Skip to main content

Exclusive: U.S. Homeland Security found SEC had 'critical' cyber weaknesses in January



The U.S. Department of Homeland Security detected five “critical” cyber security weaknesses on the Securities and Exchange Commission’s computers as of January 23, 2017, according to a confidential weekly report reviewed by Reuters.

The report’s findings raise fresh questions about a 2016 cyber breach into the U.S. market regulator’s corporate filing system known as “EDGAR.” SEC Chairman Jay Clayton disclosed late Wednesday that the agency learned in August 2017 that hackers may have exploited the 2016 incident for illegal insider-trading.

The January DHS report, which shows its weekly findings after scanning computers for cyber weaknesses across most of the federal civilian government agencies, revealed that the SEC at the time had the fourth most “critical” vulnerabilities.

It was not clear if the vulnerabilities detected by DHS are directly related to the cyber breach disclosed by the SEC. But it shows that even after the SEC says it patched “promptly” the software vulnerability after the 2016 hack, critical vulnerabilities still plagued the regulator’s systems.

The hack, two weeks after credit-reporting company Equifax (EFX.N) said hackers had stolen data on more than 143 million U.S. customers, has sent shockwaves through the U.S. financial sector.

An SEC spokesman did not have any comment on the report’s findings.

It is unclear if any of those critical vulnerabilities, detected after a scan of 114 SEC computers and devices, still pose a threat.

During the Obama administration, such scans were done on a weekly basis.

“I absolutely think any critical vulnerability like that should be acted on immediately,” said Tony Scott, the former federal chief information officer during the Obama administration who now runs his own cybersecurity consulting firm.

“This is what was at the root of the Equifax hack. There was a critical vulnerability that went unpatched for some long period of time. And if you’re a hacker, you are going to ... try to see if you can exploit it in some fashion or another. So there is a race against the clock.”

For the past several years, the Department of Homeland Security has been producing a report known as the “Federal Cyber Exposure Scorecard.” 

It provides a weekly snapshot to more than 80 civilian government agencies about potential outstanding cyber weaknesses and how long they have persisted without being patched.

A directive by Homeland Security requires agencies to address critical vulnerabilities within 30 days, though sometimes that deadline can be difficult to meet if it might disrupt a government system.

The January snapshot shows improvements have been made across the government since May 2015, when there were a total of 363 critical vulnerabilities on devices across all of the civilian agencies, according to the report.

As of January 23, by contrast, there were a total of 40 critical vulnerabilities across the agencies reviewed by DHS and another 280 weaknesses categorized as “active high,” which is the second more severe category.

The top four agencies with the most “critical” vulnerabilities as of January 23 included the Environmental Protection Agency, the Department of Health and Human Services, the General Services Administration and the SEC.

However, more vulnerabilities do not necessarily mean one agency is worse than another because things depend on how many computers or devices known as “hosts” were scanned and what kinds of information could potentially be exposed.

“All it takes is one,” Scott said. “You can have one host and one vulnerability and your risk might be 10 times as high as someone who has 10 hosts and ten vulnerabilities.”

Comments

Popular posts from this blog

Iran Killing Command: The use of firearms in dealing with protesters

The document you see on the image is the order of the commander of the Tehran repressive force to all the units based in the city.

Based on this agenda, the mercenaries of the corrupt government Islamic Republic of Iran have been allowed to use firearms in the event of any protest movement against people by the regime.
This is a murder command.
The repressive force of the law, known to the world's famous police and guardians, should protect the lives of its citizens, by freeing their mercenaries, they allow them to murder Iranians who are protesting the corruption in the government and you have the important message that if you come to the streets in protest of corruption and torture and massacre, we will kill you.
Because, according to criminal Khomeini, maintenance of the system is obligatory.
A corrupt government that is so hideous that spend billions of dollars from the national treasury and popular capitalto the suppression of its people and the countries of the region, must be ov…

ایران فرمان قتل : دستور استفاده از سلاح گرم در برخورد با معترضان

سندی که در تصویر میبینید دستور فرمانده نیروی سرکوبگر انتظامی تهران به همه یگانهای مستقر در این شهر است.
بر اساس این دستور کار ، مزدوران حکومت فاسد نظام جمهوری اسلامی اجازه یافته اند که درصورت بروز هرگونه جنبش اعتراضی از سوی مردم علیه رژیم ، از سلاح گرم استفاده کنند.
این دستور یک فرمان قتل است.
نیروی سرکوبگر انتظامی که به ظاهر و تعریف شناخته شده پلیس در سراسر جهان ، میبایست حافظ جان شهروندان باشد ، با آزاد گذاشتن دست مزدوران چکمه پوش خود انها را مجاز به قتل ایرانیان معترض به فسادهای موجود درلایه های حکومت میکنند و این پیام مهم را در خود دارد که اگر در اعتراض به  فساد و شکنجه و کشتار به خیابانها بریزید شما را خواهیم کشت.
چرا که به گفته خمینی دجال، حفظ نظام از اوجب واجبات است.
حکومت فاسدی که انقدر وقیح هست که میلیاردها دلار از خزانه ملی و سرمایه مردمی را صرف سرکوب مردم خود و کشورهای منطقه میکند باید سرنگون کرد.
اکنون چهل سال است که کشور ما به اشغال این ملایان جنایکتارخونخوار و اسلام تحمیلی در آمده است .
هنوز باورش برای برخی سخت است که درک کنند کشور ما به معنای واقعی کلمه از سوی بنیادگرایان الله…

مائده مختار زاده یکی از اعضاء فعال گروهک تروریستی سازمان مجاهدین خلق در ایران_قسمت 1

گزارش شماره یک درباره یکی از خائنین به ملت ایران
 همانطور که ملت بزرگ و شریف ایران زمین میدانند یکی از خطرناک ترین و فاسدترین گروه های تروریستی که سالیان سال در سطح جهان وایران به فعالیتهای غیر انسانی و جنایتکارانه مبادرت می ورزند و با افکار و عقاید بیمارگونه خود جانهای جوانان ایران زمین را می آلایند، گروهک تروریستی مجاهدین خلق می باشد.
جنایات آنان طی سالیان گذشته بر همگان آشکار بوده و چه خانواده هایی که فرزندان عزیز خود را که توسط اعضای این گروه شستشوی مغزی داده شدند ، از دست داده اند و دیگرانی که طعمه شکارچیان بی رحم این گروه تروریستی قرار گرفته اند.
اما خانواده هایی هستند که همچنان نسل اندر نسل به این سازمان تروریستی وفادارند و ایدئولوژی جنایتکارانه خود را به فرزندشان منتقل می کنند و همچنان در داخل و خارج ایران به ترویج افکار مسموم آنها و همچنین فعالیتهای تروریستی مشغول می باشند.
در اینجا به معرفی یکی از این خانواده ها و تشریح فعالیتهای آنها از سالهای آغازین انقلاب ایران تا کنون  خواهیم پرداخت:
مصطفی و جعفر مهیمنی و یکی از خواهرانشان مرضیه مهیمنی ساکن شهرستان بابل در استان مازندران در س…