Friday Five: 9/7 Edition
Why the midterm elections are hackable, the price of privacy, and more - catch up on the week's infosec news with this roundup!
1. Why the Midterm Elections Are Hackable by Nick Holland
We're just shy of eight weeks from the midterms election and seemingly little has been done to assuage voters that their votes won't be compromised by a foreign third party. BankInfoSecurity, a division of the ISMG network, talked to Barbara Simons, a voting security expert who previously released a book on the subject, Broken Ballots. According to Simons, who has been keeping up with the lack of movement around both voting security technology and legislation of late, one of the biggest problems is that so few states allow its citizens to vote on completely paperless machines. "I'm pretty horrified by the fact that there are still 13 states in the United States today in which voters will be casting their ballots in this upcoming midterm election on paperless, unrecountable, vulnerable voting computers,” Simons told the publication, “Everybody in Georgia who casts a ballot in the polling place will be voting on these paperless machines that we have known how to hack since 2006 and that we also know can be hacked remotely."
2. Midland servers hacked, attackers demanding ransom by Andrew Mendler
That lull between the end of August, Labor Day, and the first week of September, naturally, is a prime time for cyber attacks. Admins are at the beach, on vacation, or at the very least away from their networks. Midland, a town located on Georgian Bay in Simcoe County, Ontario, found this out the hard way over the weekend after its systems were hit by ransomware. It sounds as if the town emerged somewhat unscathed from the incident. According to Andrew Mendler, a reporter for The Midland Mirror, Midland is taking steps to restore access and has contacted the appropriate authorities, including the Information and Privacy Commissioner of Ontario.
3. What Is the Price of Privacy? by Noelle Knell
Okay, so you're not going to get a literal answer to the question posed by this Government Technology headline but the article does do a nice job recapping some of the major privacy legislation to wend its way through the books, both here and abroad, so far in 2018. Noelle Knell, the publication's editor discusses the impact of GDPR and surely to be more impactful here, the California privacy bill that was passed in June. The piece ends with a call to action of sorts that suggests data privacy won't go away until it takes center stage: Government, and those who contract with government, must be held to a higher standard when it comes to privacy.
What Does the GDPR Mean for Global Data Protection? (Infographic)
4. Browser Extensions: Are They Worth the Risk? by Brian Krebs
Keeping with the trend of featuring articles that ask the reader questions… In the opinion of Brian Krebs, noted cybersecurity scribe, the answer to this question, posed Wednesday on his KrebsOnSecurity blog, is almost always 'No.' The subject of the blog deals with file-sharing site Mega.nz, which warned this week that hackers managed to infiltrate its Google Chrome browser and route usernames and passwords entered via the browser to a server in Ukraine. The hack stems from an incident earlier this week in which an attacker managed to compromise the service's Chrome Web store account and upload a malicious version of the browser extension. Krebs makes a couple of good points in his blog: It's always important to evaluate the permissions that browser extensions request of users, and that sometimes extensions may not just be worth the risk.
5. Unpatched routers being used to build vast proxy army, spy on networks by Sean Gallagher
The router company MikroTik pushed a software update to resolve a vulnerability in the devices back in April but that hasn't stopped attackers from targeting the it en masse. Researchers said this week that 7,500 of the routers are being used to eavesdrop and forward traffic to remote servers. While there are apparently 14,000 of the routers operating from US-based IP addresses, according to Netlab 360, the firm that sniffed out the malware campaign, most of the affected networks are based in Brazil and Russia.