The U.S. government is testing how artificial intelligence might enhance operations while preparing for the technology’s downside, such as more dangerous hacking attempts from nation-state adversaries, a congressional panel heard Thursday. “The cybersecurity element is a great example of the bright and the dark side of AI technology,” said Arati Prabhakar, director of the White…

Working in collaboration with bug bounty platform Bugcrowd and government technology contractor Endyna, CISA introduced its VDP platform to help Federal Civilian Executive Branch (FCEB) agencies identify and address vulnerabilities in critical systems. The platform was launched in support of Binding Operational Directive (BOD) 20-01, through which the Department of Homeland Security (DHS) instructed all…

The intelligence value of the hacking of then-acting Secretary Chad Wolf and his staff is not publicly known, but the symbolism is stark. Their accounts were accessed as part of what’s known as the SolarWinds intrusion and it throws into question how the U.S. government can protect individuals, companies and institutions across the country if…

SLOTHFULMEDIA is described as a dropper that deploys two files when executed, including a RAT designed to allow hackers to control compromised devices, and a component that removes the dropper once the RAT achieves persistence on the targeted computer. The RAT is capable of running arbitrary commands, terminating processes, taking screenshots, modifying the registry, and…

US collects social media handles from select visitors

Visitors to the U.S. under a visa waiver program are being asked by the Department of Homeland Security for information on their social media accounts, a plan that had drawn criticism from civil rights groups for its potential encroachment on privacy. The U.S. Customs and Border Protection unit of the DHS asked for written comments…

IDG Contributor Network: Putting the privacy into cybersecurity at DHS

Security and privacy have an awful lot in common; both disciplines care deeply about the confidentiality of personally identifiable information. Attend a cyber-security conference or a privacy conference, you are likely to hear the same catch phrases “[Security/privacy] is best addressed at the earliest stages of system development, not at the end when retrofitting requirements…