Homeland Security News

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) published a cybersecurity advisory today to highlight precautions and mitigation steps that public and private sector organizations can take to reduce their risk to ransomware and other cyber attacks, specifically leading up to holidays and weekends. This advisory is based on observations on the timing of high impact ransomware attacks that have occurred previously rather than a reaction to specific threat reporting.

CISA and the FBI outline in the advisory network defense practices that can be taken to manage the risk posed by all cyber threats, including ransomware. One recommended action is for organizations with necessary capabilities to engage in preemptive threat hunting on their networks to search for signs of threat actors. For organizations unfamiliar with this best practice, the advisory provides basic elements to threat hunting and explains the benefits of a proactive strategy. The advisory also contains recommendations for fundamental best practices that should be adopted by all organizations, including implementing multi-factor authentication for remote access and administrative accounts.

Read more: Homeland Security Today

The U.S. State Department was hit by a cyberattack and notifications of a potentially serious breach were made by the Department of Defense Cyber Command, a Fox News reporter said on Saturday.

A knowledgeable source told Reuters the State Department has not experienced significant disruptions and has not had its operations impeded in any way.

Fox News reported that the breach is believed to have occurred weeks ago. It’s unclear when it was first discovered, according to the reporter’s tweet thread. The extent of the breach and whether or not there is any ongoing risk to operations is also unclear.

Read more: CNBC

A security researcher said Monday that nearly 2 million records of personally identifiable information -- including passport details, dates of birth, and names -- were exposed in what may be the leak of a secret terrorist watchlist. The records included "no-fly" status information for each person's record, according to a report by Bleeping Computer.

In a blog post on LinkedIn, Security Discovery researcher Bob Diachenko said he discovered the trove of records online July 19 in an unprotected Elasticsearch cluster, which required no password or identity authentication to access. Diachenko said the exposed server had a Bahrain IP address, and it's unclear whether the server is owned by the US government or another party.

Diachenko said he reported his finding to the US Department of Homeland Security the same day, but the records weren't removed from public view until Aug. 3. It's unclear whether any other unauthorized parties had access to the exposed records during that time.

Read more: CNet

Federal agencies responsible for safeguarding the security and personal data of millions of Americans have failed to implement basic defenses against cyberattacks, according to a report from Senate investigators released Tuesday. The agencies earned a C- report card for falling short of federally-mandated standards in the 47-page report by the Senate Homeland Security Committee.

The report also concluded that Americans' personal information remains at risk in the wake of a slew of high-profile cyber attacks and evaluated two years of inspector general reports.

The audit accuses eight critical agencies, including the Department of Homeland Security (DHS), the State Department and the Social Security Administration (SSA) of relying on outdated systems, ignoring mandatory security patches and failing to protect sensitive data such as names, date of birth, income, social security numbers and credit card numbers.

Read more: CBS News

Islamist terrorist organisations including al-Qaeda, Islamic State (IS),and their supporter networks are increasingly exploiting open-source software to create “cloud platform” websites to store their content. These are password-protected websites that enable terrorist actors to share content via URLs. Many of these contain an extensive and regularly updated archive of terrorist material.

This trend is likely due in part to a broad improvement in moderation of terrorist content by mainstream tech platforms. Cloud platforms currently provide terrorist actors with a comparatively stable, centralised location in which to store their material. This is because the process of taking down cloud platforms is extremely challenging. As a result, content stored on cloud platforms canstay active without significant threat of being removed. Mostcloud platforms monitored by Tech Against Terrorism exploit open-source software developed by Germany-based company NextCloud.

Read more: Homeland Security Today