Google pays hackers to exploit patched Linux kernel flaws. On Monday the search engine giant announced it will pay around $31,337 for exploiting vulnerabilities previously remediated or otherwise, in the next three months as a part of its new bug bounty program to improve the security of the Linux kernel.
Google under this initiative will offer rewards worth $31,337 for exploiting each patched vulnerability in a lab environment. This amount can climb up to $50,337 for exploiting zero-day vulnerabilities in the kernel and other undocumented attack techniques.
The focus of the entire program is to identify potential attacks against Kubernetes-based infrastructure to defeat process isolation barriers (via NSJail) and break out of the sandbox to leak secret information.
The bug bounty program will last until January 31, 2022.According to Eduardo Vela of Google Bug Hunters Team, “It is important to note, that the easiest exploitation primitives are not available in our lab environment due to the hardening done on Container-Optimized OS.”
Android’s VRP Rewards program will also exist in conjunction with the rewards program. It will offer a platform for researchers to demonstrate exploits that work on mobile operating systems. Making them eligible to earn up to $250,000 in bug bounties, details about the contest can be found here.
Chinese government website for Qinghai Province was hacked by Anonymous
Over 30 Countries Pledge to Fight Ransomware Attacks in US-led Global Meeting
New Zero Day Vulnerability for Windows – Update your Windows PC immediately