SecurityWeek reports that Facebook parent firm <a href="https://www.scmagazine.com/analysis/application-security/facebook-adds-data-scraping-to-its-bug-bounty-programs">Meta has expanded its bug bounty program</a> to include rewards for flaws that could be abuse to evade <a href="https://www.securityweek.com/meta-offers-rewards-flaws-allowing-attackers-bypass-integrity-checks">Facebook integrity checks</a>, including two-factor authentication for some business manager accounts, as well as the platform's feature restrictions and application verification processes.

Meta will be awarding up to $2,000 to researchers determining endpoints that could be bypassed by Business Manager 2FA prompts, while rewards of up to $20,000 and up to $15,000 could be given to researchers identifying issues enabling the creation of "an arbitrary amount of prepaid balance without using a valid payment method," and the omission of "an arbitrary outstanding balance without a valid payment," respectively, according to Meta.

Researchers could also be given up to $20,000 for discovering techniques for ad revenue generation through fake impressions. Meanwhile, up to $10,000 could be awarded to those who could identify novel highly scalable and exploitable attack vectors.

<p>SecurityWeek reports that Facebook parent firm <a href="https://www.scmagazine.com/analysis/application-security/facebook-adds-data-scraping-to-its-bug-bounty-programs">Meta has expanded its bug bounty program</a> to include rewards for flaws that could be abuse to evade <a href="https://www.securityweek.com/meta-offers-rewards-flaws-allowing-attackers-bypass-integrity-checks">Facebook integrity checks</a>, including two-factor authentication for some business manager accounts, as well as the platform&#8217;s feature restrictions and application verification processes.</p>
<p>Meta will be awarding up to $2,000 to researchers determining endpoints that could be bypassed by Business Manager 2FA prompts, while rewards of up to $20,000 and up to $15,000 could be given to researchers identifying issues enabling the creation of &#8220;an arbitrary amount of prepaid balance without using a valid payment method,&#8221; and the omission of &#8220;an arbitrary outstanding balance without a valid payment,&#8221; respectively, according to Meta.</p>
<p>Researchers could also be given up to $20,000 for discovering techniques for ad revenue generation through fake impressions. Meanwhile, up to $10,000 could be awarded to those who could identify novel highly scalable and exploitable attack vectors.</p>


SC Media

Vulnerability management

Strategy

Application security

Architecture

Risk management

Meta to cover integrity check evasion flaws in bug bounty program

Brief

Related Events


<p>In today’s distributed environment where new threat vectors and vulnerabilities emerge daily, it’s no longer sufficient to prioritize remediation based on a CVSS score. Tanium brings together numerous sources of risk (e.g. vulnerabilities, compliance gaps, sensitive data exposure, and excessive administrative rights) and combines that with the criticality of the assets themselves to provide a true picture of risk in the environment. In this Democast &#8212; the second in a series around managing cyber risk &#8212; learn how having a comprehensive risk picture can facilitate effective and efficient management of that risk.</p>



<p>Join this Democast in order to:</p>



<ul><li>Hear how Tanium can help you achieve and maintain a comprehensive view of risk across your environment.</li><li>Understand which tools are necessary to manage risk in real time and at scale.</li><li>Watch a live demo of how to use Tanium to identify sources of risk, prioritize remediation based on level of risk, and drive remediation across your endpoint estate in seconds.</li></ul>



<p><strong>Speakers:</strong></p>



<div class="wp-block-cra-webcast-speaker"><div class="speaker-wrap overflow -grid"><figure class="speaker-image"><img src="https://files.scmagazine.com/wp-content/uploads/2022/04/Julia-Grunewald.jpg" alt="Speaker"/></figure><div class="speaker-info"><div class="speaker-about"><p class="speaker-name">Julia Grunewald</p><p class="speaker-job">Product Manager</p><p class="speaker-company">Tanium</p></div><div class="speaker-description"><p>Julia Grunewald is the Product Manager for Tanium Risk. Previously, she has worked on products for cyber insurance and third-party risk management. She is passionate about security and privacy.</p></div></div></div></div>



