Residence › Cloud Safety

Google Boosts Bug Bounty Rewards for Linux Kernel Vulnerabilities

By Ionut Arghire on August 15, 2022

Tweet

Google is as soon as once more boosting the utmost bounty payouts for Linux vulnerabilities reported as a part of its open-source Kubernetes-based capture-the-flag (CTF) vulnerability rewards program (VRP).

Referred to as kCTF, this system was launched in 2020 to supply safety researchers with the means to report vulnerabilities within the Google Kubernetes Engine (GKE), for which they obtain a flag.

“All of GKE and its dependencies are in scope, however each flag caught to this point has been a container breakout by means of a Linux kernel vulnerability. We’ve realized that discovering and exploiting heap reminiscence corruption vulnerabilities within the Linux kernel may very well be made rather a lot tougher,” Google notes.

To that finish, the web big has launched a brand new set of mitigations anticipated to make a lot of the beforehand reported vulnerabilities and exploits harder to make use of in assaults.

Google launched these mitigations to combat in opposition to out-of-bounds writes on slab, cross-cache assaults, elastic objects, and freelist corruption.

In an effort to incentivize safety researchers to find methods to interrupt these mitigations, Google can also be asserting bonus rewards for vulnerabilities within the newest Linux kernel and for bypassing the newly launched mitigations.

Every of those two bonuses is of $21,000 and collectively they permit safety researchers to earn as a lot as $133,337 for important vulnerabilities reported as a part of kCTF.

The brand new bonus rewards come half a yr after Google virtually doubled the bottom bounty payouts in kCTF and introduced excessive bonuses for particular vulnerabilities. With three $20,000 bonus rewards on high of the $31,337 base reward, researchers might earn $91,337 for exploits assembly sure standards.

Now, the corporate says it’s indefinitely extending the elevated reward quantities that it introduced final yr, to which it additionally provides the brand new $21,000 bonuses.

“We hope it will enable us to be taught extra about how exhausting (or straightforward) it’s to bypass our experimental mitigations,” Google notes.

Associated: Google Providing $91,000 Rewards for Linux Kernel, GKE Zero-Days

Associated: Google Triples Bounty for Linux Kernel Exploitation

Associated: Google Paid Out $8.7 Million in Bug Bounty Rewards in 2021

Get the Each day Briefing

• Most Latest
• Most Learn

• Hundreds of VNC Cases Uncovered to Web as Assaults Improve
• Safe Boot Bypass Flaws Have an effect on Bootloaders of Many Gadgets Made in Previous Decade
• Google Boosts Bug Bounty Rewards for Linux Kernel Vulnerabilities
• Weaponized PLCs Can Hack Engineering Workstations in Assaults on Industrial Orgs
• Chinese language Cyberspies Use Provide Chain Assault to Ship Home windows, macOS Malware
• Killnet Releases ‘Proof’ of Its Assault In opposition to Lockheed Martin
• US Authorities Shares Photograph of Alleged Conti Ransomware Affiliate
• CISA, FBI Warn Organizations of Zeppelin Ransomware Assaults
• Microsoft Paid $13.7 Million through Bug Bounty Applications Over Previous Yr
• Realtek SDK Vulnerability Exposes Routers From Many Distributors to Distant Assaults

In search of Malware in All of the Improper Locations?

First Step For The Web’s subsequent 25 years: Including Safety to the DNS

Tattle Story: What Your Laptop Says About You

Be in a Place to Act By Cyber Situational Consciousness

Report Reveals Closely Regulated Industries Letting Social Networking Apps Run Rampant

2010, A Nice Yr To Be a Scammer.

Do not Let DNS be Your Single Level of Failure

Easy methods to Establish Malware in a Blink

Defining and Debating Cyber Warfare

The 5 A’s that Make Cybercrime so Engaging

Easy methods to Defend In opposition to DDoS Assaults

Safety Budgets Not in Line with Threats

Anycast – Three Causes Why Your DNS Community Ought to Use It

The Evolution of the Prolonged Enterprise: Safety Methods for Ahead Pondering Organizations

Utilizing DNS Throughout the Prolonged Enterprise: It’s Dangerous Enterprise

Orbit Brain

http://orbitbrain.com/

Orbit Brain is the senior science writer and technology expert. Our aim provides the best information about technology and web development designing SEO graphics designing video animation tutorials and how to use software easy ways
and much more. Like Best Service Latest Technology, Information Technology, Personal Tech Blogs, Technology Blog Topics, Technology Blogs For Students, Futurism Blog.