CyberSecurityBoard
Sponsor Register Login

50,000 Vulnerabilities Discovered in DoD Systems Through Bug Bounty

Over 50,000 vulnerabilities have been submitted to the US Department of Defense through its vulnerability disclosure program.
The DoD Cyber Crime Center reported on March 15, 2024, that it processed its 50,000th vulnerability since introducing its crowd-sourced ethical hacking scheme in November 2016.
Unlike other bug bounty efforts, DC3's VDP is a continuous scheme welcoming ethical hackers to find vulnerabilities within US military IT systems and report them to the DoD. Its launch in November 2016 followed a successful 'Hack the Pentagon' bug bounty program running on HackerOne.
In 2018, DC3 introduced a new reporting system within VDP known as the Vulnerability Report Management Network.
It allows DC3 to automate, track, and process all reporting, creating a much more efficient process.
In 2021, DC3 and the Defense Counterintelligence and Security Agency partnered to create a 12-month pilot program dedicated to hunting bugs within the systems of small to medium organizations participating in the Defense Industrial Base.
This initiative allowed DC3 to process 1019 vulnerability reports.
The DoD has continued running standalone bug bounty programs in collaboration with HackerOne, Bugcrowd and Synack, including 'Hack the Pentagon' competition covering other departments such as the Air Force, the Marine Corps, the Army, and Defense Travel System assets.


This Cyber News was published on www.infosecurity-magazine.com. Publication date: Mon, 18 Mar 2024 15:05:05 +0000


Cyber News related to 50,000 Vulnerabilities Discovered in DoD Systems Through Bug Bounty

