TOPIC:  CYBER SECURITY





SOURCE: LATIMES.COM

The recent Russian hack into the Democratic National Committee’s computers and subsequent FBI warning that two states’ elections databases had been victims of cyberattacks are raising fears that a foreign power might penetrate U.S. systems and try to alter the outcome of November’s vote.

Though possible, such an unprecedented foreign election-day hacking would be hard to pull off, experts say.  Here are some answers to common questions:

How realistic is the threat that hackers could break into U.S. election systems and alter vote tallies? 

Not very, thanks mostly to the fact that even presidential elections are highly decentralized and often still rely on old-fashioned systems rather than cutting-edge technology.First, there are more than 8,000 separate local jurisdictions where voters cast ballots for president, and each one is largely free to use whatever methods, technology and vendors they deem appropriate, based on varying local or state rules and guidelines. There are few federal mandates on how to conduct elections, and the mechanics of voting have been left to the states. For would-be hackers, that means there’s no easy, one-stop target.

Secondly, about 75% of all votes this cycle will be cast on paper, said Pamela Smith,president of Verified Voting, which tracks election systems nationwide  And many results are still conveyed by telephone, fax or hand delivery.

Even in cases where results are tallied or transferred electronically, if someone were to try to surreptitiously alter official results, there are built-in redundancies — such as following up an email with a phone call, fax or hand delivery. And with paper, a hand recount is always possible whenever in doubt.

Very few voting machines are directly connected to the Internet, where they might be targeted by hackers based in foreign countries, said Denise Merrill, secretary of state of Connecticut and president of the National Assn. of Secretaries of State

TOPIC:  CYBER SECURITY





SOURCE:  SECURITYWEEK.COM

America's intelligence chief on Wednesday said Russia hacks US computer networks "all the time," while also seeking to reassure the public the transition to a new president would "be OK." 

US agencies, companies and individuals are frequently targeted by overseas hackers, and Democratic presidential nominee Hillary Clinton's campaign has accused Moscow of hacking into Democratic National Committee (DNC) emails. 

"The Russians hack our systems all the time, not just government but also corporate" and personal systems, Director of National Intelligence James Clapper said at a Washington security summit, though he did not directly address whether Moscow was behind the DNC hack. 

He also pointed the finger at China and "non-state" actors for constantly trying to swipe data. 

The recent breach of DNC data, along with other electronic intrusions, has raised concerns about cyber incidents that could affect the outcome of the US presidential race, or other contests. 

Clinton is locked in a tightening race with Republican rival, Donald Trump. 

TOPIC:  RISK MANGEMENT


 

 

SOURCE:  SECURITYWEEK.COM


Whether you follow politics, healthcare, or sports, there’s a lot happening in the world right now and a lot to keep up with. Attackers are taking advantage of this flurry of activity and your quest for information to launch a new round of scams. 

The Brexit is just the latest example in which we’ve seen a surge in malicious emails within hours of the referendum result. Promising to protect individuals from financial market upheaval, the ploy lures users to open an email and an infected attachment, or click on a link that goes to a malicious website. Subject lines like “Brexit causes historic market drop” are designed to create the sense of urgency so that targets click before they think.

Cybercriminals act fast to capitalize on the confusion and time-sensitivity that surrounds breaking news. They quickly register domain names that sound official and create fake sites. Techniques like typosquatting or URL squatting to spoof the names of legitimate sites, and SEO poisoning to inflate search engine ratings, make it extremely difficult for a typical user to identify when they are being duped.

Attackers then devise their scheme for engaging targets. They may use malware delivered through an email to damage files, collect personal information or to hijack systems that will serve as a launching pad for other mechanized attacks. Or, they may use phishing scams to lure targets to their bogus sites, posing as a legitimate sender and pointing users to a website where they input personal financial data. 

TOPIC: TECHNOLOGY


 

 



SOURCE:  CNET.COM 

If you have an iPhone, you need to download the latest iOS update right now

Apple released the "important security update" in response to an active malware threat that can be used to read texts and email, record calls (including WhatsApp and Viber calls), track your location and turn on your phone's camera and microphone.

If that sounds terrifyingly invasive, that's because it is. The threat, dubbed "Trident" by mobile security firm Lookout, exploits three zero-day vulnerabilities in iOS 9 to form an "attack chain" that can break through Apple's (relatively) secure platform. According to University of Toronto's Citizen Lab, Trident is used in a spyware product developed by Israel-based "cyber war" company NSO Group (which is reportedly owned by an American venture capital firm). 

Citizen Lab and Lookout became aware of the issue when links containing the Trident exploit and the spyware were sent to Ahmed Mansoor, a human rights defender based in the United Arab Emirates. Mansoor did not click on the links and instead forwarded the emails to Citizen Lab, but had he clicked on the links, his phone would have been remotely jailbroken and invaded by NSO Group's "government-exclusive" spyware. Upon confirming the zero-day iOS vulnerabilities, Citizen Lab and Lookout notified Apple -- and now Apple has released a fix.

How to update your iPhone

To see if you're running the latest, patched version of iOS 9, open the Settings app and go to General > About > Version. If it says 9.3.5, you're good. Anything else, and you need to update.