It’s something of a cliché to say that hackers are shady types, often lurking in the shadows. Usually this is just a metaphor, though if you take stock imagery at face value, you’d be forgiven for thinking they only ever appear at night whilst wearing a hoodie. Like most clichés however, this contrivance does have an element of truth in it. The fact is that hackers often work just as hard to keep themselves and their tactics hidden as they do to find vulnerabilities to exploit.

In the summertime, I shared my thoughts on how Detectify Crowdsource is not your average bug bounty program. Through this, we got some questions from the security community which I’m going to do my best to answer in this follow-up: Finding bugs is fun, but then comes the reporting part which may not be your favorite depending on how much you enjoy admin work.

Cyber threats are a feature of our everyday digital life. Most of us have been the victim of one of these attacks, even if we are unaware. The larger hacks make it into the public consciousness, like Equifax, Ashley Madison, Capital One, and more, but we rarely hear from Silicon Valley tech companies. While not infallible, companies like Twitter or Facebook are still not held to strict standards for customer safety.

The cybersecurity industry is more well-informed than most, but even so, misconceptions arise and spread, helped along by the fact that the rise in cybersecurity incidents has led to substantial “pop culture” intrigue with all things cybersecurity. One of the more harmful of these misconceptions is the conflation of “hacker” and “attacker,” terms which are treated as interchangeable. They’re not.

This blog summarizes the findings of an investigation into the current status of the Brazilian threat group known as 'Prilex' who came to prominence in late 2017 and early 2018 for their ATM jackpotting and point-of-sale (POS) terminal attacks. Whilst the group were believed to have been active since 2014, a distinct absence of 'chatter' and reporting of their activity since 2018 seemingly suggested that the group had ceased operations.

The term "hacker" gets thrown around in a variety of contexts and in a multitude of different ways nowadays. While it's great that cybersecurity is gaining more and more awareness across the globe, the technical nature of cybersecurity means that terms are often used interchangeably, in different contexts, and sometimes incorrectly.

When is hacking legal? Host and security researcher Laura Kankaala delves into this topic with guest and Detectify General Counsel Cecilia Wik. NOTE: this episode does not give any official legal advice, but Laura picks Cecilia’s brain about the legalities of hacking with her area of expertise, the law. Their discussion covers different laws concerning the information security community such as copyright law, the Computer Fraud and Abuse Act and Wire Fraud Act.