Security News

The United States Department of Defense this week announced an expansion of the scope of its vulnerability disclosure program to include all of its publicly accessible information systems. The program has been running on HackerOne since 2016 when the DOD's Hack the Pentagon initiative was launched and provides security researchers with means to engage with the DOD when they identify vulnerabilities in the department's public-facing websites and applications.

US Department of Defense officials today announced that the department's Vulnerability Disclosure Program has been expanded to include all publicly accessible DOD websites and applications. DOD's VDP is led by the Department of Defense Cyber Crime Center, and it allows security researchers to search for and report any vulnerabilities affecting public-facing DOD information systems.

The United States Department of Defense this week announced the launch of a new vulnerability disclosure program on HackerOne to identify vulnerabilities in Defense Industrial Base contractor networks. Running as a pilot, the Defense Industrial Base Vulnerability Disclosure Program covers participating DoD contractor partner's information systems and web properties, as well as other assets within scope, and is separate from the DoD vulnerability disclosure program that already runs on HackerOne.

Weapons programs from the U.S. Department of Defense are falling short when it comes to incorporating cybersecurity requirements, according to a new watchdog report. While the DoD has developed a range of policies aimed at hardening the security for its weapon systems, the guidance leaves out a key detail - the contracts for procuring various weapons.

With this, Checkmarx furthers its commitment to supporting the public sector by making its automated application security testing solution available to all DoD agencies in the form of a hardened container, helping them to confidently build and release secure software while meeting the strict security and compliance requirements of the U.S. military. This enables all DoD agencies and developers to easily acquire and integrate the Checkmarx solution into their DevOps environments and automatically insert security into the entire SDLC, while also avoiding lengthy ATO timelines.

The U.S. Department of Defense's Cyber National Mission Force and the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency last week published a malware analysis report for what they described as a new malware variant named SLOTHFULMEDIA. SLOTHFULMEDIA is described as a dropper that deploys two files when executed, including a RAT designed to allow hackers to control compromised devices, and a component that removes the dropper once the RAT achieves persistence on the targeted computer. The U.S. government's malware analysis report includes technical details about how the malware works, indicators of compromise and recommendations for securing systems against such threats.

Prevalent announced that it is the first third-party risk management company to offer questionnaires for all five levels of the CMMC to certified third-party audit organizations and Department of Defense contractors. "In today's environment it's more important than ever to ensure that third-party suppliers are compliant with DoD standards. Prevalent prides itself on providing contractors and auditors with questionnaires to support all of the certification levels needed to ensure a secure supply chain."

The new release of CloudBees CI is available immediately and enables DoD and civilian agencies of the U.S. federal government, as well as enterprises in private industry, to drive more value through their software delivery pipelines while lowering security risk. Platform One provides platforms that are already accredited and can only use containerized software with an approved CtF. "With the CtF, CloudBees CI can be readily used by DoD agencies, as well as civilian agencies and federal system integrators," said Michael Wright, director, federal sector, at CloudBees.

In a majority of cases, DoD has not completed the cybersecurity training and awareness tasks it set out to. The report focuses on three ongoing DoD cybersecurity hygiene initiatives.

Information Technology spending by Department of Defense and Intelligence Community agencies will continue to grow as they work to keep pace with the evolution of both the threat landscape and technology development, according to Deltek. IT solutions such as cloud computing, modern data management, big data, cybersecurity and artificial intelligence are in high demand by intelligence agencies with increasingly complex national security missions.