To get in touch about speaking at your event, email [email protected]
Media Packet · Press
843 items
843 items
Press
An SC Media article from December 2021 describes how attackers exploited the Log4j vulnerability to compromise and disable email servers at Belgium's Ministry of Defense. Casey Ellis commented on the incident's significance for critical infrastructure security and the urgent need for organizations to patch the widely-exploited vulnerability.
Press
VentureBeat published an article on the Log4j vulnerability warning that its full impact would unfold over an extended period as attackers locate vulnerable systems. Casey Ellis discusses the ongoing threat landscape and the delayed consequences organizations would face from the widespread nature of the flaw.
Press
SC Media published Casey Ellis's analysis of the Log4Shell vulnerability in December 2021, examining why the flaw created a perfect storm of easy exploitation and rapid spread. Ellis explores the conditions that enabled the vulnerability to proliferate quickly across software ecosystems and become exceptionally difficult to contain.
Press
A ThreatPost article from December 2021 reports on Apache's patch for a denial-of-service vulnerability in Log4j discovered after the initial Log4Shell remote code execution flaw. Casey Ellis discusses the implications of the patching process and the challenges organizations face in securing the widely-used logging library against emerging threats.
Press
Infosecurity Magazine reported on the Department of Homeland Security's launch of "Hack DHS," its inaugural bug bounty program designed to identify vulnerabilities across federal systems. Casey Ellis contributed expertise to the initiative as a recognized voice in coordinated vulnerability disclosure and bug bounty program design.
Press
WRAL TechWire reported on the U.S. federal government's launch of the "Hack DHS" bug bounty program, which offers up to $5,000 for identifying security vulnerabilities. Casey Ellis discussed the program's significance for strengthening federal cybersecurity defenses through crowdsourced vulnerability discovery.
Press
TechTimes reported on security efforts to develop a protective "vaccine" against the Log4Shell vulnerability for systems unable to patch immediately. Casey Ellis contributed to these efforts aimed at providing interim protection for exposed users against active exploitation of the critical logging flaw.
Press
A Security Boulevard article from December 2021 covers the discovery of a second Log4j vulnerability, CVE-2021-45046, that surfaced shortly after the initial disclosure and required additional patching. Casey Ellis commented on the implications of the chained flaw and the challenges organizations faced in securing their systems against successive Log4j exploits.
Press
CPO Magazine published a report on the discovery of EwDoor, a botnet targeting AT&T VoIP servers that potentially infected up to 100,000 devices, as identified by Chinese security researchers. Casey Ellis commented on the security implications and threat landscape revealed by the botnet's widespread reach and targeting of critical communications infrastructure.
Press
Dark Reading published a technical guide on identifying servers vulnerable to the Log4j flaw. Casey Ellis contributed advice and methods to help system administrators detect the vulnerability across their infrastructure.
Press
Dark Reading published an analysis on how bug bounty programs are evolving to prioritize critical vulnerabilities with higher payouts. Casey Ellis discusses the strategic shift toward incentivizing researchers to focus on the most impactful security flaws rather than volume-based submissions.
Press
TechRepublic published an article examining the record number of security vulnerabilities disclosed in 2021. Casey Ellis provides insight into the factors driving the surge in vulnerability disclosures and their implications for the security industry.
Press
ZDNet published a report on NIST data showing that 2021 saw 18,378 vulnerabilities discovered, continuing a fifth consecutive year of record numbers. Casey Ellis commented on the vulnerability landscape and the implications of sustained increases in reported security flaws.
Press
eSecurity Planet reported on AT&T's efforts to shut down the EwDoor botnet, which compromised over 5,700 carrier-grade network address translation devices. Casey Ellis commented on the incident's significance for critical infrastructure security and the importance of coordinated response efforts against emerging botnet threats.
Press
BankInfoSecurity reported on the arrest of a former Ubiquiti employee charged with orchestrating a data breach and extortion attempt against the networking company. Casey Ellis commented on the incident's implications for corporate security practices and insider threat detection.
Press
Security Boulevard published an article on the challenges and importance of proactively identifying and fixing security vulnerabilities in open-source software. Casey Ellis discusses the need for systematic approaches to vulnerability discovery and remediation in open-source projects.
Press
Security Magazine reported on a wave of banking trojan infections from malicious apps on Google Play that resulted in over 300,000 infections across four months. Casey Ellis contributed analysis on the threat landscape and the security implications of malware distribution through official app marketplaces.
Press
Verdict published a Q&A interview with Casey Ellis, founder and CTO of Bugcrowd, in November 2021. Ellis discusses how cybersecurity has evolved and explains the role crowdsourced security plays in modern defense strategies.
Press
A Q&A session published by Duo Security explores Casey Ellis's perspectives on bug bounties and vulnerability disclosure practices. Ellis discusses the evolution of bug bounty programs and shares insights on the future direction of how organizations discover and address security vulnerabilities.
Press
A report from SC Magazine details malicious Golang malware targeting e-commerce servers to steal payment information. Casey Ellis provided analysis on the threat's implications for retail infrastructure and payment security vulnerabilities.
Press
A Forbes article examines the emerging practice of applying bug bounty models to identify bias and discrimination in artificial intelligence systems. Casey Ellis discusses how crowdsourced security approaches can be adapted to surface algorithmic fairness issues before they cause harm to users and organizations.
Press
Duo Security published an analysis of new U.S. government directives establishing incident response requirements for federal civilian agencies. Casey Ellis is quoted discussing the practical implications of the government's clearer cybersecurity incident playbooks and their effect on federal agency preparedness.
Press
A report in InfoSecurity Magazine details research estimating that ethical hackers prevented over $27 billion in cybercrime damages during a one-year period. Casey Ellis contributed to the research, which quantifies the financial impact of vulnerability disclosure and coordinated security research on reducing criminal losses.
Press
CISA released an advisory through ZDNet warning of five vulnerabilities in Apache HTTP Server that affect Cisco products and require immediate patching. Casey Ellis commented on the advisory's implications for enterprise security teams managing affected infrastructure.
Press
CISA and Bugcrowd launched a vulnerability disclosure platform enabling security researchers to report bugs directly to US federal agencies. Casey Ellis, Bugcrowd's founder, helped develop the platform to standardize and streamline how the government receives and manages security vulnerability reports from hackers.
Press
Duo Security published the second installment of a feature series on the history and rapid adoption of bug bounty programs in Silicon Valley. Casey Ellis discusses the evolution of bug bounties and their role in shaping modern security practices across the technology industry.
Press
Digital Journal published an analysis of a recent healthcare sector data breach that examined the attack methods and underlying security failures. Casey Ellis provided commentary on the incident, explaining both the technical vectors used by attackers and the organizational factors that enabled the breach.
Press
Solutions Review published coverage of a misconfiguration in Microsoft's Power Apps platform that exposed data across millions of user accounts. Casey Ellis identified and documented the vulnerability, contributing research that highlighted the scale and implications of the exposure across multiple applications.
Press
Forbes Technology Council published a panel article examining 15 security risks commonly overlooked during the transition to remote work. Casey Ellis contributed to the discussion of digital asset vulnerabilities in distributed work environments.
Press
Global Security Magazine published a piece featuring commentary from Casey Ellis on the Kaseya supply chain ransomware attack. Ellis analyzed the incident and its implications for software supply chain security.