Washington: the latest on election security
“It’s halftime, America:" watching election security with CISA (The CyberWire) “It looks like any other Election Day, even any other Tuesday,” a senior CISA official said yesterday, as the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) executed a long-prepared national effort to secure the vote.
Today is only "halftime" say top cybersecurity officials (Roll Call) In the days ahead, foreign or domestic adversaries could try to interfere with, and undermine confidence in, the election, officials say.
Polls close on Election Day with no apparent cyber interference (NBC News) While there is still plenty of time for hackers to harass elections as states count and certify results, Election Day itself was fairly smooth sailing.
The Cybersecurity 202: U.S. officials see no evidence of hacking of American voting systems (Washington Post) The federal government's top cybersecurity authority said there was no evidence of a major cyberattack on the U.S. elections. But without a result in the presidential race, there is still time for Russia, Iran or another adversary to interfere in the contest.
Officials: No apparent signs of US malicious cyber activity (Fox 11) The cybersecurity agency at the Department of Homeland Security says the U.S. election so far has featured the usual technical glitches and routine issues but no apparent signs of any malicious cyber activity — at least not yet.
NSA Chief Sees Minimal Foreign Interference, Warns of Risks Until Vote Certified (Wall Street Journal) The head of the National Security Agency and U.S. Cyber Command said the level of foreign interference in the 2020 election appeared less significant than what officials witnessed during the largely quiet 2018 midterms, but said his agencies would be on high alert until votes are certified next mont
CISA’s Elections Operations Center to Remain Open for Another 45 Days (Nextgov.com) Officials acknowledged reports of misleading robocalls and suspicious traffic around a Florida system, but said neither were out of the ordinary.
Cyber Command's Hunt Forward Teams Bolster Election Security, CISA Officials Say (Defense Daily) U.S. military cyber operators scoping out cyber threat actors on overseas networks have proven helpful in protecting U.S. election systems ahead of the 202
US Cyber Command expands operations against Russia, China and Iran (CNN) US Cyber Command expanded its operations aimed at identifying malicious foreign cyber actors before Tuesday's presidential election, conducting missions to not only seek out Russian hackers, but those from all major adversaries, including Iran and China, a US official confirmed to CNN.
U.S. undertook cyber operation against Iran as part of effort to secure the 2020 election (Washington Post) U.S. Cyber Command and the National Security Agency have taken recent actions to ensure that foreign actors do not interfere in the 2020 election, including an operation in the past two weeks against Iran, U.S. officials said.
Suspicious robocall campaign warning people to ‘stay home’ spooks voters nationwide (Washington Post) The call -- along with new robotexts surfaced Tuesday in Michigan -- have fueled fresh fears that misinformation might spread on Election Day over Americans’ smartphones.
FBI investigating robocalls urging people to 'stay home' on Election Day (Reuters) The FBI is looking into a spate of mysterious robocalls urging people to stay home on Election Day as the nation remains on high alert to ensure voting is not compromised, a Department of Homeland Security official said Tuesday.
Robocalls urging voters to skip Election Day are subject of FBI investigation, DHS official says (CyberScoop) The FBI is investigating apparent voter suppression robocalls across the nation, a senior Department of Homeland Security official said Tuesday. An estimated 10 million calls have gone out urging people to “stay safe and stay home.”
Pennsylvania National Guard cyber branch supports 2020 election (DVIDS) Approximately 10 members of the Pennsylvania National Guard provided routine cybersecurity support to state and local partners to help ensure the integrity of the Nov. 3 general election.
Florida Invests in Security Controls Ahead of #Election2020 (Infosecurity Magazine) Florida invests in cyber-controls after 2016 hacking efforts
Cybersecurity specialist Robert Herjavec says he's confident U.S. can safeguard voting from hackers (CNBC) "People are ready. I'm confident that Americans can trust the votes they see," cybersecurity expert Robert Herjavec told CNBC.
Cyber Attacks, Threats, and Vulnerabilities
Comment: Cybereason Researchers Find New North Korean Malware Suite (Information Security Buzz) On October 27th, the US-CERT published a report summarizing Kimusky’s recent activities and describing the group’s TTPs and infrastructure. Combining t
As Maze retires, clients turn to Sekhmet ransomware spin-off Egregor (ZDNet) The ransomware’s ‘retirement’ has left a hole that Egregor operators may capitalize on.
Cyber agency alerts against ransomware attacks of 'Egregor' virus (Devdiscourse) Limiting users who can log in using remote desktop and setting an account lockout policy are included as some of the other counter-measures suggested to check ransomware attacks in the advisory.
