Security News > 2020 > August

Just as America was getting a grip on improving the security of its electronic ballot boxes, the coronavirus pandemic hit, throwing a potential surge in remote voting unexpectedly into the mix, the Black Hat hacking conference was told today. In his keynote address to the now-virtual infosec confab, Georgetown Professor Matt Blaze said election officials will likely have to deal with a larger-than-normal number of citizens voting by mail, rather than in person, and all that entails, as people are encouraged to socially distance and stay away from crowds to curb the COVID-19 virus outbreak.

Scaling up mail-in voting, Blaze said, with less than 100 days left before the election, is an undertaking that, while not impossible, presents many challenges. Blaze, who is McDevitt Chair in Computer Science and Law at Georgetown, chairman of the Tor Project and co-creator of the Voting Village at DEFCON, took the virtual "Stage" at Black Hat 2020 on Wednesday for the first-day keynote.

Online shopping is the most prevalent type of scam with people losing nearly $14 million to date, according to FTC data. Americans have reported 152,129 coronavirus-related fraud cases to the Federal Trade Commission since the start of 2020, according to data analyzed by Atlas VPN. FTC data further revealed that Americans have lost more than $98 million to COVID-19 and stimulus check scams.

Perhaps fittingly, a Web-streamed court hearing for the 17-year-old alleged mastermind of the July 15 mass hack against Twitter was cut short this morning after mischief makers injected a pornographic video clip into the proceeding. The prosecution had argued that Clark should be required to show that any funds used toward securing that bond were gained lawfully, and were not merely the proceeds from his alleged participation in the Twitter bitcoin scam or some other form of cybercrime.

At a Wednesday session at Black Hat USA 2020, researchers with FireEye demonstrated how freely-available, open-source tools - which offer pre-trained natural language processing, computer vision, and speech recognition tools - can be used to create malicious the synthetic media. Social media companies often do not require high bars of credibility, and offer a platform for content to go viral, allowing anyone to create fake media that is believable.

A researcher found a way to deliver malware to macOS systems using a Microsoft Office document containing macro code. Macros enable Office users to automate frequent tasks using VBA code.

From a cybersecurity perspective, perhaps the greatest risk for digital education comes from the wide variation across districts in terms of resources. Data from Microsoft has shown that education as an industry accounted for 60% of reported malware encounters in June - affecting more than 5 million devices in just 30 days.

Overall, 54 high-severity flaws were patched as part of Google's August security updates for the Android operating system, released on Monday. The RCE flaw, the most serious of these flaws, exists in the Android Framework, which is a set of APIs - consisting of system tools and user interface design tools - that allow developers to quickly and easily write apps for Android phones.

Adding insult to injury, researchers have recently discovered a workaround for a previous patch issued for Microsoft Teams, that would allow a malicious actor to use the service's updater function to download any binary or malicious payload. Essentially, bad actors could hide in Microsoft Teams updater traffic, which has lately been voluminous. While Microsoft tried to cut off this vector as a conduit for remote code execution by restricting the ability to update Teams via a URL, it was not a complete fix, the researcher explained.

The NSA released the advisory this week informing people of the various ways mobile phones, by design, give up location information-which go beyond the well-known Location Services feature that people use on a regular basis. Most people are aware that location services on devices can pinpoint where they are so people can have access to services in the area, as well as share their location with friends via mobile apps such as WhatsApp, among other useful activities.