Home Cyber Crime Bug Bounty Radar // The latest bug bounty programs for April 2021

Bug Bounty Radar // The latest bug bounty programs for April 2021


New internet targets for the discerning hacker

The latest bug bounty news and programs for April 2021

It’s been a month of bumper bug bounty payout information, with Uruguayan researcher Ezequiel Pereira stealing the headlines for successful Google’s GCP VRP Prize 2020.

Utilizing an inner model of the Google Cloud Platform (GCP) service, Pereira was capable of exploit a distant code execution vulnerability in Google Cloud Deployment Supervisor and difficulty requests to inner endpoints through its world software program load balancer.

He netted $133,337 in prize cash, in addition to a $31,337 bug bounty award below Google’s Vulnerability Reward Program (VRP).

In the meantime, bug bounty hunter and Google worker Teddy Katz won $25,000 for locating a safety vulnerability that allowed attackers to reveal Actions secrets and techniques in GitHub repositories.

And there was a $55,000 payout for researcher Alaa Abdulridha, who discovered two third-party vulnerabilities that might have compromised Fb’s inner community.

Authentication cookies utilized by an unnamed third-party utility may very well be manipulated to compromise accounts belonging to Fb staff, with a flaw within the utility’s form-building function permitting entry to intern.our.fb.com.

In program information, Microsoft has launched a bug bounty program for 365 purposes, beginning with Microsoft Groups’ desktop shopper.

However this appears like small change in contrast with the brand new bug bounty reward on provide from bitcoin alternate Sovryn – $1.25 million for safety flaws within the Sovryn sensible contract. There’s additionally as much as $22,000 for hackers who uncover flaws within the firm’s web sites and web-facing purposes.

Discover out extra in our newest bug bounty packages listing under.

Lastly, in different information, HackerOne has reported a giant rise within the variety of hackers reporting vulnerabilities to firms – up by 63% in 2020.

In its newest annual report, the safety platform discovered that greater than a 3rd reported spending extra time hacking throughout the pandemic, typically specializing in threats from distant working.

The newest bug bounty packages for April 2021

The previous month noticed the arrival of a number of new bug bounty packages. Right here’s a listing of the most recent entries:

Avalanche Protocol

Program supplier: HackenProof

Program sort: Public bug bounty

Max reward: $10,000

Define: Avalance is an open supply platform for launching extremely decentralized purposes and customized blockchain networks. Safety researchers are being rewarded for locating vulnerabilities in varied applied sciences, together with the Avalanche Pockets and public-facing APIs.

Notes: This program is accompanied by the Avalanche General program, which presents rewards for bugs found in varied internet property.

Go to the Avalanche Protocol bug bounty page at HackenProof for more information


Program supplier: HackerOne

Program sort: Public bug bounty

Max reward: $3,000

Define: The second blockchain org on this month’s listing of bug bounty newcomers is BlockFi, which gives cryptocurrency financial savings, loans, and buying and selling providers.

Notes: There are minimal particulars on the corporate’s bug bounty web page, though the corporate mentioned it “appears ahead to working with the safety group to search out vulnerabilities with a view to hold our companies and prospects secure”.

Go to the BlockFi bug bounty page at HackerOne for more information


Program supplier: HackerOne

Program sort: Public bug bounty

Max reward: $2,000

Define: Mattermost is an open supply collaboration instrument for builders. The corporate’s new bug bounty program presents rewards for cross-site scripting (XSS), cross-site request forgery (CSRF), server-side request forgery (SSRF), denial-of-service exploits, and knowledge disclosure points.

Notes: To take part on this program, researchers must allow two-factor authentication.

Go to the Mattermost bug bounty page at HackerOne for more information

Microsoft Purposes Bounty Program

Program supplier: Impartial

Program sort: Public

Max reward: $30,000

Define: A program devoted to 365 purposes has kicked off with Microsoft Groups’ desktop model the only product in scope and a considerably increased fee ceiling than the $20,000 on provide below its on-line providers program.

Notes: Legitimate vulnerability reviews for Microsoft Groups are additionally now eligible for a 200% bonus multiplier utilized to factors earned below the corporate’s Researcher Recognition Program.

Take a look at our recent coverage for more information


Program supplier: HackerOne

Program sort: Public

Max reward: $3,000

Define: Scopely, a writer of cellular video games similar to Scrabble Go, Yahtzee, and Wheel of Fortune, has 13 property in scope, with vulnerabilities affecting video games attracting increased rewards than these impacting supporting providers.

Notes: Rewards scale up in response to impression tiers, from these affecting the safety of extra providers on the backside to these disrupting the worldwide sport economic system incomes the most important payouts, in addition to ease of exploitation.

Go to the Scopely bug bounty page at HackerOne for more information


Program supplier: Immunefi

Program sort: Public

Max reward: $1.25 million

Define: An opportunity to develop into an immediate millionaire after Bitcoin alternate Sovryn introduced what’s believed to be the biggest-ever bug bounty reward for safety flaws within the Sovryn sensible contract, whereas web site and internet app flaws can earn bounties as much as $22,000.

Notes: Requested why such an enormous reward was on provide, Sovryn co-founder Edan Yago informed The Every day Swig: “We consider we’re in an arms race for safety. The extra we provide, the extra probably we’re capable of outbid others within the consideration economic system for whitehat expertise.”

Take a look at our recent coverage for more information

Step Public Purposes

Program supplier: Bugcrowd

Program sort: Public

Max reward: $4,500

Define: Step, which develops monetary instruments to assist youngsters handle and get monetary savings, has invited moral hackers to probe its iOS and Android apps.

Notes: Out of scope are bugs associated to clickjacking, spam vectors, anti-spoofing e-mail configurations, and fee restrict issues that don’t result in account compromise.

Go to the Step Public Applications bug bounty page at Bugcrowd for more information


Program supplier: HackerOne

Program sort: Public bug bounty

Max reward: $2,000

Define: US ride-sharing firm Through is asking researchers to probe its Android and iOS apps for safety flaws. As much as $3,000 is on provide for vital points.

Notes: There’s an extended listing of out-of-scope points, and researchers ought to examine this totally earlier than beginning their engagement.

Go to the Via bug bounty page at HackerOne for more information

Different bug bounty and VDP information this month

Compiled by James Walker. Introduction by Emma Woollacott, Further reporting by Adam Bannister.

RELATED Bug Bounty Radar // March 2021

Source link