Agregátor RSS
Jaderné noviny – přehled za leden 2025
Přehled lednových vydání Jaderných novin: stav vydání jádra, citáty týdne a seznam článků týkajících se jádra.
Democrats demand to know WTF is up with that DOGE server on OPM's network
Who bought it, who installed it, and what's happening with the data on it.…
Legislators demand truth about OPM email server
Two members of the US House of Representatives want answers from the US Office of Personnel Management (OPM) over allegations that a “server of unknown nature” was used last month to “access sensitive government data without regard for crucial security and privacy protections.”
In a letter sent Tuesday to Charles Ezell, acting director of the OPM, an independent agency that manages the US federal civil service, Gerald Connolly, ranking member of the Committee on Oversight and Government Reform, and Shontel Brown, ranking member of the Subcommittee on Cybersecurity, Information Technology and Government Innovation, wrote that on Jan. 24, “millions of federal employees received an email from a new email address, [email protected], stating that it was a ‘test of a new distribution and response list.’”
It went on to say that “the email address sent several additional tests before sending a mass email to the federal workforce with the subject ‘Fork in the Road’ detailing a potentially illegal resignation offer for federal employees.”
In addition, they wrote, “several days prior to the first test, OPM did not have the capability to email a distribution list of this scale. Acquiring such a capability securely and in compliance with federal cybersecurity, privacy, and procurement laws would likely not have been possible in such a short timeframe.”
Connelly and Brown added that “compounding our concerns, other reports suggest that allies of Elon Musk recently installed at OPM have revoked senior career employee access to OPM computer systems containing extremely sensitive information, including the dates of birth, Social Security numbers, home addresses, pay grades, and appraisals of millions of government workers.”
At best, the letter stated, the Trump administration’s actions at OPM to date “demonstrate gross negligence, severe incompetence, and a chaotic disregard for the security of our public. At worst, we fear that Trump Administration officials know full well that their actions threaten to break our government and put our citizens at risk of foreign adversaries like China and Russia gaining access to our sensitive data.”
Its authors wrote that the lack of security and oversight associated with the new “email system and data management practices threatens to expose federal workers to personalized social engineering or spear phishing attacks to gain access to government systems. For example, it appears the effort to distribute the mass Fork in the Road email may have subverted cybersecurity controls in the National Oceanic and Atmospheric Administration (NOAA) email system, leading to the agency’s 13,000 employees receiving a flood of inappropriate and spam email.”
While the letter requested records and logs, as well as “all emails, documents, and communications relevant planning and execution of the initiative,” it also asked that Ezell present the information to the Committee on Oversight and Government Reform on Feb. 14. To date, no such meeting has been scheduled.
Computerworld reached out to the OPM press office regarding the letter and was told via email, “we do not have a comment on this.” Will McDonald, the communications director for Brown, who represents Ohio’s 11th Congressional District, was also contacted, and he said there has as yet been no response to the letter from OPM.
Potential privacy and security riskErik Avakian, security counselor at Info-Tech Research Group said the “recent development regarding OPM and the alleged issues regarding an email server being deployed on the agency network and emails being distributed by the agency to federal employees raise potential security and privacy concerns that, if substantiated, could be out of sync with well-defined cybersecurity best practices and privacy regulations.”
Most important, he said, would be the way in which the system had been deployed onto the federal network, “particularly in light of the many existing US federal government-required processes, procedures, and checks a system would need to undergo before receiving green light approval for such a fast-tracked deployment. There could be fast-track processes in place for such instances.”
However, even in such cases, said Avakian, “any deployment of systems or tools would certainly, as best practice, need to be reviewed for security vulnerabilities, and its architecture checked and hardened, at a minimum, to be aligned with the federal security requirements for systems deployed on the network prior to going live.”
The question would be whether the processes were followed, he said. “In any case, there could be quite a checklist of issues regarding Compliance with Cybersecurity Frameworks, Best Practices, and the Federal Government’s Memo regarding the Implementation of Zero Trust, to name a few, as well as numerous privacy laws.”
Aside from asking Ezell to appear at a briefing, the letter also asked that the OPM provide:
- A list of any information technology equipment installed at OPM between January 21, 2025, and January 24, 2025, and used to support the distribution of the “Fork in the Road” emails, including a description of how such equipment was procured.
- A list of the individuals who installed and/or accessed the equipment, including whether they were OPM employees at the time of their installation/access of the equipment and, if so, under what authority they were hired; and what background investigation and clearance processes they underwent as part of the hiring process.
- What steps were taken to “safeguard the privacy of the millions of federal employees included in those databases and repositories.”
- A description of the types of IT assets, software systems, code, or other tools used to collect information.”
Avakian said that in terms of process and procedures, one question raised was whether the deployment of the email system underwent a Privacy Impact Assessment (PIA) before deployment of such a system on the production network.
If not, “the omission of the PIA could imply non-compliance with established federal cybersecurity practices and privacy laws such as the E-Government Act of 2002, mandating that all US federal agencies conduct PIAs before implementing systems, particularly those that store or handle Personally Identifiable Information (PII). “
The PIA, said Avakian, “would account for and amount to an example of just one of the assessments a system would need to undergo before deployment. While there is the possibility of OPM to submit a retroactive PIA, it would still position OPM’s initial failure to perform this assessment as a significant issue and potential legal hurdle.”
Mass ‘deferred resignation’ offer could cause loss of critical expertiseAccording to a release, a letter sent by Connolly and other Democratic members of the oversight committee to President Donald Trump on Monday requested “documents and information regarding his ‘deferred resignation’ offer sent en masse to the federal workforce, and urging him to rescind the offer.”
They wrote that it “would precipitate a mass exodus of the most experienced and capable federal employees, leaving our agencies severely understaffed and incapable of fulfilling their responsibilities. The consequence of this brain drain will be felt by every American.”