<div class="wp-block-cra-webcast-speaker"><div class="speaker-wrap overflow -grid"><figure class="speaker-image"><img src="https://files.scmagazine.com/wp-content/uploads/2022/04/Payal-Mehrotra.jpg" alt="Speaker"/></figure><div class="speaker-info"><div class="speaker-about"><p class="speaker-name">Payal Mehrotra</p><p class="speaker-job">Senior Director of Product Management</p><p class="speaker-company">Tanium</p></div><div class="speaker-description"><p>Payal is a Senior Director of Product Management, responsible for Tanium&#8217;s Risk Portfolio. For more than 18 years, she has been building products that help companies secure their networks. She has worked with Fortune 500 to hyper growth startups in network, and data security fields. Payal provides expert guidance to our customers in data analytics, migration to cloud, security &amp; risk management.</p><p>She has a Masters in Computer Science from WPI, and MBA from Babson College. She is from Boston, MA and enjoys traveling with her family.</p></div></div></div></div>



<div class="wp-block-cra-webcast-speaker"><div class="speaker-wrap overflow -grid"><figure class="speaker-image"><img src="https://files.scmagazine.com/wp-content/uploads/2021/09/Bill-Brenner.jpg" alt="Speaker"/></figure><div class="speaker-info"><div class="speaker-about"><p class="speaker-name">Bill Brenner</p><p class="speaker-job">VP, Content</p><p class="speaker-company">CyberRisk Alliance</p></div><div class="speaker-description"><p>Bill Brenner is VP of Content Strategy at CyberRisk Alliance &#8212; an InfoSec content strategist, researcher, director, tech writer, blogger and community builder. He was formerly director of research at IANS, senior writer/content strategist at Sophos, senior tech writer for Akamai Technology&#8217;s Security Intelligence Research Team (Akamai SIRT), managing editor for CSOonline.com and senior writer for SearchSecurity.com.</p></div></div></div></div>



<p><strong>Sponsored By:</strong></p>



<figure class="wp-block-image size-full"><img width="499" height="139" src="https://files.scmagazine.com/wp-content/uploads/2022/04/Tanium-2.png" alt="" class="wp-image-218568" srcset="https://files.scmagazine.com/wp-content/uploads/2022/04/Tanium-2.png 499w, https://files.scmagazine.com/wp-content/uploads/2022/04/Tanium-2-300x84.png 300w" sizes="(max-width: 499px) 100vw, 499px" /></figure>


Network security

Democast

Reinterpreting Risk: Achieving a More Complete Picture of The Threats Lurking in Your Environment


<p>The SolarWinds and Kaseya attacks. Log4Shell and ProxyShell&#8230; These are the headlines that give security professionals nightmares. To survive the dizzying pace of today’s modern threat landscape, organizations must have in place an action plan that allows them to quickly triage security incidents, with the confidence that they’re responding to accurate, real-time information. &nbsp;&nbsp;<br><br>Topics will include:&nbsp;</p>



<ul><li>Current industry trends and key takeaways from 2021’s biggest cyber headlines.&nbsp;</li><li>Collecting the right information from your environment to make decisions quickly and confidently.&nbsp;</li><li>The roles that risk assessment, asset management, gap analysis and patch management play in your action plan.&nbsp;</li><li>Suggestions on how to communicate with executives and board members to build their trust and gain their support.</li></ul>



<p>Join Melissa Bischoping, Endpoint Security Research Specialist at Tanium, who will present a five-step plan for optimizing and prioritizing your security operations so you can survive the latest evolving threats.&nbsp;</p>



