Tag Archive for: search

Ministry of Defence PAYS hackers to search computer systems for vulnerabilities

/in


Ministry of Defence PAYS hackers to search computer systems for vulnerabilities before they can be exploited by real cybercriminals

  • MoD announces the conclusion of its first bug bounty challenge with HackerOne
  • Bug bounties offer ethical hackers financial reward for reporting technical flaws
  • Members of the public can earn thousands of pounds for reporting a single flaw

By Jonathan Chadwick For Mailonline

Published: | Updated:

Hackers have been paid by the Ministry of Defence (MoD) to search their computer systems for vulnerabilities before they can be exploited by real criminals online.

The government department has successfully concluded its first bug bounty programme, conducted in partnership with US firm HackerOne. 

The programme recruited 26 ‘ethical hackers’ who went under the bonnet of its networks for 30 days, in a bid to get ahead of ‘bad actors’ and improve national security.

California-based HackerOne acts as a middleman by connecting businesses with its community of ethical hackers who have been through criminal background checks. 

Neither HackerOne nor the MoD would reveal how much each hacker is getting paid as part of the programme.  

However, another organisation already partnered with HackerOne recently handed out $50,000 (more than £36,000) for discovering a severe vulnerability.

While this is an attractive sum, it’s a mere drop in the pond considering how much money a single flaw can cost businesses if it’s noticed by cyber criminals first. 

Scroll down for video 

Bug bounty programs offer 'ethical hackers' a financial reward in exchange for reporting technical flaws that could cost organisations millions

 Bug bounty programs offer ‘ethical hackers’ a financial reward in exchange for reporting technical flaws that could cost organisations millions 

BUG BOUNTIES  

A bug bounty is a reward that is paid out to developers who find critical flaws in software. 

The bounty can be monetary reward, or being put into a ‘hall of fame’ list for finding the bounty, or gear from the company giving the bounty, or any combination thereof. 

With open-source software, anyone in the world is free to comb through the code of an application and look for flaws. 

Source: OSTIF 

The average bounty paid for critical vulnerabilities is much also even…

Source…

Elastic Announces the Launch and General Availability of Limitless XDR in Elastic Security, General Availability of Elastic Agent, and Centralized Management of Elastic Enterprise Search | Business

/in


MOUNTAIN VIEW, Calif.–(BUSINESS WIRE)–Aug 3, 2021–

Elastic (NYSE: ESTC) (“Elastic”), the company behind Elasticsearch and the Elastic Stack, today announced new capabilities and enhancements across its Elastic Enterprise Search, Observability, and Security solutions, which are built in a single platform – the Elastic Stack.

New capabilities include the general availability of Elastic Agent, a single, unified agent that simplifies the management and monitoring of data from a growing volume of diverse sources, centrally managed in Fleet to give users broad visibility and control over their environments.

With Elastic Agent, Elastic Security users benefit from integrated ransomware and malware prevention, as well as remediation capabilities directly from the endpoint. Elastic Observability users gain better visibility across their applications and infrastructure, as well as secure, centralized agent management.

Elastic announces the launch and general availability of the industry’s first free and open Limitless Extended Detection and Response (XDR). Part of Elastic Security, Elastic Limitless XDR modernizes security operations by unifying the capabilities of security information and event management (SIEM), security analytics, and endpoint security on one platform.

Additionally, Elastic Enterprise Search can now be centrally managed in Kibana, the single management interface across all Elastic solutions.

Other key updates across the Elastic Stack, Elastic Cloud, and solutions include:

Elastic Stack and Elastic Cloud

Elastic announces the general availability of Elastic Agent with centralized management in Elastic Fleet. First released in beta in 7.9 and now generally available in 7.14, Elastic Agent serves as a single unified agent to make it simple for customers and users to onboard and manage new data sources fast, while also protecting their endpoints from cyber security threats. Elastic Agent is an Elastic Stack capability that delivers value to users across Elastic Security and Elastic Observability solutions.

Elastic also announces that support for Microsoft Azure Private Link is now generally available. Customers can now privately and…

Source…

Google Search gets modernized weather card on desktop

/in


Google Weather in Search for Android was last redesigned in 2019, and the desktop experience is now seeing a handful of tweaks that help modernize the old UI.

The changes are subtle, starting with the temperature being the first piece of information displayed in the top-left. This is followed by precipitation, humidity, and wind next to it, while the right corner now shows the location, time, and condition. 

Google made the weather card shorter by leveraging modern tabs to access the temperature, precipitation, and wind charts. This replaces the gray buttons that belonged to a very old Google design language. The timeline, along with the seven-day forecast, is unchanged, while the faint gray outline has been removed.

This tweaked Google Search weather is widely rolled out today. It follows the company bringing the desktop Search redesign to music queries — following pandemic-related queries, while a dark theme has been more widely tested on the web in recent weeks to match mobile.

FTC: We use income earning auto affiliate links. More.

Check out 9to5Google on YouTube for more news:

Source…

In search of a smarter Einstein — GCN

/in


layered cybersecurity (PATTYARIYA/Shutterstock.com)

In search of a smarter Einstein

  • By Justin Katz
  • Feb 02, 2021

Einstein is the Department of Homeland Security’s intrusion detection system. It observes traffic flowing in and out of federal networks, allowing the government to target threats identified by a database of known malware. That makes it unlikely Einstein ever could have detected the malware implanted into SolarWinds Orion because it was delivered to agency networks through a trusted update.

However, overhauling Einstein to identify unknown or zero-day threats would be far too costly, cybersecurity analysts said. The most viable path forward, they argued, would be to install new capabilities, necessarily bolstered by private industry.

Kiersten Todt, formerly executive director of the Commission on Enhancing National Cybersecurity, was blunt about Einstein’s record. “There are no real strong success stories of Einstein,” she said. “When you look at what happened with SolarWinds, they essentially outsmarted Einstein.”

“The challenge with detecting activity like the SolarWinds hack is that the hack is accomplished through ‘authorized’ malware,” said Philip Reitinger, president and CEO of the Global Cyber Alliance.

To detect that malware, a defensive system would either have to deny all communications that are not explicitly whitelisted or establish a user activity baseline capable of singling out abnormalities for investigators to pursue. “That can be difficult to do and resource intensive,” he added.

Michael Hamilton, a former vice chair for a government coordinating council focused on critical infrastructure protection, described a similar method as the most likely way forward for DHS to improve Einstein. Although its precise capabilities are classified, Hamilton speculated the program’s age — Einstein was originally developed in 2003 — is a sign it may not be baselining user activity in the way he and Reitinger described.

Hamilton said that “it’s not likely they throw it out and start over,” noting the program’s sunk costs. “My understanding is that it cost $6…

Source…