There are 30 vulnerabilities listed in total; organizations would do well to patch their systems if they haven’t done so yet

The post Leading cybersecurity agencies reveal list of most exploited vulnerabilities of the past 2 years appeared first on WeLiveSecurity

Now that organizations are set to evolve a hybrid blend of home and office-based work for most employees, it is more important then ever to address the risks that insider threat can – willingly or unwitingly – pose.

The post Tackling the insider threat to the new hybrid workplace appeared first on WeLiveSecurity

Twitter’s transparency report revealed that users aren’t quick to adopt 2FA and once they do enable it, they choose the least secure option

The post Most Twitter users haven’t enabled 2FA yet, report reveals appeared first on WeLiveSecurity

With vacations in full swing, cybercriminals will be looking to scam vacationers looking for that perfect accommodation.

The post Booking your next holiday? Watch out for these Airbnb scams appeared first on WeLiveSecurity

The vulnerability is under active exploitation by unknown attackers and affects a wide range of Apple’s products.

The post Apple releases patch for zero‑day flaw in iOS, iPadOS and macOS appeared first on WeLiveSecurity

A little over 10 years ago, we launched our Vulnerability Rewards Program (VRP). Our goal was to establish a channel for security researchers to report bugs to Google and offer an efficient way for us to thank them for helping make Google, our users, and the Internet a safer place. To recap our progress on these goals, here is a snapshot of what VRP has accomplished with the community over the past 10 years:

  • Total bugs rewarded: 11,055
  • Number of rewarded researchers: 2,022
  • Representing 84 different countries
  • Total rewards: $29,357,516

To celebrate our anniversary and ensure the next 10 years are just as (or even more) successful and collaborative, we are excited to announce the launch of our new platform, bughunters.google.com.

This new site brings all of our VRPs (Google, Android, Abuse, Chrome and Play) closer together and provides a single intake form that makes it easier for bug hunters to submit issues. Other improvements you will notice include:

  • More opportunities for interaction and a bit of healthy competition through gamification, per-country leaderboards, awards/badges for certain bugs and more!
  • A more functional and aesthetically pleasing leaderboard. We know a lot of you are using your achievements in the VRP to find jobs (we’re hiring!) and we hope this acts as a useful resource.
  • A stronger emphasis on learning: Bug hunters can improve their skills through the content available in our new Bug Hunter University
  • Streamlined publication process: we know the value that knowledge sharing brings to our community. That’s why we want to make it easier for you to publish your bug reports.
  • Swag will now be supported for special occasions (we heard you loud and clear!)

We also want to take a moment to shine a light on some aspects of the VRP that are not yet well-known, such as:

When we launched our very first VRP, we had no idea how many valid vulnerabilities – if any – would be submitted on the first day. Everyone on the team put in their estimate, with predictions ranging from zero to 20. In the end, we actually received more than 25 reports, taking all of us by surprise.

Since its inception, the VRP program has not only grown significantly in terms of report volume, but the team of security engineers behind it has also expanded – including almost 20 bug hunters who reported vulnerabilities to us and ended up joining the Google VRP team.

That is why we are thrilled to bring you this new platform, continue to grow our community of bug hunters and support the skill development of up-and-coming vulnerability researchers.

Thanks again to the entire Google bug hunter community for making our vulnerability rewards program successful. As you continue to play around with the new site and reporting system, tell us about it – we would love to hear your feedback. Until next time, keep on finding those bugs!


A little over 10 years ago, we launched our Vulnerability Rewards Program (VRP). Our goal was to establish a channel for security researchers to report bugs to Google and offer an efficient way for us to thank them for helping make Google, our users, and the Internet a safer place. To recap our progress on these goals, here is a snapshot of what VRP has accomplished with the community over the past 10 years:

  • Total bugs rewarded: 11,055
  • Number of rewarded researchers: 2,022
  • Representing 84 different countries
  • Total rewards: $29,357,516

To celebrate our anniversary and ensure the next 10 years are just as (or even more) successful and collaborative, we are excited to announce the launch of our new platform, bughunters.google.com.

This new site brings all of our VRPs (Google, Android, Abuse, Chrome and Play) closer together and provides a single intake form that makes it easier for bug hunters to submit issues. Other improvements you will notice include:

  • More opportunities for interaction and a bit of healthy competition through gamification, per-country leaderboards, awards/badges for certain bugs and more!
  • A more functional and aesthetically pleasing leaderboard. We know a lot of you are using your achievements in the VRP to find jobs (we’re hiring!) and we hope this acts as a useful resource.
  • A stronger emphasis on learning: Bug hunters can improve their skills through the content available in our new Bug Hunter University
  • Streamlined publication process: we know the value that knowledge sharing brings to our community. That’s why we want to make it easier for you to publish your bug reports.
  • Swag will now be supported for special occasions (we heard you loud and clear!)

We also want to take a moment to shine a light on some aspects of the VRP that are not yet well-known, such as:

When we launched our very first VRP, we had no idea how many valid vulnerabilities – if any – would be submitted on the first day. Everyone on the team put in their estimate, with predictions ranging from zero to 20. In the end, we actually received more than 25 reports, taking all of us by surprise.

Since its inception, the VRP program has not only grown significantly in terms of report volume, but the team of security engineers behind it has also expanded – including almost 20 bug hunters who reported vulnerabilities to us and ended up joining the Google VRP team.

That is why we are thrilled to bring you this new platform, continue to grow our community of bug hunters and support the skill development of up-and-coming vulnerability researchers.

Thanks again to the entire Google bug hunter community for making our vulnerability rewards program successful. As you continue to play around with the new site and reporting system, tell us about it – we would love to hear your feedback. Until next time, keep on finding those bugs!


URL shortener services distributing Android malware – Week in security with Tony Anscombe

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

The Zero Trust architecture offers an increasingly popular way to minimize cyber-risk in a world of hybrid cloud, flexible working and persistent threat actors.

The post Protecting the hybrid workplace through Zero Trust security appeared first on WeLiveSecurity

To mitigate the chances of their Wi-Fi home routers being compromised, users would do well to change the manufacturer’s default access credentials

The post Popular Wi‑Fi routers still using default passwords making them susceptible to attacks appeared first on WeLiveSecurity