The zip attachment contains an exe file: the malware itself. This, if opened, activates the infection.
White-hat hackers can now target all publicly accessible U.S. Defense information systems. The DoD expanded the VDP Program to let cybersecurity researchers testing also the less “famous” ones, but often strategic as the others
White-hat hackers could now target all publicly accessible U.S. Defense information systems. This in the framework of the Vulnerability Disclosure Program (VDP), that has just been expanded. The initiative will allow for cybersecurity research and reporting of vulnerabilities related to all DOD publicly-accessible networks, frequency-based communication, Internet of Things (IoT), industrial control systems, and more. “This expansion is a testament to transforming the government’s approach to security and leapfrogging the current state of technology within DOD,” Brett Goldstein, the director of the Defense Digital Service, explained. Since the VDPs launch, hackers have submitted more than 29,000 vulnerability reports, with more than 70% of them determined to be valid, officials said. With the scope expanding, the numbers will drastically increase due to the security researcher community discovering vulnerabilities that were previously unreportable. Furthermore, they involve in the bug-hunt also the less “famous” systems, often overshadowed as they don’t seem strategic in the threat landscape.