www.darkreading.com
Open in
urlscan Pro
2400:cb00:2048:1::6811:7963
Public Scan
URL:
https://www.darkreading.com/vulnerabilities---threats/hack-the-marine-corps-bug-bounty-event-held-in-vegas-/d/d-id/1332541
Submission: On August 17 via manual from US
Submission: On August 17 via manual from US
Form analysis 4 forms found in the DOM
Name: template_search_a — GET /search.asp
<form name="template_search_a" id="template_search_a" action="/search.asp" method="GET" style="margin: 0; padding: 0;">
<div style="height: 2.333333em; overflow: hidden; border: 1px solid #aaa;">
<input id="q" name="q" value="" type="text" maxlength="250" placeholder="Search Dark Reading">
<div style="float: right; background: url(https://img.deusm.com/darkreading/DR_search.png) no-repeat 0 -1px; width: 2.5em; height: 2.333333em;">
<a href="javascript:GetObject('template_search_a').submit();" title="Search"><img name="search_button" id="search_button" src="https://img.deusm.com/images/spacer.gif" width="30" height="28" style="border: 0;"></a>
</div>
</div>
</form>Name: template_search_b — GET /search.asp
<form name="template_search_b" id="template_search_b" action="/search.asp" method="GET" style="margin: 0; padding: 0;">
<div style="width: 100%; height: 28px; float: right;">
<input id="q" name="q" type="text" maxlength="250" placeholder="Search Dark Reading">
<div style="float: right; width: 30px; height: 28px;">
<a href="javascript:GetObject('template_search_b').submit();" title="Search"><img name="search_button" id="search_button" src="https://img.deusm.com/darkreading/DR_search.png" alt="Search" style="width: 1.416em; height: auto; margin: .5em .583em; border: 0;"></a>
</div>
</div>
</form>Name: rate_menu — POST
<form name="rate_menu" id="rate_menu" action="" method="post">
<input type="hidden" name="piddl_pageobj" value="">
<input type="hidden" name="piddl_contentid" value="">
<input type="hidden" name="piddl_rate" value="">
<input type="hidden" name="piddl_rating" value="">
<input type="hidden" name="piddl_icons" value="">
<li>
<div class="notalink" style="text-align: left; padding-left: 3px; margin-left: 10px;">To rate this item, click on a rating below.</div>
</li>
<li>
<a style="text-align: left;" href="javascript:RateThis('5');"><img src="https://img.deusm.com/lightreading/lightreading_rating_dot_10x7.gif" width="10" height="7" border="0" style="margin-top: 5px; margin-left: 10px;"><img src="https://img.deusm.com/lightreading/lightreading_rating_dot_10x7.gif" width="10" height="7" border="0" style="margin-top: 5px;"><img src="https://img.deusm.com/lightreading/lightreading_rating_dot_10x7.gif" width="10" height="7" border="0" style="margin-top: 5px;"><img src="https://img.deusm.com/lightreading/lightreading_rating_dot_10x7.gif" width="10" height="7" border="0" style="margin-top: 5px;"><img src="https://img.deusm.com/lightreading/lightreading_rating_dot_10x7.gif" width="10" height="7" border="0" style="margin-top: 5px;"></a>
</li>
<li>
<a style="text-align: left;" href="javascript:RateThis('4');"><img src="https://img.deusm.com/lightreading/lightreading_rating_dot_10x7.gif" width="10" height="7" border="0" style="margin-top: 5px; margin-left: 10px;"><img src="https://img.deusm.com/lightreading/lightreading_rating_dot_10x7.gif" width="10" height="7" border="0" style="margin-top: 5px;"><img src="https://img.deusm.com/lightreading/lightreading_rating_dot_10x7.gif" width="10" height="7" border="0" style="margin-top: 5px;"><img src="https://img.deusm.com/lightreading/lightreading_rating_dot_10x7.gif" width="10" height="7" border="0" style="margin-top: 5px;"></a>
</li>
<li>
<a style="text-align: left;" href="javascript:RateThis('3');"><img src="https://img.deusm.com/lightreading/lightreading_rating_dot_10x7.gif" width="10" height="7" border="0" style="margin-top: 5px; margin-left: 10px;"><img src="https://img.deusm.com/lightreading/lightreading_rating_dot_10x7.gif" width="10" height="7" border="0" style="margin-top: 5px;"><img src="https://img.deusm.com/lightreading/lightreading_rating_dot_10x7.gif" width="10" height="7" border="0" style="margin-top: 5px;"></a>
