To get in touch about speaking at your event, email [email protected]
Media Packet
1,042 items across 6 categories — press, broadcast, stage, and paperwork. Captured, displayed, and archived for posterity.
1,042 items
Press
VentureBeat published an article on the critical Spring4Shell vulnerability affecting the Java Spring Framework and the need for organizations to prepare despite limited evidence of active exploitation. Casey Ellis comments on the vulnerability's severity and recommends that companies take preventive action rather than wait for widespread attacks to materialize.
Press
LinuxInsider published an article examining recent security vulnerabilities affecting Linux systems, including the Dirty Pipe privilege escalation flaw and DNS tunneling techniques used for command-and-control communications. Casey Ellis is cited for insights on the security threats and their implications for Linux infrastructure protection.
Press
The Record by Recorded Future reported on Google's emergency security update for Chrome to address the second actively exploited zero-day vulnerability of 2022. Casey Ellis commented on the significance of the vulnerability and the importance of timely patching for users.
Press
TheStreet published an article about phishing scams and cyber threats that exploit March Madness bracket participation. Casey Ellis discusses how hackers leverage the tournament's popularity to target consumers and outlines practical security measures for protecting personal information during the event.
Press
A March 2022 article in The Register examines the activities of the LAPSUS$ extortion group and its breaches of major technology companies including Microsoft, Okta, and Nvidia. Casey Ellis comments on the group's reckless approach and its failure to represent a professional model for the cybercriminal underground.
Press
BankInfoSecurity published an article examining how international sanctions on Russia and Belarus have disrupted bug bounty payments to security researchers in those countries. Casey Ellis discusses the operational and ethical challenges these restrictions create for vulnerability disclosure platforms and their researcher communities.
Press
CSO published an article on March 15, 2022, examining seven longstanding attack vectors that cybercriminals still exploit effectively, including phishing and unpatched software. Casey Ellis contributed analysis on why these older methods remain dangerous despite years of security awareness and patching efforts.
Press
Channel Futures reported on an SEC proposal requiring public companies to disclose cyberattacks within four days of discovery. Casey Ellis commented on the implications of the stricter reporting timeline for corporate security practices and incident response protocols.
Press
CyberWire's policy briefing newsletter from March 2022 covered the Biden administration's digital assets executive order, the Strengthening American Cybersecurity Act, and the SEC's incident reporting proposal. The briefing included Bugcrowd's designation as a CVE Numbering Authority, a recognition of the platform's role in coordinating vulnerability disclosures.
Press
Dark Reading reported on Vice Society's publication of sensitive data stolen from the Los Angeles public school system, including student psychological evaluations. Casey Ellis commented on the breach's implications for school cybersecurity and the need for improved data protection measures in educational institutions.
Press
ZDNet reported on security research from Palo Alto Networks identifying over 100,000 medical infusion pumps vulnerable to two significant security flaws. Casey Ellis contributed analysis of the vulnerabilities and their potential impact on healthcare device security and patient safety protocols.
Press
A Cybernews article examines the ongoing legal risks that ethical hackers encounter despite the expansion of bug bounty programs. Casey Ellis discusses how the disconnect between security research and legal frameworks leaves researchers vulnerable to prosecution and advocates for clearer protections.
Press
VentureBeat published Casey Ellis's analysis of Ukraine's volunteer IT Army formed in response to the Russian invasion. Ellis examines the ethical tensions and long-term consequences of state-endorsed hacktivism, arguing that while Ukraine's defensive response is justified, the precedent raises complex questions about accountability and international norms.
Press
An SC Media report details research showing that supply chain integration problems are costing 38 percent of companies $500,000 or more annually. Casey Ellis contributed to the findings on the financial impact of supply chain security gaps and integration challenges affecting enterprise operations.
Press
VentureBeat published an analysis of escalating cyber attacks during the Russian invasion of Ukraine, examining the involvement of hacktivist groups and distributed denial-of-service operations. Casey Ellis provided commentary on the nature and scope of the cyber conflict unfolding alongside conventional military operations.
