Why Bug-Bounty Programs Are Failing Everyone

In a Black Hat USA talk, Katie Moussouris will discuss why bug-bounty programs are failing in their goals, and what needs to happen next to use bounties in a way that improves security outcomes. [TechWeb]( Follow Dark Reading: [RSS]( August 01, 2022 LATEST SECURITY NEWS & COMMENTARY [Why Bug-Bounty Programs Are Failing Everyone]( In a Black Hat USA talk, Katie Moussouris will discuss why bug-bounty programs are failing in their goals, and what needs to happen next to use bounties in a way that improves security outcomes. [Security Teams Overwhelmed With Bugs, Bitten by Patch Prioritization]( The first half of the year saw more than 11,800 reported security vulnerabilities, but figuring out which ones to patch first remains a thankless job for IT teams. [Malicious npm Packages Scarf Up Discord Tokens, Credit Card Info]( The campaign uses four malicious packages to spread "Volt Stealer" and "Lofy Stealer" malware in the open source npm software package repository. [Big Questions Remain Around Massive Shanghai Police Data Breach]( Why was PII belonging to nearly 1 billion people housed in a single, open database? Why didn't anyone notice it was downloaded? [3 Tips for Creating a Security Culture]( Trying to get the whole organization on board with better cybersecurity is much tougher than it may sound. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [APT-Like Phishing Threat Mirrors Landing Pages]( By dynamically mirroring an organization’s login page, threat actors are propagating legitimate-looking phishing attacks that encourage victims to offer up access to the corporate crown jewels. [What Women Should Know Before Joining the Cybersecurity Industry]( Three observations about our industry that might help demystify security for women entrants. [Getting Ahead of Supply Chain Attacks]( Attackers are willing to replicate entire networks, purchase domains, and persist for months, not to mention spend significantly to make these campaigns successful. [MORE]( EDITORS' CHOICE [ICYMI: Dark Web Happenings Edition With Evil Corp., MSP Targeting & More]( Dark Reading's digest of other "don't-miss" stories of the week — including a Microsoft alert connecting disparate cybercrime activity together, and an explosion of Luca Stealer variants after an unusual Dark Web move. LATEST FROM THE EDGE [AWS Focuses on Identity Access Management at re:Inforce]( Identity and access management was front and center at AWS re:inforce this week. LATEST FROM DR TECHNOLOGY [Attackers Have 'Favorite' Vulnerabilities to Exploit]( While attackers continue to rely on older, unpatched vulnerabilities, many are jumping on new vulnerabilities as soon as they are disclosed. WEBINARS - [Understanding Machine Learning, Artificial Intelligence, & Deep Learning, and When to Use Them]( Advancements in artificial intelligence technology and machine learning and deep learning algorithms promise to transform enterprise security by giving IT security teams tools to detect and respond to attacks faster than before. Before security teams can use these tools, they ... - [Malicious Bots: What Enterprises Need to Know]( Bots are launching more complex and targeted attacks such as price scraping, credential stuffing, scalping, and credit card fraud, but many security defenders are still focused on only the most obvious attacks. Automated bot attacks are on the rise, but ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [Breaches Prompt Changes to Enterprise IR Plans and Processes]( - [6 Elements of a Solid IoT Security Strategy]( - [Incorporating a Prevention Mindset into Threat Detection and Response]( - [Understanding DNS Threats and How to Use DNS to Expand Your Cybersecurity Arsenal]( - [AppSec Considerations For Modern Application Development]( - [The Many Risks of Modern Application Development]( - [Optimizing Endpoint Protection]( [View More White Papers >>]( FEATURED REPORTS - [Understanding DNS Threats and How to Use DNS to Expand Your Cybersecurity Arsenal]( With attacks and breaches on the rise, enterprise security teams need full visibility over what they have in their network. DNS is a key tool for visibility and asset discovery. Proactive DNS-layer security - such as using DNS data to ... - [How Enterprises Are Securing the Application Environment]( Download this report from Dark Reading to learn more about the measures enterprises have adopted to ensure the security of their internally developed applications and third-party packaged applications. - [How Enterprises Plan to Address Endpoint Security Threats in a Post-Pandemic World]( Dark Reading's 2022 Endpoint Security Report examines how IT and cybersecurity professionals are grappling with the impact of pandemic-related changes on endpoint security strategies. The report explores how they are building their endpoint security defenses, and provides insight on what organizations ... [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [OneTouchPoint, Inc. Provides Notice of Data Privacy Event]( [First Cohort Graduates from PSM Cyber Stars Program at Liverpool FC]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [Implementing Zero Trust In Your Enterprise: How to Get Started]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2022]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)