Pentagon Received Over 50,000 Vulnerability Reports Since 2016 - The US Department of Defense on Friday announced that it has processed 50,000 reports received as part of its continuous vulnerability disclosure program launched in November 2016. A first in the history of the federal government, the program was ...
3 months ago Securityweek.com
Pentagon Received Over 50,000 Vulnerability Reports Since 2016 - The US Department of Defense on Friday announced that it has processed 50,000 reports received as part of its continuous vulnerability disclosure program launched in November 2016. A first in the history of the federal government, the program was ...
3 months ago Packetstormsecurity.com
The 20 Most Essential Crypto Bug Bounty Programs - Working with cryptocurrency has become more and more popular in the last few years, but it’s not without risks. It’s important for sites that conduct digital payments and transfers to have security measures in place to help keep your data safe ...
1 year ago Hackread.com
Microsoft launches Defender Bounty Program with $20,000 rewards - Microsoft has unveiled a new bug bounty program aimed at the Microsoft Defender security platform, with rewards between $500 and $20,000. While higher awards are possible, Microsoft retains sole discretion to determine the final reward amount based ...
7 months ago Bleepingcomputer.com
50,000 Vulnerabilities Discovered in DoD Systems Through Bug Bounty - Over 50,000 vulnerabilities have been submitted to the US Department of Defense through its vulnerability disclosure program. The DoD Cyber Crime Center reported on March 15, 2024, that it processed its 50,000th vulnerability since introducing its ...
3 months ago Infosecurity-magazine.com
Netflix Paid Out Over $1 Million via Bug Bounty Program - Netflix has paid out more than $1 million for vulnerabilities found in its systems and products since the launch of its bug bounty program in 2016. The streaming giant said on Tuesday that more than 5,600 researchers have contributed to its program ...
1 month ago Packetstormsecurity.com
Record Breaking $153,000+ Already Invested into the Security of the WordPress Ecosystem by Wordfence - In just a few short months since our launch in November of last year, the Wordfence Bug Bounty Program has already awarded over $153,000 in bounties to WordPress security researchers who have been responsibly reporting security issues in WordPress ...
3 months ago Wordfence.com
Revolutionizing WordPress Bug Bounty and Security: Latest Enhancements to the Wordfence Bug Bounty Program - Our team has triaged around 2,140 vulnerability submissions, with about 1,320 deemed in-scope. Together with our researchers and software vendors, we've protected millions of websites from vulnerabilities - and this is just the beginning. We're ...
1 month ago Wordfence.com
Defense Department Notifies 20,000 People of Data Breach Due to Email Leak - It has surfaced that the U.S. Department of Defense has reached out to around 20,600 individuals to inform them about a data breach that took place last year. The breach, disclosed in a letter sent on February 1, 2024, brings to light an ...
4 months ago Cysecurity.news
HackerOne paid ethical hackers over $300 million in bug bounties - HackerOne has announced that its bug bounty programs have awarded over $300 million in rewards to ethical hackers and vulnerability researchers since the platform's inception. Thirty hackers have earned over a million USD for their submissions, and ...
7 months ago Bleepingcomputer.com
$937 Bounty Awarded for Privilege Escalation and Local File Inclusion Vulnerabilities Patched in MasterStudy LMS WordPress Plugin - On February 25th, 2024, during our second Bug Bounty Extravaganza, we received a submission for a Privilege Escalation vulnerability in MasterStudy LMS, a WordPress plugin with more than 10,000 active installations. The next day on February 26th, ...
2 months ago Wordfence.com
Google Paid Out $10 Million via Bug Bounty Programs in 2023 - Google on Tuesday announced that it paid out a total of $10 million through its bug bounty programs in 2023, bringing the total amount awarded by the tech giant for vulnerabilities found in its products since 2010 to $59 million. The total paid out ...
3 months ago Securityweek.com
Chrome 120 Update Patches High-Severity Vulnerabilities - Google on Tuesday announced the release of a Chrome 120 security update that addresses nine vulnerabilities, six of which were reported by external researchers. Of the externally reported flaws, five have a severity rating of 'high', four of which ...
6 months ago Securityweek.com
IT and OT cybersecurity: A holistic approach - In comparison, OT refers to the specialized systems that control physical processes and industrial operations. OT Technologies include industrial control systems, SCADA systems and programmable logic controllers that directly control physical ...
6 months ago Securityintelligence.com
Google Chrome 120 Released with Patch for 10 Critical Security Flaws - Google has recently released Chrome 120 for Windows, Mac, and Linux. This version of Chrome comes with 10 security patches to ensure a safer browsing experience for its users. The most recent versions of Chrome available to users are 120.0.6099.62 ...
6 months ago Cybersecuritynews.com
Google Patches Six Vulnerabilities With First Chrome Update of 2024 - Google on Wednesday announced the first Chrome security update of 2024, which resolves six vulnerabilities, including four reported by external researchers. All the four externally reported security defects are high-severity memory safety flaws, but ...
6 months ago Securityweek.com
Google paid $10 million in bug bounty rewards last year - Google awarded $10 million to 632 researchers from 68 countries in 2023 for finding and responsibly reporting security flaws in the company's products and services. Though this is lower than the $12 million Google's Vulnerability Reward Program paid ...
3 months ago Bleepingcomputer.com
The Embedded Systems and The Internet of Things - The Internet of Things is a quite new concept dealing with the devices being connected to each other and communicating through the web environment. This concept is gaining its popularity amongst the embedded systems that exist - let's say - 10 or ...
6 months ago Cyberdefensemagazine.com
Zoom flaw enabled hijacking of accounts with access to meetings, team chat - A Zoom flaw that enabled the hijacking of service accounts with access to potentially confidential information was disclosed by bug hunters this week. The vulnerability in the Zoom Rooms feature mostly affected Zoom tenants using email addresses from ...
7 months ago Packetstormsecurity.com
Google Offering $250,000 for Full VM Escape in New KVM Bug Bounty Program - Google has announced a new bug bounty program with significant rewards for vulnerabilities found in the Kernel-based Virtual Machine hypervisor. The goal of the new program, named kvmCTF, is to help find and address vulnerabilities in the KVM ...
3 days ago Packetstormsecurity.com
Google Offering $250,000 for Full VM Escape in New KVM Bug Bounty Program - Google has announced a new bug bounty program with significant rewards for vulnerabilities found in the Kernel-based Virtual Machine hypervisor. The goal of the new program, named kvmCTF, is to help find and address vulnerabilities in the KVM ...
3 days ago Securityweek.com
49 unique zero-days Uncovered in Pwn2Own Automotive - On the final day of Pwn2Own Automotive 2024 - Day 3, researchers were granted $1,323,750 in rewards for identifying 49 distinct zero-days. Particularly, the infotainment system and modem of Tesla were attacked by the Synacktiv team, and each ...
5 months ago Cybersecuritynews.com
CVE-2021-20698 - Sharp NEC Displays (UN462A R1.300 and prior to it, UN462VA R1.300 and prior to it, UN492S R1.300 and prior to it, UN492VS R1.300 and prior to it, UN552A R1.300 and prior to it, UN552S R1.300 and prior to it, UN552VS R1.300 and prior to it, UN552 ...
1 year ago
CVE-2021-20699 - Sharp NEC Displays ((UN462A R1.300 and prior to it, UN462VA R1.300 and prior to it, UN492S R1.300 and prior to it, UN492VS R1.300 and prior to it, UN552A R1.300 and prior to it, UN552S R1.300 and prior to it, UN552VS R1.300 and prior to it, UN552 ...
1 year ago
30,000 WordPress Sites affected by Arbitrary SQL Execution Vulnerability Patched in Visualizer WordPress Plugin - On April 10th, 2024, during our second Bug Bounty Extravaganza, we received a submission for an authenticated SQL Execution vulnerability in Visualizer, a WordPress plugin with more than 30,000 active installations. Props to Krzysztof Zając who ...
1 month ago Wordfence.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)