23,600 hacked databases have leaked from a defunct 'data breach index' site (ZDNet) Site archive of Cit0day.in has now leaked on two hacking forums after the service shut down in September.
NAT Slipstreaming: Visiting Malicious Site Can Expose Local Network Services to Remote Attacks (SecurityWeek) A newly identified attack method can bypass NATs and firewalls, allowing the attacker to remotely access TCP/UDP services on the victim’s internal network
Sophisticated Threat Actor Exploited Oracle Solaris Zero-Day (SecurityWeek) A threat actor has been observed targeting Oracle Solaris operating systems for over two years, including with an exploit for a recently addressed zero-day vulnerability
These software bugs are years old. But businesses still aren't patching them (ZDNet) Many organisations still haven't applied security patches issued years ago, putting them at risk from common cyberattacks.
ARC Informatique PcVue (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: ARC Informatique
Equipment: PcVue
Vulnerabilities: Deserialization of Untrusted Data, Access to Critical Private Variable via Public Method, Information Exposure of Sensitive Information to an Unauthorized Actor
2.
NEXCOM NIO50 (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 5.3
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: NEXCOM
Equipment: NIO 50
Vulnerabilities: Improper Input Validation, Cleartext Transmission of Sensitive Information
2.
WAGO Series 750-88x and 750-352 (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: WAGO
Equipment: 750-88x and 750-352
Vulnerability: Uncontrolled Resource Consumption
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to crash the device being accessed using a denial-of-service attack.
University of Japan Earthquake Research Division hacked (The Cyber Shafarat - Treadstone 71) The University of Japan Earthquake Research Division was infiltrated by the AsA Security security team Information obtained includes: ID card – visa – passport Is sold at an agreed pric…
Cannabis growing community site exposes 3.4 million user records and passwords (LinkedIn) Passwords, posts, and other data about 1.4 million users exposed without any protection.
Some Instagram users see 'Tomorrow is Election Day' reminder on Election Day (Protocol) On Election Day, a subset of Instagram users woke up to a message at the top of their Instagram feeds that read, "Tomorrow is Election Day." For some, the message was still there by the early afternoon. Instagram chalked the outdated message up to a caching issue that caused some users to continue...
Chesapeake Regional impacted by data breach (WAVY) Chesapeake Regional Healthcare announced in a news release Tuesday that it has informed more than 23,000 patients, donors, and employees about a data security breach.…
Cyber attack: All UVM Porter Medical Center services remain available (Sun Community News) The University of Vermont Health Network is making steady progress toward restoring systems to normal operations following last week's cyber attack event. We are dedicating additional internal resources to augment the effort.
Indonesian fintech Cermati reports data breach, 2.9 million users affected (KrASIA) Data stolen from the site, which includes sensitive information such as tax registration and national ID numbers, is now being sold online.
Security Patches, Mitigations, and Software Updates
Google Patches Actively Exploited Chrome Vulnerabilities (SecurityWeek) Google has released updates to address multiple vulnerabilities in the Chrome browser, including two that are actively exploited in attacks
Adobe Patches 14 Vulnerabilities in Acrobat Products (SecurityWeek) Adobe has patched over a dozen vulnerabilities in its Acrobat products, including critical flaws that can be exploited for arbitrary code execution
SaltStack reveals new critical vulnerabilities, patch now (BleepingComputer) SaltStack, a VMware-owned company, has revealed critical vulnerabilities impacting Salt versions 3002 and prior, with patches available as of today.
Microsoft boosting Xbox Party Chat security ahead of Series X/S launch (VG247) Firm is trying to protect its users from DDOS attacks
Cyber Trends
The ‘New Normal’ State of Cybersecurity (Bitdefender) “In the wake of 2020, 50 percent of organizations were unprepared to face a scenario in which they would have to migrate their entire workforce in a work-from-home environment...
Real Words or Buzzwords?: Anonymization, Encryption and Governance (Security Infowatch) The exponential advance of information technologies requires an exponential advance in the application of data protection
VPN installs in Thailand surge by 644% due to porn site bans (Atlas VPN) According to in-house aggregated Atlas VPN user data, Virtual Private Network (VPN) installs in Thailand surged by 644% in the last few days. The interest in VPNs sky-rocketed immediately after Thailand's government banned Pornhub and 190 other pornography websites late on Monday.
