fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

ExpressVPN Offering $100,000 to First Person who Hacks its Servers

ExpressVPN Offering $100,000 to First Person who Hacks its Servers

ExpressVPN has updated its bug bounty program to make it more inviting to ethical hackers, now offering a one-time $100,000 bug bounty to whoever can compromise its systems.

ExpressVPN is one of the most widely used VPN (virtual private networks) products, which offers users web browsing privacy and the ability to bypass geo-restrictions.

This privacy is achieved by passing the user’s internet traffic through encryption tunnels, while the user’s actual IP address is hidden behind one provided by the VPN service.

Also Read: National Cybersecurity Awareness Campaign of Singapore: Better Cyber Safe than Sorry

As such, compromising the security of this type of system results in failure on one of the most critical selling points of these products, users’ privacy.

This is why ExpressVPN offers a bug bounty program, allowing security auditors and researchers to report vulnerabilities in the company’s infrastructure and software and receive monetary bug bounty rewards.

New $100,000 bounty for critical bugs

Today, ExpressVPN announced that they are now offering a $100,000 bug bounty for critical vulnerabilities in their in-house technology, TrustedServer.

“This is the highest single bounty offered on the Bugcrowd platform and 10 times higher than the top reward previously offered by ExpressVPN,” the company shared in an email to BleepingComputer.

The new $100,000 one-time bounty is offered with the following conditions:

  • The first person to submit a valid vulnerability, granting unauthorized access or exposing customer data, will receive the US$100,000 bounty. This one-time bonus is valid until the prize has been claimed.
  • The one-time US$100,000 bounty is only eligible for vulnerabilities in ExpressVPN’s VPN Server.
  • Activities should remain in scope to the TrustedServer platform. If unsure that your testing is considered in-scope, please reach out to [email protected] to confirm first.

ExpressVPN also invites security researchers to uncover possible ways to leak the actual IP address of clients and monitor user traffic.

Also Read: Revised Technology Risk Management Guidelines of Singapore

The bug bounty program is run through BugCrowd, which offers a safe harbor for researchers who attempt to breach ExpressVPN’s servers as part of the program.

A tough nut to crack

TrustedServer is a custom-built operating system based on Debian Linux, featuring proprietary security enhancements that make it ideal for use in VPN infrastructure.

ExpressVPN follows a RAM-only approach for its servers and employs a periodic data wiping system that activates upon reboots.

The system has a build verification that prevents insider code tampering events and is patched every week with clean installations on every ExpressVPN server.

It will likely be hard to find bugs to leverage, especially after the bug bounty program has been available for the past six years, hence the hike in the payouts.

If you’re confident in your hacking abilities and interested in the above challenge, you can take part in the program from here.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us