Security News

American voters face an especially pivotal, polarized election this year, and scammers here and abroad are taking notice - posing as fundraisers and pollsters, impersonating candidates and campaigns, and launching fake voter registration drives. It's not votes they're after, but to win a voter's trust, personal information and maybe a bank routing number.

Google says its Threat Analysis Group hasn't observed any significant coordinated influence campaigns that are targeting United States voters on its platform. Google also notes that users who were identified as being targeted in such attacks were alerted, and that the Federal Bureau of Investigation was also informed of these attacks.

75% of all 56 U.S. states and territories leading up to the presidential election, showed signs of a vulnerable IT infrastructure, a SecurityScorecard report reveals. Since most state websites offer access to voter and election information, these findings may indicate unforeseen issues leading up to, and following, the US election.

Cybercriminals are chaining Microsoft's Zerologon flaw with other exploits in order to infiltrate government systems, putting election systems at risk, a new CISA and FBI advisory warns. The advisory details how attackers are chaining together various vulnerabilities and exploits - including using VPN vulnerabilities to gain initial access and then Zerologon as a post-exploitation method - to compromise government networks.

Government-backed hackers have compromised and gained access to US elections support systems by chaining together VPN vulnerabilities and the recent Windows CVE-2020-1472 security flaw. "Although it does not appear these targets are being selected because of their proximity to elections information, there may be some risk to elections information housed on government networks," says a joint security advisory published by CISA and the FBI. Despite that, CISA added that it is "Aware of some instances where this activity resulted in unauthorized access to elections support systems."

The emails purport to come from the U.S. Election Assistance Commission, an independent agency of the United States government that serves as a national resource of information regarding election administration. The emails subject says "voter registration application details couldnt be confirmed," and the body of the email tells users: "Your Arizona voter's registration application submitted has been reviewed by your County Clerk and some few details couldnt be comfirmed".

Two researchers at the Cisco Talos Intelligence Group examined misleading and incorrect posts on social media to understand why so many people share misinformation and help spread propaganda online. Disinformation is what criminals and foreign actors do: The intentional spreading of false information with the intent to deceive.

The FBI and Cybersecurity and Infrastructure Security Agency released a warning on Monday alerting the public about the potential for widespread disinformation campaigns designed to cast doubt about the legitimacy of the coming elections in November. The FBI and CISA have no information suggesting any cyberattack on US election infrastructure has prevented an election from occurring, compromised the accuracy of voter registration information, prevented a registered voter from casting a ballot, or compromised the integrity of any ballots cast."

Foreign-backed disinformation campaigns will spread fake news about the results of the upcoming US election in an effort to sow doubt and outrage among the American public. The two agencies believe that in the immediate aftermath of the presidential election on November 3, Americans will be bombarded with false stories about the vote tally, reports of voter fraud, and other issues that would stoke division as the country awaits official election results - a process that could take weeks.

Russia has taken the unusual step of posting a proposal for a new information security collaboration with the United States of America, including a no-hack pact applied to electoral affairs. The document, titled "Statement by President of Russia Vladimir Putin on a comprehensive program of measures for restoring the Russia - US cooperation in the filed [sic] of international information security", opens by saying "One of today's major strategic challenges is the risk of a large-scale confrontation in the digital field" before adding: "A special responsibility for its prevention lies on the key players in the field of ensuring international information security."