Google Expands Bug Bounties to Its Open Source Projects

The search engine giant's Vulnerability Rewards Program now covers any Google open source software projects — with a focus on critical software such as Go and Angular. [TechWeb]( Follow Dark Reading: [RSS]( August 31, 2022 LATEST SECURITY NEWS & COMMENTARY [Google Expands Bug Bounties to Its Open Source Projects]( The search engine giant's Vulnerability Rewards Program now covers any Google open source software projects — with a focus on critical software such as Go and Angular. [Chinese Hackers Target Energy Sector in Australia, South China Sea]( The phishing campaign deploying a ScanBox reconnaissance framework has targeted the Australian government and companies maintaining wind turbines in the South China Sea. [Phishing Campaign Targets PyPI Users to Distribute Malicious Code]( The first-of-its-kind campaign threatens to remove code packages if developers don’t submit their code to a "validation" process. [Building a Strong SOC Starts With People]( A people-first approach reduces fatigue and burnout, and it empowers employees to seek out development opportunities, which helps retention. [Security Culture: An OT Survival Story]( The relationship between information technology and operational technology will need top-down support if a holistic security culture is to truly thrive. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [LastPass Suffers Data Breach, Source Code Stolen]( Researchers warned that cyberattackers will be probing the code for weaknesses to exploit later. [The 3 Questions CISOs Must Ask to Protect Their Sensitive Data]( CISOs must adopt a new mindset to take on the moving targets in modern cybersecurity. ['Sliver' Emerges as Cobalt Strike Alternative for Malicious C2]( Microsoft and others say they have observed nation-state actors, ransomware purveyors, and assorted cybercriminals pivoting to an open source attack-emulation tool in recent campaigns. [MORE]( EDITORS' CHOICE [NATO Investigates Dark Web Leak of Data Stolen From Missile Vendor]( Documents allegedly belonging to an EU defense dealer include those relating to weapons used by Ukraine in its fight against Russia. LATEST FROM THE EDGE [Don't Let 'Perfect' Be the Enemy of a Good AppSec Program]( These five suggestions provide a great place to start building a scalable and affordable program for creating secure apps. LATEST FROM DR TECHNOLOGY [New ODGen Tool Unearths 180 Zero-Days in Node.js Libraries]( New graph-based tool offers a better alternative to current approaches for finding vulnerabilities in JavaScript code, they note. WEBINARS - [Using Identity & Access Management to Improve Cyber Defense]( End user credentials have become a central target for online attackers, enabling them to navigate your enterprise systems as trusted users. As online attackers target these credentials and end users seek to gain access to a wider variety of applications ... - [Understanding Machine Learning, Artificial Intelligence, & Deep Learning, and When to Use Them]( Advancements in artificial intelligence technology and machine learning and deep learning algorithms promise to transform enterprise security by giving IT security teams tools to detect and respond to attacks faster than before. Before security teams can use these tools, they ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [Breaches Prompt Changes to Enterprise IR Plans and Processes]( - [Incorporating a Prevention Mindset into Threat Detection and Response]( - [Five Best Practices for AWS Security Monitoring]( - [Eight Best Practices for a Data-Driven Approach to Cloud Migration]( - [Sumo Logic for Continuous Intelligence]( - [Gartner, Quick Answer: How Can Organizations Use DNS to Improve Their Security Posture?]( - [Understanding DNS Threats and How to Use DNS to Expand Your Cybersecurity Arsenal]( [View More White Papers >>]( FEATURED REPORTS - [6 Elements of a Solid IoT Security Strategy]( - [Incorporating a Prevention Mindset into Threat Detection and Response]( - [Understanding DNS Threats and How to Use DNS to Expand Your Cybersecurity Arsenal]( With attacks and breaches on the rise, enterprise security teams need full visibility over what they have in their network. DNS is a key tool for visibility and asset discovery. Proactive DNS-layer security - such as using DNS data to ... [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [Endpoint Protection / Antivirus Products Tested for Malware Protection]( [Cohesity Research Reveals that Reliance on Legacy Technology Is Undermining How Organizations Respond to Ransomware]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [The State of Supply Chain Threats]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2022]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)