18.4 C
London
Monday, August 21, 2017
Home Tags Takeover

Tag: Takeover

We get a long look at bad guy Alexandra, a new character invented just for this series.
Attackers have been carrying out WPSetup attacks, taking advantage of users who have installed WordPress but not yet configured it.
The serious vulnerability left the ride-sharing service's full single sign-on system open to exploit.
200 million users could potentially be at risk from vulnerabilities in streaming media players that can enable malicious subtitles to takeover systems.
Yahoo has patched an account takeover vulnerability on its Flickr image-hosting service that earned an independent security researcher a $7,000 bounty.
New "Lex" platform makes Alexa's intelligence available to all.
Broadcom chips allow rogue Wi-Fi signals to execute code of attacker's choosing.
WhatsApp and Telegram patched vulnerabilities in the last week that could have let an attacker take over a user's account.
As we move more of our lives online, fraudsters are using account takeover attacks, which allows them to access richer information and cause more damage.
Site enhances two-factor authentication with crypto keys that plug into USB slots.
Individual states will still have oversight and control over their election systems, but the move makes a statement “domestically and internationally” that the U.S. considers its elections critical, the agency says. The U.S.

Department of Homeland Security designated the nation's election technology and systems as critical infrastructure, giving state election officials access to technical and policy aid from the agency.The move, announced Jan. 6, makes the election infrastructure in the United States part of the government-facilities critical infrastructure sector, one of the 16 sectors deemed crucial by the U.S. government. Other sectors include health care, energy and the defense industrial base.While some states have reportedly opposed the designation, the DHS assured election officials that states would still have full oversight and responsibility for running elections.The designation “makes clear both domestically and internationally that election infrastructure enjoys all the benefits and protection of critical infrastructure that the U.S. government has to offer,” DHS Secretary Jeh Johnson said in a statement announcing the decision. “Given the vital role elections play in this country, it is clear that certain systems and assets of election infrastructure meet the definition of critical infrastructure, in fact and in law.” The announcement comes three months after top intelligence officials issued a statement, attributing attacks against the Democratic National Committee, the campaign of Hillary Clinton, and state election systems to Russia.

The Obama administration released additional details of the attacks and the evidence gathered by intelligence and law enforcement officials earlier this month. The act of designating election systems as critical infrastructure means that the DHS will be able to work more closely with states to secure a variety of election-related technologies, processes and locations, including storage facilities and polling places, information and communications technology related to voting, and the voting machines themselves.Election-security groups have long called for the infrastructure to be designated critical.
Verified Voting, a group of voting experts, pushed for election systems to be deemed critical since 2013, Pamela Smith, president of Verified Voting, told eWEEK in an e-mail.“Voting systems should receive at least as much attention and care as other critical infrastructure systems do,” Smith said. “The fact that all or nearly all of the 50 states as well as more than 30 local jurisdictions availed themselves of support from Department of Homeland Security this year in the run-up to the election makes it clear that cyber-security considerations in elections are serious.”DHS' Johnson acknowledged the concerns that many state election officials have raised about that DHS designating election technology as critical infrastructure.  “It is important to stress what this designation does and does not mean,” Johnson said. “This designation does not mean a federal takeover, regulation, oversight or intrusion concerning elections in this country.

This designation does nothing to change the role state and local governments have in administering and running elections.”While the change in status is a good initial step, Verified Voting’s Smith stressed that election officials should still require that audits of the all voting be conducted following an election, as a defense against fraud and machine error.“Even where voting systems are recount-able and auditable— we don't have robust audit requirements in place in at least half of those locations—we are not yet able to say authoritatively that our elections are secure,” she said. “We can do better.”
The Department of Homeland Security has deemed the nation's voting system as part of its critical infrastructure, citing security reasons. The US Department of Homeland Security (DHS) has designated the nation's election system as part of its critical infrastructure, a status change it has been debating for the past few months. There are 16 critical infrastructure sectors and 20 subsectors. In a statement issued Jan. 6, DHS Secretary Jeh Johnson explained why the US voting system will become a subsector of the Government Facilities critical infrastructure division. "Election infrastructure is vital to our national interests, and cyber attacks on this country are becoming more sophisticated, and bad cyber actors -- ranging from nation states, cyber criminals and hacktivists -- are becoming more sophisticated and dangerous," he said. This infrastructure spans all systems used to manage elections, including storage facilities, polling locations, and voter registration databases. As critical infrastructure, these are eligible for prioritized security assistance from the DHS, if requested. Further, voting systems will be part of US efforts to improve incident response capabilities, as well as streamlined access to both classified and unclassified information shared by critical infrastructure operators. Information sharing is a key benefit in this case, says Travis Farral, director of security strategy at Anomali and former elections judge in Texas. The United States' infrastructure for tallying votes is decentralized, which is a "double-edged sword" in terms of security. "It's harder for someone to attack a single authority," he says, because voting systems are different in each state. "But when trying to dictate security for varying apparatuses, it's difficult for the federal government to protect all that." The elevation to critical infrastructure will enable local and state election organizations to quickly share information and connect with the DHS to receive updates related to elections, security events, or the geopolitical environment, Farral continues. It’s a benefit to local municipalities where funding is low and officials want to ensure the integrity of elections. The critical infrastructure designation will give them multiple resources to stay connected and receive a coordinated, streamlined flow of information. Johnson noted many state and local officials were against the designation, due to concerns about federal takeover of local election processes. He explained how the designation "does not mean a federal takeover, regulation, oversight or intrusion concerning elections in this country. This designation does nothing to change the role state and local governments have in administering and running elections." Farral echoes this, noting how the power of election processes still resides with each state. Greater steps would have to be taken in order to change how elections are run. However, the future is unclear. "This may not be where things end," he notes, acknowledging the uncertainty of a new president and administration. "It's possible there may be additional changes, or some legislation in Congress designed to make more changes." Individual states may implement their own changes to improve election security, he adds. This news arrived at a critical time for US cybersecurity. On the same day it was issued, the US Office of the Director of National Intelligence released a report explaining Russia's role in conducting cyberattacks to interfere with the US election. This likely wasn’t by chance. "This announcement was probably timed to coincide with the release of the report, but it's hard to say for certain," says Farral. Related Content: Kelly is an associate editor for InformationWeek. She most recently reported on financial tech for Insurance & Technology, before which she was a staff writer for InformationWeek and InformationWeek Education. When she's not catching up on the latest in tech, Kelly enjoys ... View Full Bio More Insights