Luta Security in the News

This Hacker Is Trying to Close the Gender Pay Gap in Cybersecurity

VICE

Chloe Xiang

September 14, 2022

https://www.vice.com/en/article/xgyvza/this-hacker-is-trying-to-close-the-gender-pay-gap-in-cybersecurity

https://youtu.be/QgX_iKNbFaM

Bug Bounty Botox – Why You Need a Security Process First

InfoSecurity Magazine

Sean Michael Kerner 

August 12, 2022

https://www.infosecurity-magazine.com/news/bhusa-bug-bounty-botox/

For Bug Bounties, 'Knowing is less than half the battle’

Decipher

Dennis Fisher

August 11, 2022

https://duo.com/decipher/for-bug-bounties-knowing-is-less-than-half-the-battle

As Black Hat kicks off, the US government is getting the message on hiring security talent

The Register

Iain Thomson

August 10, 2022

https://www.theregister.com/2022/08/10/us_security_hiring/

Why Bug-Bounty Programs Are Failing Everyone

Dark Reading

Ericka Chickowski

July 29, 2022

https://www.darkreading.com/black-hat/why-bug-bounty-programs-failing-everyone

Experts: California lacked safeguards for gun owner info

Associated Press

Don Thompson

July 1, 2022

https://apnews.com/article/technology-california-gun-politics-violence-government-and-3a7b488f69a0ba949923ceb382c4838a

Security experts break down exactly why you shouldn't share your passwords: 'It's really dangerous'

Yahoo! News

May 10, 2022

https://www.yahoo.com/lifestyle/why-you-shouldnt-share-passwords-yahoo-subscriptions-011927368.html

Musk's plans to make Twitter's algorithms public raises disinformation conundrum

CyberScoop

Tonya Riley

April 26, 2022

https://www.cyberscoop.com/elon-musk-twitter-algorithm-open-source-disinfomation/

Attacking rival, Google says Microsoft’s hold on government security is a problem

NBC News

Kevin Collier

March 31, 2022

https://www.nbcnews.com/tech/security/attacking-rival-google-says-microsofts-hold-government-security-proble-rcna22159

Russia may be primed to hack America’s infrastructure

Yahoo! Finance
Daniel Howley
February 24, 2022

https://finance.yahoo.com/news/russia-may-be-primied-to-hack-americas-infrastructure-182256545.html

Most cyber pros give thumbs down to the EARN IT Act

The Washington Post: Cybersecurity 202

Joseph Marks

February 23, 2022

https://www.washingtonpost.com/politics/2022/02/23/most-cyber-pros-give-thumbs-down-earn-it-act/

Tracking cyber’s role in the Russia-Ukraine conflict

Politico

Sam Sabin

02/14/2022

https://www.politico.com/newsletters/weekly-cybersecurity/2022/02/14/tracking-cybers-role-in-the-russia-ukraine-conflict-00008520

Senators aren't swayed by Apple's security arguments

The Washington Post: Cybersecurity 202

Joseph Marks

February 4, 2022

https://www.washingtonpost.com/politics/2022/02/04/senators-arent-swayed-by-apple-security-arguments/

New DHS Cyber Safety Review Board will investigate major incidents 

CNN

Geneva Sands and Sean Lyngaas

February 3, 2022

https://www.cnn.com/2022/02/03/politics/dhs-cybersecurity-review-board-major-incidents/index.html

Homeland Security establishes the Cyber Safety Review Board to learn the mistakes from past cyber incidents

TechCrunch
Carly Page

February 3, 2022

https://techcrunch.com/2022/02/03/homeland-security-cyber-safety-review-board/

Is Russia or China the biggest cyber threat? Experts are split

The Washington Post: Cybersecurity 202

Joseph Marks

January 20, 2022

https://www.washingtonpost.com/politics/2022/01/20/is-russia-or-china-biggest-cyber-threat-experts-are-split/

Google says open source software should be more secure

The Register

Thomas Claburn

January 14, 2022

https://www.theregister.com/2022/01/14/google_says_open_source_software/

The FTC Wants Companies to Find Log4j Fast. It Won't Be So Easy

Wired

Chris Stokel-Walker

January 10, 2022

https://www.wired.co.uk/article/lo4j-ftc-vulnerability

Agencies get Christmas Eve deadline to address ‘extremely concerning’ vulnerability

