#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News

Homeland Security | Breaking Cybersecurity News | The Hacker News

Category — Homeland Security
DHS Orders Federal Agencies to Patch Critical Flaws Within 15 Days

DHS Orders Federal Agencies to Patch Critical Flaws Within 15 Days

May 01, 2019
In recent years, we have seen how hackers prey on those too lazy or ignorant to install security patches, which, if applied on time, would have prevented some devastating cyber attacks and data breaches that happened in major organisations. The United States Department of Homeland Security (DHS) has ordered government agencies to more swiftly plug the critical security vulnerabilities found on their networks within 15 calendar days since the initial detection, a reduction from 30 days. DHS's Cybersecurity and Infrastructure Security Agency (CISA) this week issued a new Binding Operational Directive (BOD) 19-02 instructing federal agencies and departments to address "critical" rated vulnerabilities within 15 days and "high" severity flaws within 30 days of initial detection. The countdown to patch a security vulnerability will start when it was initially detected during CISA's weekly Cyber Hygiene vulnerability scanning, rather than it was the firs...
DHS Orders U.S. Federal Agencies to Audit DNS Security for Their Domains

DHS Orders U.S. Federal Agencies to Audit DNS Security for Their Domains

Jan 23, 2019
The U.S. Department of Homeland Security (DHS) has today issued an "emergency directive" to all federal agencies ordering IT staff to audit DNS records for their respective website domains, or other agency-managed domains, within next 10 business days. The emergency security alert came in the wake of a series of recent incidents involving DNS hijacking , which security researchers with "moderate confidence" believe originated from Iran. Domain Name System (DNS) is a key function of the Internet that works as an Internet's directory where your device looks up for the server IP addresses after you enter a human-readable web address (e.g., thehackernews.com). What is DNS Hijacking Attack? DNS hijacking involves changing DNS settings of a domain, redirecting victims to an entirely different attacker-controlled server with a fake version of the websites they are trying to visit, often with an objective to steal users' data. "The attacker alter...
Want to Grow Vulnerability Management into Exposure Management? Start Here!

Want to Grow Vulnerability Management into Exposure Management? Start Here!

Dec 05, 2024Attack Surface / Exposure Management
Vulnerability Management (VM) has long been a cornerstone of organizational cybersecurity. Nearly as old as the discipline of cybersecurity itself, it aims to help organizations identify and address potential security issues before they become serious problems. Yet, in recent years, the limitations of this approach have become increasingly evident.  At its core, Vulnerability Management processes remain essential for identifying and addressing weaknesses. But as time marches on and attack avenues evolve, this approach is beginning to show its age. In a recent report, How to Grow Vulnerability Management into Exposure Management (Gartner, How to Grow Vulnerability Management Into Exposure Management, 8 November 2024, Mitchell Schneider Et Al.), we believe Gartner® addresses this point precisely and demonstrates how organizations can – and must – shift from a vulnerability-centric strategy to a broader Exposure Management (EM) framework. We feel it's more than a worthwhile read an...
Police Arrest 16-year-old Boy Who Hacked CIA Director

Police Arrest 16-year-old Boy Who Hacked CIA Director

Feb 12, 2016
The teenage hacker, who calls himself a member of hacktivist group " Cracka with Attitude ," behind the series of hacks on the United States government and its high-level officials, including CIA director, might have finally got arrested. In a joint effort, the Federal Bureau of Investigation (FBI) and British police reportedly have arrested a 16-year-old British teenager who they believe had allegedly: Leaked the personal details of tens of thousands of FBI agents and US Department of Homeland Security (DHS) employees. Hacked into the AOL emails of CIA director John Brennan . Hacked into the personal email and phone accounts of the US spy chief James Clapper . Broke into the AOL emails of the FBI Deputy Director Mark Giuliano . Federal officials haven't yet released the identity of the arrested teenager, but the boy is suspected of being the lead hacker of Cracka With Attitude, who calls himself Cracka, the South East Regional Organised Crime Unit (SER...
cyber security

Innovate Securely: Top Strategies to Harmonize AppSec and R&D Teams

websiteBackslashApplication Security
Tackle common challenges to make security and innovation work seamlessly.
Hacker Leaks Info of 30,000 FBI and DHS Employees

Hacker Leaks Info of 30,000 FBI and DHS Employees

Feb 09, 2016
An unknown hacker who promised to release the personal information on government employees has dump online a list of nearly 20,000 Federal Bureau of Investigation (FBI) agents and 9,000 Department of Homeland Security (DHS) officers. Though the authenticity of the information has not been verified, at least, some of the leaked data appears to be legitimate. Here's What the Hacker Leaked: The hacker leaked first round of data belonging to roughly 9,000 DHS employees on Sunday, which was followed by the release of 20,000 FBI agents information on Monday. The hacker, who goes on Twitter by the username of @DotGovs , published the supposed data on an encrypted text-sharing website, including: Names Job titles Phone numbers Email addresses The Reason Behind the Hack The message at the top of the data dump includes the hashtag " #FreePalestine " and reads "Long Live Palestine, Long Live Gaza: This is for Palestine, Ramallah, West Bank,...
Obama's Executive Order urges Companies to Share CyberSecurity Threat Data

