Latest news with #Bugcrowd
Yahoo
6 days ago
- Business
- Yahoo
Cybersecurity Jobs That Will Dominate 2026: INE Security Prepares Professionals for the Most Critical Roles
Cary, NC, June 17, 2025 (GLOBE NEWSWIRE) -- INE Security, a leading global cybersecurity training and IT security training provider, is releasing new analysis of cybersecurity roles that will dominate the 2026 job market. Based on a comprehensive analysis of industry data and research released at major cybersecurity conferences, including RSA Conference 2025, GISEC Global 2025, and worldwide Black Hat events, INE Security has identified cybersecurity job roles where the highest market demand intersects with hands-on technical expertise. "Skill shortages are a major concern throughout the cybersecurity industry, particularly in mission-critical roles,' said Tracy Wallace, INE Security's Director of Content Development. 'INE Security's hands-on cybersecurity training methodology creates job-ready professionals in the areas where technical expertise can make the greatest immediate impact. Our 3,100+ browser-based labs don't just teach concepts—they build the practical IT security training skills that organizations need right now." Critical Cybersecurity Roles Shaping 2026: Identity Security Posture Management (ISPM) Specialists: With identity-related breaches continuing to plague organizations, ISPM specialists will be essential for enterprises seeking to uncover and address identity risks across hybrid cloud and on-premises systems. RSAC 2025 emphasized new ISPM capabilities and innovations to protect passwordless environments, while major vendors announced ISPM solutions as core offerings. : Comprehensive Active Directory security training, Identity and Access Management courses, and privilege escalation techniques integrated across the eJPT and eCPPT learning paths provide unparalleled preparation for ISPM roles : More than 500 hands-on labs focused on identity security give professionals the practical expertise enterprises desperately need to secure hybrid environments Career Pathway: Clear progression from fundamental identity concepts to advanced enterprise identity architecture management Crowdsourced Red Team Specialists: The cybersecurity industry is exploring offensive security through distributed approaches. At RSAC 2025, Bugcrowd launched the industry's first Crowdsourced Red Team as a Service platform, connecting organizations to global networks of vetted ethical hackers for real-time, intelligence-led testing. This model brings the potential for massive scale and flexibility to traditionally resource-heavy security assessments. INE Security Training Advantage: Proven pentester training progression from eJPT (Junior Penetration Tester) through eCPPT (Certified Professional Penetration Tester) to eWPTX (Web Application Penetration Tester eXtreme) creates the exact ethical hacking expertise needed for distributed red team operations : Students practice authentic attack scenarios through browser-based labs that simulate crowdsourced testing environments : INE Security's pentester certifications are trusted by Fortune 500 companies globally, specifically for roles requiring hands-on offensive security expertise Mobile Threat Analysts: Cyber attackers are increasingly prioritizing mobile over desktop environments. Zimperium's 2025 Global Mobile Threat Report showed that smishing now comprises over two-thirds of mobile phishing attacks. Organizations need specialists focused exclusively on mobile security infrastructure. INE Security Training Advantage: The eMAPT (Mobile Penetration Testing) certification provides foundational mobile security expertise, positioning graduates for the expanding mobile defense field Expanding Curriculum: INE Security is developing advanced mobile defense training to address enterprise mobile threat intelligence and incident response Market Opportunity: As one of the few providers offering hands-on mobile security labs, INE Security graduates enter this high-demand field with immediate practical capabilities AI Security Specialists/Engineers: The demand for AI security expertise has reached unprecedented levels. RSA Conference 2025 featured over 100 sessions dealing with artificial intelligence, with attendees noting the event had transformed into "RSAI" rather than RSAC. GISEC Global 2025 was held under the theme 'Securing an AI-Powered Future,' emphasizing AI governance and digital ethics as critical areas requiring immediate attention. INE Security Training Advantage: INE Security's strong training materials in threat detection and analysis, combined with foundational AI skills, provide professionals with transferable skills applicable to AI security roles Market Opportunity: Represents the highest-growth