Federal News Network

Justin Doubleday
December 15, 2021

https://federalnewsnetwork.com/cybersecurity/2021/12/agencies-get-christmas-eve-deadline-to-address-extremely-concerning-vulnerability/

US government to offer up to $5,000 'bounty' to hackers to identify cyber vulnerabilities

CNN

Geneva Sands
December 14, 2021

https://www.cnn.com/2021/12/14/politics/dhs-bug-bounty-hackers-cyber-vulnerabilities/index.html

A Log4J Vulnerability Has Set the Internet 'On Fire'

Wired Magazine

Lily Hay Newman

December 10, 2021

https://www.wired.com/story/log4j-flaw-hacking-internet/

Vast majority of our Network cyber experts favor mandates to report hacks

The Washington Post: Cybersecurity 202

Joseph Marks

December 6, 2021

https://www.washingtonpost.com/politics/2021/12/06/vast-majority-our-network-cyber-experts-favor-mandates-report-hacks/

The Matrix Is the Best Hacker Movie

Wired Magazine

Andy Greenberg

December 1, 2021

https://www.wired.com/story/matrix-best-hacker-movie/

Q&A: Ciaran Martin

InfoSecurity Magazine

Eleanor Dallaway

November 25, 2021

https://www.infosecurity-magazine.com/interviews/qa-ciaran-martin/

NIST workshop provides clues to upcoming software supply chain security guidelines

CSO Magazine

Cynthia Brumfield

November 23, 2021

https://www.csoonline.com/article/3641888/nist-workshop-provides-clues-to-upcoming-software-supply-chain-security-guidelines.html

Reporter who notified Missouri officials of website flaw did 'nothing out of line,' emails show

StateScoop

Benjamin Freed

October 27, 2021

https://statescoop.com/missouri-parson-reporter-did-nothing-wrong/

 

The U.S. cyber workforce gap is getting bigger

The Washington Post / Cybersecurity 202

Joseph Marks

October 26, 2021

https://www.washingtonpost.com/politics/2021/10/26/us-cyber-workforce-gap-is-getting-bigger/

Announcing the 2021 CyberScoop 50 awards winners

CyberScoop

Staff

October 18, 2021

https://www.cyberscoop.com/announcing-2021-cyberscoop-50-award-winners/

 

Missouri governor accuses newspaper of 'hacking' state website

StateScoop

Benjamin Freed

October 14, 2021

https://statescoop.com/missouri-parson-accuses-newspaper-hacking/

Zero-day hunters seek laws to prevent vendors suing them for helping out and doing their jobs

The Register

Simon Sharwood

October 11, 2021

https://www.theregister.com/2021/10/11/cyan_zero_day_legislative_project/

Apple admits iOS 15 has unpatched iPhone security flaws

BGR

Yoni Heisler
September 28, 2021

https://bgr.com/tech/apple-admits-ios-15-has-unpatched-iphone-security-flaws/

Apple ‘Still Investigating’ Unpatched and Public iPhone Vulnerabilities

VICE

Lorenzo Franceschi-Bicchierai

September 27, 2021

https://www.vice.com/en/article/g5gan4/apple-still-investigating-unpatched-and-public-iphone-vulnerabilities

An American Company Fears Its Windows Hacks Helped India Spy On China And Pakistan

Forbes

Thomas Brewster

September 17, 2021

https://www.forbes.com/sites/thomasbrewster/2021/09/17/exodus-american-tech-helped-india-spy-on-china/?sh=10cc480e7009

It's not just you: Emergency software patches are on the rise

NBC News

Kevin Collier

September 14, 2021

https://www.nbcnews.com/news/amp/rcna2012

 

'Zero-day' hacks, like the one that forced Apple’s emergency update, are on the rise

Yahoo! News

Kevin Collier

September 14, 2021

https://news.yahoo.com/not-just-emergency-software-patches-210914306.html

Apple's bug bounty program is coming under criticism - here's why

MSN

Mayank Sharma

September 10, 2021

https://www.msn.com/en-us/news/technology/apples-bug-bounty-program-is-coming-under-criticism-heres-why/ar-AAOixSp

 

Infosec researchers say Apple’s bug-bounty program needs work

Ars Technica

Jim Salter

September 9, 2021

https://arstechnica.com/information-technology/2021/09/infosec-researchers-say-apples-bug-bounty-program-needs-work/

Apple pays hackers six figures to find bugs in its software. Then it sits on their findings.

