2024 election security, tech issues analyzed

CybersecurityHQ News

Welcome reader to your CybersecurityHQ report

Brought to you by:

Cypago enables strategic decision making through a full Cyber GRC product suite to help you avoid business reputation impact, financial or client trust losses

—

Important updates:

We’re close to finishing our AI Resume Builder and will launch it soon! It’s part of a larger set of tools to help with your job search, build your professional profile, and boost your daily productivity.

We’ve also launched a daily and weekly AI podcast to keep you updated on the latest cybersecurity news and threats with useful insights.

A friend of mine, Marlee Katlyn McDonald-Yepes, is looking for a new marketing role. She has experience in cybersecurity and B2B SaaS and is open to remote, full-time roles in B2B Tech/SaaS marketing. Marlee has over 10 years of experience in ABM, global campaigns, and revenue growth. If you know of any opportunities, please reach out to her at [email protected] or connect on LinkedIn. Thank you!

2024 Election Security Under Scrutiny

In the fallout of the 2024 U.S. Presidential Election, the security of said election will no doubt be poured over in detail. This includes ongoing claims of disinformation, as described in a joint statement by the Office of the Director of National Intelligence (ODNI), the Federal Bureau of Investigation (FBI), and the Cybersecurity and Infrastructure Security Agency (CISA) sent out just days before polls closed.

Recent misinformation included fabricated claims about election fraud in Arizona, including false accusations of creating fake ballots to favor Vice President Kamala Harris—a claim refuted by the Arizona Secretary of State.

While private groups and government agencies continue to monitor the situation, we are likely not out of the woods yet.

In related news, an FBI warning claimed that fake bomb threats were being emailed to U.S. polling stations across the country—apparently from Russian email domains. Locations in swing states Georgia, Michigan, and Wisconsin were hit. In Fulton County, Georgia, this led to evacuations on Tuesday at multiple polling stations, which reopened half an hour later. The county then asked for a court order to extend the voting time.

Voting Tech Issues, Delays Spark Concerns

Another election story from the night undoubtedly puts many cybersecurity watchdogs on edge. A Pennsylvania court had to extend voting hours in Cambria County from 8 p.m. to 10 p.m. on Tuesday.

Why?

The Electronic Voting System (EVS) malfunctioned, and voters were not able to scan their ballots. Bedford County also confirmed similar issues, but there are reports of other counties facing the same problems (Blair, Somerset, and Luzerne).

Election officials assured the public that every vote would be counted. Still, as the emergency petition to the court said, “The malfunction caused voter confusion, long lines of voters, and many individuals left the polling locations without casting a ballot.”

Both Cambria and Bedford counties went for Trump by a large margin, who ended up taking the state.

Germany Shields White Hats, Toughens Penalties

Germany has new draft legislation that would allow ethical “white hat” hacking to avoid criminal prosecution. The law is meant to protect cybersecurity researchers who find security vulnerabilities and inform individuals, organizations, and governments about them.

At the same time, the law would increase penalties for blackhat hackers.

Federal Minister of Justice Dr. Marco Buschmann said in a statement published along with the draft legislation, "Security gaps in IT systems can have dramatic consequences in our networked world… It is therefore in the interest of society as a whole that IT security gaps are uncovered and closed. With the draft law, we will eliminate criminal liability risks for people who take on this important task. At the same time, we will increase the penalties for particularly dangerous cases of spying and interception of data."

Meta Fined for Data Misuse Again

South Korea’s Personal Information Protection Commission (PIPC) fined Meta 21.62 billion won ($15.67 million) over Facebook’s illegal collection of sensitive personal information. The data included sexual orientation, religious beliefs, and political affiliation. It then shared this information with around 4,000 advertisers without explicit consent by users.

In addition to this inappropriate collection and use of information, Meta was also criticized for not properly securing inactive accounts. This allows threat actors to make password reset requests and eventually gain access.

This is in line with multiple major fines in the last handful of years that have targeted Meta’s misuse of user information. That includes a $100 million EU fine in September.

Meta replied to the fine in a statement saying they would “carefully review” the decision.

Anthropic Urges Immediate Action on AI

A recent open statement by Anthropic warns of imminent danger that needs immediate action. The company, which runs the popular Claude, recently made headlines when it announced its model could operate a computer.

With AI's rapidly growing capacities, the company warns that we need to take action now. They cite the radical improvements we’ve seen. A year ago, LLMs could solve 2% of real-world coding problems when tested. Six months ago, the LLM Devin reached 13.5%. Now? Claude 3.5 Sonnet gets a 49% score.

In their pre-election statement, Anthropic calls for targeted legislation that uses certain features found in the company’s Responsible Scaling Policy (RSP).

RSP is an internal framework for assessing AI risks based on the model's capabilities. It is developed using the key principles of proportionality (matching control to the actual abilities of the AI model in question—measured in “capability thresholds”) and iterative design (regularly measuring models and readdressing safety in light of new data).

