Malware, Vulnerability Management

Google bug bounty program hits $2 million mark

Google, which introduced its bug bounty program three years ago, announced this week that it has doled out more than $2 million to vulnerability hunters.

The company actually offers two programs, one for Google-owned services, such as its flagship Google.com site, and another for the Chromium Project, the open source web browser that operates Google Chrome. When combined, more than 2,000 bugs were reported on and fixed, according to a Google blog post.

Related

Rootkit capabilities likely with Windows bugs

Several rootkit-like capabilities could be obtained by threat actors through the exploitation of vulnerabilities in Windows' DOS-to-NT path conversion process, including file and process concealment and compromised prefetch file analysis, reports The Hacker News.

Abusing GitHub flaw could compromise GitLab

Open-source DevOps software project GitLab has also been impacted by the same security issue in GitHub comments that has been exploited by threat actors through Microsoft repository-linked URLs to facilitate the distribution of malware that was made to seem to originate from credible entities' official source code repositories, according to BleepingComputer.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.