Committee members argued, “without the expertise and institutional knowledge that so many federal employees bring to their work, our government will be incapable of responding effectively to national emergencies, serving the American public, or even carrying out routine operations. The resignation offer sets the stage for an unparalleled crisis in our government’s ability to deliver for the American people.”
DuckDB 1.2.0
Robocallers who phoned the FCC pretending to be from the FCC land telco in trouble
In its first enforcement action of the Trump presidency, the FCC has voted to propose fining Telnyx $4,492,500 – after scammers pretending to be the watchdog's staff started calling actual FCC staffers via the VoIP telco.…
New Microsoft script updates Windows media with bootkit malware fixes
Microsoft script updates bootable media for BlackLotus bootkit fixes
Mixing Rust and C in Linux likened to cancer by kernel maintainer
Updated Developers trying to add Rust code to the Linux kernel continue to face opposition from kernel maintainers who believe using multiple languages is an unwelcome and risky complication.…
Zúčtování daní: Co teď donést do práce účetní, abyste mohli využít všechny daňové výhody?
Programovatelné IO na mikrořadičích RP2040 v Raspberry Pi Pico
Dohoda o provedení práce 2025. Jaká jsou nová pravidla výkonu práce a nároky zaměstnance, které musí zaměstnavatel zajistit
Monitoring, vizualizace a automatizace sítí, hlavní témata z CSNOG 2025
Nový čínský fúzní rekord slibuje zrychlení příchodu fúzní elektrárny
Taiwan, klenot polovodičového priemyslu na dostrel
GeForce RTX 5070 Ti: Recenze 19. února, dostupnost 20. února
Workday to cut 1,750 jobs, shift focus to AI and global expansion
Workday said Wednesday it will lay off 1,750 employees, roughly 8.5% of its workforce, as part of a restructuring plan to invest more heavily in artificial intelligence (AI) and accelerate international growth.
The California-based company disclosed the layoffs in a filing with the US Securities and Exchange Commission, attributing the decision to its focus on what its leaders call “durable growth.” While details on specific departments affected were not provided in the filing, executives emphasized that artificial intelligence initiatives and overseas markets represent key areas where the company will continue hiring.
“Companies everywhere are reimagining how work gets done, and the increasing demand for AI has the potential to drive a new era of growth for Workday,” Carl Eschenbach, CEO of Workday, said in a memo to employees included with the filing.
Concern about customer supportSome industry observers are concerned about how Workday’s layoffs affect customer support. John Yensen, who leads the managed IT services firm Revotech Networks, said he believes customers will likely face disruptions to their support and service soon.
“AI could help offset this by automating routine inquires and streamlining the customer service process, but the largest concern, as in all similar cases, is whether AI support will able to handle and improve the level of service that enterprise clients expect and have become accustomed to,” he said.
Timothy DeStefano, associate professor of research at Georgetown University’s McDonough School of Business, suggested that the outcome will largely depend on the company’s approach to the restructuring.
“One way to try to prevent layoffs from affecting the level and quality of customer support is to avoid eliminating positions that are customer-facing or critical to customer engagement,” DeStefano said. “It may also be helpful for the business to cross-train employees so that the remaining workers can handle multiple roles during the transition.”
Workday did not immediately respond to a request for comment.
Strategy suggests a ‘careful realignment of resources’Workday’s leadership has pointed to artificial intelligence as a central reason for the reallocation of resources. While the AI transition presents challenges, DeStefano noted that the investment could pay off: “Making investments in technology, particularly AI, is not cheap, but an accumulation of empirical evidence suggests that, if done correctly, performance improvements and efficiency gains can be achieved. However, it takes time and restructuring to implement new technologies, and thus, there may be some hiccups along the way.”
International expansion is another priority for Workday, which plans to seize the growing demand for cloud-based HR solutions outside the United States. DeStefano noted that the company is taking a three-pronged approach to ensure financial stability: “cost reductions, market expansion overseas, and investing in tools designed to enhance decision-making and improve efficiency. This is particularly relevant given the increasing competition within the market, increased consolidation through firm acquisitions, and the potential for slower demand due to higher interest rates.”
While specific regional targets weren’t disclosed, DeStefano observed that the company’s strategy suggests a careful realignment of resources. “Based on their statements, they have decided to close certain locations while opening new ones. This suggests that the geographical reorganization is designed to restructure their regional footprint to keep pace with evolving consumer demand across their markets,” he said. “Additionally, while the company is laying off employees, they are not enacting a hiring freeze. Instead, they have stated that they will add workers to critical locations and roles within the company, along with making AI investments, to maintain and enhance its applications for consumers throughout the transition and in the long run.”
Workday faces intense competition in HR software from both established firms and startups, according to Janice Quek, an analyst at investment research firm CFRA.
“However, the AI opportunity is clear, and the company will need to innovate in order to remain competitive in the enterprise software space,” Quek said. “On that front, it has released several AI products, including AI agents, that will unlock capacity for its users, with more solutions in the pipeline. We expect [Workday] to also leverage AI internally to alleviate talent gaps, streamline workflows, and automate their operational processes and services to smooth its transition and enhance its own execution.”
Robocallers posing as FCC fraud prevention team call FCC staff
Ransomware payments fell by 35% in 2024, totalling $813,550,000
DOGE latest: Citrix supremo has 'read-only' access to US Treasury payment system
The US Treasury has revealed Tom Krause – the chief exec of Citrix and Netscaler owner Cloud Software Group – has "read-only" access to a vital federal government payment system that disburses trillions of dollars annually.…
CISA orders agencies to patch Linux kernel bug exploited in attacks
- « první
- ‹ předchozí
- …
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- …
- následující ›
- poslední »
