In one instance, we gained access to a privileged user account that allowed us to view, edit, or save files on the local drives of any user's laptop or desktop, including FHFA executives at the highest levels...
We were also able to elevate a standard user account to a domain administrator and take full control of FHFA's network. We essentially had unfettered access to the agency's information technology (IT) infrastructure...
FHFA's network and systems host a variety of data and information such as financial reports and data from Fannie Mae and Freddie Mac, Common Securitization Solutions, LLC, the Federal Home Loan Banks, and the Office of Finance, as well as personally identifiable information of FHFA employees...
The report characterizes the security deficiencies as gravely serious due to the sensitive nature of FHFA computer records. The identified vulnerabilities necessitate immediate attention and corrective action by FHFA management.
Collection
[
|
...
]