Security News

Government-backed hackers have compromised and gained access to US elections support systems by chaining together VPN vulnerabilities and the recent Windows CVE-2020-1472 security flaw. "Although it does not appear these targets are being selected because of their proximity to elections information, there may be some risk to elections information housed on government networks," says a joint security advisory published by CISA and the FBI. Despite that, CISA added that it is "Aware of some instances where this activity resulted in unauthorized access to elections support systems."

The emails purport to come from the U.S. Election Assistance Commission, an independent agency of the United States government that serves as a national resource of information regarding election administration. The emails subject says "voter registration application details couldnt be confirmed," and the body of the email tells users: "Your Arizona voter's registration application submitted has been reviewed by your County Clerk and some few details couldnt be comfirmed".

Two researchers at the Cisco Talos Intelligence Group examined misleading and incorrect posts on social media to understand why so many people share misinformation and help spread propaganda online. Disinformation is what criminals and foreign actors do: The intentional spreading of false information with the intent to deceive.

The FBI and Cybersecurity and Infrastructure Security Agency released a warning on Monday alerting the public about the potential for widespread disinformation campaigns designed to cast doubt about the legitimacy of the coming elections in November. The FBI and CISA have no information suggesting any cyberattack on US election infrastructure has prevented an election from occurring, compromised the accuracy of voter registration information, prevented a registered voter from casting a ballot, or compromised the integrity of any ballots cast."

Foreign-backed disinformation campaigns will spread fake news about the results of the upcoming US election in an effort to sow doubt and outrage among the American public. The two agencies believe that in the immediate aftermath of the presidential election on November 3, Americans will be bombarded with false stories about the vote tally, reports of voter fraud, and other issues that would stoke division as the country awaits official election results - a process that could take weeks.

Russia has taken the unusual step of posting a proposal for a new information security collaboration with the United States of America, including a no-hack pact applied to electoral affairs. The document, titled "Statement by President of Russia Vladimir Putin on a comprehensive program of measures for restoring the Russia - US cooperation in the filed [sic] of international information security", opens by saying "One of today's major strategic challenges is the risk of a large-scale confrontation in the digital field" before adding: "A special responsibility for its prevention lies on the key players in the field of ensuring international information security."

Two cybersecurity companies focused on election security are teaming up ahead of the November elections to protect dozens of states from a variety of potential attacks on voting infrastructure. This week SpyCloud and CyberDefenses announced a partnership that will see the companies help one in every five election jurisdictions in the United States with cybersecurity around digital election tools.

In one instance, Facebook removed 35 pages, 18 groups, 214 users as well as 34 accounts on Instagram. As part of the announcement, Facebook also revealed details about the number of followers and advertising expenditures related to these accounts.

An unspecified US government agency was hacked by a miscreant who appears to have made off with archives of information. This is according to Uncle Sam's Cybersecurity and Infrastructure Security Agency, which on Thursday went into technical detail on how an intruder: broke into staffers' Office 365 accounts; gained access the agency's internal network via its VPN; and installed malware and exfiltrated data.

Bad actors could create or change websites and social media content to discredit this year's electoral process, cautions the FBI and CISA. The 2020 presidential election promises to be a rough and divisive one. A new message from the Federal Bureau of Investigations and the Cybersecurity and Infrastructure Security Agency warns voters of the likelihood that foreign actors and cybercriminals will try to propagate fake news about the election results to discredit the process and weaken confidence in the US political system.