219
this post was submitted on 09 Feb 2024
219 points (97.4% liked)
Technology
59589 readers
3024 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
They're downplaying their responsibility and the problem while taking a negative tone about the white hat (bold added):
https://www.cuinsight.com/press-release/cu-solutions-group-issues-statement-on-recent-crm-vulnerability/
And of course, the obligatory 'we have an excellent security team, everyone faces threats, you can't blame us':
Basically the standard "we take security seriously":
https://www.troyhunt.com/we-take-security-seriously-otherwise/
As a non-participating visitor of security forums (which bleed into malicious hackers), I am looking forward to the popcorn.
Right now, my job post bug bounties and hackers pen test and find vulnerabilities. And there's a LOT of money flowing around in that space - my company alone has paid out over 7-figures collectively. A company's reputation to honoring the agreement is also sacred. Because if we fail to pay or reject that this is a real vulnerability, our rep tanks and the next time there's a vulnerability, it won't be reported, but abused.
CUSG just signalled that they are pieces of shit to the hacker community. And I'm gonna bet they are going to get some serious shit now.
🍿