Possibly a new scam email using a vulnerability finding / bug bounty theme

Bug Bounty, Cybercrime, Phishing and Vishing, VulnerabilitiesEitan Caspi

This one is new. I found only two other mentions of similar things, at Reddit.
It looks like an introductory email towards some kind of possible scam, related to vulnerability finding / bug bounty.
It was sent to the privacy email of this blog.

Subject:
Uncovering Security Vulnerabilities in Your Application

From:
Robert Davis <[email protected]>

Body:
Hello,

I trust you’re well.

I’ve identified potential security issues in your application, aiming to ensure user safety. These vulnerabilities could impact functionality and compromise user security. I’d appreciate a suitable channel to share more details, facilitating a prompt review and resolution by your team.

If you have a Bug Bounty program, kindly provide information. If not, consider my commitment to enhancing digital platform security.

Looking forward to your response.

Best Regards,

Robert Davis

Allegory for Information Security

Employees Awareness, Idioms, Allegories, The Information Security Profession, Thoughts, TipsEitan Caspi

Allegory is a powerful tool to explain a complex topic or summarize it, so many times I  explain that Information Security should be like the atmosphere – it should be transparent (not felt, not bothering), it should prevent bad things (asteroids = malware/other attacks) from coming in, and prevent good things (like oxygen = sensitive/confidential data) from getting out.

About the ability of cyber insurers to avoid paying due to a cyberwar act claim

Cyber Insurance, Cyberwarfare, ThoughtsEitan Caspi

Following the news article from below – it is no news that insurers try to avoid paying, but their stand of not paying due to cyber war acts will not stand, in my opinion.

For a cyber act and/or malware, to be officially declared, in our digital anonymized worlds, as originated from a specific country and intended to be an act of war – I guess only other governments or unions of governments (e.g. UN, NATO) can declare that, and such declaration may have severe consequences, like… ahhmmm… starting a war… – so the insurers’ ability to avoid paying for this reason, is, I think, close to zero (although it may be a true fact in reality and they may be right in their claim, but they won’t be able to prove it)

Merck Settles NotPetya Insurance Claim, Leaving Cyberwar Definition Unresolved