Bugcrowd Joins AWS ISV Accelerate Program
Strategic Alliance Expands Bugcrowd's Go-to-Market Strategies, Leveraging AWS Network to Deliver Crowdsourced Security Globally
DUBAI, May 7, 2025 /PRNewswire/ -- Bugcrowd, a leader in crowdsourced cybersecurity, announced today that it has joined the Amazon Web Services (AWS) Independent Software Vendor (ISV) Accelerate Program, a co-sell program for AWS Partners that provides software solutions that run on or integrate with AWS. The program helps AWS Partners drive new business by directly connecting participating ISVs with the AWS Sales organization. Through participation in the AWS ISV Accelerate Program, the Bugcrowd Platform is now available for AWS on-the-ground sales team.
Bugcrowd (PRNewsfoto/Bugcrowd)
The Bugcrowd Platform delivers managed bug bounty, vulnerability disclosure programs, penetration testing as a service, red teaming, and AI safety testing, all powered by "The Crowd," Bugcrowd's global community of ethical hackers and pentesters. By integrating with AWS, Bugcrowd will empower new customers to identify and mitigate critical vulnerabilities within their cloud environments. This integration allows the AWS sales team to offer their customers a powerful, proactive security solution, ensuring robust protection against evolving cyber threats.
"We're thrilled to join the AWS ISV Accelerate Program and bring the Bugcrowd Platform more directly to AWS customers," said Paul Ciesielski, Chief Revenue Officer, Bugcrowd." This collaboration allows us to directly connect with AWS field sellers, expanding our reach and helping more organizations proactively address their security needs. By simplifying the procurement process and providing seamless integration, we're making it easier for AWS customers to leverage the collective expertise of our global hacker community. Ultimately, partnering with AWS reinforces our commitment to delivering industry-leading capabilities to as many users as possible."
Joining the AWS ISV Accelerate Program streamlines the procurement process for AWS customers, granting them simplified access to Bugcrowd's cutting-edge security capabilities. The AWS ISV Accelerate Program provides Bugcrowd with co-sell support and benefits to meet customer needs through collaboration with AWS on-the-ground sales team globally. Co-selling provides better customer outcomes and assures mutual commitment from AWS and its partners. This collaboration creates significant growth opportunities for Bugcrowd to leverage the extensive network and resources from AWS to deliver unparalleled security services, drive optimal customer outcomes, and align with strategic VARs.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Forbes
2 hours ago
- Forbes
Do Not Answer These Calls — Google Issues New Smartphone Warning
Beware the UNC6040 smartphone threat. Update, June 8, 2025: This story, originally published on June 6, has been updated with further warnings from the FBI regarding dangerous phone calls, as well as additional information from the Google Threat Intelligence Group report potentially linking the UNC6040 threat campaign to an infamous cybercrime collective known as The Com. Google's Threat Intelligence Group has issued a new warning about a dangerous cyberattack group known only as UNC6040, which is succeeding in stealing data, including your credentials, by getting victims to answer a call on their smartphone. There are no vulnerabilities to exploit, unless you include yourself: these attackers 'abuse end-user trust,' a Google spokesperson said, adding that the UNC6040 campaign 'began months ago and remains active.' Here's what you need to know and do. TL;DR: Don't answer that call, and if you do, don't act upon it. If you still need me to warn you about the growing threat from AI-powered cyberattacks, particularly those involving calls to your smartphone — regardless of whether it's an Android or iPhone — then you really haven't been paying attention. It's this lack of attention, on the broadest global cross-industry scale, that has left attackers emboldened and allowed the 'vishing' threat to evolve and become ever-increasingly more dangerous. If you won't listen to me, perhaps you'll take notice of the cybersecurity and hacking experts who form the Google Threat Intelligence Group. A June 4 posting by GTIG, which has a motto of providing visibility and context on the threats that matter most, has detailed how it's been tracking a threat group known only as UNC6040. This group is financially motivated and very dangerous indeed. 