[ad_1]
Picture: DHS / BleepingComputer
The Division of Homeland Safety (DHS) has introduced that the ‘Hack DHS’ program is now additionally open to bug bounty hunters keen to trace down DHS methods impacted by Log4j vulnerabilities.
“In response to the not too long ago found log4j vulnerabilities, @DHSgov is increasing the scope of our new #HackDHS bug bounty program and together with further incentives to seek out and patch log4j-related vulnerabilities in our methods,” tweeted DHS Secretary Alejandro N. Mayorkas.
“In partnership with vetted hackers, the federal authorities will proceed to safe nationwide methods and enhance shared cyber resilience.”
The ‘Hack DHS’ bug bounty program was introduced final week. It permits vetted cybersecurity researchers to seek out and report vulnerabilities in exterior DHS methods, incomes rewards of as much as $5,000 per reported bug.
Hackers enrolled on this program are required to reveal their findings along with detailed data on the vulnerability, how attackers can doubtlessly exploit it, and the way risk actors might use it to entry data from DHS methods.
All reported safety flaws will probably be verified by the DHS inside 48 hours and be mounted in 15 days or extra, relying on their complexity.
The DHS launched its first bug bounty pilot program in 2019 after the SECURE Know-how Act was handed into regulation to require establishing a safety vulnerability disclosure coverage and a bug bounty program.
The choice to broaden the ‘Hack DHS’ program comes on the heels of an emergency directive issued by CISA on Friday to order Federal Civilian Govt Department businesses to patch the actively exploited and significant Log4Shell bug till December 23.
The federal businesses got 5 extra days till December 28 to report impacted Java merchandise of their environments, together with app and vendor names, the apps’ variations, and the actions taken to dam exploitation makes an attempt.
CISA gives a devoted web page for the Log4Shell flaw with patching data for distributors and affected organizations, and right now the company launched a Log4j scanner to seek out weak apps.
Along with cybersecurity businesses worldwide and different US federal businesses, CISA additionally issued a joint advisory with mitigation steerage on addressing the CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105 Log4j safety flaws.
[ad_2]