Image for post
Image for post

Apple, SpaceX and NASA are not allowing their employees to use Zoom when working from home. Should you?

The current Coronavirus pandemic has changed the way we work. Having to follow the norms of social distancing to avoid further spread of the disease, all businesses are asking employees to work from home. This has inadvertently created more dependence on collaborations tools. In the past few weeks, we have seen Zoom gaining huge popularity as the video conferencing tool of choice.

As Zoom gains eyeballs from businesses, it has also come under the radar of hackers.

Beware of Zoom bombers

Cyber security experts are seeing may incidents of Zoom bombing. This term has been coined to describe instances when random people ‘bomb’ or crash a zoom team meeting. Hackers are exploiting security vulnerabilities to enter private video conferencing meetings to troll, cause disruptions, steal confidential company data and even commit corporate espionage. …


Image for post
Image for post

Here’s what you need to know to protect yourself

Cybercriminals are the first to exploit in times of crisis. With the global Coronavirus pandemic fear paralysing the world, malicious people are using this panic for their personal gain.

How they are doing this, you may ask.

First of all, this has given rise to a lot of phishing activities. Cyber criminals are impersonating hospitals and medical health organisations such as World Health Organisation (WHO) to get your personal data. They are sending false links that claim to have information on prevention of COVID-19 or a world map disease tracker or to check if you are infected by the Coronavirus. In order to get this information, such links are asking for personal data such as name, age, health history, address, phone number, etc. …


Image for post
Image for post

Ever heard of bounty hunters? These are people who hunt for criminals who have a bounty placed on their heads by police officials. They track down convicts running from authorities, hand them over to the police and receive a pre-determined award for their effort. Now adapt this scenario to the IT world and you will understand what bug bounty is.

Bug bounty is when businesses give out bounties in the form of compensation to ethical hackers who find bugs, especially vulnerabilities, in their organization’s IT infrastructure. …


Image for post
Image for post

This is NOT a click-baity headline.

With security threats increasing by the minute and newer ways of stealing data and money emerging, ethical hacking is getting its due and turning into a lucrative profession. More and more businesses — small and big — are turning to ethical hackers to ensure robust security.

This has given rise to bug bounties wherein companies are paying bounties to hackers who can find shortcomings in their systems and enable businesses to fix security flaws before they are compromised by cybercriminals.

Ethical hacking pays well, is legal and is burgeoning profession. In 2017, a staggering US$11.7 million dollars were paid in bug bounties by businesses across the world. If this number astonishes you, read this. Hackers in 150 countries earned US$62 million in 2019! …


Image for post
Image for post
Security expert and ethical hacker Ahmad Ashraff in conversation with TheBugBounty talks about the need for small businesses to actively undertake ethical hacking to ensure security in a cost effective manner, his achievements as a bug bounty hunter and advice for ethical hacking newbies, among other things.

Please tell us a little bit about yourself and how you entered the bug bounty field.

People know me as @Yappare on Twitter and other social media. I have been an ethical hacker since 2010. I stumbled into bug bounty in 2013. I don’t come from an IT background. I was a chemical engineering student. However, I learned about hacking during my time at University.

It all started in college back in 2008. There was a group of senior students that were keen on ethical hacking. I learned about what it is from them. I would keep asking them questions, but they would dismiss me asking me to Google it and learn by myself. However, I was very persistent. Finally, one of the guys sat down with me one night and taught me how to crack a password. This is what developed my interest in ethical hacking as it felt like solving a puzzle. …


Image for post
Image for post
Security Engineer Anirudh Anand who has successfully reported bugs for Google, Microsoft and Gitlab talks about his passion for cyber security and benefits of bug bounties for organizations and researchers

Can you please tell me a little bit about yourself and your background?

Currently, I am working with Fintech firm CRED. It was founded by Kunal Shah, who was also the Founder of Freecharge. I am a Senior Security Engineer at CRED where I am responsible for protecting its applications and infrastructure. Before joining CRED, I worked with Flipkart for two years in a similar role.

I did my Bachelor’s in Computer Science from Amrita Vishwa Vidyapeetham, Kollam, Kerala University.

How did you start ethical hacking?

My journey in ethical hacking began when I was in college. My college has an MTech programme that focuses on cyber security that ignited my passion for this vocation. Additionally, we had an amazing Professor, Mr Vipin Pavithran, who encouraged me to learn more in security and made me part of the Capture The Flag (CTF) team of the college. …


Image for post
Image for post

Establishing Zero Trust for robust security

Modern security challenges demand evolving security solutions. Security experts say Zero Trust is the best weapon an organization can possess to stop data breaches. With alarming, sophisticated threats such as phishing, Deep Fakes, ransomware, malware, cloud breaches, etc., implementing Zero Trust has become the need of the hour. The good news is that CIOs and CISOs have understood this and are increasingly turning to Zero Trust to counter mounting attacks. Before we get into discussing what Zero Trust is, let’s look at the threat we are currently facing.

As per a Cybersecurity Ventures report, cybercriminal activity is one of the biggest challenges that humanity will face in the next two decades. Cybercrime is projected to cause damage of over US$6 trillion annually by 2021, up from US$3 trillion in 2015¹. With attacks costing millions of dollars, no business can afford to fall prey with a successful cyberattack costing an average of US$5 million, according to Ponemon¹. What is further discerning is that such attacks can go unnoticed for up to six months, causing irreversible damage in the duration¹. …


Image for post
Image for post

Deepfakes can make people believe something is true when it is not. It can propagate fake news, help commit fraud and steal millions of dollars. What is scarier is that anyone with a computer and internet can produce deepfakes with tools readily available on the dark web.

So what are Deepfakes?

Deepfakes are manipulated videos and audios. With the use of Deep Learning, malicious minds are able to create fake visuals and sounds to deceive people. They can very convincingly put someone else’s words in another person’s mouth.

Imagine this scenario…a voice message of a CEO of a company is sent to the CFO asking for confidential data or to transfer large sums of money. The CFO who recognizes the CEO’s voice considers it to be the real thing, and goes ahead and unwittingly follows the instructions, causing the company to lose reputation, large sums of money, and more. …


Image for post
Image for post

The idea of a business being ‘totally secured’ is a myth. While organisations constantly work towards securing their sensitive data, cyber criminals work equally hard to find vulnerabilities to exploit.

Disruptive technologies such as AI and ML have changed the game in the business world, but what will happen when the same are used by malicious minds to steal data? From sophisticated phishing attacks to scary deepfakes, here are four security threats that will be the cause of CISOs losing sleep in 2020.

Phishing

Cyber criminals are becoming smarter and phishing attacks will become even more sophisticated in 2020. The number one mark of phishing attacks will be small businesses. Phishing — constituting 32% — is the number one reason for data breaches in companies, almost half of which is targeted at small businesses, according to a Verizon report. …


Image for post
Image for post

Imagine a scenario where the best security researchers in the world are constantly looking after your organization’s cybersecurity. They are checking for its robustness, any leaks or loopholes, and finding relevant, new-age solutions to fix the situation. And all this, without it costing you a lot of money!

Sounds ideal, doesn’t it?

How is that possible, you may ask.

The Bug Bounty, a disruptive new startup based in Malaysia, is making it possible. It is using the power of the crowd to source the ultimate security defense by leveraging a SaaS model.

How does The Bug Bounty work?

Businesses that want to counter ever-increasing security attacks register on The Bug Bounty platform. They sign up asking security researchers from across the globe to take a look at their online presence. They essentially ask ethical hackers to take a go at their cybersecurity to check for vulnerabilities of an attack. …

TheBugBounty

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store