Luta Security in the News

Announcing the 2021 CyberScoop 50 awards winners

CyberScoop

Staff

October 18, 2021

https://www.cyberscoop.com/announcing-2021-cyberscoop-50-award-winners/

 

Missouri governor accuses newspaper of 'hacking' state website

StateScoop

Benjamin Freed

October 14, 2021

https://statescoop.com/missouri-parson-accuses-newspaper-hacking/

Zero-day hunters seek laws to prevent vendors suing them for helping out and doing their jobs

The Register

Simon Sharwood

October 11, 2021

https://www.theregister.com/2021/10/11/cyan_zero_day_legislative_project/

Apple admits iOS 15 has unpatched iPhone security flaws

BGR

Yoni Heisler
September 28, 2021

https://bgr.com/tech/apple-admits-ios-15-has-unpatched-iphone-security-flaws/

Apple ‘Still Investigating’ Unpatched and Public iPhone Vulnerabilities

VICE

Lorenzo Franceschi-Bicchierai

September 27, 2021

https://www.vice.com/en/article/g5gan4/apple-still-investigating-unpatched-and-public-iphone-vulnerabilities

An American Company Fears Its Windows Hacks Helped India Spy On China And Pakistan

Forbes

Thomas Brewster

September 17, 2021

https://www.forbes.com/sites/thomasbrewster/2021/09/17/exodus-american-tech-helped-india-spy-on-china/?sh=10cc480e7009

It's not just you: Emergency software patches are on the rise

NBC News

Kevin Collier

September 14, 2021

https://www.nbcnews.com/news/amp/rcna2012

 

'Zero-day' hacks, like the one that forced Apple’s emergency update, are on the rise

Yahoo! News

Kevin Collier

September 14, 2021

https://news.yahoo.com/not-just-emergency-software-patches-210914306.html

Apple's bug bounty program is coming under criticism - here's why

MSN

Mayank Sharma

September 10, 2021

https://www.msn.com/en-us/news/technology/apples-bug-bounty-program-is-coming-under-criticism-heres-why/ar-AAOixSp

 

Infosec researchers say Apple’s bug-bounty program needs work

Ars Technica

Jim Salter

September 9, 2021

https://arstechnica.com/information-technology/2021/09/infosec-researchers-say-apples-bug-bounty-program-needs-work/

Apple pays hackers six figures to find bugs in its software. Then it sits on their findings.

The Washington Post

Reed Albergotti

September 9, 2021

https://www.washingtonpost.com/technology/2021/09/09/apple-bug-bounty/

'Drive It Like You Stole It: When Bug Bounties Went Boom, Part Three 

Decipher

Dennis Fisher

September 1, 2021

https://duo.com/decipher/you-got-to-drive-it-like-you-stole-it-when-bug-bounties-went-boom-part-three

Uprising in the Valley: When Bug Bounties Went Boom, Part Two

Decipher

Dennis Fisher

August 31, 2021

https://duo.com/decipher/uprising-in-the-valley-when-bug-bounties-went-boom-part-two

Lawyers, Bugs, and Money: When Bug Bounties Went Boom

Decipher

Dennis Fisher

August 30, 2021

https://duo.com/decipher/lawyers-bugs-and-money-when-bug-bounties-went-boom

As Fortinet spars with Rapid7, what can everyone else learn about disclosure?

SC Media

Joe Uchill

August 18, 2021

https://www.scmagazine.com/analysis/vulnerability-management/as-fortinet-spars-with-rapid7-what-can-everyone-else-learn-about-disclosure

Apple says its CSAM scan code can be verified by researchers. Corellium starts throwing out dollar bills

The Register

Thomas Claburn

August 17, 2021

https://www.theregister.com/2021/08/17/corellium_apple_bounty/

Ministry of Defence makes first ever bounty payments to hackers

Sky News

Alexander Martin

August 3, 2021

https://news.sky.com/story/ministry-of-defence-makes-first-ever-bounty-payments-to-hackers-12371510

A Controversial Tool Calls Out Thousands of Hackable Websites

Wired

Andy Greenberg

July 27, 2021

https://wired.me/technology/security/controversial-tool-punkspider-calls-out-hackable-websites/

The Cybersecurity 202: Cyber experts give Biden top marks at six months

The Washington Post

Joseph Marks

July 26, 2021

https://www.washingtonpost.com/politics/2021/07/26/cybersecurity-202-cyber-experts-give-biden-top-marks-six-months/

So nice of China to put all of its network zero-day vulns in one giant database no one will think to break into

The Register

Iain Thomson

July 15, 2021

https://www.theregister.com/2021/07/15/china_vulnerability_law/

Firm hacked to spread ransomware had previous security flaws

Associated Press

Matt O'Brien

July 13, 2021

https://apnews.com/article/europe-business-technology-hacking-db3e5f615629bb225259efaf7fdf378c