</li>
<li>
<a style="text-align: left;" href="javascript:RateThis('2');"><img src="https://img.deusm.com/lightreading/lightreading_rating_dot_10x7.gif" width="10" height="7" border="0" style="margin-top: 5px; margin-left: 10px;"><img src="https://img.deusm.com/lightreading/lightreading_rating_dot_10x7.gif" width="10" height="7" border="0" style="margin-top: 5px;"></a>
</li>
<li><a style="text-align: left;" href="javascript:RateThis('1');"><img src="https://img.deusm.com/lightreading/lightreading_rating_dot_10x7.gif" width="10" height="7" border="0" style="margin-top: 5px; margin-left: 10px;"></a></li>
<li><a style="font-size: 10px; text-align: right; padding-right: 8px;" href="Javascript:HideRateMenu();">[close this box]</a></li>
</form>POST http://www.darkreading.com/newsletter-signup/?_mc=hsad_nl_dr_20160708email&cid=hsad_nl_dr_20160708email
<form action="http://www.darkreading.com/newsletter-signup/?_mc=hsad_nl_dr_20160708email&cid=hsad_nl_dr_20160708email" method="post" target="_blank"><input type="text" name="signupEmail" value="Enter Your Email" size="34" height="90px"
onblur="if (this.value == '') {this.value = 'Enter Your Email';}" onfocus="if (this.value == 'Enter Your Email') {this.value = '';}" style="text-align:center;display:inline;margin:0;padding:0;font-size:11px;line-height: 14px;"><br><br> <input
type="image" src="https://tpc.googlesyndication.com/pagead/imgad?id=CICAgKDLhNvJfxABGAEyCLwzqkMkUH-i" name="image" width="198" height="35"
onclick="NewsletterBox_14004867696102516636.clicktrack();NewsletterBox_14004867696102516636.closeit();"><br></form>Text Content
Database Security Authentication Privacy Compliance Identity & Access Management Security Monitoring Advanced Threats Insider Threats Vulnerability Management Network Computing Darkreading Welcome Guest Login to your account Register Advertise About Us * Authors * Slideshows * Video * Reports * White Papers * Events * Black Hat * Attacks/Breaches * App Sec * Cloud * Endpoint * Mobile * Perimeter * Risk * Operations * Analytics * Vulns/Threats * Threat Intelligence * Careers and People * IOT * Login to your account * Register * About Us * Advertise * Facebook * Twitter * LinkedIn * Google+ * RSS Follow DR: Authors Slideshows Video Tech Library University Radio Calendar Black Hat News Analytics Attacks / Breaches App Sec Careers & People Cloud Endpoint IoT Mobile Operations Perimeter Risk Threat Intelligence Vulns / Threats VULNERABILITIES / THREATS 8/13/2018 04:30 PM Kelly Jackson Higgins News Connect Directly 0 comments Comment Now Login 50% 50% inShare 'HACK THE MARINE CORPS' BUG BOUNTY EVENT HELD IN VEGAS $80K in payouts went to handpicked hackers in nine-hour event during DEF CON in Las Vegas. The US Marine Corps yesterday in Las Vegas held a live hacking event focused on its public-facing websites and enterprise services, and it paid out $80,000 in total to researchers for 75 new vulnerabilities that they found. Hack the Marines, part of the US Department of Defense's Hack the Pentagon program, operated as a hackathon of sorts, with a limited-time bounty payout; researchers also can report any flaws they find through the HackerOne-managed Marine Corps vulnerability disclosure program until August 26, 2018, but without earning a bounty. This represents the sixth bug bounty sponsored by the DoD and managed by HackerOne, following the flagship Hack the Pentagon program in 2016, and bug bounties for the Army, Air Force, and the DoD's travel system. Around 100 researchers selected by HackerOne and the Marines competed in the bug bounty event, which ran for nine hours on Sunday, August 12. HackerOne and the Marines would not divulge details on the newly found vulnerabilities, but the bugs included the usual website flaw suspects, including authentication flaws and cross-site scripting, according to Martin Mickos, CEO of HackerOne. The Marine Corps Cyberspace Command's red and blue teams were on hand as well to observe and interact with the hacker competitors as well as to decide on the winning bounties. "They key goal of these live hacking events is to have this collegial and social [atmosphere], although it's also a competition," Mickos says. "They may give advice ... 