Luta Security in the News
Industry launches hacking policy council, legal defense fund to support security research and disclosures
SC Media
Derek B. Johnson
April 13, 2023
Tech Companies Unveil New Hacking Policy Council, Legal Defense Fund for Researchers
Decipher
Dennis Fisher
April 13, 2023
OpenAI launches bug bounty program with Bugcrowd
TechTarget
Alexander Culafi
April 12, 2023
Think ransomware gangs won't thrive this year? Think again, experts say
The Washington Post
Tim Starks
March 30, 2023
Katie Moussouris on where bug bounties went wrong
Security Conversations
Ryan Naraine
December 8, 2022
https://securityconversations.com/episode/katie-moussouris-on-where-bug-bounties-went-wrong/
How to build a public profile as a cybersecurity pro
CSO
Samira Sarraf
November 29, 2022
https://www.csoonline.com/article/3680390/how-to-build-a-public-profile-as-a-cybersecurity-pro.html
For cyber experts, disinformation overshadows cyberthreats in midterms
The Washington Post: Cybersecurity 202
Tim Starks
October 31, 2022
This Hacker Is Trying to Close the Gender Pay Gap in Cybersecurity
VICE
Chloe Xiang
September 14, 2022
Bug Bounty Botox – Why You Need a Security Process First
InfoSecurity Magazine
Sean Michael Kerner
August 12, 2022
https://www.infosecurity-magazine.com/news/bhusa-bug-bounty-botox/
For Bug Bounties, 'Knowing is less than half the battle’
Decipher
Dennis Fisher
August 11, 2022
https://duo.com/decipher/for-bug-bounties-knowing-is-less-than-half-the-battle
As Black Hat kicks off, the US government is getting the message on hiring security talent
The Register
Iain Thomson
August 10, 2022
https://www.theregister.com/2022/08/10/us_security_hiring/
Why Bug-Bounty Programs Are Failing Everyone
Dark Reading
Ericka Chickowski
July 29, 2022
https://www.darkreading.com/black-hat/why-bug-bounty-programs-failing-everyone
Experts: California lacked safeguards for gun owner info
Associated Press
Don Thompson
July 1, 2022
Security experts break down exactly why you shouldn't share your passwords: 'It's really dangerous'
Yahoo! News
May 10, 2022
https://www.yahoo.com/lifestyle/why-you-shouldnt-share-passwords-yahoo-subscriptions-011927368.html
Musk's plans to make Twitter's algorithms public raises disinformation conundrum
CyberScoop
Tonya Riley
April 26, 2022
https://www.cyberscoop.com/elon-musk-twitter-algorithm-open-source-disinfomation/
Attacking rival, Google says Microsoft’s hold on government security is a problem
NBC News
Kevin Collier
March 31, 2022
Russia may be primed to hack America’s infrastructure
Yahoo! Finance
Daniel Howley
February 24, 2022
https://finance.yahoo.com/news/russia-may-be-primied-to-hack-americas-infrastructure-182256545.html
Most cyber pros give thumbs down to the EARN IT Act
The Washington Post: Cybersecurity 202
Joseph Marks
February 23, 2022
https://www.washingtonpost.com/politics/2022/02/23/most-cyber-pros-give-thumbs-down-earn-it-act/
Tracking cyber’s role in the Russia-Ukraine conflict
Politico
Sam Sabin
02/14/2022
Senators aren't swayed by Apple's security arguments
The Washington Post: Cybersecurity 202
Joseph Marks
February 4, 2022
New DHS Cyber Safety Review Board will investigate major incidents
CNN
Geneva Sands and Sean Lyngaas
February 3, 2022
https://www.cnn.com/2022/02/03/politics/dhs-cybersecurity-review-board-major-incidents/index.html
Homeland Security establishes the Cyber Safety Review Board to learn the mistakes from past cyber incidents
TechCrunch
Carly Page
February 3, 2022
https://techcrunch.com/2022/02/03/homeland-security-cyber-safety-review-board/
Is Russia or China the biggest cyber threat? Experts are split
The Washington Post: Cybersecurity 202
Joseph Marks
January 20, 2022
Google says open source software should be more secure
The Register
Thomas Claburn
January 14, 2022
https://www.theregister.com/2022/01/14/google_says_open_source_software/
