Tag Archive for: expands

MoD ethical hacking programme expands after initial success


The Ministry of Defence (MoD) has revealed it has expanded an existing defensive security initiative with ethical hacking and penetration testing specialist HackerOne to include some of its key suppliers.

The original scope of the MoD’s defensive security programme included a vulnerability disclosure programme (VDP) paying out bug bounties through HackerOne, leveraging the creativity and expertise of the hacking community to help secure some of the UK government’s most critical digital assets.

Since its launch in 2021, more than 100 ethical hackers have been busy “attacking” the MoD’s systems, identifying and fixing vulnerabilities to enhance its cyber security posture.

“The decision to partner with HackerOne and leverage its community of ethical hackers was part of an organisation-wide commitment to building a culture of transparency and collaboration to improve national security,” said Paul Joyce, vulnerability research project manager for the MoD. “Our hacker partners are helping us to identify areas where we need to strengthen our defences and protect our critical digital assets from malicious threats.”

MoD CISO Christine Maxwell added: “Working with the ethical hacking community allows us to bring more diverse perspectives to protect and defend our assets. Understanding where our vulnerabilities are and working with the wider ethical hacking community to identify and fix them is an essential step in reducing cyber risk and improving resilience.”

The MoD hopes that by including key suppliers within the VDP, it can help encourage a trickle-down of best practices through its supply chain, and maybe implement their own programmes. It said its long-term goal was for all firms that it partners with to run their own VDPs.

Among the suppliers that has already been involved with the expanded programme is Kahootz, which supplies cloud software-as-a-service collaboration platform services to public and third sector organisations.

“Kahootz’s VDP demonstrates our proactive commitment to promptly identifying and addressing potential security weaknesses to maintain the highest security standards for users,” said Peter Jackson, the organisation’s…

Source…

Play ransomware expands availability | SC Media


AutoZone added to MOVEit breach toll Major U.S. automotive parts and accessories distributor and retailer AutoZone has confirmed having data from 184,995 individuals compromised in late May as part of the widespread MOVEit file transfer system hack conducted by the Cl0p ransomware operation, BleepingComputer reports.

Source…

Deeper Network Expands Ecosystem with Cardano (ADA) Emurgo Investment and ADSC Development


Santa Clara, California–(Newsfile Corp. – September 21, 2023) – The Deeper Network, a leading innovator in the blockchain-based internet security and privacy space, is thrilled to announce significant developments in its ecosystem, further strengthening its position in the cybersecurity and blockchain industries. With the recent investment from Emurgo, the prominent venture arm of Cardano (ADA), as a strategic investor who believes in the future of the Deeper Network’s ecosystem, developments have been sped up building out its Web3 ecosystem.

Cannot view this image? Visit: https://spinsafe.com/wp-content/uploads/2023/09/Deeper-Network-Expands-Ecosystem-with-Cardano-ADA-Emurgo-Investment-and.jpg

Deeper Network Expands Ecosystem with Cardano (ADA) Emurgo Investment and ADSC Development

To view an enhanced version of this graphic, please visit:
https://images.newsfilecorp.com/files/8722/181339_deeper1en.jpg

Cardano (ADA) Emurgo Investment: Fueling the Future of Web3
Cardano (ADA) Emurgo, well-known for its commitment to fostering blockchain adoption and innovation, has recognized the immense potential of Deeper Network in revolutionizing internet security and Web3 through decentralized technologies. Their investment is a testament to Deeper Network’s vision of creating a safer and more open internet for all.

The investment from Emurgo will enable Deeper Network to accelerate its development efforts and expand its range of decentralized solutions for internet security, benefiting users worldwide.

ADSC built on the Deeper Network: A Powerful Combination
The Deeper Network is excited to celebrate the development of ADSC, a blockchain project built on the Deeper Chain engineered to transform the conventional paradigms of online advertising. The recent integration facilitates a more secure and personalized online experience, enabling users to selectively engage with advertisements while preserving their privacy and data sovereignty. This integration signifies a synergy of expertise and resources, with Deeper Network’s providing its tech and hardware which are committed to security, privacy and the benefits of Web3.

Russell Liu, CEO of Deeper Network, shared his enthusiasm: “We are honored to welcome ADSC to the Deeper Network family. Their expertise in advanced digital technologies will play a pivotal role in driving our innovation and research…

Source…

Rapid7 Says ROI for Ransomware Remains High; Zero-Day Usage Expands


The Rapid7 mid-year review of the threat landscape is not reassuring. Ransomware remains high, basic security defenses are not being used, security maturity is low, and the return on investment for criminality is potentially enormous.

The review is compiled from the observations of Rapid7’s researchers and its managed services teams. It finds there were more than 1500 ransomware victims worldwide in H1 2023. These included 526 LockBit victims, 212 Alphv/BlackCat victims, 178 ClOp victims, and 133 BianLian victims. The figures are compiled from leak site communications, public disclosures, and Rapid7 incident response data.

These figures should be seen as conservative. They won’t include organizations that quietly and successfully pay the ransom as if nothing happened. Furthermore, downstream victims are still being calculated  – for example, notes the report, “The number of incidents attributed to Cl0p in this chart is likely to be (significantly) low, since the group is still actively claiming new victims from their May 2023 zero-day attack on MOVEit Transfer.”

Ransomware is successful for two reasons: the very high profit potential for the criminals, and the inadequate security posture of many potential targets. Three factors illustrate the latter. Firstly, nearly 40% of incidents were caused by missing or lax enforcement of MFA (multi factor authentication) – despite many years of exhortations to implement this basic defense.

Secondly, the general security posture remains low for many organizations. Rapid7 consultants have performed multiple security assessments for clients, “with only a single organization so far in 2023 meeting our minimum recommendations for security maturity, as measured against CIS and NIST benchmarks.”

While security for these companies may well improve after the assessment, the figures illustrate that a substantial number of organizations fail to meet minimum standards for security.

Thirdly, and reinforcing the second factor, old vulnerabilities remain successful for the attackers. “Two notable examples from 1H 2023 are CVE-2021-20038, a Rapid7-discovered vulnerability in SonicWall SMA 100 series devices, and CVE-2017-1000367, a…

Source…