10 Apr 2020

DHS Warns That COVID is Provoking Extremist Violence

DHS has warned that the exploitation of the COVID-19 pandemic by domestic violent extremists (DVEs) for the purpose of committing hate crimes, acts of violence, or inciting others to commit violence.a Among the broad category of DVEs, racially or ethnically motivated violent extremists (RMVEs), militia extremists, and others have called

Read More
20 Mar 2020

Identifying Critical Infrastructure During COVID-19

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) published a detailed guide on how to identify critical infrastructure during the pandemic. The publication states that functioning critical infrastructure is paramount to effectively responding to the COVID-19 outbreak for health and safety reasons. The DHS states that specific

Read More
10 Sep 2019

Mitigating Risks To America’s Cognitive Infrastructure

This is the second of a series on our nation’s most neglected critical infrastructure, our cognitive infrastructure. The first post dove into the nature of the challenge and why it is so important for our future that the threats to our cognitive infrastructure are understood and addressed. This post flows from that one and suggests ways the nation can mitigate many of these risks.

Read More
21 May 2019

DHS warns of ‘strong concerns’ that Chinese-made drones are stealing data

The US Department of Homeland Security is warning that drones manufactured in China are a “potential risk to an organization’s information,” because they are capable of sending sensitive flight data to servers that may be accessed by the manufacturer as well as by other parties, such as the Chinese government.

Read More
06 May 2019

2020 Campaign Staffers Being Trained to Handle Cyber Threats

The US Department of Homeland Security (DHS) is reaching out to the campaigns of presidential candidates for 2020 in an attempt to help them protect themselves against interference campaigns by state-backed hackers and other threat actors. The DHS is offering to share threat intelligence with campaigns and test the security

Read More
01 May 2019

DHS Orders Agencies to Patch Critical Flaws Within 15 Days

US government agencies need to patch critical security flaws within 15 days and high-severity vulnerabilities within 30 days under BOD 19-02, a new Binding Operational Directive issued by the Department of Homeland Security (DHS). The period for fixing critical issues was cut in half, because the previous directive (BOD 15-01)

Read More
15 Apr 2019

Gov’t warns on VPN security bug in Cisco, Palo Alto, F5, Pulse software

VPN applications offered by Cisco, Palo Alto, F5 and Pusle are putting users at risk by failing to securely store session cookies, the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and Carnegie Mellon’s CERT are warning. If threat actors can obtain access to a session cookie,

Read More
11 Apr 2019

US Government Warns of New North Korean Malware

The US Department of Homeland Security (DHS) has published a report about a newly uncovered malware strain that is linked to the infamous North Korean hacking group Hidden Cobra aka Lazarus. The malware, dubbed Hoplight, is a backdoor Trojan that has the ability to: “Read, Write, and Move Files; Enumerate

Read More
09 Apr 2019

Trump Shakeup Impacts Cybersecurity Policy

Cybersecurity experts are worried that the recent departures of US Department of Homeland Security (DHS) Secretary Kirstjen Nielsen and Secret Service Director Randolph Alles will undermine the continuity of the US cybersecurity policy. Both the DHS and the Secret Service play vital cybersecurity roles, since their responsibilities include the protection

Read More
25 Mar 2019

Watchdog: FEMA Wrongly Released Personal Data of Victims

The Homeland Security Department’s Office of Inspector General has discovered a massive data breach at the Federal Emergency Management Agency (FEMA), affecting 2.3 million survivors of hurricanes and wildfires. FEMA exposed sensitive personal information to a contractor without there being a legitimate reason for sharing the data. The exposed data

Read More