Articles about Bug

Financial services companies on the Bugcrowd platform experienced a 185 percent increase in the last 12 months for Priority One (P1) submissions, which relate to the most critical vulnerabilities.

According to activity recorded on the Bugcrowd Security Knowledge Platform, high-level trends include an increase in ransomware and the reimagining of supply chains, leading to more complex attack surfaces during the pandemic.

Continue reading →

As recent high-profile attacks have shown, bad actors are increasingly going after software supply chains to exploit vulnerabilities in commercial and open source code.

Developer tool specialist Sonatype is launching a new deep code analysis platform called Lift that installs easily on any source repository and provides developer-friendly feedback on a wide range of bug types.

Continue reading →

If you’ve found your system running unexpectedly short of storage space over the past couple of days, then Windows Defender could be to blame.

Some users report that the bug has led to hundreds of thousands and even millions of files being generated by the security software, taking up gigabytes of storage space.

Continue reading →

New research from code improvement platform Rollbar finds that fixing software bugs and errors is the top pain point for 44 percent of developers.

This is not helped by inadequate tools, with a large majority (88 percent) feeling that traditional error monitoring falls short of their expectations.

Continue reading →

A bug has been discovered in the Image Capture app that's part of macOS. The app is used to import photos and videos from other devices.

The bug kicks in when importing images from an iPhone or iPad, and it can result in a hard drive being filled up with empty data.

Continue reading →

The vulnerability-finding Project Zero has found Google on the end of both criticism and praise, but there has long been concern about the policy of being very quick to reveal details of vulnerabilities that have been discovered.

Previously Project Zero has given software developers a 90-day window of opportunity to fix bugs before it goes public. Details of vulnerabilities would also be published as soon as a fix was released. For 2020, Google is trying something new. The company will wait a full 90 days before disclosing a vulnerability, regardless of when the bug is fixed.

Continue reading →

Users of the Mac and Windows versions of Firefox are being targeted by malicious sites that display a fake warning message and then completely lock up the browser.

Hackers are taking advantage of a bug in Mozilla's web browser to tamper with the software and render it unusable without the need for user interaction. At the moment there is no fix, and the problem is wreaking havoc and causing distress.

Continue reading →

According to a recent Gartner report a third of successful attacks on enterprises will come via shadow It by 2020.

It's therefore more important than ever for organizations to understand the risks and properly assess the attack surface they present. Bugcrowd is launching a new Attack Surface Management (ASM) tool to allow them to do this.

Continue reading →

Facebook's plans to venture into the world of cryptocurrencies has proved highly controversial, but the social media giant is plowing on regardless. The company and the partners it is working with on Libra have launched a public bug bounty program, offering pay-outs of up to $10,000 per bug.

Announced by the Libra Association, the aim of the Libra Bug Bounty Program is to "strengthen the security of the blockchain". The association wants to track down " security and privacy issues and vulnerabilities".

Continue reading →

With a new beta of the Chromium-based version of Edge now available, Microsoft has unveiled details of a new bug bounty program for the browser.

Through the Microsoft Edge Insider Bounty it is possible to earn a maximum payout of $30,000 for discovering vulnerabilities in the Dev and Beta builds of Edge. Microsoft says that it intends to complement the Chrome Vulnerability Reward Program, meaning that any report that affects the latest version of Microsoft Edge but not Chrome will be eligible.

Continue reading →

There has been a degree of confusion over the last few days after news spread of a supposed vulnerability in the media player VLC. Despite being labelled by security experts as "critical", VLC's developers, VideoLAN, denied there was a problem at all.

And they were right. While there is a vulnerability, it was in a third-party library, not VLC itself. On top of this, it is nowhere near as severe as first suggested. Oh -- and it was fixed over a year ago. An older version of Ubuntu Linux was to blame for the confusion.

Continue reading →

Reports have emerged of a security bug in the Windows and Linux versions of VLC, making it vulnerable to remote-code execution via malicious videos. But although German and American security experts have branded the flaw as "critical", VLC-maker VideoLAN is downplaying things.

In fact, more than downplaying the vulnerability, VideoLAN is flat-out denying that it exists, with the software developer dismissing it as "fake news". [UPDATE: the vulnerability has now been pretty much debunked]

Continue reading →

It's usually the speed of a computer when using it that is of interest, but it's also important to factor in startup and shutdown times. Microsoft just confirmed a new bug in Windows 10 -- specifically Windows 10 October 2018 Update (1809) -- that could dramatically slow down shutdown and sleep times in some circumstances.

The problem relates to USB Type-C devices, and while it has been fixed in Windows 10 version 1903, anyone using version 1809 remains affected and needs to be aware of the issue.

Continue reading →

Bug bounty programs are a popular way for tech companies to track down problems with their products without having to spend large sums of money on dedicated research teams. Microsoft is one of the big names with such a program, and it has just announced that it is increasing the payouts it makes.

As well as offering people more money for finding issues with its products, Microsoft also says that it will pay people faster.

Continue reading →

If you're a user of WinRAR -- a staple tool for decompressing files whose popularity stems from not only its support for RAR files, but also its never-ending trial period -- it's time to ensure you have the latest security patch installed.

Security experts from Check Point Research have revealed details of a serious bug that has been present in the software for at least 14 years. The archiving tool was found to have a vulnerability in one of its .dll files, which could be exploited by simply opening a compressed file, and allows an attacker to "gain full control over a victim's computer".

Continue reading →