The FTC Wants Companies to Find Log4j Fast. It Won't Be So Easy
Wired
Chris Stokel-Walker
January 10, 2022
https://www.wired.co.uk/article/lo4j-ftc-vulnerability
Agencies get Christmas Eve deadline to address ‘extremely concerning’ vulnerability
Federal News Network
Justin Doubleday
December 15, 2021
US government to offer up to $5,000 'bounty' to hackers to identify cyber vulnerabilities
CNN
Geneva Sands
December 14, 2021
https://www.cnn.com/2021/12/14/politics/dhs-bug-bounty-hackers-cyber-vulnerabilities/index.html
A Log4J Vulnerability Has Set the Internet 'On Fire'
Wired Magazine
Lily Hay Newman
December 10, 2021
https://www.wired.com/story/log4j-flaw-hacking-internet/
Vast majority of our Network cyber experts favor mandates to report hacks
The Washington Post: Cybersecurity 202
Joseph Marks
December 6, 2021
The Matrix Is the Best Hacker Movie
Wired Magazine
Andy Greenberg
December 1, 2021
https://www.wired.com/story/matrix-best-hacker-movie/
Q&A: Ciaran Martin
InfoSecurity Magazine
Eleanor Dallaway
November 25, 2021
https://www.infosecurity-magazine.com/interviews/qa-ciaran-martin/
NIST workshop provides clues to upcoming software supply chain security guidelines
November 23, 2021
Reporter who notified Missouri officials of website flaw did 'nothing out of line,' emails show
StateScoop
Benjamin Freed
October 27, 2021
https://statescoop.com/missouri-parson-reporter-did-nothing-wrong/
The U.S. cyber workforce gap is getting bigger
The Washington Post / Cybersecurity 202
Joseph Marks
October 26, 2021
https://www.washingtonpost.com/politics/2021/10/26/us-cyber-workforce-gap-is-getting-bigger/
Announcing the 2021 CyberScoop 50 awards winners
CyberScoop
Staff
October 18, 2021
https://www.cyberscoop.com/announcing-2021-cyberscoop-50-award-winners/
Missouri governor accuses newspaper of 'hacking' state website
StateScoop
Benjamin Freed
October 14, 2021
https://statescoop.com/missouri-parson-accuses-newspaper-hacking/
Zero-day hunters seek laws to prevent vendors suing them for helping out and doing their jobs
The Register
Simon Sharwood
October 11, 2021
https://www.theregister.com/2021/10/11/cyan_zero_day_legislative_project/
Apple admits iOS 15 has unpatched iPhone security flaws
BGR
Yoni Heisler
September 28, 2021
https://bgr.com/tech/apple-admits-ios-15-has-unpatched-iphone-security-flaws/
Apple ‘Still Investigating’ Unpatched and Public iPhone Vulnerabilities
VICE
September 27, 2021
An American Company Fears Its Windows Hacks Helped India Spy On China And Pakistan
Forbes
Thomas Brewster
September 17, 2021
It's not just you: Emergency software patches are on the rise
NBC News
Kevin Collier
September 14, 2021
https://www.nbcnews.com/news/amp/rcna2012
'Zero-day' hacks, like the one that forced Apple’s emergency update, are on the rise
Yahoo! News
Kevin Collier
September 14, 2021
https://news.yahoo.com/not-just-emergency-software-patches-210914306.html
Apple's bug bounty program is coming under criticism - here's why
MSN
Mayank Sharma
September 10, 2021
Infosec researchers say Apple’s bug-bounty program needs work
Ars Technica
Jim Salter
September 9, 2021
Apple pays hackers six figures to find bugs in its software. Then it sits on their findings.
The Washington Post
Reed Albergotti
September 9, 2021
https://www.washingtonpost.com/technology/2021/09/09/apple-bug-bounty/
'Drive It Like You Stole It: When Bug Bounties Went Boom, Part Three
Decipher
Dennis Fisher
September 1, 2021
Uprising in the Valley: When Bug Bounties Went Boom, Part Two
Decipher
Dennis Fisher
August 31, 2021
https://duo.com/decipher/uprising-in-the-valley-when-bug-bounties-went-boom-part-two
Lawyers, Bugs, and Money: When Bug Bounties Went Boom
Decipher
Dennis Fisher
August 30, 2021
https://duo.com/decipher/lawyers-bugs-and-money-when-bug-bounties-went-boom
As Fortinet spars with Rapid7, what can everyone else learn about disclosure?