career opportunity in cybersecurity as organizations deploy AI-powered security tools while defending against AI-enhanced attacks Industry Development: The cybersecurity training industry is scrambling to develop AI security courses to meet skyrocketing demand Cloud Security Engineers: Cloud Security Engineers are integral to organizational resilience as businesses accelerate cloud adoption. With 45% of organizations reporting unfilled cloud security roles and experienced professionals commanding salaries above $155,000 annually, this represents one of the highest-demand technical specializations. AWS Certified Security - Specialty is now recognized as one of the highest-paying technical cloud positions in the world, with an average global salary of $158,594. : Comprehensive cloud certification preparation across AWS, Azure, and Google Cloud platforms with dedicated learning paths for AWS Solutions Architect Associate, AWS SysOps Administrator Associate, Azure Security Engineer Associate (AZ-500), and Azure Administrator Associate (AZ-104) Hands-On Cloud Labs: 130+ hands-on labs specifically designed for cloud security scenarios, plus additional cloud security collections in Skill Dive for real-world practice Security-First Approach: INE Security's "learn by doing" cybersecurity education methodology ensures graduates develop practical cloud security skills that directly address enterprise needs for securing AWS, Azure, and GCP environments Training That Delivers Career Resilience INE Security's approach addresses the intersection of market demand and practical skills development: Immediate Market Entry: Identity security, red team operations, and mobile defense roles offer immediate career opportunities for technically skilled professionals Skills Premium: Organizations investing in cybersecurity education programs are overwhelmingly more likely to retain cybersecurity professionals, according to a 2024 LinkedIn workforce study, directly addressing skills shortages in high-demand technical roles Future-Proofing: As digital transformation accelerates, technical security roles address fundamental infrastructure needs that will intensify through 2026 and beyond Clear ROI: Professionals can immediately contribute to identity security, red team operations, and mobile defense initiatives with hands-on expertise "The convergence of identity threats, sophisticated attacks, and mobile vulnerabilities creates new opportunities for cybersecurity professionals who combine technical depth with practical experience," continued Wallace. "INE Security's strength lies in preparing professionals for roles where hands-on technical skills directly address critical business security needs." About INE Security INE Security is the premier provider of online networking and cybersecurity training and cybersecurity certifications. Harnessing a powerful hands-on lab platform, cutting-edge technology, a global video distribution network, and world-class instructors, INE Security is the top training choice for Fortune 500 companies worldwide for cybersecurity training in business and for IT professionals looking to advance their careers. INE Security's suite of learning paths and preparation for professional certifications offers an incomparable depth of expertise across cybersecurity and is committed to delivering advanced technical training for cybersecurity jobs while also lowering the barriers worldwide for those looking to enter and excel in an IT career. CONTACT: Kathryn Brown INE kbrown@
Forbes
13-06-2025
- Forbes
Google Chrome Warning Issued For Most Windows PC Users
Beware this hidden Chrome threat. This is another interesting month for Google's 3 billion Chrome users, with a U.S. government mandate to update all browsers by June 26 and another update warning this week as further vulnerabilities are discovered. But there's a very different Chrome threat to your PC, and it's much more difficult to find and fix. Already this month we have been warned by LayerX that 'a network of malicious sleeper agent extensions" are 'waiting for their 'marching order' to execute malicious code on unsuspecting users' computers.' A huge number of Chrome users have at least one extension installed, which is one of the browser's biggest security risks. Now Symantec warns that some of the most popular extensions it has analyzed, 'expose information such as browsing domains, machine IDs, OS details, usage analytics, and more.' The research team says 'many users assume that popular Chrome extensions adhere to strong security practices,' but that's just not the case. Symantec found that even some big-brand extensions 'unintentionally transmit sensitive data over simple HTTP. By doing so, they expose browsing domains, machine IDs, operating system details, usage