1. IT-Security >
  2. Cyber Security Nachrichten >
  3. Cisco Meraki Offers Up to $10,000 in Bug Bounty Program


ArabicEnglishFrenchGermanGreekItalianJapaneseKoreanPersianPolishPortugueseRussianSpanishTurkishVietnamese

Cisco Meraki Offers Up to $10,000 in Bug Bounty Program

RSS Kategorie Pfeil IT Security Nachrichten vom | Quelle: feedproxy.google.com Direktlink öffnen

Cisco Meraki, a provider of cloud-managed IT solutions, announced last week the launch of a public bug bounty program with rewards of up to $10,000 per vulnerability.

Cisco Meraki, which resulted from Cisco’s acquisition of Meraki in late 2012, started with a private bug bounty program on the Bugcrowd platform. The private program led to the discovery of 39 flaws, for which the company paid out an average of roughly $1,100.

The firm has now decided to open its bug bounty program to all the white hat hackers on Bugcrowd and it’s prepared to pay them between $100 and $10,000 per flaw.Cisco Meraki

The initiative covers the meraki.com, ikarem.io, meraki.cisco.com and network-auth.com domains and some of their subdomains, the Meraki Dashboard mobile apps for Android and iOS, and products such as the Cisco Meraki MX Security Appliances, Meraki MS Switches, MR Access Points, MV Security Cameras, MC Phones, Systems Manager, and Virtual Security Appliances.

The highest rewards can be earned for serious vulnerabilities in websites (except meraki.cisco.com), and all hardware and software products. Researchers can receive between $6,000 and $10,000 for remote code execution, root logic, sensitive information disclosure, and device configuration hijacking issues.

There is a long list of security issues that are not covered by the program, including denial-of-service (DoS) attacks, SSL-related problems and ones that require man-in-the-middle (MitM) access, clickjacking, and classic self-XSS.

“We invest heavily in tools, processes and technologies to keep our users and their networks safe, including third party audits, features like two-factor authentication and our out-of-band cloud management architecture,” said Sean Rhea, engineering director at Cisco Meraki. “The Cisco Meraki vulnerability rewards program is an important component of our security strategy, encouraging external researchers to collaborate with our security team to help keep networks safe.”

Meraki says its wireless, switching, security, and communications products are used by more than 230,000 global customers for 3 million devices.

Related: Pentagon Hacked in New U.S. Air Force Bug Bounty Program

Related: Facebook Paid $880,000 in Bug Bounties in 2017

Related: Bugcrowd Raises $26 Million to Expand Vulnerability Hunting Business

view counter
Eduard Kovacs is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
...

Webseite öffnen Komplette Webseite öffnen

Newsbewertung

Kommentiere zu Cisco Meraki Offers Up to $10,000 in Bug Bounty Program






Ähnliche Beiträge

  • 1. Cisco Meraki Offers Up to $10,000 in Bug Bounty Program vom 591.03 Punkte ic_school_black_18dp
    Cisco Meraki, a provider of cloud-managed IT solutions, announced last week the launch of a public bug bounty program with rewards of up to $10,000 per vulnerability. Cisco Meraki, which resulted from Cisco’s acquisition of Meraki in late 2012, start
  • 2. Cisco Meraki Offers Up to $10,000 in Bug Bounty Program vom 591.03 Punkte ic_school_black_18dp
    Cisco Meraki, a provider of cloud-managed IT solutions, announced last week the launch of a public bug bounty program with rewards of up to $10,000 per vulnerability. Cisco Meraki, which resulted from Cisco’s acquisition of Meraki in late 2012, start
  • 3. Cisco Email Security Appliance bis 8.2.0-222 Update Spoofing vom 204.91 Punkte ic_school_black_18dp
    Es wurde eine Schwachstelle in Cisco Email Security Appliance, Web Security Appliance sowie Content Management Security Appliance ausgemacht. Sie wurde als kritisch eingestuft. Es betrifft eine unbekannte Funktion der Komponente Update. Mittels Manipulieren
  • 4. Google Increase Chrome OS Bounty Program Up-to $150,000 vom 203.93 Punkte ic_school_black_18dp
    Google security increase their rewards for Bug Bounty Hunters up to $30000 and for chrome OS $150,000. Google also increase rewards for fuzz testing,... The post Google Increase Chrome OS Bounty Program Up-to $150,000 appeared first on HackersOnlineClub.
  • 5. TA18-106A: Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices vom 177.16 Punkte ic_school_black_18dp
    Original release date: April 16, 2018Systems Affected Generic Routing Encapsulation (GRE) Enabled DevicesCisco Smart Install (SMI) Enabled DevicesSimple Network Management Protocol (SNMP) Enabled Network DevicesOverview This joint Technical Alert (TA) is the result of analyt
  • 6. Cisco Meraki Loses Customer Data in Engineering Gaffe vom 165.73 Punkte ic_school_black_18dp
    Cisco has admitted to losing customer data during a configuration change its enginners applied to its Meraki cloud managed IT service. From a report: Specific data uploaded to Cisco Meraki before 11:20 am PT last Thursday was deleted after engineers created
  • 7. Netflix Launches Public Bug Bounty Program vom 155.23 Punkte ic_school_black_18dp
    Netflix announced on Wednesday the launch of a public bug bounty program with rewards of up to $15,000, and Dropbox has made some changes to its vulnerability disclosure policy, promising not to sue researchers. Netflix has had a vulnerability disclosure policy for the past 5 years an
  • 8. Netflix Launches Public Bug Bounty Program vom 155.23 Punkte ic_school_black_18dp
    Netflix announced on Wednesday the launch of a public bug bounty program with rewards of up to $15,000, and Dropbox has made some changes to its vulnerability disclosure policy, promising not to sue researchers. Netflix has had a vulnerability disclosure policy for the past 5 years an
  • 9. Google's AlphaGo Will Face Its Biggest Challenge Yet Next Month -- But Why Is It Still Playing? vom 149.05 Punkte ic_school_black_18dp
    From a report on The Guardian: A year on from its victory over Go star Lee Sedol, Google DeepMind is preparing a "festival" of exhibition matches for its board game-playing AI, AlphaGo, to see how far it has evolved in the last 12 months. Headlining the
  • 10. Cisco ASA bis 9.5 IKEv1/IKEv2 UDP Packet Pufferüberlauf vom 145.28 Punkte ic_school_black_18dp
    Allgemein scipID: 80921 Betroffen: Cisco ASA bis 9.5 Veröffentlicht: 10.02.2016 (David Barksdale/Jordan Gruskovnjak/Alex Wheeler) Risiko: sehr kritisch Erstellt: 11.02.2016 Eintrag: 78.9% komplett Beschreibung Eine Schwachstelle wurde in Cisco ASA bis 9.5 entd
  • 11. Cisco Jabber bis 1.9.30 Web Interface Information Disclosure vom 141.25 Punkte ic_school_black_18dp
    Es wurde eine problematische Schwachstelle in Cisco Jabber bis 1.9.30 entdeckt. Es betrifft eine unbekannte Funktion der Komponente Web Interface. Durch Manipulieren mit einer unbekannten Eingabe kann eine Information Disclosure-Schwachstelle ausgenutzt w
  • 12. GitHub Paid $166,000 in Bug Bounties in 2017 vom 140.42 Punkte ic_school_black_18dp
    Git repository hosting service GitHub paid a total of $166,495 in rewards in 2017 to security researchers reporting vulnerabilities as part of its four year old bug bounty program. Total payouts more than doubled compared to the $81,700 paid in 2016 and were nearly equal to the total bo