Cyber Connections News Roundup: September 24
Get the latest cybersecurity news from leading companies, news outlets and blogs.
Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.
September 24, 2019
Microsoft to Offer Free Security Support for Windows 7 Ahead of 2020 Election
According to a recent report on www.cyberscoop.com, Microsoft Corp. will offer state and local election officials free security support for Windows 7 operating systems used in voting systems through 2020. Microsoft has long planned to stop providing security updates for Windows 7 users in general in January 2020, but was allowing users to pay for those updates through January 2023. The offer of free services through next year’s U.S. presidential election represents an additional effort to make it easier to update operating software used in voting systems, such as the election management systems that format ballots. Read more.
Are Recent Saudi Oil Attacks a Sign of More Cyber Warfare to Come?
The recent attack against Saudi Aramco, claimed by U.S intelligence and the Saudi government to be the work of Iran, is a continuation of a long-simmering cyber war between the two countries, according to an article on www.cnbc.com. In recent years, Iran has deployed destructive computer viruses against Saudi Arabia, which has been slow to strengthen its defenses. The report warns that investors should expect long-term cyber espionage and flare-ups of malicious activity, including the potential for destructive attacks that hurt companies in the region beyond Aramco. Read more.
Los Angeles Becomes First City in Nation to Offer Public Threat-Sharing Platform
According to a recent article on www.lasentinel.net, the city of Los Angeles has unveiled the Threat Intelligence Sharing Platform, as well as a free mobile app that will help people detect malicious email. This, according to Mayor Eric Garcetti, makes Los Angeles the first city in the nation to release a publicly available threat-sharing platform and cybersecurity app. The platform is the creation of the LA Cyber Lab, a nonprofit organization dedicated to protecting the public and businesses from cyber threats by facilitating and promoting innovation, education and information sharing between public and private sectors. Read more.
Citing Cybersecurity Concerns, Colorado Bans QR Codes on Ballots
Colorado has become the first state in the U.S. to ban the use of QR codes on ballots, according to a recent article on www.thehill.com. In announcing the change, Colorado Secretary of State Jena Griswold (D) said that cybersecurity experts have raised concerns around the security of using the QR codes on ballots. Griswold also cited findings by U.S. intelligence that Russian operatives attempted to interfere in the 2016 presidential election as a reason to enhance cybersecurity of elections. Colorado will now require that votes only be counted based on human-verifiable information, specifically the marked ovals on the printed ballot, and not based on the counting of votes embedded in QR codes. Read more.
Cyber Attacks Exploit People and Not Technology According to Proofpoint Report
According to the results of Proofpoint’s 2019 Annual Human Factor Report, virtually all successful email-based cyber attacks require the target to open files, click on links, or carry out some other action. Although a small fraction of attacks rely on exploit kits and known software vulnerabilities to compromise systems, the vast majority of campaigns, 99%, require some level of human input to execute. These interactions can also enable macros, so malicious code can be run. A recent article about the report on www.zdnet.com notes how increasingly difficult it is to distinguish a malicious email from a regular one, mainly because tailored attacks look as if they come from a trusted source, such as cloud service providers like Microsoft or Google, colleagues, or even the boss. Read more.