Tag Archive for: MoD’

MoD ethical hacking programme expands after initial success

/in


The Ministry of Defence (MoD) has revealed it has expanded an existing defensive security initiative with ethical hacking and penetration testing specialist HackerOne to include some of its key suppliers.

The original scope of the MoD’s defensive security programme included a vulnerability disclosure programme (VDP) paying out bug bounties through HackerOne, leveraging the creativity and expertise of the hacking community to help secure some of the UK government’s most critical digital assets.

Since its launch in 2021, more than 100 ethical hackers have been busy “attacking” the MoD’s systems, identifying and fixing vulnerabilities to enhance its cyber security posture.

“The decision to partner with HackerOne and leverage its community of ethical hackers was part of an organisation-wide commitment to building a culture of transparency and collaboration to improve national security,” said Paul Joyce, vulnerability research project manager for the MoD. “Our hacker partners are helping us to identify areas where we need to strengthen our defences and protect our critical digital assets from malicious threats.”

MoD CISO Christine Maxwell added: “Working with the ethical hacking community allows us to bring more diverse perspectives to protect and defend our assets. Understanding where our vulnerabilities are and working with the wider ethical hacking community to identify and fix them is an essential step in reducing cyber risk and improving resilience.”

The MoD hopes that by including key suppliers within the VDP, it can help encourage a trickle-down of best practices through its supply chain, and maybe implement their own programmes. It said its long-term goal was for all firms that it partners with to run their own VDPs.

Among the suppliers that has already been involved with the expanded programme is Kahootz, which supplies cloud software-as-a-service collaboration platform services to public and third sector organisations.

“Kahootz’s VDP demonstrates our proactive commitment to promptly identifying and addressing potential security weaknesses to maintain the highest security standards for users,” said Peter Jackson, the organisation’s…

Source…

WhatsApp Spy Mod Malware Attacked Telegram Users Over 340K Times In Oct – BW Businessworld

/in


A malware named “WhatsApp spy mod” has attacked Telegram users more than 3.4 lakh times in October alone. This malware mainly targeted users who communicate in Arabic and Azeri, according to the cybersecurity firm Kaspersky.

The malware enters the devices through third-party WhatsApp mod application, which are generally used for additional features such as scheduled messages and customisable options.

As per the report, such mod applications also contain a malicious spyware module that can compromise users personal data. When installed, such mod WhatsApp application allow the malware to run in the background and gather sensitive information from the infected device, including its IMEI number, phone number, country and network codes and more.

The malware can transfer data every five minutes. It can even record audio from the a device’s microphone and steal data from external storage. 

The highest attacks were recorded in Azerbaijan, Saudi Arabia, Yemen, Turkey and Egypt, although the malware also affected users from other countries, including the United States, Russia, the United Kingdom and Germany.

Source…

Avast Mobile Security Premium apk | 2021 | New Version | 6.35.2 | M O D

/in



MoD pays ‘ethical hackers’ to find flaws in bid to avoid cyber attacks

/in


Hackers have been paid by the Ministry of Defence (MoD) to search their computer systems for vulnerabilities before they can be exploited by real cyber threats.



a close up of a street in a dark room: MoD pays hackers to find system flaws in first paid bug bounty program

© PA Wire
MoD pays hackers to find system flaws in first paid bug bounty program

The department’s first bug bounty program saw 26 so-called “ethical hackers” invited to go under the bonnet of its networks for 30 days, in a bid to get ahead of bad actors and improve national security.

Bug bounty programs offer people a financial reward in exchange for reporting technical flaws.

It is a non-traditional approach for the MoD but common practice among the technology industry and has already been adopted by the US Department of Defence to great success.

The program is led by HackerOne, which carries out background checks on its community of hackers.

Loading...

Load Error

Christine Maxwell, the MoD’s chief information security officer, said the move was an “essential step in reducing cyber risk and improving resilience”.

“Working with the ethical hacking community allows us to build out our bench of tech talent and bring more diverse perspectives to protect and defend our assets,” she explained.

One participant, Trevor Shingles, said he was able to alert the MoD to a flaw he uncovered which would have allowed a bad actor to modify permissions and gain access.

“It’s been proven that a closed and secretive approach to security doesn’t work well,” he said.

“For the MoD to be as open as it has with providing authorised access to their systems is a real testament that they are embracing all the tools at their disposal to really harden and secure their applications.

“This is a great example to set for not only the UK, but for other countries to benchmark their own security practices against.”

Register now for one of the Evening Standard’s newsletters. From a daily news briefing to Homes & Property insights, plus lifestyle, going out, offers and more. For the best stories in your inbox,…

Source…