The Washington Post

Reed Albergotti

September 9, 2021

https://www.washingtonpost.com/technology/2021/09/09/apple-bug-bounty/

'Drive It Like You Stole It: When Bug Bounties Went Boom, Part Three 

Decipher

Dennis Fisher

September 1, 2021

https://duo.com/decipher/you-got-to-drive-it-like-you-stole-it-when-bug-bounties-went-boom-part-three

Uprising in the Valley: When Bug Bounties Went Boom, Part Two

Decipher

Dennis Fisher

August 31, 2021

https://duo.com/decipher/uprising-in-the-valley-when-bug-bounties-went-boom-part-two

Lawyers, Bugs, and Money: When Bug Bounties Went Boom

Decipher

Dennis Fisher

August 30, 2021

https://duo.com/decipher/lawyers-bugs-and-money-when-bug-bounties-went-boom

As Fortinet spars with Rapid7, what can everyone else learn about disclosure?

SC Media

Joe Uchill

August 18, 2021

https://www.scmagazine.com/analysis/vulnerability-management/as-fortinet-spars-with-rapid7-what-can-everyone-else-learn-about-disclosure

Apple says its CSAM scan code can be verified by researchers. Corellium starts throwing out dollar bills

The Register

Thomas Claburn

August 17, 2021

https://www.theregister.com/2021/08/17/corellium_apple_bounty/

 

Ministry of Defence makes first ever bounty payments to hackers

Sky News

Alexander Martin

August 3, 2021

https://news.sky.com/story/ministry-of-defence-makes-first-ever-bounty-payments-to-hackers-12371510

A Controversial Tool Calls Out Thousands of Hackable Websites

Wired

Andy Greenberg

July 27, 2021

https://wired.me/technology/security/controversial-tool-punkspider-calls-out-hackable-websites/

The Cybersecurity 202: Cyber experts give Biden top marks at six months

The Washington Post

Joseph Marks

July 26, 2021

https://www.washingtonpost.com/politics/2021/07/26/cybersecurity-202-cyber-experts-give-biden-top-marks-six-months/

So nice of China to put all of its network zero-day vulns in one giant database no one will think to break into

The Register

Iain Thomson

July 15, 2021

https://www.theregister.com/2021/07/15/china_vulnerability_law/

Firm hacked to spread ransomware had previous security flaws

Associated Press

Matt O'Brien

July 13, 2021

https://apnews.com/article/europe-business-technology-hacking-db3e5f615629bb225259efaf7fdf378c

AWS launches BugBust contest: Help fix a $100m problem for a $12 tshirt

The Register

Thomas Claburn

June 25, 2021

https://www.theregister.com/2021/06/25/aws_bugbust_contest/

Cybersecurity Companies Join Forces Against Controversial DMCA 

SecurityWeek

Eduard Kovacs

June 24, 2021

https://www.securityweek.com/cybersecurity-companies-join-forces-against-controversial-dmca-section

Katie Moussouris: Coordinated Vulnerability Disclosure and the Problem with Bug Bounty Platforms

TechSpective Podcast Episode 067

Tony Bradley

June 21, 2021

https://securityboulevard.com/2021/06/katie-moussouris-coordinated-vulnerability-disclosure-and-the-problem-with-bug-bounty-platforms/

Cybersecurity 202: The Biden administration aims big on cybersecurity spending

Washington Post

Joseph Marks

June 1, 2021

https://www.washingtonpost.com/politics/2021/06/01/cybersecurity-202-biden-administration-aims-big-cybersecurity-spending/

