![]() It’s the pentesting it’s how it’s done,” said Ellis, who worked as a pentester himself at one juncture in his career. “It’s one of those things where pentesters aren’t the problem. An ecosystem of third-party providers has developed over the years to provide this service in the cybersecurity world, and Bugcrowd saw an opportunity to leverage its white-hat hacker community to disrupt the existing pentesting model. Pentesting is an authorized simulated attack on a computer system designed to evaluate its security. (* Disclosure below.) Disrupting the model He was joined by Casey Ellis (right), founder, chairman and chief technology officer of Bugcrowd, and they discussed the firm’s latest announcements and its strategy for leveraging talent in the global security community. Gerry spoke with theCUBE industry analyst John Furrier at the RSA Conference, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. ![]() ![]() From there, results are shared real time back into the platform, versus waiting just for a report to be released at the end of the test.” “We can immediately deploy a test in a matter of hours versus weeks or months in the previous models. “When customers come on and they join with us, we match them with the right pentester based on the skillset of the tester and based on the customer’s environment,” said Dave Gerry (left), chief executive officer of Bugcrowd. The solution enables customers to purchase, set up and manage a pentest directly online without a lengthy sales process. Last week, the multi-solution, crowdsourced cybersecurity platform announced new capabilities in its Penetration Testing as a Service, or PTaaS. has grown from a “napkin moment” sketched out by the founder on an airplane flight 11 years ago to now include an expanding ecosystem of bug bounty programs and, most recently, penetration testing as a service. Ensuring your device is up to date is a great way to keep it safe.Bugcrowd Inc. ![]() These exploits also serve as a helpful reminder that, despite the company’s reputation for strong security, no Apple product is invulnerable to attack. That means you should download the fixes - contained in macOS 13.2 and iOS 16.3 and later versions - as soon as you can. Trellix passed on the details of the exploits it discovered to Apple, and they were patched earlier this year. Some bugs could even be used to wipe your device in its entirety. In fact, Trellix claims it has found an entire class of bugs that can be exploited this way, granting hackers access to a user’s calendar, address book, photos, camera, microphone, and more. Trellix’s work, however, has shown that Apple’s patches can be easily bypassed, rendering them useless. This exploit was dubbed FORCEDENTRY, and Apple patched it shortly after its discovery in late 2021. Combined, those measures help macOS and iOS become highly secure - but apparently not secure enough. piranka/Getty ImagesĪpple protects its systems by requiring apps to be signed by approved developers, by sandboxing apps to prevent them from accessing areas they should not, and by almost entirely removing the ability to dynamically run arbitrary code. Trellix explains that Apple patched the exploits in macOS 13.2 and iOS 16.3, which were released in January 2023, so you should update your devices as soon as you can. The discoveries were published on the blog of security research firm Trellix, and will be of major concern to iOS and macOS users alike, since the vulnerabilities can be exploited on both operating systems. One security team recently proved that by showing how hackers could exploit Apple’s systems to access your messages, location data, and photos - and even wipe your device entirely. Apple’s macOS and iOS are often considered to be more secure than their rivals, but that doesn’t make them invulnerable.
0 Comments
Leave a Reply. |