Anthropic proposes that RSPs could be a framework adopted industry-wide. As their statement reads, “Despite the need for iteration and course-corrections, we are fundamentally convinced that RSPs are a workable policy with which AI companies can successfully comply while remaining competitive in the marketplace.”

CrowdStrike Expands in SaaS Security Space

CrowdStrike is deepening its footprint in SaaS security with the acquisition of Adaptive Shield, an Israeli startup specializing in SaaS Security Posture Management (SSPM) and Identity Threat Detection and Response (ITDR). Founded in 2019 by Maor Bin and Jony Shlomoff, Adaptive Shield has garnered significant backing, with a $10 million investment from Blackstone last year, followed by a $30 million Series A led by Insight Partners and supported by Okta Ventures and Vertex Ventures Israel. This acquisition marks CrowdStrike's fifth in Israel, building on its recent $200 million purchase of Flow Security in March.

Adaptive Shield’s technology enhances visibility and control over SaaS environments, allowing security teams to identify and mitigate misconfigurations and unusual behaviors across complex, multi-application ecosystems. With SaaS adoption on the rise, CrowdStrike CEO George Kurtz emphasized the importance of identity-based security in a landscape prone to breaches due to fragmented controls and shared responsibility models.

By integrating Adaptive Shield’s capabilities, CrowdStrike aims to provide comprehensive SaaS security from its Falcon platform. "Our mission aligns with CrowdStrike's vision," said Bin. "Together, we'll deliver advanced protection against SaaS threats, empowering organizations to secure their digital transformation." This acquisition signals CrowdStrike’s continued drive to lead in the burgeoning field of cloud identity protection.

CrowdStrike: Windows 11 Bug Causes Hangs

CrowdStrike says a Windows 11 issue, not its own software, is to blame for recent app hangs in the latest OS build, 24H2. In a statement, CrowdStrike clarified that "this is not a CrowdStrike issue. An issue in Windows 11 24H2 is causing specific applications to hang." The cybersecurity company reported the bug to Microsoft and is awaiting their solution.

Microsoft acknowledges the problem, stating it affects both first- and third-party apps when specific antimalware features are enabled. The issue appears linked to CrowdStrike’s Falcon sensor software when paired with a certain policy setting. To mitigate, CrowdStrike has temporarily disabled its Enhanced Exploitation Visibility Prevention Policy on impacted hosts.

While Microsoft and CrowdStrike work together on a long-term fix, users with the Falcon sensor may notice disruptions in Office applications like Word and Excel. Windows 11’s 24H2 rollout hasn’t been seamless, leaving some to wonder if sticking with 23H2 might be a safer bet.

Canada Orders TikTok Shutdown, Citing Security

Canada has ordered ByteDance-owned TikTok to shut down its Canadian operations, citing national security concerns. However, Canadians will still be able to access and use the app, which the government frames as a "personal choice." François-Philippe Champagne, Canada’s Minister of Innovation, stated that the decision follows a comprehensive review by national security and intelligence officials.

TikTok is no stranger to scrutiny, as its data-sharing practices and ties to Beijing have raised flags in other countries. U.S. officials recently set a January 2025 deadline for ByteDance to divest TikTok, warning of a potential ban if it doesn’t comply.

The order, issued under the Investment Canada Act, aims to wind down TikTok’s business footprint, a move that will impact hundreds of jobs in Canada. TikTok plans to challenge the order in court, claiming it does not share data with the Chinese government, despite facing bans on government devices worldwide.

Upgrade your subscription for exclusive access to member-only insights and services.

Google Bolsters Gmail Against Cyber Threats

In response to growing cyber threats, Google has ramped up its defenses for Gmail, targeting security risks head-on. With 2.5 billion users globally, Gmail accounts are prime targets for hackers who exploit session cookies and bypass two-factor authentication (2FA) protocols. As a precautionary measure, users can now open a second Gmail account to serve as a backup, securing vital emails against potential breaches.

Google’s Advanced Protection Program (APP) offers Gmail users an extra layer of security by requiring passkeys or hardware tokens for login, alongside stringent app restrictions and download safeguards. Originally designed for high-risk users like journalists and activists, APP is now accessible to the broader public, making advanced protections available without added cost.

Additionally, Google’s Security Checkup tool allows users to bolster their accounts by reviewing device access, safe browsing settings, and email forwarding rules—key steps to safeguard personal data. Users are urged to proactively engage with these security features to prevent unauthorized access, ensuring Gmail remains a trusted communication platform in an increasingly hostile cyber landscape.

Qualys Considers Sale Amid Industry Consolidation

Qualys Inc., a prominent IT security and compliance management firm, is evaluating a potential sale following acquisition interest, according to sources familiar with the matter. The company, headquartered in Foster City, California, has engaged advisors to assess strategic options amid a wave of consolidation in the cybersecurity sector.