NTIA Wants Feedback on Software Transparency Plan

NextGov

Mariam Baksh

June 1, 2021

https://www.nextgov.com/cybersecurity/2021/06/ntia-wants-feedback-plan-software-transparency-plan/174429/

House bill would require federal contractors to put in place vulnerability disclosure programs

SC Media

Joe Uchill

June 1, 2021

https://www.scmagazine.com/home/government/bill-would-require-contractors-to-have-vulnerability-disclosure-programs/

Security experts break down exactly why you shouldn't share your passwords: 'It's really dangerous'

Yahoo! News

Korin Miller

May 20, 2021

https://news.yahoo.com/news/why-you-shouldnt-share-passwords-yahoo-subscriptions-011927368.html

How to 'be vigilant' and protect your digital assets from getting hacked

Yahoo Finance

Alexis Keenan

April 29, 2021

https://finance.yahoo.com/news/how-to-protect-your-digital-assets-from-getting-hacked-164012380.html

The Cybersecurity 202: Nearly two-thirds of cybersecurity experts think Biden’s response to Russian hack is sufficient

Washington Post

Tonya Riley

April 26, 2021

https://www.washingtonpost.com/politics/2021/04/26/cybersecurity-202-nearly-two-thirds-cybersecurity-experts-think-biden-response-russian-hack-is-sufficient/

 

In Appreciation: Dan Kaminsky

Dark Reading

Kelly Jackson Higgins

April 26, 2021

https://www.darkreading.com/vulnerabilities---threats/in-appreciation-dan-kaminsky/d/d-id/1340830?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

A Clubhouse Bug Let People Lurk in Rooms Invisibly

Wired

Lily Hay Newman

April 21, 2021

https://www.wired.com/story/clubhouse-bug-lurkers-ghost/

University duo thought it would be cool to sneak bad code into Linux as an experiment. Of course, it absolutely backfired

The Register

Thomas Claburn

April 21, 2021

https://www.theregister.com/2021/04/21/minnesota_linux_kernel_flaws_update/

What to Do After a Data Breach

Consumer Reports

Yael Grauer

April 12, 2021

https://www.consumerreports.org/data-theft/what-to-do-after-a-data-breach/

For US cyber defense, helpful hackers are only half the battle

The Hill

Katie Moussouris Op-ed

March 17, 2021

https://thehill.com/opinion/technology/543464-for-us-cyber-defense-helpful-hackers-are-only-half-the-battle

GitHub removes researcher's Exchange Server exploit, sparking industry debate

CyberScoop

Sean Lyngaas

March 11, 2021

https://www.cyberscoop.com/github-exploit-exchange-server-microsoft/

It’s Open Season for Microsoft Exchange Server Hacks

Wired

Lily Hay Newman

March 10, 2021

https://www.wired.com/story/microsoft-exchange-patch-hacks-ransomware/

Casting a wide intrusion net: Dozens of companies, agencies were burned with a single hack

The Dallas Morning News/Associated Press

Frank Bajak

March 8, 2021

https://www.dallasnews.com/business/2021/03/08/casting-a-wide-intrusion-net-dozens-of-companies-agencies-were-burned-with-a-single-hack/

The Cybersecurity 202: Here's what cybersecurity experts think Biden should prioritize in his first 100 days

The Washington Post

Tonya Riley

February 1, 2021

https://www.washingtonpost.com/politics/2021/02/01/cybersecurity-202-here-what-cybersecurity-experts-think-biden-should-prioritize-his-first-100-days/

Apple warns of "remote attacker" security threat on iPhone and iPad, releases iOS 14.4 update

CBS News

Cassidy McDonald

January 27, 2021

https://www.cbsnews.com/news/apple-update-iphone-security-ios-14-4/

Survey says, women in cyber make 31 percent less than men

SC Magazine

Bradley Barth

January 6, 2021

https://www.scmagazine.com/women-in-it-security/survey-says-women-in-cyber-make-31-percent-less-than-men/

Cyber leaders back Biden’s DHS pick

Politico

Martin Matishak

December 21, 2020

https://www.politico.com/newsletters/weekly-cybersecurity/2020/12/21/cyber-leaders-back-bidens-dhs-pick-792428

