Home / Companies / Bugcrowd / Blog / July 2021

July 2021 Summaries

8 posts from Bugcrowd

Filter
Month: Year:
Post Summaries Back to Blog
PrintNightmare is a remote code execution vulnerability in Microsoft systems that can be exploited by ransomware operators, allowing them to run arbitrary code with SYSTEM privileges and install programs, view or delete data, or create new accounts with full user rights. It was discovered by researchers at Tencent Security Xuanwu Lab and initially had a CVSS score of 8.8/8.2. The vulnerability is distinct from CVE-2021-1675, which has a lower CVSS score of 7.8/6.8. Microsoft released patches with the KB5003671 and KB5003681 updates in June 2021, but proof of concept was shown on Twitter by QiAnXin Technology on June 28th, 2021. The exploit has been implemented into security tools such as Mimikatz, and organizations can remediate the vulnerability by disabling the print spooler service or updating group policy to prevent client connections. Microsoft released an "Out of Bands" update for this vulnerability in KB5004954 and KB5004958 on July 6th, 2021.
Jul 23, 2021 556 words in the original blog post.
Researchers no longer need points to receive private program invitations on Bugcrowd, instead, invitations are based on researchers' proven skills and dollars earned on the platform. The new system aims to provide more accurate representations of a researcher's ranking, status, or aptitude. By focusing on skills and earnings, Bugcrowd can better match researchers with programs that need their expertise. This change also allows for more respect to be given to top performers who have delivered significant value through their findings. Researchers can increase their chances of receiving invitations by demonstrating their proficiency in specific areas, earning more dollars, and providing more information about themselves on the platform.
Jul 22, 2021 1,141 words in the original blog post.
I started bounty hunting 6 months ago with Bugcrowd and have made over $100,000 since January, achieving success by being courteous, polite, and helpful in interactions with other hunters and staff. I set realistic goals for myself and adjust them as needed to maintain a relaxed mindset, allowing me to enjoy the process without feeling overwhelmed or stressed. The platform provides opportunities for individuals to make money while working part-time, and I believe anyone interested in computers and hacking can be successful with Bugcrowd's crowd-sourced security model.
Jul 20, 2021 741 words in the original blog post.
As COVID-19 cases surge, Bugcrowd is providing free, fully managed Vulnerability Disclosure Programs to executive agencies across Australia and New Zealand for 90 days beginning July 15, in an effort to empower them to deliver critical services without delay. Leveraging its experience supporting U.S. emergency teams and hospitals during the pandemic, Bugcrowd aims to aid digital businesses in their response to the crisis by facilitating collaboration between security teams and a global community of ethical hackers. By integrating Vulnerability Disclosure Programs into existing risk management activities, government agencies can access in-demand cybersecurity expertise on demand, while preserving the integrity of sensitive information and increasing confidence in their ability to protect the public's trust. This defense-in-depth approach supports the mission of safeguarding the community and the digitally connected world during this uncertain time.
Jul 15, 2021 417 words in the original blog post.
I'm Plushcap, your AI assistant. Here's a summary of the text in one paragraph: A bounty hunter with Bugcrowd shares their experience and insights on how to succeed in the platform, highlighting the importance of logging high-priority bugs, such as P4s, which can net a significant amount of money, and emphasizing that finding and reporting any valid bug is crucial for earning rewards. The author also shares their personal journey, starting with Bugcrowd six months ago, making over $100,000 in that time, and encourages readers to avoid getting stuck in a low-paying bubble by focusing on high-value bugs and logging as much as possible.
Jul 13, 2021 452 words in the original blog post.
The Kaseya Virtual System Administrator (VSA) server software, used by managed service providers (MSPs) to manage their clients, was compromised by attackers who exploited a 0-day authentication bypass vulnerability on July 2, 2021. The attackers were able to upload and execute a REvil ransomware payload, compromising up to 1 million host systems and encrypting them, causing significant disruptions to multiple large organizations. This attack highlights the risk of supply chain exploitation and the importance of prioritizing vulnerability remediation, particularly for organizations with products that form part of a broader supply chain. To mitigate this risk, Kaseya has released guidance on how to protect against the attack, including shutting down affected servers until further notice and using detection tools to identify potential indicators of compromise. Organizations can also take steps such as engaging a vulnerability management platform like Bugcrowd to quickly find and fix business-critical vulnerabilities before they are discovered by attackers.
Jul 07, 2021 697 words in the original blog post.
In this article, the author known as "ZwinK" shares insights and tips on successful bounty hunting with Bugcrowd, drawing from personal experience in which they earned over $100,000 within six months by hacking part-time. A key piece of advice is to be selective about which programs to engage with, emphasizing the importance of aligning them with one's interests and skills to increase focus and bug discovery. "ZwinK" highlights the significance of factors such as triage time, bounty payouts, the company's objectives, and program scope, suggesting that a responsive and rewarding program keeps hunters motivated and maximizes return on investment. The author reflects on the evolution of the hacking world, noting how it has transformed from a risky endeavor to a legitimate and lucrative activity.
Jul 06, 2021 684 words in the original blog post.
This is the time of the year when Bugcrowd announces its top researchers who have made it into the next tier of its P1 Warrior Program. The program rewards researchers for their total count of valid P1 submissions since January 2019, with levels ranging from Level 6 to Level 2 based on the number of P1 submissions. Researchers who qualify receive various rewards such as a wrestling belt, hoodie, challenge coin, sticker pack, and more. To be included in the next announcement, researchers must have their profiles set to "Public". Bugcrowd has announced its incentive programs in detail through an Ultimate Guide, which can be referred to for more information. The program aims to encourage top researchers to continue doing amazing work in the new year.
Jul 02, 2021 305 words in the original blog post.