SC Media
Joe Uchill
August 18, 2021
Apple says its CSAM scan code can be verified by researchers. Corellium starts throwing out dollar bills
The Register
Thomas Claburn
August 17, 2021
https://www.theregister.com/2021/08/17/corellium_apple_bounty/
Ministry of Defence makes first ever bounty payments to hackers
Sky News
Alexander Martin
August 3, 2021
https://news.sky.com/story/ministry-of-defence-makes-first-ever-bounty-payments-to-hackers-12371510
A Controversial Tool Calls Out Thousands of Hackable Websites
Wired
Andy Greenberg
July 27, 2021
https://wired.me/technology/security/controversial-tool-punkspider-calls-out-hackable-websites/
The Cybersecurity 202: Cyber experts give Biden top marks at six months
The Washington Post
Joseph Marks
July 26, 2021
So nice of China to put all of its network zero-day vulns in one giant database no one will think to break into
The Register
Iain Thomson
July 15, 2021
https://www.theregister.com/2021/07/15/china_vulnerability_law/
Firm hacked to spread ransomware had previous security flaws
Associated Press
Matt O'Brien
July 13, 2021
https://apnews.com/article/europe-business-technology-hacking-db3e5f615629bb225259efaf7fdf378c
AWS launches BugBust contest: Help fix a $100m problem for a $12 tshirt
The Register
Thomas Claburn
June 25, 2021
https://www.theregister.com/2021/06/25/aws_bugbust_contest/
Cybersecurity Companies Join Forces Against Controversial DMCA
SecurityWeek
Eduard Kovacs
June 24, 2021
https://www.securityweek.com/cybersecurity-companies-join-forces-against-controversial-dmca-section
Katie Moussouris: Coordinated Vulnerability Disclosure and the Problem with Bug Bounty Platforms
TechSpective Podcast Episode 067
Tony Bradley
June 21, 2021
Cybersecurity 202: The Biden administration aims big on cybersecurity spending
Washington Post
Joseph Marks
June 1, 2021
NTIA Wants Feedback on Software Transparency Plan
NextGov
Mariam Baksh
June 1, 2021
House bill would require federal contractors to put in place vulnerability disclosure programs
SC Media
Joe Uchill
June 1, 2021
Security experts break down exactly why you shouldn't share your passwords: 'It's really dangerous'
Yahoo! News
Korin Miller
May 20, 2021
https://news.yahoo.com/news/why-you-shouldnt-share-passwords-yahoo-subscriptions-011927368.html
How to 'be vigilant' and protect your digital assets from getting hacked
Yahoo Finance
Alexis Keenan
April 29, 2021
https://finance.yahoo.com/news/how-to-protect-your-digital-assets-from-getting-hacked-164012380.html
The Cybersecurity 202: Nearly two-thirds of cybersecurity experts think Biden’s response to Russian hack is sufficient
Washington Post
Tonya Riley
April 26, 2021
In Appreciation: Dan Kaminsky
Dark Reading
Kelly Jackson Higgins
April 26, 2021
A Clubhouse Bug Let People Lurk in Rooms Invisibly
Wired
Lily Hay Newman
April 21, 2021
https://www.wired.com/story/clubhouse-bug-lurkers-ghost/
University duo thought it would be cool to sneak bad code into Linux as an experiment. Of course, it absolutely backfired
The Register
Thomas Claburn
April 21, 2021
https://www.theregister.com/2021/04/21/minnesota_linux_kernel_flaws_update/
What to Do After a Data Breach
Consumer Reports
Yael Grauer
April 12, 2021
https://www.consumerreports.org/data-theft/what-to-do-after-a-data-breach/
For US cyber defense, helpful hackers are only half the battle
The Hill
Katie Moussouris Op-ed
March 17, 2021
GitHub removes researcher's Exchange Server exploit, sparking industry debate
CyberScoop
Sean Lyngaas
March 11, 2021
https://www.cyberscoop.com/github-exploit-exchange-server-microsoft/
It’s Open Season for Microsoft Exchange Server Hacks
Wired
Lily Hay Newman
March 10, 2021
https://www.wired.com/story/microsoft-exchange-patch-hacks-ransomware/