'don't go there, look here'" to the competitors, while the hackers also can give the military feedback as well, he says. "Hack the Marine Corps allows us to leverage the talents of the global ethical hacker community to take an honest, hard look at our current cybersecurity posture," said Maj. Gen. Matthew Glavy, Commander, US Marine Corps Forces Cyberspace Command in a statement. "What we learn from this program will assist the Marine Corps in improving our warfighting platform, the Marine Corps Enterprise Network. Working with the ethical hacker community provides us with a large return on investment to identify and mitigate current critical vulnerabilities, reduce attack surfaces, and minimize future vulnerabilities. It will make us more combat ready." AdChoices ADVERTISING inRead invented by Teads In all, the Hack the Pentagon program itself has resulted in over 5,000 discovered vulnerabilities by researchers. Related Content: * Dozens of Vulnerabilities Discovered in DoD's Enterprise Travel System * White Hats Take Aim in 'Hack the Air Force' Bug Bounty Program * US Army Bug Bounty Program Fixes 118 Flaws * Hack The Pentagon' Paid 117 Hackers Who Found Bugs In DoD Websites Learn from the industry's most knowledgeable CISOs and IT security experts in a setting that is conducive to interaction and conversation. Early bird rate ends August 31. Click for more info. Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio Comment | Email This | Print | RSS More Insights Webcasts How to End Phishing Continuous Security Validation for Banking, Financial Services and Insurance More Webcasts White Papers Combat the Top 5 Cyberattacks with Managed Detection and Response Ironclad APIs: An Approach for App Security Testing More White Papers Reports The State of IT and Cybersecurity How Enterprises Are Attacking the IT Security Problem More Reports UPCOMING IT INDUSTRY EVENT The average cost of a data breach in 2020 will exceed $150 million, as more business infrastructure gets connected. Learn about the latest best practices for data defense, incident response, privacy, and measuring cyber risk. FIND OUT MORE Comments Newest First | Oldest First | Threaded View [close this box] Be the first to post a comment regarding this story. Hot Topics Editors' Choice 3 Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms Kelly Jackson Higgins, Executive Editor at Dark Reading, 8/14/2018 2 Intel Reveals New Spectre-Like Vulnerability Curtis Franklin Jr., Senior Editor at Dark Reading, 8/15/2018 1 Instagram Hack: Hundreds Affected, Russia Suspected Dark Reading Staff 8/15/2018 Dark Reading News Desk Live at Black Hat USA 2018 Sara Peters, Senior Editor at Dark Reading, 8/9/2018 How GDPR Could Turn Privileged Insiders into Bribery Targets Mark Coates, VP, EMEA, Dtex Systems, 8/2/2018 New Report Shows Pen Testers Usually Win Curtis Franklin Jr., Senior Editor at Dark Reading, 7/24/2018 Subscribe to Newsletters Live Events Webinars More UBM Tech Live Events INsecurity Conference - An Event Like No Other Black Hat Trainings - October 22 & 23 Are You Looking to Learn About New Cybersecurity Threats & Challenges? Then INsecurity Is For You! How to End Phishing Continuous Security Validation for Banking, Financial Services and Insurance The Latest In Domain Fraud Trends And How To Secure Your Brand's Domain Footprint Webinar Archives White Papers Cybersecurity Challenges for State and Local Governments Inside the Mind of a Hacker The Necessity of Software Protection - The Cloakware Report Hacker-Powered Pen Tests and the Power of More Ironclad APIs: An Approach for App Security Testing More White Papers Video Rise of Custom Ransomware 0 Comments Free endpoint scanning service powered by ... 2 Comments Can machine learning improve your ... 