Security News
What's more, the voting itself was remarkably smooth. There were not clear rules in many states for voting by mail or sufficient opportunities for voting early.
Plenty of voter data is public in Arizona - but Social Security numbers and DoBs are supposed to be kept confidential. The security issue comes to light amid attacks targeting voters and voter data.
Threat actors have taken advantage of the ongoing uncertainty around the 2020 U.S. election to unleash a new malspam campaign aimed at spreading the Qbot trojan. Criminals behind Qbot resurfaced the day after the election with a wave of spam emails that attempt to lure victims with messages claiming to have information about election interference, according to new researchers.
Consumer anxiety regarding the election results had a muted impact on online shopping activities on Election Day, Nov. 3. Adobe's report noted that today, the day after the election, there will be an expected 13% drop in sales, versus the previous three days, in which online sales increased by 31%. "To be clear," said Taylor Schreiner, director at Adobe Digital Insights, "We're not basing our forecast on who wins the presidency, rather we're looking at people's propensity to shop online during an election cycle, based on historical context."
The Qbot botnet is now spewing U.S. election-themed phishing emails used to infect victims with malicious payloads designed to harvest user data and emails for use in future campaigns. "In addition to stealing and exfiltrating data from its victims, QBot will also start grabbing emails that will later be used as part of the next malspam campaigns," Malwarebytes' Jérôme Segura and Hossein Jazi explain.
SaltStack has officially revealed three bugs in its code - two of them seemingly critical - and told users: "We strongly recommend that you prioritize this update." But the biz appears to have known about the bugs for months and quietly patched them over the summer. SaltStack offers open-source, Python-based automation tools.
Social media firms remained on high alert Tuesday against Election Day misinformation and manipulation efforts as polling places began closing in the US and focus turned to tallying ballots. "Our Election Operations Center will continue monitoring a range of issues in real time - including reports of voter suppression content," said a Facebook statement posted on Twitter.
Russian interference has been minimal so far in the most tempestuous U.S. presidential election in decades. Election officials fear a "Blend" of overlapping attacks intended to undermine voter confidence and incite political violence: taking over state or local government websites to spread misinformation, crippling election results-reporting websites with denial-of-service attacks, hijacking officials' social media accounts and making false claims about rigged voting.
"Authorities and election officials know this is the case and have taken precautions to try to ensure a safe election. These include election infrastructure assessment and securing voting registration systems. However, given the recent hack involving Hall County, Ga., where election data was released to public for failure to pay a ransom, it really brings into question how effective the measures will be in the final stretch of the election." "If ransomware hits a county, the mail-in count will be thrown into question. Because Republicans are known to vote in person on election day and Democrats favor mail-in ballots, this is a danger."
DHS CISA and the FBI today shared more info on how an Iranian state-sponsored hacking group was able to harvest voter registration info from U.S. state websites, including election sites. The attempts to download voter info from election websites took place between September 29 and October 17, 2020, according to the advisory.