DOD expands vulnerability disclosure program, giving hackers more approved targets

The Pentagon is letting outside hackers go after more Department of Defense targets than ever before, in an effort to find DOD’s vulnerabilities before foreign hackers do, DOD announced Wednesday. The program, “Hack the Pentagon,” is expanding the number of DOD targets that ethical hackers can go after to try to ferret out vulnerabilities, according to the announcement. The program, which launched in 2016, previously allowed cybersecurity professionals to test DOD systems when it involved public-facing websites and applications. Now interested hackers may go after all publicly-accessible DOD information systems, including publicly-accessible networks, Internet of Things devices and industrial control systems, according to DOD. “This expansion is a testament to transforming the government’s approach to security and leapfrogging the current state of technology within DOD,” said Brett Goldstein, the director of the Defense Digital Service (DDS). The DOD Cyber Crime Center, which oversees the program, said the expansion was always […]

The post DOD expands vulnerability disclosure program, giving hackers more approved targets appeared first on CyberScoop.

Continue reading DOD expands vulnerability disclosure program, giving hackers more approved targets

MythBusters: What pentesting is (and what it is not)

You’ve probably seen the term pentesting pop up in security research and articles, but do you know what it really means? Simply put, penetration testing is a security assessment, analysis and a progression of simulated attacks on an application or netw… Continue reading MythBusters: What pentesting is (and what it is not)

Firm calls cops on researcher for responsibly disclosing data leak

By Habiba Rashid
While white-hat hackers get paid for reporting flaws this particular researcher was reported to the police after responsibly disclosing a data leak.
This is a post from HackRead.com Read the original post: Firm calls cops on researcher… Continue reading Firm calls cops on researcher for responsibly disclosing data leak

Microsoft offers rewards for security bugs in Microsoft Teams

Microsoft is starting a new Applications Bounty Program, and the first application that they want researchers to find bugs in is Microsoft Teams, its popular business communication platform. About Microsoft Teams Microsoft Teams offers workspace chat, … Continue reading Microsoft offers rewards for security bugs in Microsoft Teams

Flaw allowed bypassing verification code, log in to any Microsoft account

By Deeba Ahmed
A bug bounty hunter has identified and reported a vulnerability that allowed an attacker to log in to any Microsoft account.
This is a post from HackRead.com Read the original post: Flaw allowed bypassing verification code, log in to any… Continue reading Flaw allowed bypassing verification code, log in to any Microsoft account