Facebook Awards $100K to Researchers for Credential Spearphishing Detection Method
Researchers who identified a real-time way to detect credential spearphishing attacks in enterprise settings won $100,000 from Facebook last week.
Chris Brook
About
"Distrust and caution are the parents of security" - Benjamin Franklin
Threatpost News Wrap, August 11, 2017
Mike Mimoso and Chris Brook discuss the news of the week including the return of the Mamba ransomware, APT trends, a mystery company’s 250K bug bounty, and a high schooler’s $10K bug bounty from Google.
High Schooler Nets $10,000 For Google Bug
Google awarded a hefty $10,000 bounty to a high school student last week for uncovering a bug that could have let anyone access an internal Google website.
SAP released 19 patches on Tuesday, including a trio of vulnerabilities marked high severity in its business management software.
Mozilla fixed three critical vulnerabilities and made Flash click-to-activate by default when it released Firefox 55 on Tuesday
Attackers behind APT campaigns have kept busy in Q2 2017, adding new ways to bypass detection, crafting new payloads to drop, and identifying new zero days and backdoors to help them infect users and maintain persistence on machines.
Following a class action lawsuit, Disney is fighting allegations this week that its apps fail to safeguard children’s personal information.
The news of the week is discussed, including how Marcus Hutchins, aka MalwareTech was arrested in Las Vegas, Alex Stamos’ Black Hat keynote, and this week’s proposed IoT legislation.
Cisco fixed two high severity vulnerabilities in two products this week that could have let an attacker trigger a denial of service condition or bypass local authentication.
IBM fixed a cross-site scripting vulnerability in its Worklight and MobileFirst products that could have let an attacker steal sensitive information.
