XaiJu
dtns
dtns

patreon


US POst Office Vulnerabilities - ThreatWire Crosspost

Added 2020-09-15 16:56:27 +0000 UTC

by Shannon Morse, ThreatWire

According to a memorandum sent by the Office of the Inspector General for the United States Postal Service, sent to the CISO VP and IT VP for the USPS, outdated IT systems have been used for years by the postal service that could have cost a “potential financial impact of over $1 billion”.  While some of the memo is redacted, it explains that these issues came to their attention after doing an ongoing audit and they require immediate attention and remediation.

The vulnerabilities found weren’t directly related to the scope of this audit but warranted immediate action. The memo states the USPS allowed six of ten applications, four of which were deemed sensitive, to operate even though they had significant vulnerabilities for upwards of seven years without a complete Certification and Accreditation process. This means applications were running without a mitigation plan, risk acceptance letters, approval signatures or expired conditional accreditation letters. Under the postal services policies, approvals are required before deploying resources, and if requirements can’t be met, a Failure to Comply letter must be issued. The policies also require the processes to be reinitiated every one to three years.

The report states these vulnerabilities could lead to disclosure of sensitive data and unauthorized access by potential attackers. 12 vulnerabilities were found with a potential impact of over $1 billion. The specific vulnerabilities weren’t disclosed, but the memo does state these are common and could be exploited using publicly available methods. 

Because of the memorandum, the USPS planned to provide an update before July 31, 2020 and according to reports, the issues were addressed. At this time, there is no evidence of these vulnerabilities being used in the wild.

Free Wifi Pineapple Mk VII: https://youtu.be/Tt1rh45g1rM 

ThreatWire is only possible because of our Patreon patrons! Sign up now for ACTION ALERTS! Help me reach our next ThreatWire goal to unlock merch tiers and an audio podcast! https://www.patreon.com/threatwire 

Links:

USPS using outdated vulnerable systems:

https://www.uspsoig.gov/sites/default/files/document-library-files/2020/20-251-R20.pdf

https://www.vice.com/en_us/article/akzpd5/postal-service-used-apps-that-had-catastrophic-vulnerabilities-for-years

https://www.businessinsider.com/us-postal-service-used-outdated-systems-2020-9


More Creators

Galiter凌冈

Galiter凌冈

 fanbox
Raikkonen

Raikkonen

 patreon
ぢたま某

ぢたま某

 fanbox
FenGriff

FenGriff

 patreon
sacs19

sacs19

 patreon
SlapstickSausage889

SlapstickSausage889

 patreon
donghuaax

donghuaax

 patreon
OniArtist

OniArtist

 patreon
えこる

えこる

 fanbox
Dalla1re

Dalla1re

 gumroad
RafaTheBeat

RafaTheBeat

 patreon
Shay Robinson

Shay Robinson

 patreon
Msmunchkin

Msmunchkin

 patreon
syuro

syuro

 fantia
Dya Rikku

Dya Rikku

 patreon
Jowol

Jowol

 gumroad
touko11111

touko11111

 fanbox
Freak Side

Freak Side

 boosty
Kay

Kay

 gumroad
SirAi

SirAi

 patreon
sleeplessknights

sleeplessknights

 patreon
elking7v7

elking7v7

 patreon
こぺぞう

こぺぞう

 fanbox
atwhistlersplace

atwhistlersplace

 patreon
zziowin

zziowin

 patreon
shinzo

shinzo

 fanbox
ブロッコリー

ブロッコリー

 fanbox
とき7

とき7

 fanbox
StephanieAsmr

StephanieAsmr

 patreon
ぶんちゃん

ぶんちゃん

 fanbox
Crimson Ludus

Crimson Ludus

 patreon
chiyo

chiyo

 fanbox
Neko Goddess Auska's MikuMikuDance Commissions

Neko Goddess Auska's MikuMikuDance Commissions

 patreon
チョコミント

チョコミント

 fanbox
空蜂ミドロ

空蜂ミドロ

 fanbox
FoxOsi

FoxOsi

 gumroad
Bigger and Bigger Giants

Bigger and Bigger Giants

 patreon
alex bozdog

alex bozdog

 patreon
ふるの

ふるの

 fanbox
あき

あき

 fanbox