TL;DR: On January 7, the Detectify security research team found that the .cd top-level domain (TLD) was about to be released for anyone to purchase and claimed it to keep it secure before any bad actors snatched it up. A technical report with full details is available on Detectify Labs. This blog post will discuss the basics of domain takeover.

NEW RESEARCH – On December 30, Fredrik Nordberg Almroth, security researcher and co-founder of Detectify – the Sweden-born cybersecurity company that offers a web vulnerability service powered by leading ethical hackers – found a vulnerability that left the country code top-level domain of the Democratic Republic of Congo, .cd, open to severe potential abuse.

Our Crowdsource ethical hacker community has been busy sending us security updates, including 0-day research. For Asset Monitoring, we now push out tests more frequently at record speed within 25 minutes from hacker to scanner. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users. The following are some of the security vulnerabilities reported by Detectify Crowdsource ethical hackers.

Our global community of hand-picked Detectify Crowdsource ethical hackers are the reason we are able to automate security research so quickly to protect web applications from attack. This past year, we received a record 1300+ submissions from the community including over 180 zero-day vulnerabilities! Every module and security test we build from these hacker-submitted vulnerabilities helps us make the internet more secure.

Our Crowdsource ethical hacker community has been busy sending us security updates, including 0-day research. For Asset Monitoring, we now push out tests more frequently at record speed within 25 minutes from hacker to scanner. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users. The following are some of the security vulnerabilities reported by Detectify Crowdsource ethical hackers.

On November 6th, 2019, Detectify added security tests for 50+ of the most popular WordPress plugins, including Easy-WP-SMTP. Although the zero-day affecting Easy-WP-SMTP (CVE-2020-35234) was recently patched, WordPress estimates that many of the 500,000+ active installs of the plugin remain unpatched. Detectify scans your applications for this vulnerability and alerts you if you are running a vulnerable version of WordPress and WordPress plugins.

Coming hot off our successful funding round of €21.5 million in November 2019, we had no plans of stopping – only speeding up in 2020! In April, Detectify transitioned to a remote-first work policy, but that didn’t hinder our incredible tech teams from developing great things. Let’s take a look! This one’s for the stats-lovers.

Triage is just as important to security teams as it is to hospital workers. Now, you can prioritize and remediate web application vulnerabilities even faster with tags and findings in one view for Detectify Deep Scan and Asset Monitoring. For the past couple of months, one of Detectify’s product teams has been working relentlessly on improving how customers consume security vulnerability findings.

Our Crowdsource ethical hacker community has been busy sending us security updates, including 0-day research. For Asset Monitoring, we now push out tests more frequently at record speed within 25 minutes from hacker to scanner. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users. The following are some of the security vulnerabilities reported by Detectify Crowdsource ethical hackers.

In the summertime, I shared my thoughts on how Detectify Crowdsource is not your average bug bounty program. Through this, we got some questions from the security community which I’m going to do my best to answer in this follow-up: Finding bugs is fun, but then comes the reporting part which may not be your favorite depending on how much you enjoy admin work.