More than 100 bugs discovered in US Homeland Security systems

bug bounty
(Image credit: N/A)

More than 100 bugs have been discovered in the systems of the US Department of Homeland Security (DHS), some of which were deemed critical. 

As reported by The Register, the government organization recently kicked off its “Hack DHS” program, a three-phase event with the goal of tightening up network security.

The first phase was about discovering vulnerabilities on DHS endpoints, and the hackathon participants duly delivered. A total of 450 security researchers took part in the event, and managed to discover 122 vulnerabilities in DHS systems (27 of which were described as critical). 

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022end of this survey

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/£10.99.

DHS Hackathon

The government has awarded researchers a total of $125,600 so far for the discoveries, with more funding for bug bounties apparently on the way.

"The enthusiastic participation by the security researcher community during the first phase of Hack DHS enabled us to find and remediate critical vulnerabilities before they could be exploited," said Eric Hysen, DHS Chief Information Officer, in a statement. 

This event concludes the first of the three phases of the program. In the second phase, security researchers vetted by the department will participate in a live, in-person hacking event, and the third phase will be about establishing important takeaways from the first two phases. 

"Hack DHS underscores our department's commitment to lead by example and protect our nation's networks and infrastructure from evolving cybersecurity threats," Secretary of Homeland Security Alejandro Mayorkas said in a statement.

Schemes like the recent hackathon allow organizations to identify vulnerabilities they were previously unaware of, thereby guarding against zero-day exploits.

Google's in-house security team recently warned that zero-day security threats are becoming a bigger risk than ever before. In its annual round-up of the zero-day threat landscape, the Google Project Zero team noted that 58 distinct threats were identified in 2021, the biggest number seen since it began investigating back in 2014.

Zero-days are usually exploited to distribute malware or ransomware onto target devices.

Via The Register

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.