Marketplace
Brazil's Telefonica sells cyber security firm for $20 million (Reuters) Brazil's telecom services provider Telefonica Brasil SA <VIVT4.SA> has sold its 100% stake in cyber-security firm Telefônica Cibersegurança e Tecnologia do Brasil (CyberCo Brasil) to another company within the group, according to a securities filing on Tuesday.
Neustar Announces Acquisition of Verisign’s Public DNS Service (BusinessWire) Neustar announces acquisition of Verisign’s Public DNS Service
Anticip circles cyber firm Bertin (Intelligence Online) Anticip, the private security firm headed by Richard Terzan and Cyrille Peguilhan, has recently explored acquiring Bertin Technologies.
Blackbaud Expects Cyber Insurer Will Cover Most Attack Costs (GovInfo Security) Despite the soaring list of customers reporting data breaches tied to the May ransomware attack on Blackbaud - and numerous legal actions filed against the company
A decade past IPO, Booz Allen bolstered by tech paradigm shift going into uncertain budget cycle (Washington Business Journal) The McLean company rode out sequestration on the federal government's digital transformation boom a decade ago. Here's why the next federal budget crunch will look different for the company.
3 Top Cybersecurity Stocks to Buy in November (The Motley Fool) Investors should be familiar with Crowdstrike and two other promising cybersecurity stocks.
A career in cybersecurity: Is it for you? (WeLiveSecurity) There’s no shortage of opportunities for cybersecurity professionals and people looking to break into this field. Could it also be the right path for you?
Meet the Israeli researchers protecting your robovac from a spy infiltration (Haaretz) 'Every time we, as users, connect remotely via our smartphone to such a device, we open a back door to our home network and all the devices connected to it,' says head of research at Checkmarx
Centrify's New CEO Has A Compelling Vision For The Future Of Cybersecurity (Enterprise Irregulars) Bottom Line: Flint Brenton’s vision for the future of Centrify and cybersecurity, in general, prioritizes the need for privileged access management to become core to the multi-cloud architectures and DevOps environments he sees pervading customers’ enterprises today. Every new cybersecurity company CEO is writing their vision of the future by their decisions and the priorities …
Troy Hunt partners with 1Password as Strategic Adviser (1Password Blog) Troy Hunt is joining the 1Password advisory board, helping us support businesses that have been affected by data breaches, and continue our work building the world’s most trusted password manager.
Products, Services, and Solutions
ThreatConnect and McAfee DXL: Better Integrations with the McAfee Stack (ThreatConnect) ThreatConnect has partnered with security giant McAfee and released multiple Playbook Apps and one App Service for McAfee DXL. McAfee DXL is a communication fabric and it allows us to easily connect with nearly every piece of McAfee technology. The Playbook Apps will allow you to Publish Events and Invoke Services on DXL topics while […]
KnowBe4 Launches New Compliance Audit Readiness Assessment Tool (GlobeNewswire) No-cost web-based tool helps organizations assess their ability to meet compliance requirements
Managing Bot-based Attacks with Threat Detection (PerimeterX) PerimeterX CTO engages in a Q&A with independent research firm TAG Cyber about how companies address bot management.
Does Your Company Need Deception? Illusive CEO Says Yes (SDxCentral) Reactive security doesn’t do enough to protect corporate assets. Illusive Networks says companies need to use deception technology instead.
QuintessenceLabs introduces qStream Plus, a quantum entropy management solution (CTOvision.com) Why should we worry about entropy? Entropy, also known as randomness, is the anchor beneath much of the world’s security. Poor-quality entropy compromises security, while low-speed entropy compromises performance, and […]
Ermetic Introduces Full Stack Identity Governance for Cloud Infrastructures (BusinessWire) Visibility into both identity entitlements and network access configurations exposes risk in complex scenarios of users, machines, and resources.
Kudelski IoT Enables Secure “Phone as Key” Solution for Management of Shared Vehicle Access (MarketScreener) Kudelski IoT Enables Secure Phone as Key Solution for Management of Shared Vehicle Access
The passive... | November 3, 2020
FireEye releases ThreatPursuit, a Windows VM for threat intel analysts (ZDNet) ThreatPursuit VM comes packed with more than 50 tools threat intelligence analysts use to hunt adversaries.
Cato Automates Threat Intelligence Feed Assessment, Eliminating False Positives (PR Newswire) Cato Networks, provider of the world's first SASE platform, announced today the first purpose-built reputation assessment system to combine...