The Cybersecurity 202: Trump took the nation in the wrong direction on cybersecurity, experts say

The Washington Post

Joseph Marks

December 15, 2020

https://www.washingtonpost.com/politics/2020/12/15/cybersecurity-202-trump-took-nation-wrong-direction-cybersecurity-experts-say/

HackerOne, Verizon Media weigh pros and cons of making live hacking contests virtual

CyberScoop

Tim Starks

December 14, 2020

https://www.cyberscoop.com/hackerone-verizon-bug-bounties-hacking/

U.S. Supreme Court to Weigh Anti-Hacking Law’s Limits on Access

Bloomberg Law

Andrea Vittorio

November 27, 2020

https://news.bloomberglaw.com/privacy-and-data-security/u-s-supreme-court-to-weigh-anti-hacking-laws-limits-on-access?context=article-related

S3 Ep8: A conversation with Katie Moussouris [Podcast]

Naked Security – Sophos

Paul Ducklin

November 25, 2020

https://nakedsecurity.sophos.com/2020/11/25/s3-ep8-a-conversation-with-katie-moussouris/

Firing of security official draws bipartisan rebuke

Axios

Ina Fried

November 18, 2020

https://www.axios.com/firing-security-official-christopher-krebs-draws-bipartisan-rebuke-18e6953a-ada3-421a-8c50-65b0ebc09ef5.html

Trump Fires Christopher Krebs, Head of CISA

Bank Info Security

Jeremy Kirk

November 17, 2020

https://www.bankinfosecurity.com/trump-fires-christopher-krebs-head-cisa-a-15386

How to Make the Most of Your Budding Cybersecurity Career

Government Technology

Cisco

November 12, 2020

https://www.govtech.com/security/How-to-Make-the-Most-of-Your-Budding-Cybersecurity-Career.html

 

Zoom deceived users about the privacy of their calls, FTC

Mashable

Jack Morse

November 9, 2020

https://mashable.com/article/zoom-settlement-federal-trade-commission-encryption-misled-users/

Apple Fixes iOS Zero Day Flaws Found by Google

Bank Info Security

Jeremy Kirk

November 5, 2020

https://www.bankinfosecurity.com/apple-fixes-ios-zero-day-flaws-found-by-google-a-15317

 

Did a Security Researcher Really Access Trump’s Twitter Account?

PC Mag

Michael Kan

October 22, 2020

https://www.pcmag.com/news/did-a-security-researcher-really-access-trumps-twitter-account

 

Grindr's Bug Bounty Pledge Doesn't Translate to Security

Threatpost

Lindsey O’Donnell

October 6, 2020

https://threatpost.com/grindrs-bug-bounty-pledge-security/159893/

 

It’s No ‘Giggle’: Managing Expectations for Vulnerability Disclosure

Threatpost

Tara Seals

September 11, 2020

https://threatpost.com/giggle-managing-expectations-vulnerability-disclosure/159039/

CISA Issues Final Order on Federal Vulnerability Disclosure, But Questions Remain

Dennis Fisher

Decipher

September 4, 2020

https://duo.com/decipher/cisa-issues-final-order-on-federal-vulnerability-disclosure-but-questions-remain

 

Fb to warn third-party developers of vulnerable code

TechCrunch

Zack Whittaker & Sarah Perez

September 3, 2020

https://techcrunch.com/2020/09/03/facebook-vulnerable-code/

 

Homeland Security demands a 911 for reporting security holes in federal networks: 'Vulns in internet systems cause real-world impacts'

Thomas Claburn

The Register

September 2, 2020

https://www.theregister.com/2020/09/03/us_bug_bounty/

So You Want to Build a Vulnerability Disclosure Program?

Mathew J. Schwartz

InfoRiskToday

August 20, 2020

https://www.inforisktoday.com/so-you-want-to-build-vulnerability-disclosure-program-a-14859

Microsoft forked out $13.7m in bug bounties. The reward program's architect thinks the money could be better spent

The Register

Shaun Nichols

August 4, 2020

https://www.theregister.com/2020/08/04/microsoft_137_bug_bounties/