HomeCII/OTSend Us Your Personal Data via Email – Krebs on Security

Send Us Your Personal Data via Email – Krebs on Security

Published on

spot_img

A recent message posted on the homepage of the U.S. Cybersecurity & Infrastructure Security Agency (CISA) has raised concerns about the Trump administration’s attitude towards cybersecurity measures. The message instructed CISA employees who were previously fired to contact the agency to be rehired and placed on leave, requesting sensitive information such as Social Security numbers or dates of birth to be sent via password-protected email attachments. This has sparked criticism for the lack of basic cybersecurity protocols in handling sensitive data.

A recent court order mandated the reinstatement of over 130 probationary CISA employees who were fired last month, with the administration announcing their reinstatement on paid administrative leave. The process of rehiring nearly 25,000 federal workers who were terminated is underway, with efforts being made to contact those affected by the unlawful terminations in mid-February.

The message on the CISA homepage asking for personal information to be shared via email attachments raised security concerns as email is not a secure method of communication, leaving the data vulnerable to interception. The use of password-protected files also poses challenges for security scanners, potentially allowing malicious files to be accepted and opened by government employees.

This incident is not an isolated case, as other cybersecurity lapses have been reported within the administration, including sending unencrypted emails containing sensitive information and mass firings of probationary employees at government agencies like the CIA and NSA. Experts have warned that these actions could have detrimental effects on U.S. cybersecurity operations, as valuable talent is being let go without proper evaluation of the consequences.

Furthermore, the administration’s decision to install Starlink, a satellite Internet service owned by Elon Musk, at federal agencies has raised questions about security risks and potential vulnerabilities. The expansion of Starlink’s implementation in government agencies, despite concerns over cybersecurity implications, highlights the administration’s disregard for established security measures.

The appointment and subsequent resignation of Christopher Stanley, a Musk associate, to the Fannie Mae board added another layer of complexity to the administration’s questionable decision-making processes. Stanley’s background and past controversies raised red flags, reflecting the administration’s lack of thorough vetting procedures for individuals granted access to sensitive government data.

Overall, the series of security breaches and questionable appointments underscore the need for stronger cybersecurity protocols and adherence to established guidelines within the administration. The ongoing disregard for basic security measures raises concerns about the potential risks and vulnerabilities that could compromise national security. The consequences of these actions highlight the importance of upholding cybersecurity standards and protecting sensitive information in government agencies.

Source link

Latest articles

Progress Restores ShareFile Storage Access Following Security Warning

Progress Restores Access to ShareFile After Temporary Service Suspension Due to Security Threat Following a...

Why CISOs Should Implement Zero-Trust Security for IoT

Understanding IoT Security: The Role of Zero Trust in Safeguarding Connected Devices The Internet of...

Cybersecurity Requires Increased Prevention and Reduced Reliance on Cure

The Limits of a Detection-First Model As the cybersecurity landscape evolves, industry forums like the...

Researcher Discovers Ninth Windows Zero-Day Vulnerability

LegacyHive: An Emerging Local Privilege Escalation Vulnerability In a recent turn of events in the...

More like this

Progress Restores ShareFile Storage Access Following Security Warning

Progress Restores Access to ShareFile After Temporary Service Suspension Due to Security Threat Following a...

Why CISOs Should Implement Zero-Trust Security for IoT

Understanding IoT Security: The Role of Zero Trust in Safeguarding Connected Devices The Internet of...

Cybersecurity Requires Increased Prevention and Reduced Reliance on Cure

The Limits of a Detection-First Model As the cybersecurity landscape evolves, industry forums like the...