<p><strong>Speakers</strong>: </p>



<div class="wp-block-cra-webcast-speaker"><div class="speaker-wrap overflow -grid"><figure class="speaker-image"><img src="https://files.scmagazine.com/wp-content/uploads/2022/04/MelissaBischoping_small-1.jpg" alt="Speaker"/></figure><div class="speaker-info"><div class="speaker-about"><p class="speaker-name">Melissa Bischoping</p><p class="speaker-job">Director Endpoint Security Research</p><p class="speaker-company">Tanium</p></div><div class="speaker-description"><p>Melissa Bischoping is a passionate security evangelist whose academic &amp; professional background in human psychology and technology align to educate, advocate, and remediate the difficult security problems faced by businesses and individuals.</p><p>She currently works as an Endpoint Security Research Specialist at Tanium where she analyzes emerging threats, zero-days, and CVEs to provide subject matter expertise for internal and external customers. Prior to Tanium, she held positions in operations and security across the hospitality, casino gaming, and industrial/manufacturing industries. Melissa is most interested in topics around adversary emulation, purple team operations, zero trust philosophy, and digital forensics and incident response.</p><p>Outside of work, Melissa pursues a Master of Science in Information Security Engineering at SANS, where she also competes as part of the Capture-The-Flag team. Her hobbies include DIY home renovation and gardening. She lives in northern Virginia with her husband, son, 3 Sphynx cats, and 1 Min-Pin.</p></div></div></div></div>



<div class="wp-block-cra-webcast-speaker"><div class="speaker-wrap overflow -grid"><figure class="speaker-image"><img src="https://files.scmagazine.com/wp-content/uploads/2021/09/Bill-Brenner.jpg" alt="Speaker"/></figure><div class="speaker-info"><div class="speaker-about"><p class="speaker-name">Bill Brenner</p><p class="speaker-job">VP of Content Strategy</p><p class="speaker-company">CyberRisk Alliance</p></div><div class="speaker-description"><p>Bill Brenner is VP of Content Strategy at CyberRisk Alliance &#8212; an InfoSec content strategist, researcher, director, tech writer, blogger and community builder. He was formerly director of research at IANS, senior writer/content strategist at Sophos, senior tech writer for Akamai Technology&#8217;s Security Intelligence Research Team (Akamai SIRT), managing editor for CSOonline.com and senior writer for SearchSecurity.com.</p></div></div></div></div>



<p><strong>Sponsored By:</strong></p>



<figure class="wp-block-image size-full"><img width="499" height="139" src="https://files.scmagazine.com/wp-content/uploads/2022/04/Tanium-1.png" alt="" class="wp-image-218541" srcset="https://files.scmagazine.com/wp-content/uploads/2022/04/Tanium-1.png 499w, https://files.scmagazine.com/wp-content/uploads/2022/04/Tanium-1-300x84.png 300w" sizes="(max-width: 499px) 100vw, 499px" /></figure>


Data security

Asset Management

Ransomware

Cybercast

Ransomware & Zero Days: A 5-Step Action Plan to Avoid Becoming the Next Big Headline


<p>Secureworks Taegis VDR delivers a fully integrated, comprehensive vulnerability management solution via an automated and configuration-free approach with machine learning and self-learning, built-in ability to prioritize alerts based on the risk level specific to an organization’s business. VDR automatically performs asset and service discovery, dynamically adjusting its discovery process based on learnings from past discovery results and in-depth scanning activity. VDR’s contextual prioritization provides a prioritized list of every vulnerability, allowing most critical ones to be prioritized, to provide the most impact and value from their VM investment.</p>



<p>What you&#8217;ll learn:</p>



<ul><li>How to overcome key challenges to automate and improve vulnerability management</li><li>How to effectively prioritize vulnerabilities</li><li>The importance of Al-driven, risk-based prioritization</li><li>Answers to questions that our speakers received during the live webinar</li></ul>



<p>Vulnerability management has traditionally been focused on scan and patch, requiring manual intervention and a lack of efficiencies. As artificial intelligence technologies continue to impact the landscape, vulnerability management can embrace Al to streamline operations and reduce risk. What should you know to automate your organization’s vulnerability management?  </p>



<p>You’ll learn how artificial intelligence leverages information about your environment to focus vulnerability remediation, saving you time and effort, while quantifiably reducing your risk.</p>



