Thursday, July 7, 2016
Posted by Editorial_Staff_Team
Reader's rate:
4.166665
BMW Core Web Portal & ConnectedDrive vulnerable Today we will talk about  two vulnerabilities that was discovered by Vulnerability Laboratory core team member "Benjamin Kunz Mejri", the vulnerabilities which are not patched yet! There are two main bugs both related to... + continue reading
Tuesday, July 5, 2016
Posted by Editorial_Staff_Team
Reader's rate:
5
Manchester City - Football Club hosts first Hackathon in July 2016 The city of football club ManchesterCity had organized a new event #HackMCFC, which will provide participants with access to the world  leading performances including  match data associated with  players to... + continue reading
Wednesday, June 15, 2016
Posted by Editorial_Staff_Team
Reader's rate:
2.833335
Hack the Pentagon - More then 120 valid Vulnerabilities uncovered Today the washington-post published the first article after the "Hack the Pentagon" Program was finished. Over 121 security vulnerabilities was discovered and verified during the bug bounty contest. One unnamed member... + continue reading
Thursday, May 26, 2016
Posted by Editorial_Staff_Team
Reader's rate:
3.5
Hacking the Bugcrowd - Evading the Filter Validation of Bugcrowd Today we would like to talk about a vulnerability that was located in the main bugcrowd web-application. Normally we do hack in regular and public bug bounty programs, but in case of the issue we exploited the manufacturers... + continue reading
Monday, April 25, 2016
Posted by Editorial_Staff_Team
Reader's rate:
2.75
MIT Security - Alpha Phase of Bug Bounty Program in April 2016 In april 2016 the well known MIT EDU started a new official bug bounty program. The MIT Bug Bounty program is an experimental program aiming to improve MIT's online security and foster a community for students to research and... + continue reading

Featured Cooperative Security Articles

Thursday, 07/07/16 - 4 comment(s)
BMW Core Web Portal & ConnectedDrive vulnerable Today we will talk about  two vulnerabilities that was discovered by Vulnerability Laboratory core team member "Benjamin Kunz Mejri", the vulnerabilities which are not patched yet! There are two main bugs both related to the BMW online service and web app for... + continue reading
Tuesday, 05/07/16 - 0 comment(s)
Manchester City - Football Club hosts first Hackathon in July 2016 The city of football club ManchesterCity had organized a new event #HackMCFC, which will provide participants with access to the world  leading performances including  match data associated with  players to help them to uncover detailed sight , students who... + continue reading

BUG BOUNTY ISSUES

Thursday, 26/05/16 - 1 comment(s)
Hacking the Bugcrowd - Evading the Filter Validation of Bugcrowd Today we would like to talk about a vulnerability that was located in the main bugcrowd web-application. Normally we do hack in... + continue reading

0DAY SECURITY VIDEOS

Tuesday, 25/08/15 - 0 comment(s)
PayPal Inc patched medium severity Cross Site Request Forgery Issue The independent and individual vulnerability laboratory researcher paresh parmar discovered during the participate in the... + continue reading

IT-SECURITY EVENTS

Tuesday, 05/07/16 - 0 comment(s)
Manchester City - Football Club hosts first Hackathon in July 2016 The city of football club ManchesterCity had organized a new event #HackMCFC, which will provide participants with access to... + continue reading
Thu
07
Jul
Editorial_Staff_Team's picture

BMW Core Web Portal & ConnectedDrive - Exploitation of Car Configurations

BMW Core Web Portal & ConnectedDrive vulnerable

Today we will talk about  two vulnerabilities that was discovered by Vulnerability Laboratory core team member "Benjamin Kunz Mejri", the vulnerabilities which are not patched yet! There are two main bugs both related to the BMW online service and web app for ConnectedDrive .

Tue
05
Jul
Editorial_Staff_Team's picture

Manchester City - Football Club hosts first Hackathon in July 2016

Manchester City - Football Club hosts first Hackathon in July 2016

The city of football club ManchesterCity had organized a new event #HackMCFC, which will provide participants with access to the world  leading performances including  match data associated with  players to help them to uncover detailed sight , students who are interested  in fields like (tech,  data , Digital Product Design ) are invited to participates in this event for a weekend of hacking. The Event is supported by  Premier League, OptaPro and ChyronHego,  which will take place from 29 - 31 July at the City Football Academy. Participants will be able to access rarely released data sets provided by OptaPro and ChyronHego to help them catalyst new ideas and insights about player and team performance.
 