0 Comments Successfully Using Deception Against APTs 0 Comments Should CISOs Be Hackers? 0 Comments Protecting Data Anywhere and Everywhere 0 Comments Supporting Infosec Needs for ... 0 Comments Using Carrier Intelligence to Validate ... 0 Comments Stopping Bots and Credential Stuffing: A ... 0 Comments Leveraging Threat Intelligence across ... 0 Comments Practically Applying Threat Intelligence ... 0 Comments Enabling Appropriate User Access in a ... 0 Comments All Videos Cartoon Contest Write a Caption, Win a Starbucks Card! Click Here Latest Comment: I'll need you to first enable Android's option to install programs from unknown sources. Cartoon Archive Current Issue The Biggest Cybersecurity Breaches of 2018 (So Far) Download This Issue! Back Issues | Must Reads Flash Poll All Polls Reports The State of IT and Cybersecurity IT and security are often viewed as different disciplines - and different departments. Find out what our survey data revealed, read the report today! Download Now! [Strategic Security Report] Navigating the Threat Intelligence Maze 0 comments The State of Ransomware 0 comments [Strategic Security Report] How Enterprises Are Attacking the IT Security Problem 0 comments More Reports Twitter Feed Bug Report Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database CVE-2018-13435 PUBLISHED: 2018-08-16 ** DISPUTED ** An issue was discovered in the LINE jp.naver.line application 8.8.0 for iOS. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method to disable passcode authentication. NOTE: the vendor indicates that this is not an attack of interest w... CVE-2018-13446 PUBLISHED: 2018-08-16 ** DISPUTED ** An issue was discovered in the LINE jp.naver.line application 8.8.1 for Android. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method's return value to true. In other words, an attacker could authenticate with an arbitrary passcode. ... CVE-2018-14567 PUBLISHED: 2018-08-16 libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251. CVE-2018-15122 PUBLISHED: 2018-08-16 An issue found in Progress Telerik JustAssembly through 2018.1.323.2 and JustDecompile through 2018.2.605.0 makes it possible to execute code by decompiling a compiled .NET object (such as DLL or EXE) with an embedded resource file by clicking on the resource. CVE-2018-11509 PUBLISHED: 2018-08-16 ASUSTOR ADM 3.1.0.RFQ3 uses the same default root:admin username and password as it does for the NAS itself for applications that are installed from the online repository. This may allow an attacker to login and upload a webshell. About Us Contact Us Sitemap Reprints Twitter Facebook LinkedIn Google+ RSS * Technology Group * Black Hat * Content Marketing Institute * Content Marketing World * Dark Reading * Enterprise Connect * GDC * Gamasutra * HDI * ICMI * InformationWeek * INsecurity * Interop ITX * Network Computing * No Jitter * Service Management World * XRDC * COMMUNITIES SERVED * Content Marketing * Enterprise IT * Enterprise Communications * Game Development * Information Security * IT Services & Support * WORKING WITH US * Advertising Contacts * Event Calendar * Tech Marketing * Solutions * Contact Us * Licensing * Terms of Service * Privacy Statement * Legal Entities * Copyright © 2018 UBM, All rights reserved To rate this item, click on a rating below. [close this box] * * To save this item to your list of favorite Dark Reading content so you can find it later in your Profile page, click the "Save It" button next to the item. * * If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service. * Tweet This * [close this box] Login X Change Password X Password Reset X Allow × This Site Uses Cookies We and our advertising partners use cookies on this site and around the web to improve your website experience and provide you with personalised advertising from this site and other advertisers in AdRoll's network. By clicking "allow" or navigating this site, you accept the placement and use of these cookies for these purposes. Allow Learn More