<p><strong>Speakers</strong>: </p>



<div class="wp-block-cra-webcast-speaker"><div class="speaker-wrap overflow -grid"><figure class="speaker-image"><img src="https://files.scmagazine.com/wp-content/uploads/2022/04/Amanda-Sutliff-Secureworks.jpg" alt="Speaker"/></figure><div class="speaker-info"><div class="speaker-about"><p class="speaker-name">Amanda Sutliff</p><p class="speaker-job">Director of Product Marketing &amp; Analyst Relations<br/></p><p class="speaker-company">SecureWorks</p></div><div class="speaker-description"><p>Amanda is the Director of Product Marketing and Analyst Relations at Secureworks. She leads the route to market activities for Securework&#8217;s vulnerability management solution, Taegis VDR. She has over 15+ years of experience working for SaaS based companies focused on product and customer marketing. Prior to joining Secureworks Amanda led customer marketing and advocacy programs at LogMeIn. She is based in Boston, MA</p></div></div></div></div>



<div class="wp-block-cra-webcast-speaker"><div class="speaker-wrap overflow -grid"><figure class="speaker-image"><img src="https://files.scmagazine.com/wp-content/uploads/2022/04/Paul-Talaba.jpg" alt="Speaker"/></figure><div class="speaker-info"><div class="speaker-about"><p class="speaker-name">Paul Talaba</p><p class="speaker-job">Principal Systems Engineer</p><p class="speaker-company">SecureWorks</p></div><div class="speaker-description"><p>Paul is a subject matter expert for vulnerability management and XDR solutions at Secureworks. He works directly with customers, sales, delivery leads and experts across the Products, Solutions and Services offered by Secureworks. Paul is focused on building Security solutions and strategies focusing on prevention, detection and response capabilities.</p></div></div></div></div>



<div class="wp-block-cra-webcast-speaker"><div class="speaker-wrap overflow -grid"><figure class="speaker-image"><img src="https://files.scmagazine.com/wp-content/uploads/2020/11/JillAitoro.jpeg" alt="Speaker"/></figure><div class="speaker-info"><div class="speaker-about"><p class="speaker-name">Jill Aitoro</p><p class="speaker-job">Senior Vice President of Content Strategy</p><p class="speaker-company">CyberRisk Alliance</p></div><div class="speaker-description"><p>Jill Aitoro is senior vice president of content strategy for CyberRisk Alliance. She has more than 20 years of experience editing and reporting on technology, business and policy. Prior to joining CRA, she worked at Sightline Media as editor of Defense News and executive editor of the Business-to-Government Group. She previously worked at Washington Business Journal and Nextgov, covering federal technology, contracting and policy, as well as CMP Media’s VARBusiness and CRN and Penton Media’s iSeries News.</p></div></div></div></div>



<p><strong>Sponsored By:</strong> </p>



<figure class="wp-block-image size-full"><img width="400" height="51" src="https://files.scmagazine.com/wp-content/uploads/2022/04/MicrosoftTeams-image.jpg" alt="" class="wp-image-217720" srcset="https://files.scmagazine.com/wp-content/uploads/2022/04/MicrosoftTeams-image.jpg 400w, https://files.scmagazine.com/wp-content/uploads/2022/04/MicrosoftTeams-image-300x38.jpg 300w" sizes="(max-width: 400px) 100vw, 400px" /></figure>


Meta to cover integrity check evasion flaws in bug bounty program

Related

US-EU expand access to cybersecurity tools for small businesses

2022 SC Awards Finalists: Best Vulnerability Management Solution

Zyxel patches RCE vulnerability in firewalls following report by Rapid7

Related Events

Reinterpreting Risk: Achieving a More Complete Picture of The Threats Lurking in Your Environment

Ransomware & Zero Days: A 5-Step Action Plan to Avoid Becoming the Next Big Headline

A Simple, Automated Approach to Vulnerability Management