Security News

September sees a bundle of 129 CVE-listed flaws patched by Microsoft. Of the nearly two-dozen critical patches, Zero Day Initiative's Dustin Childs says that far and away the most serious is CVE-2020-16875, a memory object error in Exchange Server that allows a poisoned email to execute code with System clearance.

The US Federal Communications Commission says that performing a full replacement of all Huawei and ZTE hardware on American wireless networks will cost $1.837bn in total. According to the FCC, the $1.837bn figure is the cost to the carriers themselves as they remove and replace their Huawei and ZTE hardware with gear from other vendors who have been approved by the government.

Voatz, the maker of a blockchain-based mobile election voting app pilloried for poor security earlier this year, has urged the US Supreme Court not to change the 1986 Computer Fraud and Abuse Act, a law that critics say inhibits security research because it's overly broad. The app maker filed an amicus brief [PDF] on Thursday in Van Buren v. United States in support of the US government, which seeks to uphold the 2017 conviction of former Georgia police officer Nathan Van Buren under the CFAA. Van Buren was convicted of violating the CFAA for conducting a computer search for a license plate number. Coincidentally, its app was slammed in February by computer scientists for a variety of security flaws.

It's been a long time coming, and while some might view the decision as a slap for officials that defended the practice, the three-judge panel said the part played by the NSA programme wasn't sufficient to undermine the convictions of four individuals for conspiring to send funds to Somalia in support of a terrorist group. Snowden made public the existence of the NSA data collection programmes in June 2013, and by June 2015 US Congress had passed the USA FREEDOM Act, "Which effectively ended the NSA's bulk telephony metadata collection program," according to the panel.

Facebook on Tuesday said that it caught a budding Russia-linked campaign to fuel political chaos in the US, working off a tip from the FBI in its latest take-down of coordinated inauthentic behavior at the leading social network. The network of 13 Facebook accounts and two pages posing as journalists and targeting left-wing progressives was removed for violating a policy against "Foreign interference" at the platform.

A British citizen has been extradited to the US to face charges he oversaw a series of business email compromise attacks to steal over $2m from unwary accounts departments and individuals. It is said the crew used combinations of stolen personal information, spoofed phone numbers, fake email accounts, and even voice-altering software to contact bank staff and con them into handing over control of accounts by posing as legit customers.

Abstract: A voting system can use the security of blockchain and the mail to provide a reliable voting system. A registered voter receives a computer readable code in the mail and confirms identity and confirms correct ballot information in an election.

The BeagleBoyz, part of the North Korean government's hacking apparatus, are back to targeting banks around the world after a brief pause in activity. The US Cybersecurity and Infrastructure Security Agency has released an alert with details of how the BeagleBoyz have made off with an estimated $2 billion in fiat and cryptocurrency since 2015, along with details on how financial institutions can protect themselves against their known patterns of attack.

With the United States set to undertake its first Presidential election since the Russian-tinged 2016 race, state governments and social networks are upping their game. This from the team at Cisco Talos, which cautioned in a new report that while governments and sites are better prepared for disinformation campaigns, the way hostile nation states go about their business has also evolved.

A top US official for election security said his biggest worry is the possibility of outside interference in a likely slow count of the votes the day after the November 3 presidential contest. Bill Evanina, director of the National Counterintelligence and Security Center, said that external actors could use hacks like ransomware and other cyberattacks against the infrastructure for delivering, counting and transmitting the votes, which includes the overburdened and understaffed post office and polling stations.