Google recently announced the increase in bug bounty rewards, making them more lucrative to security researchers. The search engine giant stated that it has raised the bounties for Chrome and Google Play bugs.
Google launched the vulnerability rewards program in 2010 and provides cash rewards to security researchers who report vulnerabilities in Google code. The company stated that they’ve received around 8,500 vulnerability reports and paid rewards over $5 million (£4 million).
According to Google’s Chrome security experts Natasha Pabrai and Andrew Whalley, the company has doubled the maximum reward on High-Quality Reports from $15,000 (£12,000) to $30,000 (£24,000) and tripled the baseline reward amount from $5000 ((£4 million) to $15,000 (£12,000) for good measure.
“Today, we’re delighted to announce an across the board increase in our reward amounts! Full details can be found on our program rules page, but highlights include tripling the maximum baseline reward amount from $5,000 to $15,000 and doubling the maximum reward amount for high quality reports from $15,000 to $30,000. The additional bonus given to bugs found by fuzzers running under Chrome Fuzzer Program is also doubling to $1,000,” Google said in an official post.
“But that’s not all! On Chrome OS we’re increasing our standing reward to $150,000 for exploit chains that can compromise a Chromebook or Chromebox with persistence in guest mode. Security bug in firmware and lock screen bypasses also get their own reward categories,” Google added.
Scammers are making phishing attacks, by abusing Google Calendar services, to trick users into giving away sensitive information like passwords, card details, and other financial data. The threat intelligence and cybersecurity firm Kaspersky stated that it detected many unsolicited pop-up calendar notifications sent to Gmail users by cybercriminals as a sophisticated spam email attack.
The scam occurs when an attacker sends an unsolicited calendar invitation carrying a link to a phishing URL and encourage the recipient to click on the link. The user then redirected to a fake website, appears to be original, that features a simple questionnaire and offered a prize after completion. The victim will be asked to fill in personal details like name, phone number, address, and bank details in order to steal the victim’s money or identity.