'UNC6040's operators impersonate IT support via phone,' the GTIG report stated, 'tricking employees into installing modified (not authorized by Salesforce) Salesforce connected apps, often Data Loader variants.' The payload? Access to sensitive data and onward lateral movement to other cloud services beyond the original intrusion for the UNC67040 hackers. Google's threat intelligence analysts have designated UNC6040 as opportunistic attackers, and the broad spectrum of that opportunity has been seen across hospitality, retail and education in the U.S. and Europe. One thought is that the original attackers are working in conjunction with a second group that acts to monetize the infiltrated networks and stolen data, as the extortion itself often doesn't start for some months following the initial intrusion itself. The Google Threat Intelligence Group report has linked the activity of the UNC640 attack group, specifically through shared infrastructure characteristics, with a cybercrime collective known as The Com. The highly respected investigative cybersecurity journalist, Brian Krebs, has described The Com as being a 'distributed cybercriminal social network that facilitates instant collaboration.' This social network exists within Telegram and Discord servers that are home to any number of financially motivated cybercrime actors. Although it is generally agreed that The Com is something of a boasting platform, where criminal hackers go to boost their exploit kudos while also devaluing the cybercrime activities of others, its own value as a resource for threat actors looking to find collaborative opportunities with like-minded individuals should not be underestimated. 'We've also observed overlapping tactics, techniques, and procedures,' Google's TIG researchers said with regard to The Com and UNC6040, 'including social engineering via IT support, the targeting of Okta credentials, and an initial focus on English-speaking users at multinational companies.' However, the GTIG report admits that it is also quite possible these overlaps are simply a matter of associated threat actors who all boast within the same online criminal communities, rather than being evidence of 'a direct operational relationship' between them. The Federal Bureau of Investigation has now also joined the chorus of security experts and agencies warning the public about the dangers of answering smartphone calls and messages from specific threat groups and campaigns. Public cybersecurity advisory I-051525-PSA has warned that the FBI has observed a threat campaign, ongoing since April 2025, that uses malicious text and voice messages impersonating senior U.S. officials, including those in federal and state government roles, to gain access to personal information and ultimately valuable online accounts. As with the latest Google Threat Intelligence Group warning, these attacks are based around the fishing tactic of using AI-generated voice messages along with carefully crafted text messages, known as smishing, as a method of engendering trust and, as the FBI described it, establishing rapport with the victim. 'Traditionally, malicious actors have leveraged smishing, vishing, and spear phishing to transition to a secondary messaging platform,' the FBI warned, 'where the actor may present malware or introduce hyperlinks that direct intended targets to an actor-controlled site that steals log-in information, like usernames and passwords.' The latest warnings regarding this scam call campaign have appeared on social media platforms such as X, formerly known as Twitter, from the likes of the FBI Cleveland and FBI Nashville, as well as on law enforcement websites, including the New York State Police. The message remains the same: the FBI won't call you demanding money or access to online accounts, and the New York State Police won't call you demanding sensitive information or threatening you with arrest over the phone. 'Malicious actors are more frequently exploiting AI-generated audio to impersonate well-known, public figures or personal relations to increase the believability of their schemes,' the FBI advisory warned. The FBI has recommended that all smartphone users, whether they iPhone or Android devices, must seek to verify the true identity of the caller or sender of a text message before responding in any way. 'Research the originating number, organization, and/or person purporting to contact you,' the FBI said, 'then independently identify a phone number for the person and call to verify their authenticity.' To mitigate the UNC6040 attack risk, GITG said that organisations should consider the following steps: And, of course, as Google has advised in previous scam warnings, don't answer those phone calls from unknown sources. If you do, and it's someone claiming to be an IT support person, follow the FBI advice to hang up and use the established methods within your organization to contact them for verification.
