U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Tor launches Bug Bounty Program, hackers can earn between $2,000 and $4,000 for high severity flaws

The Tor Project announced the launch of a public bug bounty program. Bug hunters can earn between $2,000 and $4,000 for high severity flaws. It’s official, the Tor Project announced the launch of a public bug bounty program through the HackerOne platform, the initiative was possible with support from the Open Technology Fund. “With support from the […]

tor bug bounty graphic

The Tor Project announced the launch of a public bug bounty program. Bug hunters can earn between $2,000 and $4,000 for high severity flaws.

It’s official, the Tor Project announced the launch of a public bug bounty program through the HackerOne platform, the initiative was possible with support from the Open Technology Fund.

“With support from the Open Technology Fund, we’re launching our first public bug bounty with HackerOne. We’re specifically looking for your help to find bugs in Tor (the network daemon) and Tor Browser. A few of the vulnerabilities we’re looking for include local privilege escalation, unauthorized access of user data, attacks that cause the leakage of crypto material of relays or clients, and remote code execution.” states the official announcement.

Hackers can earn thousands of dollars if they find serious vulnerabilities in the Tor network that could be exploited to track its users.

This isn’t the first time the Tor Project announces the launch of a bounty program, the Tor Project first announced it in December 2015. The Tor Project launched a private program in January 2016 and bug hunters reported three denial-of-service (DoS) flaws, and four memory corruption issues.

Back to the present, the Tor Project is looking for flaws in the Tor network daemon and Tor Browser.

The experts at the organizations are interested in any kind of vulnerability that could be exploited to compromise Tor relays and the Tor browsers, this means that it is open the hunt for local privilege escalation, remote code execution, unauthorized access of user data, and other attack vectors.

Bug hunters can earn between $2,000 and $4,000 for high severity vulnerabilities, while medium severity issues are worth between $500 and $2,000, while low severity issues go for at least $100. Even less severe problems will be rewarded with a t-shirt, stickers and a mention in Tor’s hall of fame. On its bug bounty page, the Tor Project provides examples for each category of vulnerabilities, including with CVE references.

The organization will also reward issues with a t-shirt, stickers and a mention in Tor’s hall of fame.

tor bug bounty program graphic

The organization will reward also flaws discovered in third-party libraries used by Tor, hackers can earn between $500 and $2,000, if the flawed libraries aren’t covered by other bug bounty programs.

“Tor users around the globe, including human rights defenders, activists, lawyers, and researchers, rely on the safety and security of our software to be anonymous online. Help us protect them and keep them safe from surveillance, tracking, and attacks,” continues the announcement.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Tor bug bounty program, hacking)

[adrotate banner=”13″]