Security News

Sarcos Defense and BAE Systems enhance autonomous platforms to benefit DoD operations
2021-08-16 23:15

Sarcos Defense and BAE Systems announced that the companies are partnering to develop advanced perception and sensing capabilities for autonomous platforms for Air Force Research Laboratory, to benefit Department of Defense operations. This platform will aim to address the complex issues that involve the coordination of both individual and multiple cooperating heterogeneous autonomous platforms, including unmanned aircraft systems and unmanned ground vehicles equipped with standard multi-modal sensors, such as cameras, radar, and LiDAR. The expected result will coalesce multiple environmental inputs and combine with artificial intelligence and machine learning technologies to enable unmanned systems to work together in greater harmony, both alone and coordinating with each other in "Swarm" scenarios.

U.S. DoD approves two (ISC)² certifications as requirements for cybersecurity staff
2021-06-29 07:19

announced that its healthcare security and cloud security certifications have been approved by the U.S. Department of Defense as prerequisites of employment for certain security workforce categories. Following approval by the DoD Senior Information Security Officer and a recommendation by the Cyber Workforce Advisory Group Certification Committee, the HealthCare Information Security and Privacy Practitioner and the Certified Cloud Security Professional certifications are the latest additions to the DoD 8570 Approved Baseline Certifications table that is publicly available on the DoD Cyber Exchange website.

GSA awards Booz Allen $674M contract to support growth of DoD’s Advana data analytics platform
2021-06-04 22:15

Booz Allen Hamilton was awarded a 5-year, $674M contract by the General Services Administration to maintain and support the exponential growth of the Department of Defense's Advana data analytics platform to improve decision making across the organization. Advana, led by the Office of the Under Secretary of Defense, integrates hundreds of business systems across the DoD - from financial and medical data to personnel and logistics - to make data widely accessible, understandable and usable.

What contractors should start to consider with the DoD’s CMMC compliance standards
2021-05-06 05:00

While the CMMC doesn't completely replace the National Institute of Standards and Technology SP 800-171, it does include and build on these standards for a clear purpose. Enter the CMMC. With this new regulation, the DoD establishes five levels of cybersecurity preparedness, ranging from level one to level five.

DOD Expands Vulnerability Disclosure Program to Web-Facing Targets
2021-05-05 19:09

The United States Department of Defense this week announced an expansion of the scope of its vulnerability disclosure program to include all of its publicly accessible information systems. The program has been running on HackerOne since 2016 when the DOD's Hack the Pentagon initiative was launched and provides security researchers with means to engage with the DOD when they identify vulnerabilities in the department's public-facing websites and applications.

DOD expands bug disclosure program to all publicly accessible systems
2021-05-04 20:20

US Department of Defense officials today announced that the department's Vulnerability Disclosure Program has been expanded to include all publicly accessible DOD websites and applications. DOD's VDP is led by the Department of Defense Cyber Crime Center, and it allows security researchers to search for and report any vulnerabilities affecting public-facing DOD information systems.

US DoD Launches Vuln Disclosure Program for Contractor Networks
2021-04-06 14:23

The United States Department of Defense this week announced the launch of a new vulnerability disclosure program on HackerOne to identify vulnerabilities in Defense Industrial Base contractor networks. Running as a pilot, the Defense Industrial Base Vulnerability Disclosure Program covers participating DoD contractor partner's information systems and web properties, as well as other assets within scope, and is separate from the DoD vulnerability disclosure program that already runs on HackerOne.

U.S. DoD Weapons Programs Lack ‘Key’ Cybersecurity Measures
2021-03-05 20:45

Weapons programs from the U.S. Department of Defense are falling short when it comes to incorporating cybersecurity requirements, according to a new watchdog report. While the DoD has developed a range of policies aimed at hardening the security for its weapon systems, the guidance leaves out a key detail - the contracts for procuring various weapons.

Checkmarx makes its automated AST solution available to all DoD agencies
2020-12-10 00:30

With this, Checkmarx furthers its commitment to supporting the public sector by making its automated application security testing solution available to all DoD agencies in the form of a hardened container, helping them to confidently build and release secure software while meeting the strict security and compliance requirements of the U.S. military. This enables all DoD agencies and developers to easily acquire and integrate the Checkmarx solution into their DevOps environments and automatically insert security into the entire SDLC, while also avoiding lengthy ATO timelines.

DoD, DHS Warn of Attacks Involving SLOTHFULMEDIA Malware
2020-10-05 08:44

The U.S. Department of Defense's Cyber National Mission Force and the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency last week published a malware analysis report for what they described as a new malware variant named SLOTHFULMEDIA. SLOTHFULMEDIA is described as a dropper that deploys two files when executed, including a RAT designed to allow hackers to control compromised devices, and a component that removes the dropper once the RAT achieves persistence on the targeted computer. The U.S. government's malware analysis report includes technical details about how the malware works, indicators of compromise and recommendations for securing systems against such threats.