Tag Archive for: concludes

‘Hack DHS’ Program Successfully Concludes First Bug Bounty Program

/in


Today, the Department of Homeland Security (DHS) announced the results of its first bug bounty program. Through the “Hack DHS” program, vetted cybersecurity researchers and ethical hackers are invited to identify potential cybersecurity vulnerabilities in select external DHS systems. In the first phase of this program, more than 450 vetted security researchers identified 122 vulnerabilities, of which 27 were determined to be critical. DHS awarded a total of $125,600 to participants for identifying these verified vulnerabilities. DHS was the first federal agency to expand its bug bounty program to find and report log4j vulnerabilities across all public-facing information system assets, which allowed the Department to identify and close vulnerabilities not surfaced through other means.

“Organizations of every size and across every sector, including federal agencies like the Department of Homeland Security, must remain vigilant and take steps to increase their cybersecurity,” said Secretary of Homeland Security Alejandro N. Mayorkas. “Hack DHS underscores our Department’s commitment to lead by example and protect our nation’s networks and infrastructure from evolving cybersecurity threats.”

Hack DHS launched in December 2021 with the goal of developing a model that can be used by other organizations across every level of government to increase their own cybersecurity resilience. During the second phase of this three-phase program, vetted cybersecurity researchers and ethical hackers will participate in a live, in-person hacking event.  During the third and final phase, DHS will identify lessons learned, including to inform future bug bounty programs.

“The enthusiastic participation by the security researcher community during the first phase of Hack DHS enabled us to find and remediate critical vulnerabilities before they could be exploited,” said DHS Chief Information Officer Eric Hysen. “We look forward to further strengthening our relationship with the researcher community as Hack DHS progresses.”

To learn more about Hack DHS, please visit DHS.gov. Further, organizations of all sizes can visit CISA’s Shields Up webpage for resources and…

Source…

Facebook tentatively concludes spammers were behind recent data breach: Report

/in

  1. Facebook tentatively concludes spammers were behind recent data breach: Report  The Straits Times

  2. WSJ: Facebook believes spammers were behind its massive data breach  Engadget
  3. Spammers, not a nation state, behind Facebook data breach, report says  KARE11.com
  4. Facebook hack update: Nearly 30 million users’ data stolen. How to find out if you’re one of them  USA TODAY

    5. Full coverage

data breach – read more

Study concludes ‘Heartbleed’ flaw was unknown before disclosure

/in

One of the most serious software flaws to affect the Internet, nicknamed “Heartbleed,” was likely unknown before it was publicly disclosed, according to new research.

The finding puts to rest fears that government spying agencies may have been exploiting the flaw for surveillance activities.

Widespread attacks using Heartbleed only began about a day after information about it became public, according to the paper, published by researchers at several U.S. universities.

“We find no evidence of exploitation prior to the vulnerability’s public disclosure, but we detect subsequent exploit attempts from almost 700 sources beginning less than 24 hours after disclosure,” they wrote.

To read this article in full or to leave a comment, please click here

Network World Security

Blizzard Entertainment concludes its data breach investigation – fifteen months later!

/in

15 months ago, we reported on a data breach at online entertainment company Blizzard. We were complimentary back then, not least because the company owned up within three days. Blizzard’s follow-up, however, hasn’t been quite as swift or impressive…
Naked Security – Sophos