SecuriTeam Secure Disclosure Newsletter 7

Hi Everyone,

Hope you are all having a pleasant summer vacation (or for some of our researchers - a winter vacation.)

We recently had a few researchers attending:

  • HiTB (Amsterdam)
  • Wahckon (Australia)
  • Shakacon (Hawaii)

We got great feedback from those events, I had a chance to personally meet communicate with some of those that visited the shows directly, while others took the time to not just go to the conference but also visit the location where they were. I hope all the researchers we sent to those locations had a great time (especially the ones sent to Hawaii). I know I did.

As a reminder, the researchers that wanted to go to those conference only needed to send me an email to be offered a free entry ticket as well as flight fare of up to 1,000$ USD.

We are currently sponsoring these events:

  • PoC (South Korea)
  • EkoParty (Argentina)

We are currently looking into sponsoring these events:

  • CodeBlue (Japan)
  • AVTokyo (Japan)
  • GsickMinds (Spain)

If any of you is looking to participate in any of these three events, let me know as it would be a good incentive for us to sponsor that event. Also, if you are aware of a local event that you plan on going, send me an email and I'll see if we can get you an entry ticket.

We're proud to have Matteo invited to DefCon to present his research (partially sponsored by SSD). Congratulations Matteo - it is always a pleasure to work with talented researchers.

We are expanding our security vulnerabilities focus to new and different products, so we will be still buying vulnerabilities in a wide range, but also expanding to these new types of solutions which should allow new researchers to join our program.

We are increasing our "friend bring friend" bounty from $1,000 to $2,000. If you know of anyone that does security research, ask him or her to join our vulnerability disclosure program and we will give you 2,000$ USD. This has become effective from the 15th of July.

Our current interest and focus for non-web applications:

  • Privilege Escalations (for Andorid, Linux, iOS, and Windows)
  • Browser vulnerabilities (Chrome, Firefox, Safari, Internet Explorer Edge-Spartan)
  • Network devices (Routers, Switches, and Cloud Services)
  • Browser-oriented rendering solutions (Flash, Silverlight, Java, ...)

With for web applications the focus area vary. Here are some examples:

  • Webmails (OWA, Roundcube, vBulletin, SquirrelMail, Zimbra, Horde, ...)
  • Management Panels (cPanel, Plesk, ...)
  • Popular CMS Systems (WordPress, Joomla, Drupal, ...)
  • Network monitoring services (Nagios, BB - BigBrother, ...)

Looking forward to hear from you about things we can do better - like sponsoring speakers' travel expense as well as wild ideas - like providing you access to expensive security research software, etc.

BTW: We have published many of our previously unpublished advisories (as we were waiting for vendors to publish their advisories) on our Blog site, which is available at:

https://blogs.securiteam.com/index.php/archives/category/securiteam-secure-disclosure

Thanks,
Noam Rathaus
Beyond Security

Past newsletters:
SSD program home page


Print Friendly and PDF