Obama's Executive Order urges Companies to Share CyberSecurity Threat Data

Feb 16, 2015
President Barack Obama signed an executive order on Friday that encourages and promotes sharing of information on cybersecurity threats within the private sector and between the private sector companies and the government agencies as well. AREAS TO IMPROVE During his speech at the White House Cybersecurity Summit at Stanford University in California, where many tech leaders and other government officials also assembled, the President highlighted events affecting cybersecurity and the development of the Internet. The four areas that Obama believes must be improved are listed below: Development and evolution of the Internet Cybersecurity Rights of individuals in regards to the Internet Cooperation between the Government and private companies EVERYONE IS VULNERABLE - OBAMA " The cyber world is sort of the Wild Wild West and to some degree we are asked to be the sheriff ," Mr. President told a crowd at the Memorial Auditorium. " When something lik...
Chinese Hackers Broke into the Database of U.S. Federal Employees

Chinese Hackers Broke into the Database of U.S. Federal Employees

Jul 10, 2014
Chinese hackers broke into the computer systems of United States government agency that keeps the personal information of all federal employees, according to the paper published in the New York Times. The attack occurred on the Office of Personnel Management and Senior American officials believe that the attackers successfully gained access to some of the agency's databases in March before the federal authorities detected the threat and blocked them from the network. The hackers targeted the files of tens of thousands of federal employees who have applied for top-secret security clearances, the newspaper reported. " The intrusion at the Office of Personnel Management was particularly disturbing because it oversees a system called e-QIP, in which federal employees applying for security clearances enter their most personal information, including financial data. Federal employees who have had security clearances for some time are often required to update their personal inf...
Malware Infects US Power Plants through USB Drives

Malware Infects US Power Plants through USB Drives

Jan 16, 2013
The US Department of Homeland Security's Cyber Emergency Response Team has released a report , which stated that two American electrical power plants were compromised late last year and has identified a number of glaring electronic vulnerabilities. Some unknown malware infected two power plants control systems using unprotected USB drives as an attack vector. The tainted USB drive came in contact with a handful of machines at the power generation facility and investigators found sophisticated malware on two engineering workstations critical to the operation of the control environment. The report did not say if the computers did or did not have up-to-date antivirus software, but it did say that current software would have found the malware.  The other infection affected 10 computers in a turbine control system. It was also spread by a USB drive and resulted in downtime for the impacted systems and delayed the plant restart by approximately three weeks. ICS-C...
WikiLeaks.org Down After EveryDNS.net Termination Due to DDOS Attacks

WikiLeaks.org Down After EveryDNS.net Termination Due to DDOS Attacks

Dec 07, 2010
WikiLeaks' main website became inaccessible on Friday via its WikiLeaks.org domain after EveryDNS.net, a subsidiary of Dynamic Network Services, terminated its domain name service. EveryDNS.net terminated the WikiLeaks.org domain due to repeated Distributed Denial of Service (DDOS) attacks. These attacks threatened the stability of EveryDNS.net's infrastructure, which supports nearly 500,000 other websites. This information was stated on EveryDNS.net's website. EveryDNS.net notified WikiLeaks via email, Twitter, and the chat function on the WikiLeaks.org website that its domain name service would be terminated within 24 hours. This period ended on Dec. 2 at 10 p.m. Eastern Standard Time in the U.S. EveryDNS.net remarked, "Any downtime of the Wikileaks.org website has resulted from its failure to use another hosted DNS service provider." In response, WikiLeaks tweeted, "WikiLeaks.org domain killed by U.S. EveryDNS.net after claimed mass attacks," urging su...
Experts Warn of Growing Data Theft as Government Lags in Cybersecurity

Experts Warn of Growing Data Theft as Government Lags in Cybersecurity

Dec 07, 2010
It will take several more years for the government to fully install high-tech systems to block computer intrusions. This prolonged timeline enables criminals to become more adept at stealing sensitive data, experts say. As the Department of Homeland Security (DHS) methodically works to secure the approximately 2,400 network connections used daily by millions of federal workers, experts suggest that technology may already be outpacing them. The DHS, responsible for securing non-military government systems, is gradually moving all government Internet and e-mail traffic into secure networks. These networks will eventually be protected by intrusion detection and prevention programs. However, progress has been slow. Officials are trying to finalize complex contracts with network vendors, resolve technology issues, and address privacy concerns related to monitoring employees and public citizens. The recent WikiLeaks release of over a quarter-million sensitive diplomatic documents highligh...
New Rules Enable Military Assistance During Domestic Cyber-Attacks

New Rules Enable Military Assistance During Domestic Cyber-Attacks

Oct 31, 2010
The Obama administration has revised federal policy, enabling the military to assist during a domestic cyber-attack, reported the New York Times on Oct. 21. Typically, the military cannot deploy units within the country's borders, except for natural disasters, and even then, a presidential order is required. However, under a new agreement between the Department of Defense and the Department of Homeland Security, military cyber experts can now be called upon if critical computer networks in the United States are attacked. Robert J. Butler, the Pentagon's deputy assistant secretary for cyber policy, told the Times that this policy change will allow agencies to focus on how to respond to such attacks more effectively. The two agencies "will help each other in more tangible ways than they have in the past," Butler stated in an article in Defense News, an Army Times publication. He added that closer collaboration will provide "an opportunity to explore new ways for ...
Expert Insights / Articles Videos
Cybersecurity Resources