Wed
15
Jun
Editorial_Staff_Team's picture

Hack the Pentagon - More then 120 valid Security Vulnerabilities uncovered

Hack the Pentagon - More then 120 valid Vulnerabilities uncovered

Today the washington-post published the first article after the "Hack the Pentagon" Program was finished. Over 121 security vulnerabilities was discovered and verified during the bug bounty contest. One unnamed member of the vulnerability laboratory was successful accepted to participate in the program. The core team researcher discovered about 21 security vulnerabilities at the startup of the government bug bounty program.

The Defense Secretary "Ashton Carter" confirmed “Hack the Pentagon program launched in March exceeded the military’s expectations by uncovering dozens of previously unnoticed security issues affecting the Department of Defense’s public, non-classified computer systems.” at the public tech forum conference in Washington, D.C.

Thu
26
May
Editorial_Staff_Team's picture

Hacking the Bugcrowd - Core Researcher scores in Main Program Site

Hacking the Bugcrowd - Evading the Filter Validation of Bugcrowd

Today we would like to talk about a vulnerability that was located in the main bugcrowd web-application. Normally we do hack in regular and public bug bounty programs, but in case of the issue we exploited the manufacturers official program site web-application to score.

Mon
25
Apr
Editorial_Staff_Team's picture

MIT Security - Alpha Phase of Bug Bounty Program in April 2016

MIT Security - Alpha Phase of Bug Bounty Program in April 2016

In april 2016 the well known MIT EDU started a new official bug bounty program. The MIT Bug Bounty program is an experimental program aiming to improve MIT's online security and foster a community for students to research and test the limits of cyber security in a responsible fashion.

In- Scope Domains

In-Scope Vulnerabilities

Wed
20
Apr
Editorial_Staff_Team's picture

Bug Bounty Program Award Winners 2015 - Exclusive Interview by United Airlines & Facebook

Announcement of the Bug Bounty Program Award Winners 2015 - Exclusive Interviews with United Airlines & Facebook

We worked hard to represent the winners of 2015 after the nicely solved first award ceremonie in 2014. This year we exclusivly release the winners of the international "Bug Bounty Awards". The award is nominated twice for the "Best Upcoming Bug Bounty Program" and the "Best Bug Bounty Program" of the year.

The winners of the award are nominated via email vote by 100 vulnerability laboratory researchers and 101 independent or individual security researchers. The voting results will be multiplied to finally discover the winners. Be welcome to visit the new awards module in the vulnerability laboratory infrastructure with archive.

Mon
18
Apr
Editorial_Staff_Team's picture

Cyberoam Central Console v02.03.1 - Persistent Web Vulnerabilities

Cyberoam Central Console v02.03.1 - Persistent Web Vulnerabilities

Today we disclosed a new issue in the cyberoam central console appliance web-application. This issue is application-side and was discovered to the cyberoam developer team about 2 month ago. The issue was reported by "Lawrence Amer" a core team researcher of the vulnerability laboratory.

Tue
05
Apr
Editorial_Staff_Team's picture

iPhone 6S & Plus with 3D Touch vulnerable to new Passcode Bypass Vulnerability

iPhone 6S & Plus with 3D Touch (iOS 9.3.1) vulnerable to new Passcode Bypass Vulnerability

Yesterday night around 23:00 o clock a new zeroday vulnerability in the new Apple iOS v9.3.1 with iPhone 6S or Plus models was disclosed to the public. 2016-03-18 the vulnerbaility lab team notified apple with a mailing, that we already detected a new method that evades the controls of the passcode protection mechanism.

Fri
01
Apr
Editorial_Staff_Team's picture

Hack the Pentagon Bug Bounty Program - Registration Activated 18th April since 16th May

DoD Bug Bounty - Registration Activated 18th April - 16th May 2016

Today at night the new bug bounty page of the Department of Defense became online. About some weeks ago the Department of Defense announced to startup a bug bounty program for individuals and us citizens in apil 2016. In the new information letter the DoD announced how to participate in the official bug bounty program.

Wed
30
Mar
Editorial_Staff_Team's picture

PayPal Inc Bug Bounty Program 2016 - New Vulnerability Uncovered by German Researcher

Researcher exploits Profile Service Mails via Filter Bypass Issue

The leading core research team of the vulnerability laboratory discovered today in the morning a new vulnerability in the paypal inc online service core web-application and api. The issue was uncovered by Benjamin Kunz Mejri during the participation in the official bug bounty program of paypal. After the paypal inc security department received the first analysis report of the issue, a fix was prepared immediately to protect the infrastructure and customers against active exploitation.

Technical Details

Pages

Subscribe to VULNERABILITY MAGAZINE - Bug Bounties, Acknoweldgements & Security Research RSS