The coders might be hackers who only work on freelance projects, or people who work elsewhere and pick up extra freelance work in their spare time. Bugcrowd then matches these coders up, based on those particular skills, with bounty programs that are in the works among clients. Those clients, meanwhile, range from other technology companies through to any enterprise or organization whose operations rely on tech to work.

In doing all this, Bugcrowd has been tapping into a couple of important trends in the technology industry.

Organizations continue to build more technology to operate, and that means more apps, more automations, more integrations and much more data is…

Source…

U.S. Offers $10 Million Bounty for Info Leading to Arrest of Hive Ransomware Leaders

/in


Hive Ransomware

The U.S. Department of State has announced monetary rewards of up to $10 million for information about individuals holding key positions within the Hive ransomware operation.

It is also giving away an additional $5 million for specifics that could lead to the arrest and/or conviction of any person “conspiring to participate in or attempting to participate in Hive ransomware activity.”

The multi-million-dollar rewards come a little over a year after a coordinated law enforcement effort covertly infiltrated and dismantled the darknet infrastructure associated with the Hive ransomware-as-a-service (RaaS) gang. One person with suspected ties to the group was arrested in Paris in December 2023.

Hive, which emerged in mid-2021, targeted more than 1,500 victims in over 80 countries, netting about $100 million in illegal revenues. In November 2023, Bitdefender revealed that a new ransomware group called Hunters International had acquired the source code and infrastructure from Hive to kick-start its own efforts.

There is some evidence to suggest that the threat actors associated with Hunters International are likely based in Nigeria, specifically an individual named Olowo Kehinde, per information gathered by Netenrich security researcher Rakesh Krishnan, although it could also be a fake persona adopted by the actors to cover up their true origins.

Blockchain analytics firm Chainalysis, in its 2023 review published last week, estimated that ransomware crews raked in $1.1 billion in extorted cryptocurrency payments from victims last year, compared to $567 million in 2022, all but confirming that ransomware rebounded in 2023 following a relative drop off in 2022.

“2023 marks a major comeback for ransomware, with record-breaking payments and a substantial increase in the scope and complexity of attacks — a significant reversal from the decline observed in 2022,” it said.

Cybersecurity

The decline in ransomware activity in 2022 has been deemed a statistical aberration, with the downturn attributed to the Russo-Ukrainian war and the disruption of Hive. What’s more, the total number of victims posted on data leak sites in 2023 was 4,496, up from 3,048 in 2021 and 2,670 in 2022.

Palo Alto Networks Unit…

Source…

Atomic Wallet Offers $1 Million Bug Bounty Amid Security Lawsuit

/in


Atomic WalletAtomic Wallet
Source: Adobe / Ascannio

Amid an ongoing class-action lawsuit related to a $100-million hack in June, the developer of Atomic Wallet has launched a $1-million bug bounty program aimed at identifying security flaws in its wallet software.

In an announcement on December 18, the development team invited ethical hackers and security experts globally to scrutinize the open-source code for potential vulnerabilities.

White hat hackers who discover the most severe vulnerabilities, defined as those allowing an over-the-internet attack without physical access, installed malware, or social engineering, stand to earn $100,000 under the program.

The bug bounty program is designed to enhance the security of the wallet and minimize the risk of future cyber threats.

The bounty program also offers compensation ranging from $500 to $10,000 for hackers who identify bugs or flaws not meeting the criteria of the most serious vulnerabilities.

The reward depends on the severity of the vulnerability, with $5,000 allocated for a “high-risk” discovery and $10,000 for a “critical-risk” one.

The total bounty pool for all discoveries is set at $1 million.

Harnessing the ‘expertise of the global community’


Konstantin Gladych, founder of Atomic Wallet, expressed confidence in the bug bounty program’s ability to harness global expertise and creativity to bolster cybersecurity.

“Recent events in the blockchain industry have once again reminded us that cybersecurity is a dynamic field, and the best way to stay ahead is by harnessing the creativity and expertise of the global community,” he said.

$100 million hacking incident


Atomic Wallet in June this year suffered a $100 million hacking incident.

About 5,500 users of the non-custodial cryptocurrency wallet were affected by the hack which has been linked to the North Korean Lazarus Group.

Two months later, the incident led victims to launch a class action lawsuit against Atomic Wallet for compensation.

According to reports at the time, the claims rest on the company’s inaction to share proper information about…

Source…

Digital Bounty: The great crimeware awakening

/in


This guest editorial was written by Roger A. Grimes, a technology evangelist at KnowBe4.

Criminals are awakening and taking advantage of their new digital bounty. Ransomware is just beginning to show us how bad it is soon going to be. We thought it was bad now. We really didn’t have a clue.

Estimated reading time: 13 minutes

How I wish for the days of yesteryear. I’m old enough to remember the dawn of computer hackers and malware. I wasn’t around in the ’50s and ’60s and not old enough in the ’70s to experience the very early and first digital criminals and their malicious creations firsthand. But I was around to see the first personal computer virus, Elk Cloner.

It was created by 15-year-old Richard Skrenta in 1982. It infected the boot sectors of Apple II computers and floppy disks. Skrenta meant it as a practical joke to mess with his friends, but as is often the case with auto-roving malware, it spread worldwide, causing all sorts of havoc.

I was fully involved in reading about and fantasizing about fighting computer crime during the discovery of Pakistani Brain, the world’s first IBM PC-compatible infecting virus, which came out in 1986. By the time the Jerusalem, Cascade, Stoned, and Lehigh viruses came out in 1987, I was disassembling them into their assembly language coding constituencies for a volunteer group called the PC Antivirus Research Foundation (created by Paul Ferguson) and using a precursor of the Internet called FIDONet to send my digital research findings to the computer antivirus discussion group and John McAfee.

For a long time, a decade-plus, most digital computer malware was written to be harmless jokes. They printed funny messages, played music, and made typed letters on your screen collect at the bottom of the screen area. The worst-behaving malware programs, like the Melissa virus (1999) and the Iloveyou worm (2000), flooded corporate email networks and paging systems.

Sure, there were the occasional malicious malware programs like the AIDS Cop virus (which was the first ransomware program) and the 1992 Michelangelo virus (which formatted hard drive partitions). Still, most were near benign and created more to prove that some young man somewhere…

Source…