CyberSecurityBoard
Sponsor Register Login

Netflix Paid Out Over $1 Million via Bug Bounty Program

Netflix has paid out more than $1 million for vulnerabilities found in its systems and products since the launch of its bug bounty program in 2016.
The streaming giant said on Tuesday that more than 5,600 researchers have contributed to its program and submitted nearly 8,000 unique vulnerability reports.
Rewards were paid out for 845 vulnerabilities, more than a quarter of which were rated 'critical severity' or 'high severity'.
When it launched its public bug bounty program in 2018, Netflix used Bugcrowd to host and manage the initiative.
The company now announced that its program has been moved to the HackerOne platform.
With this move, Netflix is promising enhanced triage, increased bounty ranges, an expanded scope, exclusive private programs, and researcher feedback loops.
Content authorization issues, which include subverting content authorization and obtaining private keys, can earn researchers between $300 and $5,000.
Critical vulnerabilities impacting Netflix.com can earn bug bounty hunters up to $20,000, while flaws related to corporate assets can earn researchers up to $10,000.
The mobile applications are also covered by the bug bounty program.
A researcher recently demonstrated that vulnerabilities in Microsoft's PlayReady content access and protection technology can be exploited to illegally download movies from popular streaming services, including from Netflix.
The streaming service did not respond to SecurityWeek's request for comment when the research came to light.
It's unclear whether the PlayReady attack would qualify for Netflix's bug bounty program, but the researcher who discovered the PlayReady vulnerabilities, Adam Gowdiak of Poland-based AG Security Research, suggested that - given its widespread impact and the effort put into it - his research is worth much more than what Microsoft and the other impacted companies are willing to offer through their bug bounty programs.


This Cyber News was published on packetstormsecurity.com. Publication date: Wed, 29 May 2024 14:43:06 +0000


