Monday, October 25, 2021
Posted by Editorial_Staff_Team
Reader's rate:
2.5
Responsible Disclosure Program (VDPBW) 2021 One year has now passed since the Bundeswehr made public the first vulnerability disclosure policy (vdpbw) for a responsible disclosure program. Since our security researchers always like to be the first to test and actively participate in a bug bounty... + continue reading
Tuesday, October 19, 2021
Posted by Editorial_Staff_Team
Reader's rate:
5
A vulnerability researcher of the vulnerability lab team disclosed a simple but effective technique that was used against microsoft and adobe some years ago. A persistent input validation web vulnerability has been discovered in the official BMW online service portal web-application. The... + continue reading
Wednesday, July 28, 2021
Posted by Editorial_Staff_Team
Reader's rate:
5
10th Anniversary - VRP Upgrade Google announced this week on its official security blog that the current bug bounty program will be rebranded for its anniversary. As with other vulnerability disclosure platforms, a gamification model will be used to further motivate the research community.... + continue reading
Tuesday, April 6, 2021
Posted by Editorial_Staff_Team
Reader's rate:
3.5
New Teams Desktop Client Bug Bounty Program Microsoft Teams is a platform developed by Microsoft that combines chat, meetings, notes and attachments. The service is integrated into the Microsoft 365 suite with Microsoft Office and Skype/Skype for Business. In recent weeks, microsoft's msrc... + continue reading
Friday, January 15, 2021
Posted by Editorial_Staff_Team
Reader's rate:
5
New Ebay Inc Identity Security Check Default PIN in 2021 In the last weeks we have reviewed several identity security check mechanisms of large coporates. Due to that we figured out a funny case with ebay inc. Ebay inc owns a new security identity check function that uses a algorithm to... + continue reading
Thursday, October 22, 2020
Posted by Editorial_Staff_Team
Reader's rate:
4.76923
Bundeswehr Responsible Disclosure Program (VDPBw) Today, on october 22, the German Armed Forces "Bundeswehr" officially launched the new Responsible Disclosure Program for reporting vulnerabilities and security vulnerabilities. Preparations have been underway for a few weeks now and can be... + continue reading
Wednesday, September 16, 2020
Posted by Editorial_Staff_Team
Reader's rate:
4
Bypassing using Exchange of Session Credentials In recent weeks, a new application has been released at the sparkasse in germany. This is the "secure safe" for documents... + continue reading
Thursday, May 7, 2020
Posted by Editorial_Staff_Team
Reader's rate:
5
LANCOM Systems Wireless Controller Series (Public Spot) - Several Patches Released by Support Today Security researchers of the vulnerability laboratory core research team uncovered about 3 weeks ago a new vulnerability in the LANCOM Systems wireless controller product series. With WLAN... + continue reading
Thursday, April 30, 2020
Posted by Editorial_Staff_Team
Reader's rate:
4.6
The Digital Bank Robbery of the Year 2020 - APT "Golden_hands" (Government Emergency Aid) In last 4-5 weeks our company Evolution Security GmbH and all around us were affected by the economy crisis that came cold from the back. This is a story about advanced persistent threats in Germany and the... + continue reading

Featured Cooperative Security Articles

Monday, 25/10/21 - 6 comment(s)
Responsible Disclosure Program (VDPBW) 2021 One year has now passed since the Bundeswehr made public the first vulnerability disclosure policy (vdpbw) for a responsible disclosure program. Since our security researchers always like to be the first to test and actively participate in a bug bounty or responsible disclosure program, we naturally... + continue reading
Tuesday, 19/10/21 - 0 comment(s)
A vulnerability researcher of the vulnerability lab team disclosed a simple but effective technique that was used against microsoft and adobe some years ago. A persistent input validation web vulnerability has been discovered in the official BMW online service portal web-application. The vulnerability is located in the `firstname` and `... + continue reading

TOP SECURITY STORIES

BUG BOUNTY ISSUES

Wednesday, 28/07/21 - 0 comment(s)
10th Anniversary - VRP Upgrade Google announced this week on its official security blog that the current bug bounty program will be rebranded for its anniversary. As with other vulnerability... + continue reading

VULNERABILITIES & BUGS

Tuesday, 19/10/21 - 0 comment(s)
A vulnerability researcher of the vulnerability lab team disclosed a simple but effective technique that was used against microsoft and adobe some years ago. A persistent input validation web... + continue reading

BEST SECURITY VIDEOS

Thursday, 07/03/19 - 2 comment(s)
Telekom Magenta Musik 360 - CERT Coordinates The videos shows the reproduce for the german telekom in a new service they did publish in 2019 Q1. The vulnerabilities are persistent and non-... + continue reading

LAB MAGAZINE ISSUES

Tuesday, 11/03/14 - 1 comment(s)
Vulnerability Magazine Welcome to the Vulnerability Magazine! The the vulnerability magazine, publishes the latest vulnerabilities and security informations from our laboratory infrastructure.... + continue reading

IT-SECURITY EVENTS

Thursday, 23/11/17 - 2 comment(s)
Legendary free speech - You are the Key! In the last weeks we got invited to the very famous JBFone Conference organized by the Fiducia & GAD IT AG. The Fiducia & GAD IT AG is a public... + continue reading
Mon
02
Sep

GPSRP pays researchers for reporting abusiv google playstore apps

GPSRP pays researchers for reporting abusiv google playstore apps




Adam Bacchus, Sebastian Porst, and Patrick Mutchler  of the  Android Security & Privacy Team, announced great news of a upcoming data protection and privacy reward program. This week google extends the scope of GPSRP to include all apps in Google Play with 100 million or more installations. These apps can now be rewarded even if the app developers (3rd party) don't have their own vulnerability or bug bounty program.

The GPSRP program, which was originally launched about 1 year ago, is still limited to reporting vulnerabilities only in very popular Android apps in the Google Play Store. Many of them have their own products.

Fri
09
Aug

Apple extends exisiting private bug bounty program at the end of the year

Apple Updates Bug Bounty Program Q4

In recent years, Apple and the company around cupertino have received massive criticism about the current Bug Bounty program. Among other things, well-known security researchers from the scene have criticized Apple for a faulty program, which attracts others but never pays off. The reason for this was that Apple's bug bounty program was only open for private invitations. But now that Apple is confronted more and more with full disclosure and data protection failures as well as vulnerabilities that cannot be denied anymore, the internal program has to be revised in its methodology. Reasons for this are higher prices on black markets, penalties for data protection incidents and the publicly criticizing security researchers.

Pages

Subscribe to Vulnerability Magazine - Acknoweldgements, Bug Bounties & Security Research RSS