fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Google Almost Doubles Linux Kernel, Kubernetes Zero-day Rewards

Google Almost Doubles Linux Kernel, Kubernetes Zero-day Rewards

Google says it bumped up rewards for reports of Linux Kernel, Kubernetes, Google Kubernetes Engine (GKE), or kCTF vulnerabilities by adding bigger bonuses for zero-day bugs and exploits using unique exploitation techniques.

“We increased our rewards because we recognized that in order to attract the attention of the community we needed to match our rewards to their expectations,” Google Vulnerability Matchmaker Eduardo Vela explained.

“We consider the expansion to have been a success, and because of that we would like to extend it even further to at least until the end of the year (2022).”

While initially announced in November that reports of critical vulnerabilities will get rewards of up to $50,337 depending on their severity, Google now increased the maximum reward to $91,337.

Also Read: Data Protection Authority GDPR: Everything You Need To Know

Getting the maximum amount of money for an exploit depends on several conditions, including if they are zero-days (unknown bugs without a security patch), if they do not require unprivileged user namespaces, and if they use novel exploit techniques.

Each of them comes with a $20,000 bonus that could bring the value of a first valid exploit submission up to $91,337.

“These changes increase some 1day exploits to 71,337 USD (up from 31,337 USD), and makes it so that the maximum reward for a single exploit is 91,337 USD (up from 50,337 USD),” Vela explained.

“We also are going to pay even for duplicates at least 20,000 USD if they demonstrate novel exploit techniques (up from 0 USD). However, we will also limit the number of rewards for 1days to only one per version/build.”

While Google will not pay for duplicate exploits of the same security flaw, the company says that bonuses for novel exploit techniques will still apply, which means that researchers could still get $20,000 for duplicates.

$175,000 paid in the last three months

Since November, Google has paid more than $175,000 for nine different submissions, including five zero-days and two 1-days.

Also Read: The Top 10 Best And Trusted List Of Lawyers In Singapore

Google says it already fixed three out of these nine vulnerabilities: CVE-2021-4154CVE-2021-22600 (patch), and CVE-2022-0185 (writeup).

“These three bugs were first found by Syzkaller, and two of them had already been fixed on the mainline and stable versions of the Linux Kernel at the time they were reported to us,” Vela added.

As Google revealed in July 2021, since launching its first VRP over ten years ago, it has rewarded more than 2,000 security researchers from 84 different countries for reporting roughly 11,000 bugs.

All in all, Google said that researchers had earned over $29 million since January 2010, when the Chromium vulnerability reward program was launched.

In the Vulnerability Reward Program: 2021 Year in Review report published last week, the company said that it awarded a record-breaking $8,700,000 in rewards in 2021, including the highest payout in Android VRP history: a $157,000 exploit chain.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us