Cyber News related to Netflix Paid Out Over $1 Million via Bug Bounty Program

Netflix Paid Out Over $1 Million via Bug Bounty Program - Netflix has paid out more than $1 million for vulnerabilities found in its systems and products since the launch of its bug bounty program in 2016. The streaming giant said on Tuesday that more than 5,600 researchers have contributed to its program ...
5 months ago Packetstormsecurity.com
Netflix Fails to Crack Down on Password Sharing Restrictions - As much as Netflix account holders were dreading the day the company finally cracked down on password sharing, the streaming giants first taste of what it has in store for users was both confusing and concerning. Folks online were dumbfounded by some ...
1 year ago Packetstormsecurity.com
Microsoft launches Defender Bounty Program with $20,000 rewards - Microsoft has unveiled a new bug bounty program aimed at the Microsoft Defender security platform, with rewards between $500 and $20,000. While higher awards are possible, Microsoft retains sole discretion to determine the final reward amount based ...
11 months ago Bleepingcomputer.com
The 20 Most Essential Crypto Bug Bounty Programs - Working with cryptocurrency has become more and more popular in the last few years, but it’s not without risks. It’s important for sites that conduct digital payments and transfers to have security measures in place to help keep your data safe ...
1 year ago Hackread.com
HackerOne paid ethical hackers over $300 million in bug bounties - HackerOne has announced that its bug bounty programs have awarded over $300 million in rewards to ethical hackers and vulnerability researchers since the platform's inception. Thirty hackers have earned over a million USD for their submissions, and ...
11 months ago Bleepingcomputer.com
Record Breaking $153,000+ Already Invested into the Security of the WordPress Ecosystem by Wordfence - In just a few short months since our launch in November of last year, the Wordfence Bug Bounty Program has already awarded over $153,000 in bounties to WordPress security researchers who have been responsibly reporting security issues in WordPress ...
7 months ago Wordfence.com
Google Paid Out $10 Million via Bug Bounty Programs in 2023 - Google on Tuesday announced that it paid out a total of $10 million through its bug bounty programs in 2023, bringing the total amount awarded by the tech giant for vulnerabilities found in its products since 2010 to $59 million. The total paid out ...
7 months ago Securityweek.com
Google paid $10 million in bug bounty rewards last year - Google awarded $10 million to 632 researchers from 68 countries in 2023 for finding and responsibly reporting security flaws in the company's products and services. Though this is lower than the $12 million Google's Vulnerability Reward Program paid ...
7 months ago Bleepingcomputer.com
Poking holes in Google products bagged bug hunters $10M The Register - Google awarded $10 million to 632 bug hunters last year through its vulnerability reward programs. The web goliath's 2023 total represents a slight dip compared to the $12 million in bounties it paid the previous year. Hopefully this means ...
7 months ago Go.theregister.com
Pentagon Received Over 50,000 Vulnerability Reports Since 2016 - The US Department of Defense on Friday announced that it has processed 50,000 reports received as part of its continuous vulnerability disclosure program launched in November 2016. A first in the history of the federal government, the program was ...
7 months ago Securityweek.com
Pentagon Received Over 50,000 Vulnerability Reports Since 2016 - The US Department of Defense on Friday announced that it has processed 50,000 reports received as part of its continuous vulnerability disclosure program launched in November 2016. A first in the history of the federal government, the program was ...
7 months ago Packetstormsecurity.com
Revolutionizing WordPress Bug Bounty and Security: Latest Enhancements to the Wordfence Bug Bounty Program - Our team has triaged around 2,140 vulnerability submissions, with about 1,320 deemed in-scope. Together with our researchers and software vendors, we've protected millions of websites from vulnerabilities - and this is just the beginning. We're ...
5 months ago Wordfence.com
$937 Bounty Awarded for Privilege Escalation and Local File Inclusion Vulnerabilities Patched in MasterStudy LMS WordPress Plugin - On February 25th, 2024, during our second Bug Bounty Extravaganza, we received a submission for a Privilege Escalation vulnerability in MasterStudy LMS, a WordPress plugin with more than 10,000 active installations. The next day on February 26th, ...
6 months ago Wordfence.com
Zoom flaw enabled hijacking of accounts with access to meetings, team chat - A Zoom flaw that enabled the hijacking of service accounts with access to potentially confidential information was disclosed by bug hunters this week. The vulnerability in the Zoom Rooms feature mostly affected Zoom tenants using email addresses from ...
11 months ago Packetstormsecurity.com
Misconfigured Firebase Instances Expose 125 Million User Records - Hundreds of websites misconfigured Google Firebase, leaking more than 125 million user records, including plaintext passwords, security researchers warn. It all started with the hacking of Chattr, the AI hiring system that serves multiple ...
7 months ago Securityweek.com
Chrome 120 Update Patches High-Severity Vulnerabilities - Google on Tuesday announced the release of a Chrome 120 security update that addresses nine vulnerabilities, six of which were reported by external researchers. Of the externally reported flaws, five have a severity rating of 'high', four of which ...
10 months ago Securityweek.com
Google Patches Six Vulnerabilities With First Chrome Update of 2024 - Google on Wednesday announced the first Chrome security update of 2024, which resolves six vulnerabilities, including four reported by external researchers. All the four externally reported security defects are high-severity memory safety flaws, but ...
10 months ago Securityweek.com
Thinking outside the code: How the hacker mindset drives innovation - Keren Elazari is an internationally recognized security analyst, author, and researcher. Since 2000, Keren has worked with leading Israeli security firms, government organizations, innovative start-ups, and Fortune 500 companies. In this Help Net ...
6 months ago Helpnetsecurity.com
T-Mobile pays $31.5 million FCC settlement over 4 data breaches - "With companies like T-Mobile and other telecom service providers operating in a space where national security and consumer protection interests overlap, we are focused on ensuring critical technical changes are made to telecommunications networks to ...
1 month ago Bleepingcomputer.com
US offers up to $15 million for tips on ALPHV ransomware gang - The U.S. State Department is offering rewards of up to $10 million for information that could lead to the identification or location of ALPHV/Blackcat ransomware gang leaders. An additional $5 million bounty is also available for tips on individuals ...
8 months ago Bleepingcomputer.com
50,000 Vulnerabilities Discovered in DoD Systems Through Bug Bounty - Over 50,000 vulnerabilities have been submitted to the US Department of Defense through its vulnerability disclosure program. The DoD Cyber Crime Center reported on March 15, 2024, that it processed its 50,000th vulnerability since introducing its ...
7 months ago Infosecurity-magazine.com
SQL Injection Vulnerability Patched in Tutor LMS WordPress Plugin - On February 15th, 2024, during our second Bug Bounty Extravaganza, we received a submission for an authenticated SQL Injection vulnerability in Tutor LMS, a WordPress plugin with more than 80,000+ active installations. Props to Muhammad Hassham ...
7 months ago Wordfence.com
Mintlify Data Breach Leads to Exposure of Customer GitHub Tokens - AI-powered code documentation firm Mintlify says customer GitHub tokens were compromised in a data breach caused by a vulnerability in its systems, prompting it to launch a bug bounty program. Mintlify helps developers generate code documentation. It ...
7 months ago Securityweek.com
Black Basta's ransom haul tops $100M in less than 2 years - The Black Basta ransomware gang has raked in more than $100 million from victims of its double-extortion attacks since its emergence early last year, according to researchers. The haul - which included grabbing $9 million from one victim and more ...
11 months ago Packetstormsecurity.com
Too Much Escaping Backfires, Allows Shortcode-Based XSS Vulnerability in Contact Form Entries WordPress Plugin - On February 24th, 2024, during our second Bug Bounty Extravaganza, we received a submission for a stored Cross-Site Scripting vulnerability in Contact Form Entries, a WordPress plugin with more than 60,000+ active installations. The vulnerability ...
7 months ago Wordfence.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)