KnowBe4 Launches New Compliance Audit Readiness Assessment Tool (GlobeNewswire) No-cost web-based tool helps organizations assess their ability to meet compliance requirements
Exabeam Strengthens Security for Cloud-Based Data (Channelnomics) Company enhances SMP platform for better AWS, Azure, Google Cloud support
Digital Guardian Rolls Out Protection Against Ryuk Ransomware (AiThority) Digital Guardian, a leader in DLP and MDR, has developed a new Ryuk Ransomware Protection Content Pack to detect and defend against Ryuk ransomware.
Malwarebytes Unveils CrowdStrike Integration, Endpoint Security Solution (MSSP Alert) Malwarebytes Remediation for CrowdStrike leverages the CrowdStrike's endpoint protection platform to help Security Operations Centers (SOCs) mitigate cyber threats.
DigiCert Secure Software Manager Modernizes PKI Automation to Enable Frictionless Secure Code Signing, Private Key Management (CRN - India) Built on DigiCert ONE, flexible deployment options work seamlessly with DevOps workflows and enable IT operations teams to ensure compliance with fast-changing regulations and PKI best practices
Vulcan Cyber Adds Remediation Analytics to Provide Full Visibility Into Remediation Efficacy (PR Newswire) Vulcan Cyber®, developers of the industry's only end-to-end vulnerability remediation orchestration platform, today announced the addition of...
Design and Innovation
CERT/CC Seeks to Remove Fear Element From Named Vulnerabilities (SecurityWeek) Leigh Metcalf worries that some vulnerability discoverers choose to name their discoveries purely for maximum media impact rather than accurately reflecting the severity of the flaw.
Research and Development
Pentagon research office wants innovative tools to spot influence campaigns (C4ISRNET) A new solicitation wants automated tools to help analysts track influence campaigns as they evolve.
Academia
()
Legislation, Policy, and Regulation
Japan Times Indicates Japan considers using AI for speedy policy decisions (CTOvision.com) The government is considering introducing an artificial intelligence-based big data analysis system developed by an American firm in order to enable speedier policy decisions, according to government sources. It has started […]
A Trump win and cybersecurity: Potential for CISA expansion? (SC Media) As Americans go to the polls in record numbers and Trump vies for re-election, his uneven cybersecurity policy offers a few clues into what he might, or should, prioritize during a second term.
Californians Consider Expanding Landmark Data Privacy Law (SecurityWeek) Two years ago, California became the first state to pass a sweeping digital privacy law seen as the strongest of its kind in the United States. Voters are now deciding whether to refine and expand that law, or leave it as is.
Maj. Gen. Robert Skinner Now Senate-Confirmed for DISA Leadership Role (Executive Gov) Maj. Gen. Robert Skinner has received Senate confirmation to lead the Defense Information Systems Ag
Litigation, Investigation, and Law Enforcement
Huawei says Romania and Poland bans violate EU law (Light Reading) Huawei argues moves by Romania and Poland to exclude it from their 5G infrastructures breach EU guidelines, hinting at a possible legal challenge.
Two former eBay executives indicted on stalking, tampering charges in blogger harassment case (Silicon Valley Business Journal) Two former eBay executives were indicted Tuesday on 15 counts of stalking, witness tampering and destruction, alteration and falsification of records for their alleged roles in a harassment campaign against the Massachusetts couple behind EcommerceBytes, a blog that former CEO Devin Wenig saw as overly critical of the company.
Blackbaud sued in 23 class action lawsuits after ransomware attack (BleepingComputer) Leading cloud software provider Blackbaud has been sued in 23 proposed consumer class action cases in the U.S. and Canada related to the ransomware attack that the company suffered in May 2020.
Vienna shooting attack suspect was Islamic State sympathizer, Austrian authorities say (Washington Post) Peering out a window at Vienna's main synagogue compound on Monday night, Rabbi Schlomo Hofmeister watched as a gunman opened fire on customers in the bars and restaurants of the city's main nightlife district.
Facial recognition used to identify Lafayette Square protester accused of assault (Washington Post) A line of U.S. Park Police officers pushed protesters back from Lafayette Square on June 1, firing pepper balls and rolling canisters spewing irritant gas into the retreating crowds on H Street NW, video shows.
Police to Livestream Ring Camera Footage of Mississippi Residents (Threatpost) Pilot program again sparks privacy fears from ACLU as Amazon takes its partnership with law enforcement to the next level.
App Developer Denies Scraping Data In Facebook Suit (Law360) A U.K. app developer accused by Facebook of abusing the social media platform has told a London judge that his software did not have the capability to harvest personal data from unwitting users.