Yahoo
2 hours ago
- Yahoo
Chinese hackers and user lapses turn smartphones into a 'mobile security crisis'
WASHINGTON (AP) — Cybersecurity investigators noticed a highly unusual software crash — it was affecting a small number of smartphones belonging to people who worked in government, politics, tech and journalism. The crashes, which began late last year and carried into 2025, were the tipoff to a sophisticated cyberattack that may have allowed hackers to infiltrate a phone without a single click from the user. The attackers left no clues about their identities, but investigators at the cybersecurity firm iVerify noticed that the victims all had something in common: They worked in fields of interest to China's government and had been targeted by Chinese hackers in the past. Foreign hackers have increasingly identified smartphones, other mobile devices and the apps they use as a weak link in U.S. cyberdefenses. Groups linked to China's military and intelligence service have targeted the smartphones of prominent Americans and burrowed deep into telecommunication networks, according to national security and tech experts. It shows how vulnerable mobile devices and apps are and the risk that security failures could expose sensitive information or leave American interests open to cyberattack, those experts say. 'The world is in a mobile security crisis right now,' said Rocky Cole, a former cybersecurity expert at the National Security Agency and Google and now chief operations officer at iVerify. 'No one is watching the phones.' US zeroes in on China as a threat, and Beijing levels its own accusations U.S. authorities warned in December of a sprawling Chinese hacking campaign designed to gain access to the texts and phone conversations of an unknown number of Americans. 'They were able to listen in on phone calls in real time and able to read text messages,' said Rep. Raja Krishnamoorthi of Illinois. He is a member of the House Intelligence Committee and the senior Democrat on the Committee on the Chinese Communist Party, created to study the geopolitical threat from China. Chinese hackers also sought access to phones used by Donald Trump and running mate JD Vance during the 2024 campaign. The Chinese government has denied allegations of cyberespionage, and accused the U.S. of mounting its own cyberoperations. It says America cites national security as an excuse to issue sanctions against Chinese organizations and keep Chinese technology companies from the global market. 'The U.S. has long been using all kinds of despicable methods to steal other countries' secrets,' Lin Jian, a spokesman for China's foreign ministry, said at a recent press conference in response to questions about a CIA push to recruit Chinese informants. U.S. intelligence officials have said China poses a significant, persistent threat to U.S. economic and political interests, and it has harnessed the tools of digital conflict: online propaganda and disinformation, artificial intelligence and cyber surveillance and espionage designed to deliver a significant advantage in any military conflict. Mobile networks are a top concern. The U.S. and many of its closest allies have banned Chinese telecom companies from their networks. Other countries, including Germany, are phasing out Chinese involvement because of security concerns. But Chinese tech firms remain a big part of the systems in many nations, giving state-controlled companies a global footprint they could exploit for cyberattacks, experts say. Chinese telecom firms still maintain some routing and cloud storage systems in the U.S. — a growing concern to lawmakers. 'The American people deserve to know if Beijing is quietly using state-owned firms to infiltrate our critical infrastructure,' U.S. Rep. John Moolenaar, R-Mich. and chairman of the China committee, which in April issued subpoenas to Chinese telecom companies seeking information about their U.S. operations. Mobile devices have become an intel treasure trove Mobile devices can buy stocks, launch drones and run power plants. Their proliferation has often outpaced their security. The phones of top government officials are especially valuable, containing sensitive government information, passwords and an insider's glimpse into policy discussions and decision-making. The White House said last week that someone impersonating Susie Wiles, Trump's chief of staff, reached out to governors, senators and business leaders with texts and phone calls. It's unclear how the person obtained Wiles' connections, but they apparently gained access to the contacts in her personal cellphone, The Wall Street Journal reported. The messages and calls were not coming from Wiles' number, the newspaper reported. While most smartphones and tablets come with robust security, apps and connected devices often lack these protections or the regular software updates needed to stay ahead of new threats. That makes every fitness tracker, baby monitor or smart appliance another potential foothold for hackers looking to penetrate networks, retrieve information or infect systems with malware. Federal officials launched a program this year creating a 'cyber trust mark' for connected devices that meet federal security standards. But consumers and officials shouldn't lower their guard, said Snehal Antani, former chief technology officer for the Pentagon's Joint Special Operations Command. 'They're finding backdoors in Barbie dolls,' said Antani, now CEO of a cybersecurity firm, referring to concerns from researchers who successfully hacked the microphone of a digitally connected version of the toy. Risks emerge when smartphone users don't take precautions It doesn't matter how secure a mobile device is if the user doesn't follow basic security precautions, especially if their device contains classified or sensitive information, experts say. Mike Waltz, who departed as Trump's national security adviser, inadvertently added The Atlantic's editor-in-chief to a Signal chat used to discuss military plans with other top officials. Secretary of Defense Pete Hegseth had an internet connection that bypassed the Pentagon's security protocols set up in his office so he could use the Signal messaging app on a personal computer, the AP has reported. Hegseth has rejected assertions that he shared classified information on Signal, a popular encrypted messaging app not approved for the use of communicating classified information. China and other nations will try to take advantage of such lapses, and national security officials must take steps to prevent them from recurring, said Michael Williams, a national security expert at Syracuse University. 'They all have access to a variety of secure communications platforms,' Williams said. "We just can't share things willy-nilly.'
Washington Post
2 hours ago
- Washington Post
Chinese hackers and user lapses turn smartphones into a 'mobile security crisis'
WASHINGTON — Cybersecurity investigators noticed a highly unusual software crash — it was affecting a small number of smartphones belonging to people who worked in government, politics, tech and journalism. The crashes, which began late last year and carried into 2025, were the tipoff to a sophisticated cyberattack that may have allowed hackers to infiltrate a phone without a single click from the user.