AWS launches BugBust contest: Help fix a $100m problem for a $12 tshirt

The Register

Thomas Claburn

June 25, 2021

https://www.theregister.com/2021/06/25/aws_bugbust_contest/

Cybersecurity Companies Join Forces Against Controversial DMCA 

SecurityWeek

Eduard Kovacs

June 24, 2021

https://www.securityweek.com/cybersecurity-companies-join-forces-against-controversial-dmca-section

Katie Moussouris: Coordinated Vulnerability Disclosure and the Problem with Bug Bounty Platforms

TechSpective Podcast Episode 067

Tony Bradley

June 21, 2021

https://securityboulevard.com/2021/06/katie-moussouris-coordinated-vulnerability-disclosure-and-the-problem-with-bug-bounty-platforms/

Cybersecurity 202: The Biden administration aims big on cybersecurity spending

Washington Post

Joseph Marks

June 1, 2021

https://www.washingtonpost.com/politics/2021/06/01/cybersecurity-202-biden-administration-aims-big-cybersecurity-spending/

NTIA Wants Feedback on Software Transparency Plan

NextGov

Mariam Baksh

June 1, 2021

https://www.nextgov.com/cybersecurity/2021/06/ntia-wants-feedback-plan-software-transparency-plan/174429/

House bill would require federal contractors to put in place vulnerability disclosure programs

SC Media

Joe Uchill

June 1, 2021

https://www.scmagazine.com/home/government/bill-would-require-contractors-to-have-vulnerability-disclosure-programs/

Security experts break down exactly why you shouldn't share your passwords: 'It's really dangerous'

Yahoo! News

Korin Miller

May 20, 2021

https://news.yahoo.com/news/why-you-shouldnt-share-passwords-yahoo-subscriptions-011927368.html

How to 'be vigilant' and protect your digital assets from getting hacked

Yahoo Finance

Alexis Keenan

April 29, 2021

https://finance.yahoo.com/news/how-to-protect-your-digital-assets-from-getting-hacked-164012380.html

 

The Cybersecurity 202: Nearly two-thirds of cybersecurity experts think Biden’s response to Russian hack is sufficient

Washington Post

Tonya Riley

April 26, 2021

https://www.washingtonpost.com/politics/2021/04/26/cybersecurity-202-nearly-two-thirds-cybersecurity-experts-think-biden-response-russian-hack-is-sufficient/

 

In Appreciation: Dan Kaminsky

Dark Reading

Kelly Jackson Higgins

April 26, 2021

https://www.darkreading.com/vulnerabilities---threats/in-appreciation-dan-kaminsky/d/d-id/1340830?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

A Clubhouse Bug Let People Lurk in Rooms Invisibly

Wired

Lily Hay Newman

April 21, 2021

https://www.wired.com/story/clubhouse-bug-lurkers-ghost/

University duo thought it would be cool to sneak bad code into Linux as an experiment. Of course, it absolutely backfired

The Register

Thomas Claburn

April 21, 2021

https://www.theregister.com/2021/04/21/minnesota_linux_kernel_flaws_update/

What to Do After a Data Breach

Consumer Reports

Yael Grauer

April 12, 2021

https://www.consumerreports.org/data-theft/what-to-do-after-a-data-breach/

For US cyber defense, helpful hackers are only half the battle

The Hill

Katie Moussouris Op-ed

March 17, 2021

https://thehill.com/opinion/technology/543464-for-us-cyber-defense-helpful-hackers-are-only-half-the-battle

GitHub removes researcher's Exchange Server exploit, sparking industry debate

CyberScoop

Sean Lyngaas

March 11, 2021

https://www.cyberscoop.com/github-exploit-exchange-server-microsoft/

It’s Open Season for Microsoft Exchange Server Hacks

Wired

Lily Hay Newman

March 10, 2021

https://www.wired.com/story/microsoft-exchange-patch-hacks-ransomware/

Casting a wide intrusion net: Dozens of companies, agencies were burned with a single hack

The Dallas Morning News/Associated Press

Frank Bajak

March 8, 2021

https://www.dallasnews.com/business/2021/03/08/casting-a-wide-intrusion-net-dozens-of-companies-agencies-were-burned-with-a-single-hack/

The Cybersecurity 202: Here's what cybersecurity experts think Biden should prioritize in his first 100 days

The Washington Post

Tonya Riley

February 1, 2021

https://www.washingtonpost.com/politics/2021/02/01/cybersecurity-202-here-what-cybersecurity-experts-think-biden-should-prioritize-his-first-100-days/

Apple warns of "remote attacker" security threat on iPhone and iPad, releases iOS 14.4 update

