Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

9/18/2018
11:28 AM
Connect Directly
Google+
Twitter
RSS
E-Mail
100%
0%

Symantec Offers Free Website Security Service for Midterm Elections

Security vendor offers US election jurisdictions its Project Dolphin phishing/website spoofing-detection service and security resources.

Symantec is the latest security vendor to offer pro bono security services to US elections commissions and political parties and candidates amid hacking and disruption concerns in the midterm elections.

The security giant is providing for free its Project Dolphin website spoof-detection and prevention service as well as resources including election security best practices and security training videos for election jurisdictions, poll workers, candidates, and political parties. Project Dolphin can, for instance, detect phishing sites posing as legitimate campaign or state election commission websites.

Election jurisdications and parties who opt for the service would register their domains and login pages with the service so it can detect imposter sites, says Eric Chien, a Fellow with the Symantec Security Technology and Response division. Chien says the company plans to run the service for at least six months, and could expand it to the 2020 elections as well.

State and local election jurisdictions and campaigns traditionally have tight budgets and resources, especially when it comes to security. Security vendors are trying to fill that gap, especially for vulnerable elections websites, with free services for the fall midterms - Cloudflare, Google, Microsoft, Akamai, Synack, Thycotic, McAfee, Cylance, and Valimail, already had announced free services.

Philanthropy aside, the pro bono services also give those vendors a foot in the door for potential future business.

US elections officials are still haunted by the Russian-meddling and hacking activities during the 2016 US presidential election, but many jurisdictions haven't had the time or funds to make major security upgrades. While voting machine hacking has been in the spotlight since researchers easily cracked multiple machines at the DEF CON conference in 2017 and 2018, security experts say websites are the easier mark for nation-state and other hackers breaking in remotely.

"There are a lot of soft targets, like state election commissions," Chien says. "Imagine them getting hacked and someone changes all of the polling information ... or leaks and wipes [data] or changes an address and you're not in the voter registration roll anymore."

Related Content:

Black Hat Europe returns to London Dec 3-6 2018 with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the conference and to register.

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
poppynewton
50%
50%
poppynewton,
User Rank: Apprentice
9/20/2018 | 10:50:26 AM
comment
Thank you
Data Privacy Protections for the Most Vulnerable -- Children
Dimitri Sirota, Founder & CEO of BigID,  10/17/2019
Sodinokibi Ransomware: Where Attackers' Money Goes
Kelly Sheridan, Staff Editor, Dark Reading,  10/15/2019
7 SMB Security Tips That Will Keep Your Company Safe
Steve Zurier, Contributing Writer,  10/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: The old using of sock puppets for Shoulder Surfing technique. 
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-8071
PUBLISHED: 2019-10-17
Adobe Download Manager versions 2.0.0.363 have an insecure file permissions vulnerability. Successful exploitation could lead to privilege escalation.
CVE-2019-10752
PUBLISHED: 2019-10-17
Sequelize, all versions prior to version 4.44.3 and 5.15.1, is vulnerable to SQL Injection due to sequelize.json() helper function not escaping values properly when formatting sub paths for JSON queries for MySQL, MariaDB and SQLite.
CVE-2019-12611
PUBLISHED: 2019-10-17
An issue was discovered in Bitdefender BOX firmware versions before 2.1.37.37-34 that affects the general reliability of the product. Specially crafted packets sent to the miniupnpd implementation in result in the device allocating memory without freeing it later. This behavior can cause the miniupn...
CVE-2019-13657
PUBLISHED: 2019-10-17
CA Performance Management 3.5.x, 3.6.x before 3.6.9, and 3.7.x before 3.7.4 have a default credential vulnerability that can allow a remote attacker to execute arbitrary commands and compromise system security.
CVE-2019-15626
PUBLISHED: 2019-10-17
The Deep Security Manager application (Versions 10.0, 11.0 and 12.0), when configured in a certain way, may transmit initial LDAP communication in clear text. This may result in confidentiality impact but does not impact integrity or availability.