Microsoft December 2021 Patch Tuesday fixes 6 zero-days, 67 flaws
Bugs in billions of WiFi, Bluetooth chips allow password, data theft
Log4j: List of vulnerable products and vendor advisories
Microsoft fixes Windows AppX Installer zero-day used by Emotet
Microsoft fixes bug blocking Defender for Endpoint on Windows Server
Sites hacked with credit card stealers undetected for months
Want to learn how to program? This deal helps you get started
Telecom operators targeted in recent espionage hacking campaign
Qualys BrowserCheck
Junkware Removal Tool
How to remove the PBlock+ adware browser extension
Remove the Search Redirect
Remove the Search Redirect
Remove the Search Redirect
Remove Security Tool and SecurityTool (Uninstall Guide)
How to remove Antivirus 2009 (Uninstall Instructions)
How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo
How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller
Locky Ransomware Information, Help Guide, and FAQ
CryptoLocker Ransomware Information Guide and FAQ
CryptorBit and HowDecrypt Information Guide and FAQ
CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ
How to make the Start menu full screen in Windows 10
How to install the Microsoft Visual C++ 2015 Runtime
How to open an elevated PowerShell Admin prompt in Windows 10
How to Translate a Web Page in Google Chrome
How to start Windows in Safe Mode
How to remove a Trojan, Virus, Worm, or other Malware
How to show hidden files in Windows 7
How to see hidden files in Windows
IT Certification Courses
Gear + Gadgets
DHS announces 'Hack DHS' bug bounty program for vetted researchers
The Department of Homeland Security (DHS) has launched a new bug bounty program dubbed “Hack DHS” that allows vetted cybersecurity researchers to find and report security vulnerabilities in external DHS systems.
“As the federal government’s cybersecurity quarterback, DHS must lead by example and constantly seek to strengthen the security of our own systems,” said DHS Secretary Alejandro N. Mayorkas.
“The Hack DHS program incentivizes highly skilled hackers to identify cybersecurity weaknesses in our systems before they can be exploited by bad actors. This program is one example of how the Department is partnering with the community to help protect our Nation’s cybersecurity.”
The new bug bounty program will use a platform developed by the Cybersecurity and Infrastructure Security Agency (CISA) and will be monitored by the DHS Office of the Chief Information Officer.
Researchers who report security vulnerabilities as part of the Hack DHS program will be able to win monetary rewards of up to $5,000, depending on the flaw’s severity.
Hackers enrolled in the program will be required to disclose their findings and detailed info on the vulnerability, how attackers can potentially exploit it, and how threat actors could use it to access information from DHS systems.
The DHS will verify all reported security flaws within 48 hours and fixed in 15 days or more, depending on the bugs’ complexity.
Following next year’s three Hack DHS phases, the U.S. federal executive department aims to develop a bug bounty model ready for use by other government organizations to boost their cybersecurity resilience.
“During phase one, hackers will conduct virtual assessments on certain DHS external systems,” Homeland Security explained.
“During the second phase, hackers will participate in a live, in-person hacking event. During the third and final phase, DHS will identify and review lessons learned, and plan for future bug bounties.”
The Hack DHS bug bounty program builds upon experience and practices from similar efforts across the federal government (e.g., the “Hack the Pentagon” program) and the private sector.
DHS launched its first bug bounty pilot program two years ago, in 2019, after the SECURE Technology Act (authored by Senator Maggie Hassan, Senator Rob Portman, Rep. Ted Lieu, and Rep. Scott Taylor) was passed into law to require the establishment of a security vulnerability disclosure policy and a bug bounty program.
US Education Dept urged to boost K-12 schools’ ransomware defenses
CISA orders federal agencies to fix hundreds of exploited security flaws
Google launches Android Enterprise bug bounty program
CISA orders federal agencies to patch Log4Shell by December 24th
Ukraine arrests 51 for selling data of 300 million people in US, EU
Not a member yet? Register Now
Bugs in billions of WiFi, Bluetooth chips allow password, data theft
Kronos ransomware attack may cause weeks of HR solutions downtime
To receive periodic updates and news from BleepingComputer, please use the form below.
Terms of Use Privacy PolicyEthics Statement
Copyright @ 2003 – 2021 Bleeping Computer® LLC – All Rights Reserved
Not a member yet? Register Now
Read our posting guidelinese to learn what content is prohibited.


You May Also Like

Malicious Notepad++ installers push StrongPity malware

ALPHV BlackCat – This year’s most sophisticated ransomwareSonicWall ‘strongly urges’ customers to…

Microsoft: New Windows driver deployment service coming soon

Ukraine links members of Gamaredon hacker group to Russian FSBSamsung Galaxy S21…

US defense contractor Electronic Warfare hit by data breach

Ukraine links members of Gamaredon hacker group to Russian FSBSamsung Galaxy S21…

AMD fixes dozens of Windows 10 graphics driver security bugs

HPE says hackers breached Aruba Central using stolen access keyFBI warns of…