Security News > 2020
Vulnerabilities in the Voatz Internet voting app could allow adversaries to alter, stop, or expose a user's vote, security researchers from the Massachusetts Institute of Technology have discovered. Developed by the private Boston-based Voatz, the application is the first Internet voting app to have been used in high-stakes U.S. federal elections and is "On track to be used in the 2020 Primaries," the researchers point out.
Security researchers have found key flaws in a mobile voting app that some states plan to use in the 2020 election that can allow hackers to launch both client- and server-side attacks that can easily manipulate or even delete someone's vote, as well as prevent a reliable audit from taking place after the fact, they said. A team of researchers at MIT released a security audit of Voatz-a blockchain app that already was used in a limited way for absentee-ballot voting in the 2018 mid-term elections-that they said bolsters the case for why internet voting is a bad idea and voting transparency is the only way to ensure legitimacy.
A court in Moscow fined Twitter and Facebook 4 million rubles each Thursday for refusing to store the personal data of Russian citizens on servers in Russia, the largest penalties imposed on Western technology companies under internet use laws. Russia's internet regulator, Roskomnadzor, has tried unsuccessfully for several years to force large companies like Facebook, Twitter and Google to move Russian user data to Russia.
The UK's National Crime Agency has publicly distanced itself from a poster urging parents to call police if their child has installed Kali Linux, Tor or - brace yourself - Discord. Should your child install Kali Linux, virtual machines or internet privacy tool Tor, West Midlands Police wants to know immediately.
Microsoft this week announced that Safe Documents and Application Guard, two security capabilities introduced last fall, are now available to more of its Office 365 ProPlus customers. At Ignite 2019, Microsoft announced Application Guard's integration with 365 ProPlus to deliver container-based isolation for Office applications, to completely block attackers' access to resources such as memory, local storage, applications, and corporate network endpoints.
The GDPR Cookie Consent plugin, created by WebToffee, claims over 700,000 users. While the GDPR Cookie Consent plugin asks you if you'd mind accepting cookies, it doesn't ask you if you'd like a dollop of XSS with them too.
The contentious case of a man held in custody since 2015 for refusing to decrypt two hard drives appears to have reached a resolution of sorts after the US Court of Appeals ordered his release. Former Philadelphia police sergeant Francis Rawls was arrested in September 2015, during which the external hard drives were seized along with other computers from his home.
Only specific named people are allowed to take part in the ceremony, and they have to pass through several layers of security - including doors that can only be opened through fingerprint and retinal scans - before getting in the room where the ceremony takes place. One contains a hardware security module that contains the private portion of the KSK. The module is activated, allowing the KSK private key to sign keys, using smart cards assigned to the ceremony participants.
Puerto Rico's government has lost more than $2.6 million after falling for an email phishing scam, according to a senior official. The finance director of the island's Industrial Development Company, Rubén Rivera, said in a complaint filed to police Wednesday that the agency sent the money to a fraudulent account.
Facebook has delayed the rollout of its new dating feature in Europe, following officers from the Irish data regulator having popped by to ask why Facebook hadn't checked in about it earlier or provided the necessary data privacy paperwork. The Irish Data Protection Commission said on Wednesday that Facebook Ireland hadn't bothered to contact the DPC about its intention to roll out the new dating feature in the EU until Monday, 3 February.