Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
After DHS Notice, 21 States Reveal They Were Targeted During Election
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
Lepricon
Lepricon,
User Rank: Apprentice
10/2/2017 | 7:11:06 PM
DHS reverses on at least one state
The irony is that they've already had to amend their statement:

"MADISON, Wis. (AP) — The U.S. Department of Homeland Security reversed course Tuesday and told Wisconsin officials that the Russian government did not scan the state's voter registration system."

 
Joe Stanganelli
Joe Stanganelli,
User Rank: Ninja
9/30/2017 | 12:20:32 PM
Re: DHS is late
@Dr.T: Not to mention that DHS itself was reportedly found with its hands in the cookie jar hacking a state election system...
Joe Stanganelli
Joe Stanganelli,
User Rank: Ninja
9/30/2017 | 12:19:32 PM
Re: Really? We're still pointing fingers at the Russians?
@jenshadus: Brian Krebs talks about the history of those very developments in his book, Spam Nation. Highly recommended read.
jenshadus
jenshadus,
User Rank: Strategist
9/29/2017 | 7:27:34 AM
Re: Really? We're still pointing fingers at the Russians?
Excellent question.  At the price of bitcoin, think I'll forgo that avenue.  Cash will do nicely.  But it would be interesting to see the relationship of the use of gift cards and spam.  I do have an anonymous email, and I let that box get all the spam.  I safeguard my normal personal email and work email pretty carefully.
Joe Stanganelli
Joe Stanganelli,
User Rank: Ninja
9/29/2017 | 4:28:40 AM
Re: Really? We're still pointing fingers at the Russians?
I wonder how the controls on gift card usage to fight back against the spam industry has impacted/is impacting this.

Also, don't forget bitcoin and altcoins as a method of anonymous payment.
jenshadus
jenshadus,
User Rank: Strategist
9/28/2017 | 8:02:16 AM
Re: Really? We're still pointing fingers at the Russians?
Considering that anyone can buy a VPN anonymously, using a gift card that you can pay with cash, and then selecting a server from anywhere in the world, and from there buy access to another VPN using a server in another part of the world, a hacker can really objuscate the origin of the attack.  The jury is out on this one.  Media loves to follow the media.  Better yet,  the media are their own best fan.
Joe Stanganelli
Joe Stanganelli,
User Rank: Ninja
9/27/2017 | 7:58:43 PM
Re: Really? We're still pointing fingers at the Russians?
FWIW, not entirely sure what NoKo's motive would have been to actually interfere (although poke around, maybe). Seems like an HRC administration would have continued the policy of patience.

But yes, points well taken.
Joe Stanganelli
Joe Stanganelli,
User Rank: Ninja
9/27/2017 | 7:57:01 PM
Re: Really? We're still pointing fingers at the Russians?
> Maryland is notorious for sending people to vote in Virginia using fake ID's

Same with MA and NH, from what I understand (NH being much different, politically, from most of New England).

And yes, you're absolutely right that voting has enough hacks and problems with it -- low- and high-tech -- with or without foreign involvement.

As I observed a few years ago, electronic voting of any kind is not and has not ever been ready for prime time. enterprisenetworkingplanet.com/netsecur/hack-early-hack-often-the-perils-of-electronic-voting.html
Joe Stanganelli
Joe Stanganelli,
User Rank: Ninja
9/27/2017 | 7:54:34 PM
Re: Really? We're still pointing fingers at the Russians?
@Dr. T: Absolutely. Reminds me of the forensics tracking that big Sony hack that was traced to North Korea...except other researchers eventually traced it to...Russia!

And even then, that location tracking may not have been accurate/the whole story. There seems to be little shortage of IP-masking tech if you know where to look (no pun intended).
Dr.T
Dr.T,
User Rank: Ninja
9/27/2017 | 11:14:55 AM
Re: Really? We're still pointing fingers at the Russians?
IP trace does not mean a tinker's damn as those can be hidden, fudged quite easily I would agree, IP address can easily be spoofed. It is not a traceable entity, there needs to be other mechanisms to track the attackers.
Page 1 / 2   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Building the SOC of the Future
While an attacker just needs to find one vulnerability to get in to the network, the defender has to look everywhere. Defenders have to identify, disrupt, and stop attacks in the short period of time between when an attacker gets in and causes damage. One way is a security operations center to get that "all the time" coverage. What's Inside: --AI and cybersecurity response --Automation --Proctive threat hunting --Next-gen SIEM
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-42074
PUBLISHED: 2022-10-07
Online Diagnostic Lab Management System v1.0 is vulnerable to SQL Injection via /diagnostic/editcategory.php?id=.
CVE-2022-42075
PUBLISHED: 2022-10-07
Wedding Planner v1.0 is vulnerable to has arbitrary code execution.
CVE-2022-37895
PUBLISHED: 2022-10-07
An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected AP of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4...
CVE-2022-37896
PUBLISHED: 2022-10-07
A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victimâ&euro...
CVE-2022-41377
PUBLISHED: 2022-10-07
Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /pet_shop/admin/?page=maintenance/manage_category.