Press
Threatpost published an article examining how the Russia-Ukraine conflict is fracturing the cybercriminal underground and forcing ransomware groups to take geopolitical stances. Casey Ellis is quoted discussing the implications of these divisions for threat intelligence and the evolving landscape of organized cybercrime.
Press
TheStreet published an article titled "How to Avoid Being Hacked By the Russians" offering cybersecurity advice and best practices for individuals and businesses. Casey Ellis contributed guidance on protecting against potential Russian-sponsored cyber threats.
Press
A TheStreet article from February 2022 reports on a major data breach at Nvidia in which the LAPSUS$ hacking group claimed to have stolen approximately one terabyte of proprietary data from the chipmaker. Casey Ellis commented on the incident and the broader implications of the breach for corporate security practices.
Press
NBC Bay Area published a local news segment offering practical tips for protecting personal information and devices from cyberattacks. Casey Ellis contributed expert guidance on cybersecurity precautions that individuals can implement to reduce their vulnerability to attacks.
Press
Security Boulevard published an article in February 2022 examining the absence of widespread cybercriminal exploitation tied to Russia-Ukraine tensions at that time. Casey Ellis provided analysis on threat actor behavior and the evolving security landscape during the geopolitical crisis.
Press
A CSO article from February 2022 examines how cryptocurrency and Web3 companies are offering substantial bug bounty rewards to attract security researchers. Casey Ellis comments on the competitive dynamics of these high-value bounties and their impact on talent recruitment in the emerging blockchain security sector.
Press
PortSwigger Daily Swig reported on New Zealand's mandate requiring federal agencies to establish formal vulnerability reporting processes for security researchers. Casey Ellis was cited as supporting the policy initiative, emphasizing the importance of structured bug disclosure channels for government entities.
Press
A ZDNet article reports on CISA's addition of a Microsoft Win32k privilege escalation vulnerability to its list of known exploited bugs requiring federal agency patching. Casey Ellis commented on the vulnerability's severity and the importance of timely remediation for affected systems.
Press
The Telegraph published a feature article examining how corporations pay large sums to ethical hackers, including teenagers, through bug bounty programs to identify security vulnerabilities. Casey Ellis is cited as a key figure in legitimizing and scaling this practice through his work in the bug bounty space.
Press
SC Media reported on the discovery of multiple vulnerabilities in 42Gears' SureMDM platform that could have enabled supply chain attacks against its customers. Casey Ellis contributed analysis of the security findings and their potential impact on enterprise mobile device management deployments.
Press
A Dice article examines why ransomware continues to rank as a critical concern for IT and security professionals due to its potential for widespread disruption and financial damage. Casey Ellis discusses the persistent threat ransomware poses to organizations and the strategies security teams employ to defend against evolving attack methods.
Press
A Security Boulevard article from January 2022 examines the rise in vulnerability disclosure programs driven by U.S. federal requirements and CISA directives. Casey Ellis comments on how federal mandates are prompting organizations to establish clearer processes for receiving and managing vulnerability reports.
Press
The Cyber Wire's Privacy Briefing for January 19, 2022, covers data breaches, ransomware threats across sectors, and vulnerability trends. Casey Ellis contributed to a Bugcrowd report highlighting a significant rise in serious vulnerabilities targeting the financial sector.
Press
A ZDNet press article reports on Bugcrowd's findings of a 185% increase in high-risk vulnerabilities discovered in the financial services industry during 2021. Casey Ellis, Bugcrowd's founder and chief technology officer, provided analysis and commentary on the security trends and implications for financial sector organizations.
Broadcast
ActualTech Media's YouTube channel featured a video interview with Casey Ellis of Bugcrowd discussing findings on critical vulnerabilities in financial services. Ellis addressed the increase in vulnerabilities and the implications for the sector based on Bugcrowd's research.