Bugs in the biometric protections on Android phones and iPhones allow the limit on the number of tries to unlock the devices with a fingerprint can be bypassed, allowing automated brute-force attacks. Read More
Related Posts
Pentagon Received 50,000+ Vulnerability Reports Since November 2016
Pentagon Received 50,000+ Vulnerability Reports Since November 2016
[[{“value”:”
The Department of Defense (DoD) Cyber Crime Center (DC3) recently announced a significant milestone in its cybersecurity efforts.
The processing of over 50,000 vulnerability reports since the inception of its Vulnerability Disclosure Program (VDP) in November 2016.
This program, a pioneering initiative in the federal government, was established following the “Hack the Pentagon” bug bounty program, which demonstrated the value of crowdsourced cybersecurity.
The VDP has also fostered collaboration between the public and private sectors, exemplified by partnerships with platforms like HackerOne, Bugcrowd, and Synack.
These collaborations have facilitated the running of over 40 bug bounty programs.
Document
Free Webinar : Mitigating Vulnerability & 0-day Threats
Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.
:
The problem of vulnerability fatigue today
Difference between CVSS-specific vulnerability vs risk-based vulnerability
Evaluating vulnerabilities based on the business impact/risk
Automation to reduce alert fatigue and enhance security posture significantly
AcuRisQ, that helps you to quantify risk accurately:
Unlike traditional bug bounties, the VDP allows for continuous reporting of potential security weaknesses in DoD’s publicly accessible information systems.
This approach has been instrumental in enhancing the cyber defenses of the Pentagon and its associated networks.
The VDP’s success is largely attributed to the collaboration with ethical hackers from around the world.
Vulnerabilities Reported
By the end of 2022, nearly 45,000 reports had been received from approximately 4,000 researchers.
Out of these, more than 25,000 were actionable, leading to the successful mitigation of over 6,000 vulnerabilities.
The program’s efficiency was significantly improved with the introduction of the Vulnerability Report Management Network in the summer of 2018, which automated the tracking and processing of reports.
This system expansion allowed the VDP to cover a wider range of DoD assets, including all publicly accessible information technology assets owned and operated by the Joint Force Headquarters DoD Information Network.
The VDP has also extended its reach to the Defense Industrial Base (DIB) through the DIB-VDP Pilot, which processed 1,019 vulnerability reports in 2022, helping to secure small to medium-sized participant companies from identified threats.
This pilot earned DC3 the prestigious DoD Chief Information Officer Annual Award for its contributions.
The Pentagon’s proactive approach to cybersecurity has not only strengthened its defenses but also saved taxpayer money.
In 2021, a 12-month bug bounty program aimed at finding flaws in contractor networks addressed over 1,000 vulnerabilities, saving an estimated $61 million.
The success of the DC3 VDP exemplifies the benefits of a strong relationship with the global ethical hacker community.
It has become a model for other government organizations to follow, showcasing how crowdsourced cybersecurity can lead to the consistent strengthening of cyber defenses.
As cyber threats continue to evolve, the DoD’s VDP remains a critical component of the Pentagon’s defense-in-depth strategy, ensuring the security and mission assurance of the United States’ defense information networks.
Since its inception in November 2016, the Pentagon’s Vulnerability Disclosure Program (VDP) has undergone significant evolution and expansion, reflecting its success and the growing recognition of the value of ethical hacking in strengthening cybersecurity.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.
The post Pentagon Received 50,000+ Vulnerability Reports Since November 2016 appeared first on Cyber Security News.
“}]] Read More
Cyber Security News
Over 1 Million Domains at Risk of ‘Sitting Ducks’ Domain Hijacking Technique
Over 1 Million Domains at Risk of ‘Sitting Ducks’ Domain Hijacking Technique
Over a million domains are susceptible to takeover by malicious actors by means of what has been called a Sitting Ducks attack.
The powerful attack vector, which exploits weaknesses in the domain name system (DNS), is being exploited by over a dozen Russian-nexus cybercriminal actors to stealthily hijack domains, a joint analysis published by Infoblox and Eclypsium has revealed.
“In a Sitting Read More
Hackers exploit Ray framework flaw to breach servers, hijack resources
Hackers exploit Ray framework flaw to breach servers, hijack resources
A new hacking campaign dubbed “ShadowRay” targets an unpatched vulnerability in Ray, a popular open-source AI framework, to hijack computing power and leak sensitive data from thousands of companies. […] Read More
BleepingComputer