lemmydev2

An unknown leaker has released what they claim to be an archive of internal Matrix chat logs belonging to the Black Basta ransomware operation. [...]

Bug bounty programs, where external agents are invited to search and report vulnerabilities (bugs) in exchange for rewards (bounty), have become a major tool for companies to improve their systems. We suggest augmenting such programs by inserting artificial bugs to increase the incentives to search for real (organic) bugs. Using a model of crowdsearch, we identify the efficiency gains by artificial bugs, and we show that for this, it is sufficient to insert only one artificial bug. Artificial bugs are particularly beneficial, for instance, if the designer places high valuations on finding organic bugs or if the budget for bounty is not sufficiently high.

[...]

Yet, as prizes paid for finding artificial and organic bugs may optimally differ, the designer may want to prove to the finders of the artificial bug, or even to all participants, that an artificial bug found was indeed inserted on purpose and was artificially designed by the designer at the start of the bug bounty program. Even more importantly, if the artificial bug is not found during the crowdsearch, it is important that the designer can prove that an artificial bug has been inserted before the crowdsearch started. This would ensure, or reaffirm, the credibility of the bug bounty program with artificial bugs.

The third quarter of 2024 saw a dramatic shift in the types of malware detected at network perimeters, according to a new WatchGuard report. The report’s key findings include a 300% increase quarter over quarter of endpoint malware detections, highlighted by growing threats that exploit legitimate websites or documents for malicious purposes as threat actors turn to more social engineering tactics to execute their attacks. While Microsoft documents like Word and Excel have long been … More → The post 300% increase in endpoint malware detections appeared first on Help Net Security.

A new report cites text messages that appear to show the crypto mogul bragging about exerting some sort of control over the Argentinian leader.

Half of engineers don’t strongly trust the data they rely on the most in their central system of record, according The post 50% of Engineers Lack Trust in the Data They Rely on Most appeared first on The New Stack.

The Chinese APT hacking group "Mustang Panda" has been spotted abusing the Microsoft Application Virtualization Injector utility as a LOLBIN to inject malicious payloads into legitimate processes to evade detection by antivirus software. [...]

Carding -- the underground business of stealing, selling and swiping stolen payment card data -- has long been the dominion of Russia-based hackers. Happily, the broad deployment of more secure chip-based payment cards in the United States has weakened the carding market. But a flurry of innovation from cybercrime groups in China is breathing new life into the carding industry, by turning phished card data into mobile wallets that can be used online and at main street stores.

Are you scared to walk down the streets of NYC and also have too much money? There's an app for that.

A flea market buyer found medical information about hundreds of patients on second hand decommissioned hard drives.

A contractor for the Air Force and other government agencies wanted to get a good deal on some Graykeys from us (we're journalists FYI).

Comments