On the night of the primary elections in May, the residents from the county Knox, Tennessee, did not know who had won for about an hour. They did not have access to the website which was following the county’s elections, as the page was blocked at 8pm when they had just closed the polls. The county IT director, Dick Moran, said that the website had seen “extremely unusual and heavy network traffic”. Their mayor asked for an investigation in regards to the attack, whose signs showed that it was most likely an attack by DDoS.
The attacks were triggered during the electoral cycles within different parts of the world. In this way, Jigsaw, a technological incubator owned by Alphabet which is Google’s parent company, has released Project Shield, a free tool for DDoS protection. In the past it was only available for journalists and human rights defenders, now it will be available for the local elections too.
Attacks against the elections have become a national security concern for the United States, since there are multiple available tactics which exist to disrupt the democracy. The National Security Department has offered to help the State electoral officials ensure that their electronic voting machines are intruder-proof and that the campaign officials know how to keep them secure.
The weapons system is seeking a secure development system
The competition amongst the weapons manufacturers in the United States prevents them from collaborating in cybersecurity problems and is causing new and lasting vulnerabilities in the weapons systems of the United States army. The Department of Defense is supposed to complete vulnerability assessments for a total of 31 different weapons programs by 2019, as required by the National Defense Authorization Act, 2016 (NDAA). However, the problem of securing weapons systems which often run on obsolete or custom-made operating systems, has been a well-known challenge for decades. The government, is increasingly more aware of these specific threats which are aimed at this technology. The military now relies on the private sector to prioritize security during the development cycle.
The FBI issues an alert in regards to the new software related with the group Hidden Cobra.
The US-CERT has launched an alert jointly with the DHS and the FBI, warning about two new pieces of identified malware which are being utilised by the hidden cobra group, they are a known RAT such as Joanap and a worm known as Brambul. Hidden Cobra, often also known as the Lazarus Group and Guardians of Peace, is believed to be backed by the North Korean government and targets the media, aerospace, financial and critical infrastructure organizations around the world. DHS and the FBI have also provided downloadable lists of the IP addresses which reports the Hidden Cobra and other IOC malware, in order to help to block it and thus reduce the exposure of any of this group’s activities.
News from the rest of the week
Critical error discovered in the EOS platform based in Blockchain
Security investigators have discovered a series of new vulnerabilities in the EOS blockchain platform, in which one of them allows the complete remote control of the nodes that run critical blockchain-based applications. In order to achieve the remote execution of a specific node’s code, all that an attacker should do is load a WASM file into the server which has been created with malicious purposes (a smart contract) written in WebAssembly.
Hardcoded passwords are found in Cisco Enterprise software
Cisco has recently launched 16 security warnings, including alerts for three vulnerabilities which are classified as critical and which received the maximum CVSSv3 severity score. The three vulnerabilities include a backdoor and two omissions from the authentication system for the Cisco Architecture Digital Network Center (ADN).
The VPNFilter malware affects 500,000 network devices worldwide
According to Talos, the VPNFilter malware could be the foundation to one of the biggest device networks discovered to date. Through this botnet, the attackers can share data between their devices and coordinate a large attack utilizing the computers as nodes. However, by including a kill switch, it could also destroy the systems, leaving them inoperative and removing internet access for hundreds of millions of users, in addition to inspecting the traffic and robbing confidential data.
An error in Git allows the execution of arbituary codes
The Telegrab stealer dedicated to stealing Telegram cache and keys
The Wicked botnet utilizes a set of exploits in order to infect IoT networks