analytics, and even uninstall information.' More alarmingly, 'because the traffic is unencrypted, a Man-in-the-Middle (MITM) attacker on the same network can intercept and, in some cases, even modify this data, leading to far more dangerous scenarios than simple eavesdropping.' Bugcrowd's Trey Ford told me 'this is a very common way to compromise browsers for various outcomes, ranging from stealing credentials and spying on users, to simply establishing ways to very uniquely identify and track users across the internet. Ultimately this can manifest as a form of malware, and unavoidably create new attack surface for miscreants to attack and compromise a very secure browsing experience.' There's no easy answer to this one. Symantec says that while 'none of [the extensions] appear to leak direct passwords,' the data can still fuel attacks. 'The risk is not just theoretical; unencrypted traffic is simple to capture, and the data can be used for profiling, phishing, or other targeted attacks.' Symantec notified the developers behind the tested extensions (details in its report.) 'The overarching lesson,' the team says, 'is that a large install base or a well-known brand does not necessarily ensure best practices around encryption. Extensions should be scrutinized for the protocols they use and the data they share.' According to Keeper Security's Patrick Tiquet, 'this highlights a critical gap in extension security,' if and when 'developers cut corners.' He warns that 'transmitting data over unencrypted HTTP and hard-coding secrets exposes users to profiling, phishing and adversary-in-the-middle attacks – especially on unsecured networks.' The risk is especially acute for enterprises. 'Organizations should take immediate action by enforcing strict controls around browser extension usage, managing secrets securely and monitoring for suspicious behavior across endpoints. Just because a browser extension is very popular and has a large user base doesn't mean it's secure. Businesses must scrutinize all browser extensions to protect sensitive data and identities.'
Yahoo
07-05-2025
- Business
- Yahoo
Bugcrowd Joins AWS ISV Accelerate Program
Strategic Alliance Expands Bugcrowd's Go-to-Market Strategies, Leveraging AWS Network to Deliver Crowdsourced Security Globally DUBAI, May 7, 2025 /PRNewswire/ -- Bugcrowd, a leader in crowdsourced cybersecurity, announced today that it has joined the Amazon Web Services (AWS) Independent Software Vendor (ISV) Accelerate Program, a co-sell program for AWS Partners that provides software solutions that run on or integrate with AWS. The program helps AWS Partners drive new business by directly connecting participating ISVs with the AWS Sales organization. Through participation in the AWS ISV Accelerate Program, the Bugcrowd Platform is now available for AWS on-the-ground sales team. Bugcrowd (PRNewsfoto/Bugcrowd) The Bugcrowd Platform delivers managed bug bounty, vulnerability disclosure programs, penetration testing as a service, red teaming, and AI safety testing, all powered by "The Crowd," Bugcrowd's global community of ethical hackers and pentesters. By integrating with AWS, Bugcrowd will empower new customers to identify and mitigate critical vulnerabilities within their cloud environments. This integration allows the AWS sales team to offer their customers a powerful, proactive security solution, ensuring robust protection against evolving cyber threats. "We're thrilled to join the AWS ISV Accelerate Program and bring the Bugcrowd Platform more directly to AWS customers," said Paul Ciesielski, Chief Revenue Officer, Bugcrowd." This collaboration allows us to directly connect with AWS field sellers, expanding our reach and helping more organizations proactively address their security needs. By simplifying the procurement process and providing seamless integration, we're making it easier for AWS customers to leverage the collective expertise of our global hacker community. Ultimately, partnering with AWS reinforces our commitment to delivering industry-leading capabilities to as many users as possible." Joining the AWS ISV Accelerate Program streamlines the procurement process for AWS customers, granting them simplified access to Bugcrowd's cutting-edge security capabilities. The AWS ISV Accelerate Program provides Bugcrowd with co-sell support and benefits to meet customer needs through collaboration with AWS on-the-ground sales team globally. Co-selling provides better customer outcomes and assures mutual commitment from AWS and its partners. This collaboration creates significant growth opportunities for Bugcrowd to leverage the extensive network and resources from AWS to deliver unparalleled security services, drive optimal customer outcomes, and align with strategic VARs.