CBS News

Cassidy McDonald

January 27, 2021

https://www.cbsnews.com/news/apple-update-iphone-security-ios-14-4/

Survey says, women in cyber make 31 percent less than men

SC Magazine

Bradley Barth

January 6, 2021

https://www.scmagazine.com/women-in-it-security/survey-says-women-in-cyber-make-31-percent-less-than-men/

Cyber leaders back Biden’s DHS pick

Politico

Martin Matishak

December 21, 2020

https://www.politico.com/newsletters/weekly-cybersecurity/2020/12/21/cyber-leaders-back-bidens-dhs-pick-792428

The Cybersecurity 202: Trump took the nation in the wrong direction on cybersecurity, experts say

The Washington Post

Joseph Marks

December 15, 2020

https://www.washingtonpost.com/politics/2020/12/15/cybersecurity-202-trump-took-nation-wrong-direction-cybersecurity-experts-say/

HackerOne, Verizon Media weigh pros and cons of making live hacking contests virtual

CyberScoop

Tim Starks

December 14, 2020

https://www.cyberscoop.com/hackerone-verizon-bug-bounties-hacking/

U.S. Supreme Court to Weigh Anti-Hacking Law’s Limits on Access

Bloomberg Law

Andrea Vittorio

November 27, 2020

https://news.bloomberglaw.com/privacy-and-data-security/u-s-supreme-court-to-weigh-anti-hacking-laws-limits-on-access?context=article-related

S3 Ep8: A conversation with Katie Moussouris [Podcast]

Naked Security – Sophos

Paul Ducklin

November 25, 2020

https://nakedsecurity.sophos.com/2020/11/25/s3-ep8-a-conversation-with-katie-moussouris/

Firing of security official draws bipartisan rebuke

Axios

Ina Fried

November 18, 2020

https://www.axios.com/firing-security-official-christopher-krebs-draws-bipartisan-rebuke-18e6953a-ada3-421a-8c50-65b0ebc09ef5.html

Trump Fires Christopher Krebs, Head of CISA

Bank Info Security

Jeremy Kirk

November 17, 2020

https://www.bankinfosecurity.com/trump-fires-christopher-krebs-head-cisa-a-15386

How to Make the Most of Your Budding Cybersecurity Career

Government Technology

Cisco

November 12, 2020

https://www.govtech.com/security/How-to-Make-the-Most-of-Your-Budding-Cybersecurity-Career.html

 

Zoom deceived users about the privacy of their calls, FTC

Mashable

Jack Morse

November 9, 2020

https://mashable.com/article/zoom-settlement-federal-trade-commission-encryption-misled-users/

Apple Fixes iOS Zero Day Flaws Found by Google

Bank Info Security

Jeremy Kirk

November 5, 2020

https://www.bankinfosecurity.com/apple-fixes-ios-zero-day-flaws-found-by-google-a-15317

 

Did a Security Researcher Really Access Trump’s Twitter Account?

PC Mag

Michael Kan

October 22, 2020

https://www.pcmag.com/news/did-a-security-researcher-really-access-trumps-twitter-account

 

Grindr's Bug Bounty Pledge Doesn't Translate to Security

Threatpost

Lindsey O’Donnell

October 6, 2020

https://threatpost.com/grindrs-bug-bounty-pledge-security/159893/

 

It’s No ‘Giggle’: Managing Expectations for Vulnerability Disclosure

Threatpost

Tara Seals

September 11, 2020

https://threatpost.com/giggle-managing-expectations-vulnerability-disclosure/159039/

CISA Issues Final Order on Federal Vulnerability Disclosure, But Questions Remain

Dennis Fisher

Decipher

September 4, 2020

https://duo.com/decipher/cisa-issues-final-order-on-federal-vulnerability-disclosure-but-questions-remain

 

Fb to warn third-party developers of vulnerable code

TechCrunch

Zack Whittaker & Sarah Perez

September 3, 2020

https://techcrunch.com/2020/09/03/facebook-vulnerable-code/

 

Homeland Security demands a 911 for reporting security holes in federal networks: 'Vulns in internet systems cause real-world impacts'

Thomas Claburn

The Register

September 2, 2020

https://www.theregister.com/2020/09/03/us_bug_bounty/

So You Want to Build a Vulnerability Disclosure Program?

Mathew J. Schwartz

InfoRiskToday

August 20, 2020

https://www.inforisktoday.com/so-you-want-to-build-vulnerability-disclosure-program-a-14859

Microsoft forked out $13.7m in bug bounties. The reward program's architect thinks the money could be better spent

The Register

Shaun Nichols

August 4, 2020

https://www.theregister.com/2020/08/04/microsoft_137_bug_bounties/