Tuesday, June 18, 2024

Facebook Increases Average Bounty rewards for High Impact Vulnerabilities

Facebook increases the average payout for security researchers to encourage them to find high impact Vulnerabilities. The researchers who find account takeover vulnerabilities that lead to full account takeover without user consent will be rewarded up to $40,000.

The change in payout for bounties applicable to other products owned by Facebook including Instagram, WhatsApp, and Oculus.

High Impact Vulnerabilities

For researchers who detect a complete account takeover, including access tokens leakage or the ability to access users’ valid sessions are rewarded with the bounty of $40,000 for vulnerabilities without user interaction and $25,000 for the one with minimum user interaction.

Last September Facebook revealed a security breach that exposes 50 million accounts access tokens, hackers steal the access tokens by exploiting a bug in View As a feature.

Our goal is to ensure that these vulnerabilities such as the one disclosed in September are reported to us in the most responsible and timely manner.

The account takeover vulnerability allows an attacker to take complete control over the user account and access victims’ personal and group conversations, photos, videos, and other shared files, contact lists, and more.

The social media giant recently introduced Rewards for Rewards for Access Token Exposure, under this researchers will be rewarded for finding vulnerabilities in third-party apps and websites that exposes Facebook user access tokens.

“While monetary reward may not be the strongest incentive for why bug bounty researchers hack, we believe it remains a strong motivator for our white hat researchers to invest time in helping us identify and mitigate vulnerabilities reads facebook post.”

Bug Bounty program employs crowdsource security researchers will diverse skill set covering a wide of vulnerability scenarios and advanced threats. There are many apprehensions and misconceptions among large organizations about bug bounty programs regarding trust, talent base, managing security researchers, and more.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Bug Bounty courses online to keep your self-updated

Website

Latest articles

Singapore Police Arrested Two Individuals Involved in Hacking Android Devices

The Singapore Police Force (SPF) has arrested two men, aged 26 and 47, for...

CISA Conducts First-Ever Tabletop Exercise Focused on AI Cyber Incident Response

On June 13, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) made history by...

Europol Taken Down 13 Websites Linked to Terrorist Operations

Europol and law enforcement agencies from ten countries have taken down 13 websites linked...

New ARM ‘TIKTAG’ Attack Impacts Google Chrome, Linux Systems

Memory corruption lets attackers hijack control flow, execute code, elevate privileges, and leak data.ARM's...

Operation Celestial Force Employing Android And Windows Malware To Attack Indian Users

A Pakistani threat actor group, Cosmic Leopard, has been conducting a multi-year cyber espionage...

Hunt3r Kill3rs Group claims they Infiltrated Schneider Electric Systems in Germany

The notorious cybercriminal group Hunt3r Kill3rs has claimed responsibility for infiltrating Schneider Electric's systems...

Hackers Employing New Techniques To Attack Docker API

Attackers behind Spinning YARN launched a new cryptojacking campaign targeting publicly exposed Docker Engine...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles