Election officials say U.S. Postal Service woes place election mail at risk

A letter from election officials in all 50 states and D.C. said the agency needed to take immediate action.

The post Election officials say U.S. Postal Service woes place election mail at risk appeared first on CyberScoop.

Continue reading Election officials say U.S. Postal Service woes place election mail at risk

Postal Service left vulnerable IT applications unaddressed for years, inspector general finds

Officials at the U.S. Postal Service let multiple vulnerable applications languish on the agency’s IT network for years — flaws that could have been exploited by hackers to steal sensitive data, an inspector general audit has found. The inspector general investigation, distributed to Postal Service leadership in July, faults IT officials at the agency for not keeping a slew of applications up to date. Six of the IT applications were left on the Postal Service network for up to seven years with things like incomplete certification and accreditation from technology executives, according to the IG memo. A dozen vulnerabilities were deemed “catastrophic” by the USPS’s Corporate Information Security Office, the watchdog said, meaning they exposed the agency to big financial damages. “These are common, well-known vulnerabilities that have been present for three years that could be exploited by an attacker utilizing publicly available methods,” the memo reads. Simply put, the Postal […]

The post Postal Service left vulnerable IT applications unaddressed for years, inspector general finds appeared first on CyberScoop.

Continue reading Postal Service left vulnerable IT applications unaddressed for years, inspector general finds

Everything you need to know about voting by mail

State and local governments, those running for office and the American electorate are facing an unprecedented election process this year in which mail-in ballots will play a large part in how voters pick their elected officials during a once-in-a-century pandemic. In doing so, they have to navigate a U.S. Postal Service that has warned of tardy ballot deliveries, cut through the din of misinformation coming from President Donald Trump, and overcome a process that can be confusing on a number of different levels. While mail-in voting and cybersecurity don’t seem to go hand-in-hand, security officials are heavily involved in making sure the entire operation can be trusted once it’s complete. Here’s what you need to know about mail-in balloting and how it will play a greater role in this presidential election: How long has voting by mail been going on, and how is it used today? Mail-in voting is not […]

The post Everything you need to know about voting by mail appeared first on CyberScoop.

Continue reading Everything you need to know about voting by mail

Malware from notorious FIN7 group is being delivered by snail mail

While hackers all over the world rely on emails and text messages to breach networks, one infamous criminal group appears to be turning to the mailman to deliver their malicious code. Malware authored by FIN7, which researchers say has stolen over $1 billion in recent years, has been delivered by the U.S. Postal Service to multiple organizations in recent months, according to security company FireEye. The code comes on USB sticks that, once inserted into a computer, install a “backdoor,” called Griffon, capable of stealing sensitive information. The malicious code, which multiple security companies have attributed to FIN7, burrows into the target computer and beacons back to the group for further instructions. How many of the USB deliveries led to network breaches remains unclear. The hacking attempts raise questions about how a group thought to be based in Eastern Europe, and one that U.S. officials have hunted for years, has been […]

The post Malware from notorious FIN7 group is being delivered by snail mail appeared first on CyberScoop.

Continue reading Malware from notorious FIN7 group is being delivered by snail mail

Secret Service Warns of Chip Card Scheme

The U.S. Secret Service is warning financial institutions about a new scam involving the temporary theft of chip-based debit cards issued to large corporations. In this scheme, the fraudsters intercept new debit cards in the mail and replace the chips on the cards with chips from old cards. When the unsuspecting business receives and activates the modified card, thieves can start draining funds from the account. Continue reading Secret Service Warns of Chip Card Scheme

USPS ‘Informed Delivery’ Is Stalker’s Dream

A free new service from the U.S. Postal Service that provides scanned images of incoming mail days before it is slated to arrive at its destination address is raising eyebrows among security experts who worry about the service’s potential for misuse by private investigators, identity thieves, stalkers or abusive ex-partners. The USPS says it hopes to have changes in place by early next year that could help blunt some of those concerns. Continue reading USPS ‘Informed Delivery’ Is Stalker’s Dream