Security News

The Board will advise the Secretary, the critical infrastructure community, other private sector stakeholders, and the broader public on the safe and secure development and deployment of AI technology in nation's critical infrastructure. Create a forum for DHS, the critical infrastructure community, and AI leaders to share information on the security risks presented by AI. The Board will help DHS stay ahead of evolving threats posed by hostile nation-state actors and reinforce our national security by helping to deter and prevent those threats.

Three former Department of Homeland Security employees were sentenced to prison for stealing proprietary U.S. government software and databases containing the personal data of 200,000 federal employees. The three individuals are Charles K. Edwards, a former Acting Inspector General of the DHS Office of Inspector General, sentenced to 1.5 years in prison; Sonal Patel, a member of the department IT staff, sentenced to 2 years of probation; and Murali Y. Venkata, also from the IT department, sentenced to 4 months in prison.

The Department of Homeland Security Cyber Safety Review Board will review attacks linked to an extortion gang known as Lapsus$, which breached multiple high-profile companies in recent incidents. As announced on Friday, the goal behind CSRB's review of the gang's hacking activities is to provide advice on defending against Lapsus$ attacks.

The Department of Homeland Security warned that attackers could exploit critical security vulnerabilities in unpatched Emergency Alert System encoder/decoder devices to send fake emergency alerts via TV and radio networks. The warning was issued by DHS' Federal Emergency Management Agency as an advisory delivered through the Integrated Public Alert and Warning System.

The Department of Homeland Security's cybersecurity unit ordered Federal Civilian Executive Branch agencies today to urgently update or remove VMware products from their networks by Monday due to an increased risk of attacks. In April, VMware patched another set of critical vulnerabilities, a remote code execution bug and a 'root' privilege escalation in VMware Workspace ONE Access and VMware Identity Manager.

The Department of Homeland Security today revealed that bug bounty hunters enrolled in its 'Hack DHS' bug bounty program have found 122 security vulnerabilities in external DHS systems, 27 of them rated critical severity. DHS awarded a total of $125,600 to over 450 vetted security researchers and ethical hackers, with rewards of up to $5,000 per bug, depending on the flaw's severity.

A former Department of Homeland Security official pleaded guilty today to stealing confidential and proprietary software and sensitive databases from the US government containing employees' personal identifying information. 61-year-old Charles Kumar Edwards coordinated the scheme while working for DHS-OIG as an employee and a former acting inspector general between February 2008 and December 2013.

The Department of Homeland Security has announced that the 'Hack DHS' program is now also open to bug bounty hunters willing to track down DHS systems impacted by Log4j vulnerabilities. The 'Hack DHS' bug bounty program was announced last week.

The Department of Homeland Security has launched a new bug bounty program dubbed "Hack DHS" that allows vetted cybersecurity researchers to find and report security vulnerabilities in external DHS systems. "The Hack DHS program incentivizes highly skilled hackers to identify cybersecurity weaknesses in our systems before they can be exploited by bad actors. This program is one example of how the Department is partnering with the community to help protect our Nation's cybersecurity."

The United States Department of Homeland Security on Thursday announced that it has hired nearly 300 cybersecurity professionals over the course of the last two months. The onboarding of new talent was part of the Cybersecurity Workforce Sprint initiative, and exceeded by 50% the hiring goal that Secretary of Homeland Security Alejandro N. Mayorkas announced in May: 200 new employees by July 1.