CyberScoop: Postal Service left vulnerable IT applications unaddressed for years, inspector general finds

“Officials at the U.S. Postal Service let multiple vulnerable applications languish on the agency’s IT network for years — flaws that could have been exploited by hackers to steal sensitive data, an inspector general audit has found.”

“The inspector general investigation, distributed to Postal Service leadership in July, faults IT officials at the agency for not keeping a slew of applications up to date. Six of the IT applications were left on the Postal Service network for up to seven years with things like incomplete certification and accreditation from technology executives, according to the IG memo.”

“A dozen vulnerabilities were deemed “catastrophic” by the USPS’s Corporate Information Security Office, the watchdog said, meaning they could have exposed the agency to big financial damages. ‘These are common, well-known vulnerabilities that have been present for three years that could be exploited by an attacker utilizing publicly available methods,’ the memo reads.”

“The vulnerabilities identified in this report were found, scoped and addressed by the Postal Service,’ an agency spokesperson told CyberScoop. ‘These applications are now addressed.’”

“But before they were addressed, the inspector general report concluded, the Postal Service ‘did not completely evaluate the risks these vulnerable applications posed…’” Read the full article here.

Source: Postal Service left vulnerable IT applications unaddressed for years, inspector general finds – By Sean Lyngaas, September 11, 2020. CyberScoop.

0
Tags:

This topic contains 0 replies, has 1 voice, and was last updated by  Jackie Gilbert 1 week, 2 days ago.

  • Author
    Posts
  • #107570

    Replies viewable by members only

    0

You must be logged in to reply to this topic.

CONTACT US

Questions?. Send us an email and we'll get back to you, asap.

Sending

©2020 G2Xchange all rights reserved | Community and Member Guidelines | Privacy Policy | About G2Xchange FedCiv

Opportunities. Starting Points.

About our Data

The Vault is a listing of expiring contracts, task orders, etc. within a certain set of parameters, to include:

  • Have an initial total estimated contract value of $10 million or above
  • Federal Civilian Only – DHS, Transportation, Justice, Labor, Interior, Commerce, Energy, State, and Treasury Actions
  • NAICS codes include: 511210, 518210, 519130, 519190, 541511,
    541512, 
    541513, 541519, 541611, 541618,
    541690, 541720, 541990
  • Were modified within the last 12 calendar months
  • The data represented is based on information provided by the government

Who has access? Please note that ALL G2Xchange FedCiv Members will receive access to all basic and much of the advanced data. G2Xchange FedCiv Corporate Members will receive access to ALL Vault content (basic and advanced).

Feedback/Suggestions? Contact us at Vault@G2Xchange.com and let us know what you think. 

G2Xchange FedCiv

Log in with your credentials for G2Xchange FedCiv

Forgot your details?