BBC News
28-04-2025
- Entertainment
- BBC News
What is bug hunting and why is it changing?
Few technology careers offer the chance to demonstrate your skills in exclusive venues worldwide, from luxury hotels to Las Vegas e-sports arenas, peers cheering you on as your name moves up the leaderboard and your earnings rack that's what Brandyn Murtagh experienced within his first year as a bug bounty Murtagh got into gaming and building computers at 10 or 11-years-old and always knew "I wanted to be a hacker or work in security".He began working in a security operations centre at 16, and moved into penetration testing at 20, a job that also involved testing the security of clients' physical and computer security: "I had to forge false identities and break into places and then hack. Quite fun."But in the past year he has became a full-time bug hunter and independent security researcher, meaning he scours organizations' computer infrastructure for security vulnerabilities. And he hasn't looked back. Internet browser pioneer Netscape is regarded as the first technology company to offer a cash "bounty" to security researchers or hackers for uncovering flaws or vulnerabilities in its products, back in the platforms like Bugcrowd and HackerOne in the US, and Intigriti in Europe, emerged to connect hackers and organizations that wanted their software and systems tested for security Bugcrowd founder Casey Ellis explains, while hacking is a "morally agnostic skill set", bug hunters do have to operate within the like Bugcrowd bring more discipline to the bug-hunting process, allowing companies to set the "scope" of what systems they want hackers to target. And they operate those live hackathons where top bug hunters compete and collaborate "hammering" systems, showing off their skills and potentially earning big payoff for companies using platforms like Bugcrowd is also clear. Andre Bastert, global product manager AXIS OS, at Swedish network camera and surveillance equipment firm Axis Communications, said that with 24 million lines of code in its device operating system, vulnerabilities are inevitable. "We realized it's always good to have a second set of eyes."Platforms like Bugcrowd mean "you can use hackers as a force for good," he says. Since opening its bug bounty programme, Axis has uncovered – and patched - as many as 30 vulnerabilities, says Mr Bastert, including one "we deem very severe". The hacker responsible received a $25,000 (£19,300) reward. So, it can be lucrative work. Bugcrowd's top earning hacker over the last year earned over $ while there are millions of hackers registered on the key platforms, Inti De Ceukelaire, chief hacking officer at Intigriti, says the number hunting on a daily or weekly basis is "tens of thousands." The elite tier, who are invited to the flagship live events will be smaller Murtagh says: "A good month would look like a couple of critical vulnerabilities found, a couple of highs, a lot of mediums. Some good pay days in an ideal situation." But he adds, "It doesn't always happen." Yet with the explosion of AI, bug hunters have whole new attack surfaces to Ellis says organizations are racing to gain a competitive advantage with the technology. And this typically has a security impact."In general, if you implement a new technology quickly and competitively, you're not thinking as much about what might go wrong." In addition, he says, AI is not just powerful but "designed to be used by anyone".Dr Katie Paxton-Fear, a security researcher and cybersecurity lecturer at Manchester Metropolitan University, points out that AI is the first technology to explode onto the scene with the formal bug hunting community already in it has levelled the playing field for hackers, says Mr De Ceukelaire. Hackers – both ethical and not – can exploit the technology to speed up and automate their own operations. This ranges from conducting reconnaissance to identify vulnerable systems, to analysing code for flaws or suggesting possible passwords to break into modern AI systems' reliance on large language models also means language skills and manipulation are an important part of the hacker tool kit, Mr De Ceukelaire says he has drawn on classic police interrogation techniques to befuddle chatbots and get them to "crack".Mr Murtagh describes using such social engineering techniques on chatbots for retailers: "I would try and make the chatbot cause a request or even trigger itself to give me another user's order or another user's data." But these systems are also vulnerable to more "traditional" web app techniques, he says. "I have had some success in an attack called cross site scripting, where you can essentially trick the chatbot into rendering a malicious payload that can cause all kinds of security implications."But the threat doesn't stop there. Dr Paxton-Fear says an over-focus on chatbots and large language models can distract from the broader interconnectedness of AI powered systems."If you get a vulnerability in one system, where does that eventually appear in every other system it connects to? Where are we seeing that link between them? That's where I would be looking for these kinds of flaws."Dr Paxton-Fear adds that there hasn't been a major AI-related data breach yet, but "I think it's just a matter of time".In the meantime, the burgeoning AI industry needs to be sure it embraces bug hunters and security researchers, she says. "The fact that some companies don't makes it so much harder for us to do our job of just keeping the world safe."That is unlikely to put off the bug hunters in the meantime. As Mr De Ceukelaire says: "Once a hacker, always a hacker."
