GAO Says Election Security Strategy Not Finalized; State Election Officials More Accepting of Federal Help

In January 2017, the US Department of Homeland Security (DHS) designated state and local election infrastructure used in federal elections as a component of the country's overall critical infrastructure. The designation allows DHS to provide state and local election officials with help to protect assets, which include voter registration databases and voting equipment. A report from the Government Accountability Office (GAO) found that DHS's Cybersecurity and Infrastructure Security Agency (CISA) "has not yet completed its strategic and operations plans to help state and local officials safeguard the 2020 elections or documented how it will address prior challenges." The report urges CISA to finalize its strategic plan.

Read more in

US State election officials are more willing to accept help from the Department of Homeland Security's (DHS's) Cybersecurity and Infrastructure Security Agency (CISA) than they were in the past. Officials were initially resistant to having their election systems designated as critical infrastructure, but have come to see that information and support provided by CISA can help them proactively secure their election infrastructure. CISA director Christopher Krebs said that two conference calls in January regarding potential cyberthreats from Iranian hackers had 1,700 and 5,900 dial-ins, respectively.

Read more in

During a special district primary in Maryland last week, a network designed to send voter information to state officials was shut down because it was causing delays at polling places. Elections officials say they will not require jurisdictions to use the network in the upcoming primary election in April or in the November general election.

Read more in

Pro Publica asked security firm Veracode to review code in the caucus tally reporting app used in Iowa last week. The company found security issues it deemed "elementary." The flaws could be exploited to intercept and alter data, including passwords and vote tallies.

Read more in

Over the course of 2020, Google's Chrome browser will block all HTTP downloads started on HTTPS pages, also known as mixed content. Chrome 81, scheduled for release in March 2020, will print console warnings about mixed content. Over the following months, in Chrome 82 through Chrome 85, the browser will warn about and then block mixed content downloads of executables, archives, disk images, images, audio, video, and text. Chrome, 86, scheduled for release in October 2020, will block all mixed content downloads.

Read more in

Starting in March 2020, Firefox users will need to intentionally allow connections to websites using TLS 1.0 or 1.1. When users attempt to connect to websites that support only lower versions of TLS, they will see a "Secure Connection Failed" message that offers an option to override and continue to the site.

Read more in

Google has published its February security updates for Android. In all, the updates address 25 security issues. One of the flaws addressed in the updates is a critical vulnerability affecting Bluetooth in Android Oreo (8.0 and 8.1) and Pie (9.0) that could be exploited to allow remote code execution with no user interaction. The issue is also present Android 10, but the effects are somewhat less severe: exploitation could crash vulnerable devices, but would not allow code execution.

Read more in

A recently-detected variant of Emotet malware has the ability to spread from infected devices to nearby unsecured Wi-Fi networks. From there, it can attempt to infect connected devices. When Emotet first appeared more than five years ago, it was a banking Trojan. Over the years, it has gained the ability to install a variety of malware on infected devices.

Read more in

A US federal grand jury has returned an indictment charging four members of China's People's Liberation Army (PLA) with breaking into Equifax computer systems and stealing data. The breach occurred in 2017 and compromised personal data belonging to nearly 150 million US citizens.

Read more in

A report from FireEye says that since the beginning of 2020, phishing campaigns attempting to spread the Minebridge backdoor have been targeting organizations in the financial sector. The messages contain malicious attachments; if they are opened, macros attempt to install Minebridge. If it is successfully installed on a system, Minebridge can be used to deliver additional malware

Read more in

Ransomware actors are exploiting a known but unpatched vulnerability in an old and no longer supported Gigabyte motherboard driver to take control of Windows computers and disable security software. The attackers load a driver of their own that kills processes and files related to security products and allows the ransomware to encrypt data without being detected or thwarted.

Read more in

Rockdale County, Georgia, is recovering from a ransomware attack that hit its municipal computer systems. County officials have shut down nine servers to contain the infection. The attack has affected the county's water department and water billing services. Rockdale County was also the target of a ransomware attack in 2017; the county was able to decrypt infected servers at that time.

Read more in

While victims of ransomware attacks have successfully restored systems from backups, the ransomware threat landscape is changing. Some attackers now steal data before files are encrypted and upload them if the victims refuse to pay the ransom.

Read more in