Security News

Two election committees of the U.S. Department of Homeland Security issued a joint statement on Thursday saying there was no evidence of voting systems being compromised, noting that the recent election "Was the most secure in American history." "Other security measures like pre-election testing, state certification of voting equipment, and the U.S. Election Assistance Commission's certification of voting equipment help to build additional confidence in the voting systems used in 2020.".

The Cybersecurity and Infrastructure Security Agency on Friday informed users about the availability of patches for two remote code execution vulnerabilities that affect Windows Codecs Library and Visual Studio Code. Residing in Visual Studio Code and tracked as CVE-2020-17023, the second vulnerability can be triggered when the user opens a malicious 'package.

The U.S. Cybersecurity and Infrastructure Security Agency warns of an increase in attacks targeting state and local governments with the Emotet Trojan. Active for over a decade, Emotet is a Trojan mainly used to drop additional malware onto compromised systems.

Emotet attacks have targeted multiple state and local governments in the U.S. as part of potentially targeted campaigns that have been ramping up since August, the Cybersecurity and Infrastructure Security Agency said in an alert published today. Since August, the two organizations "Have seen a significant increase in malicious cyber actors targeting state and local governments with Emotet phishing emails."

DDoS attacks would either slow down election-related public-facing websites or render them inaccessible, thus preventing voters from staying updated with voting information or from accessing voting results. "The public should be aware that if foreign actors or cyber criminals were able to successfully conduct DDoS attacks against election infrastructure, the underlying data and internal systems would remain uncompromised, and anyone eligible to vote would still be able to cast a ballot," the FBI and CISA note.

Threat actors are expected to spread false information regarding hacked voter information and voting systems, the Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency say in an alert. At the time, the agencies noted that disinformation campaigns might leverage websites, social media, and other venues to disseminate false information about voter suppression, cyber-attacks on election infrastructure, fraud, and other issues.

The U.S. Cybersecurity and Infrastructure Security Agency has issued an alert to warn of attackers actively targeting a recently addressed vulnerability in the Microsoft Windows Netlogon Remote Protocol. The vulnerability allows an unauthenticated attacker connected to a domain controller using Netlogon to gain domain administrator access.

A threat actor was able to compromise the network of a federal agency and create a reverse proxy and install malware, the Cybersecurity and Infrastructure Security Agency reported on Thursday. Following initial access, the threat actor started gathering information of interest from email accounts, enumerated the Active Directory and Group Policy key, modified a registry key for the Group Policy, and enumerated compromised systems.

The U.S. Cybersecurity and Infrastructure Security Agency is warning that the LokiBot info-stealing trojan is seeing a surge across the enterprise landscape. LokiBot targets Windows and Android endpoints, and spreads mainly through email.

The U.S. Cybersecurity and Infrastructure Security Agency is warning of a significant increase in the use of LokiBot malware over the past couple of months. Initially detailed in 2016 as a piece of malware targeting Android devices, LokiBot arrived on Windows in 2018 and has evolved into a prevalent threat, targeting corporate mailboxes and employing innovative distribution methods.