Techday NZ
28-04-2025
- Business
- Techday NZ
Bugcrowd unveils red team service for cyber defence
Bugcrowd has introduced a crowdsourced Red Team as a Service (RTaaS) solution designed to provide scalable, intelligence-led adversarial testing for organisations preparing for modern cyber threats and zero day attacks. The new service connects organisations with a global pool of vetted ethical hackers to deliver a range of managed red team engagements, orchestrated through the Bugcrowd Platform. Bugcrowd aims to set a new standard in the red team services sector by enabling customers to test their security measures using current adversarial tactics, techniques, and procedures. RTaaS integrates with Bugcrowd's current offerings, such as Penetration Testing as a Service, Managed Bug Bounty, and Vulnerability Disclosure Programs, allowing customers to select services according to specific operational requirements, available budget, and organisational readiness. T hrough the company's international community of trusted ethical hackers, organisations are able to secure specialised expertise and scale their red team operations as needed. Dave Gerry, Chief Executive Officer of Bugcrowd, said: "Traditionally, red teaming was only possible for large organizations that could either afford the services of security consultants or had a sizable security workforce to manage the workload alongside daily operations—and even then, findings were too often not actionable. Bugcrowd's industry-first offensive crowdsourced RTaaS bridges this critical security gap, opening the door for our customers to access high-end capabilities that deliver crucial insights into their defensive posture—continuously." "Bugcrowd was founded on the bug bounty hunter mindset, an objective that aligns perfectly with Red Team operators. This launch is a significant milestone for Bugcrowd as it brings a pioneering solution to life. We are excited to see the power of The Crowd in action in RTaaS and enhance our customers' always-on approach to security testing." The persistent nature of sophisticated cybercrime campaigns has led to rising costs associated with breaches. As enterprise IT environments increase in complexity, organisations are recognising the need to take proactive steps to counteract advanced threats. While penetration testing and bug bounty schemes remain important methods for finding vulnerabilities, Bugcrowd's RTaaS is designed to boost organisational resilience by simulating attacks based on real-world scenarios, testing detection and response mechanisms, and revealing weaknesses that might not be detected by traditional assessment methods. Key capabilities of Bugcrowd's RTaaS include threat intelligence alignment with realistic scenarios, integration of risk profiling, and simulations modelled on real-life attack methodologies. Operators engaging in the RTaaS programme are selected from a global network based on their expertise in advanced tactics relevant to different customer environments and threat profiles. The service provides comprehensive reporting, including visual attack chains and narratives mapping findings to root causes and existing security controls. RTaaS is designed to be scalable and flexible, offering organisations the choice of assured, blended, or continuous red team engagements to address various levels of budget, compliance needs, and security maturity. Pricing options available through the platform include day-rate engagements, reward pools, and continuous programmes, aiming to provide a high return on investment for organisations with varying requirements. Bugcrowd's approach with RTaaS is to allow more organisations, regardless of size, to benefit from red team expertise that was once only accessible by larger enterprises. The service is available now to all Bugcrowd Platform customers.