Qualys shares surged up to 33% on Wednesday, marking their largest intraday gain since the company's 2012 IPO, and settled at a 27% increase, reaching a $6 billion valuation. This spike followed a robust Q3 earnings report and an upward revision of its yearly forecast.

Despite recent struggles with lower upselling and heightened competition, Qualys's exploration of a sale reflects broader consolidation trends in cybersecurity. Major competitors like Tenable and Rapid7 are also facing pressure from investors to consider similar moves, underscoring the growing demand for comprehensive cybersecurity solutions in today’s digital landscape.

New Algorithm Boosts PLC Detection 37x

Researchers at Georgia Tech have developed the PLCHound algorithm, which dramatically improves the detection of internet-exposed industrial control systems (PLCs). Given that PLCs control critical infrastructure—from power grids to water treatment facilities—this development is crucial.

Using natural language processing and machine learning, PLCHound found 37 times more internet-connected PLCs than previously estimated. This advancement aids in securing critical infrastructure and demonstrates the importance of ongoing research and innovation in cybersecurity.

Phishing Evolves: DocuSign Tactic Uncovered

Phishing remains one of the oldest, yet most effective, methods employed by cybercriminals. Recently, attackers have been leveraging legitimate DocuSign accounts to disseminate fake invoices. This tactic bypasses traditional security measures by exploiting the inherent trust in DocuSign's services.

Studies by PhishMe (now Cofense) have demonstrated that about 91% of all cyber-attacks begin with a phishing email. The tactic of using reputable platforms adds a layer of credibility that makes these phishing attempts harder to detect and thwart.

To combat this, organizations must rigorously verify payment requests, even from trusted sources. Training employees to recognize and report phishing attempts is an indispensable component of an enterprise’s cybersecurity strategy. The SANS Institute recommends continuous training and simulated phishing exercises to maintain a high level of awareness and preparedness among staff.

VEILDrive Exploits Microsoft Services for Attacks

The VEILDrive campaign, uncovered by cybersecurity firm Hunters, exploits legitimate Microsoft services for malicious purposes. By compromising accounts and sending spear-phishing messages through Microsoft Teams, attackers gain a foothold in target systems, using platforms like SharePoint and OneDrive for malicious activities.

This campaign underscores the sophistication of modern cyber threats, with attackers blending seamlessly into legitimate traffic. Organizations must heighten their vigilance, review security settings, and ensure robust endpoint protection to defend against such threats.

WinOS 4.0 Malware Targets Gaming Communities

The discovery of WinOS 4.0 within gaming applications highlights how cybercriminals target specific communities. By disguising malware as game-related utilities, attackers prey on gamers' trust and desire for enhancements, spreading through black hat SEO, social media, and Telegram channels.

The malware’s sophisticated infection mechanism, starting with a seemingly innocent BMP file that turns into a malicious DLL, illustrates the lengths attackers will go to penetrate systems. This layered approach to infection serves as a warning to gamers to download only from reputable sources and scrutinize any software that seems suspicious.

Snowflake Breach Highlights SIM Swap Threat

In one of the major cybersecurity incidents of 2024, the Snowflake breaches captured significant attention, affecting 165 organizations, including Ticketmaster, Santander Bank, and Anheuser-Busch. The recent arrest of Alexander ‘Connor’ Moucka, also known by his aliases Judische and Waifu, marks a significant development in this case. Moucka, a notorious SIM swapper, allegedly bragged about his exploits on Telegram, drawing law enforcement's attention.

Historically, SIM swapping has been a potent tool for cybercriminals. An analysis by the U.S. Federal Trade Commission (FTC) in 2019 revealed a 400% increase in SIM swap scams from the previous year. These attacks target the mobile phone numbers to gain access to personal and financial information, showcasing the ongoing relevance of this threat vector.

Interesting Read

2024 Observability Insights: Faster, Smarter, Better

Observability is the ability to see inside your software systems in real time. And Splunk’s new report State of Observability 2024 draws on input from 1,850 industry pros to show why the leaders who get observability right also get results. 

Just crunching basic numbers shows the impact of observability. It helps teams become 2.3 times faster at resolving incidents and 2.6 times quicker to push code on demand. That impact is probably why the report found that observability investments garnered a 2.67x return.

Platform engineering has taken observability even further. The best-performing teams were much more likely to use platform engineering in their process, with 73% of all respondents claiming to do some platform engineering. More than half say that this gives them a competitive edge.

There’s also widespread adoption of OpenTelemetry. Some level of AI and machine learning was virtually ubiquitous, with 97% of respondents saying they use these tools in their observability operations. And though generative AI adoption is still low, it’s on the radar, with 84% of companies exploring its potential for observability.

Cybersecurity Career Opportunities

Twitter Highlights

Stay Safe, Stay Secure.

The CybersecurityHQ Team

Reply

or to participate.