news
Hackers earn thousands from the most
common security vulnerabilities
ackerOne has released
never before seen research
on the top 10 most
impactful security vulnerabilities
reported through its programs –
those that have earned hackers on
the platform more than US$54 million
in bounties. 4.
5.
6.
7.
8.
Based on data from more than
120,000 security vulnerabilities
reported across more than 1,400
customer programs globally,
HackerOne has launched an
interactive site showing vulnerability
types with the highest severity
scores, the largest total report
volumes and the most reported
by industry. HackerOne’s Top 10
security vulnerabilities are: Miju Han, Director of Product
Management at HackerOne, said: “We
see a 40% crossover of the HackerOne
top 10 to the latest version of the
OWASP top 10. Cross-site scripting
(XSS), information disclosure and
Injection are all included on both lists.
Both assets will be able to help security
teams identify the top risks, ours also
takes into account volume and bounty
values, which we think will be of particular
interest to security teams looking to
protect against criminal hackers.”
H
1. Cross-site scripting – all types
(dom, reflected, stored, generic)
2. Improper authentication – generic
3. Information disclosure
Privilege escalation
SQL injection
Code injection
Server-side request forgery (SSRF)
Insecure direct object
reference (IDOR)
9. Improper access control – generic
10. Cross-site request forgery (CSRF)
Visit hackerone.com/resources/top-10-
vulnerabilities for more information.
HELP AG ANNOUNCES PARTNERSHIP WITH VECTRA
elp AG has announced a
partnership with Vectra, a
leader in AI-powered network
detection and response (NDR) in a
move that strengthens its capabilities in
leveraging AI and ML for cybersecurity.
H
The agreement enables the
security services and solutions
provider to offer Middle East
enterprises Vectra’s Cognito AI
powered NDR platform, enabling them
to detect, investigate and respond to
cyberattacks in real time.
The Cognito platform provides pan-
enterprise visibility, regardless of IT
architecture choices and augments
human expertise and capacity to
address modern cybersecurity
challenges by applying AI to provide
rich context and coordinate incident
www.intelligentciso.com
|
Issue 15
response with existing security
systems, reducing the security
operations workload by up to 36X.
Over the last year, Help AG has
worked closely with industry-leading
security vendors in a concerted
effort to deliver the most effective
applications of AI in cybersecurity.
Stephan Berner, CEO at Help AG,
said: “We’re looking beyond the AI
buzz and embracing it as a tool that
when applied correctly can drastically
enhance cybercapabilities.
“Because it can process massive
volumes of data and automate and
fine-tune analytics, AI and ML is
ideally suited to identifying threats and
attacker behaviours, which is where
Vectra excels.”
Stephan Berner, CEO at Help AG
7