The US Department of Homeland Security has said that Tuesday’s elections went off without disruption by cyberattack (TheHill), but DHS also notes that disinformation about election security and the effects of influence operations is being actively distributed (CBS). It’s hogwash from St. Petersburg, whose Internet Research Agency (IRA) cries victory for its trolls (Daily Beast). Expect this to continue.
Also from St. Petersburg comes a zero-day for Oracle’s VirtualBox, posted to GitHub. This isn’t the IRA’s work, but rather of one irritated freelance bug-hunter, Sergey Zelenyuk. Mr. Zelenyuk says he loves VirtualBox, but that the industry just takes too long to evaluate reported bugs, and so he’s dropped the zero-day without prior disclosure as a gesture of defiance (Naked Security).
US Cyber Command is also reporting bugs, but in regular way. The command has submitted samples of Russia-linked Lojack malware to VirusTotal (CSO).
A major incident affecting banks in Pakistan appears to be a paycard-skimming operation as opposed to a breach (Infosecurity Magazine).
With next month’s Chrome 71 release, Google will give “abusive” advertisers thirty days to clean themselves up (Naked Security).
The Ontario Cannabis Store warns that its delivery list for newly legal weed has been illicitly accessed due to missteps at Canada Post (Motherboard). Some coverage seems to show signs of the Butterfield Effect, representing a fairly obvious causal connection—new and trendy industry already under cyberattack, which of course it is—as paradoxical. No word on whether Canada Post officials were baked at the time of incident.