Welcome reader to your CybersecurityHQ report.

Headlines

Netflix began its bug bounty program in 2018, and since then, it has paid out over $1 million. Now, major moves are being made to increase the scope of the program. The company is moving its bug bounties to HackerOne. There, it plans to increase its bounty ranges, among other improvements.

If you find authorization issues, you can now earn anywhere between $300 and $5,000. Larger issues, including vulnerabilities for Netflix.com, earn up to $20,000. The company is promising to increase these rewards and provide even more opportunities for hackers to make money.

The US Treasury sanctioned three Chinese individuals as well as three Thai companies for their work in a cybercrime network that committed a range of crimes, including a botnet attack, bomb threats, and fraudulent COVID-19 aid applications. 

On Tuesday, the Treasury announced that “These individuals leveraged their malicious botnet technology to compromise personal devices, enabling cybercriminals to fraudulently secure economic assistance intended for those in need and to terrorize our citizens with bomb threats.”

The legendary auction house Christie’s is facing a data breach from a ransomware group — likely the newly established RansomHub. The initial attack caused Christie’s website to go offline earlier this month, and now it threatens to reveal 2 GB worth of data.

The group claims the data includes “sensitive personal information” from more than half a million private clients. A spokesperson for the auction house stated, “Our investigations determined there was unauthorized access by a third party to parts of Christie’s network. They also determined that the group behind the incident took some limited amount of personal data relating to some of our clients. There is no evidence that any financial or transactional records were compromised.”

Interesting Read

Does anybody actually care about the tsunami of AI-powered scams? Writing for the BBC, Jane Wakefield delivers this interesting piece asking just this question. The article focuses on Clark Hoefnagels who created an AI tool called Catch to detect fraudulent emails — inspired by his grandmother's experience of being scammed out of $27,000.

Surprisingly, public interest in such protective measures is minimal. Even those who have been scammed show indifference to the Catch team, including a man who lost $15,000 to scammers. What will it take for people to really invest in more protection?

Employment Tip: Seek Constructive Feedback

Taking in feedback and using those insights to improve yourself is the single best way to develop any skill. In the world of cybersecurity, you have to cultivate so many different aptitudes that feedback is an absolute must. Peers, mentors, and supervisors are great resources for discovering strengths you can rely on and areas that need improvement.

For the latest openings in cybersecurity careers, check CybersecurityHQ.

Stay Safe, Stay Secure.

The CybersecurityHQ Team