Casting a wide intrusion net: Dozens of companies, agencies were burned with a single hack
The Dallas Morning News/Associated Press
Frank Bajak
March 8, 2021
The Cybersecurity 202: Here's what cybersecurity experts think Biden should prioritize in his first 100 days
The Washington Post
Tonya Riley
February 1, 2021
Apple warns of "remote attacker" security threat on iPhone and iPad, releases iOS 14.4 update
CBS News
Cassidy McDonald
January 27, 2021
https://www.cbsnews.com/news/apple-update-iphone-security-ios-14-4/
Survey says, women in cyber make 31 percent less than men
SC Magazine
Bradley Barth
January 6, 2021
Cyber leaders back Biden’s DHS pick
Politico
Martin Matishak
December 21, 2020
The Cybersecurity 202: Trump took the nation in the wrong direction on cybersecurity, experts say
The Washington Post
Joseph Marks
December 15, 2020
HackerOne, Verizon Media weigh pros and cons of making live hacking contests virtual
CyberScoop
Tim Starks
December 14, 2020
https://www.cyberscoop.com/hackerone-verizon-bug-bounties-hacking/
U.S. Supreme Court to Weigh Anti-Hacking Law’s Limits on Access
Bloomberg Law
Andrea Vittorio
November 27, 2020
S3 Ep8: A conversation with Katie Moussouris [Podcast]
Naked Security – Sophos
Paul Ducklin
November 25, 2020
https://nakedsecurity.sophos.com/2020/11/25/s3-ep8-a-conversation-with-katie-moussouris/
Firing of security official draws bipartisan rebuke
Axios
Ina Fried
November 18, 2020
Trump Fires Christopher Krebs, Head of CISA
Bank Info Security
Jeremy Kirk
November 17, 2020
https://www.bankinfosecurity.com/trump-fires-christopher-krebs-head-cisa-a-15386
How to Make the Most of Your Budding Cybersecurity Career
Government Technology
Cisco
November 12, 2020
https://www.govtech.com/security/How-to-Make-the-Most-of-Your-Budding-Cybersecurity-Career.html
Zoom deceived users about the privacy of their calls, FTC
Mashable
Jack Morse
November 9, 2020
https://mashable.com/article/zoom-settlement-federal-trade-commission-encryption-misled-users/
Apple Fixes iOS Zero Day Flaws Found by Google
Bank Info Security
Jeremy Kirk
November 5, 2020
https://www.bankinfosecurity.com/apple-fixes-ios-zero-day-flaws-found-by-google-a-15317
Did a Security Researcher Really Access Trump’s Twitter Account?
PC Mag
Michael Kan
October 22, 2020
https://www.pcmag.com/news/did-a-security-researcher-really-access-trumps-twitter-account
Grindr's Bug Bounty Pledge Doesn't Translate to Security
Threatpost
Lindsey O’Donnell
October 6, 2020
https://threatpost.com/grindrs-bug-bounty-pledge-security/159893/
It’s No ‘Giggle’: Managing Expectations for Vulnerability Disclosure
Threatpost
Tara Seals
September 11, 2020
https://threatpost.com/giggle-managing-expectations-vulnerability-disclosure/159039/
CISA Issues Final Order on Federal Vulnerability Disclosure, But Questions Remain
Dennis Fisher
Decipher
September 4, 2020
Fb to warn third-party developers of vulnerable code
TechCrunch
Zack Whittaker & Sarah Perez
September 3, 2020
https://techcrunch.com/2020/09/03/facebook-vulnerable-code/
Homeland Security demands a 911 for reporting security holes in federal networks: 'Vulns in internet systems cause real-world impacts'
Thomas Claburn
The Register
September 2, 2020
https://www.theregister.com/2020/09/03/us_bug_bounty/
So You Want to Build a Vulnerability Disclosure Program?
Mathew J. Schwartz
InfoRiskToday
August 20, 2020
https://www.inforisktoday.com/so-you-want-to-build-vulnerability-disclosure-program-a-14859
Microsoft forked out $13.7m in bug bounties. The reward program's architect thinks the money could be better spent
The Register
Shaun Nichols
August 4, 2020
https://www.theregister.com/2020/08/04/microsoft_137_bug_bounties/