German Voting Software Raises Concerns

With German elections only a couple weeks away, researchers have been working to determine how secure the voting systems really are. Per a recent study, the software being used contains multiple vulnerabilities that could lead to devastating results if the election is compromised. Meanwhile, the software creator maintains there is nothing wrong with the system and any tampering would only lead to confusion, rather than truly affecting the vote’s outcome.

Upgraded Android OS Slows Tide of Overlay Attacks

While overlay attacks are nothing new to Android™ users, the Toast window is a surprisingly fresh take on this technique. Google has already patched the issue being exploited, but many users unintentionally fell victim and gave permissions to a malicious app using the Toast window overlay on a legitimate page to spoof the users input. This type of attack can range from simply installing an annoying piece of malware on the device, all the way up to locking the device down and demanding a ransom.

Apple Implements Even More Security for iOS 11

In recent years, the security surrounding smartphones and other portable devices has been under scrutiny by both users and law enforcement. In its latest iOS® version, Apple is introducing new features that will make unauthorized access to their devices even more challenging. The first is only a minor change, which request the device’s password/code when connecting it to a new computer (like those used by law enforcement for forensic analysis.) This change puts the power back in the device owner’s hands, as they aren’t required to divulge that type of information, nor would a potential thief be likely to know or guess the locking combination. The second feature allows the device to be put into SOS mode, which also requires a passcode to unlock, rather than using the TouchID, which can be falsified.

Equifax Hack Could Be Largest Ever

As you’ve probably heard, Equifax was recently compromised, leaving over 143 million Americans’ social security numbers and other highly sensitive information vulnerable and likely for sale. The original point of access would seem to be their main Argentinian employee portal page, which, through simple HTML viewing, can show both the username and password for nearly 14,000 customers who had filed a complaint, along with their social security number equivalent, all stored in plain text.

WordPress Plugin Removed Again for Malicious Activity

After 4 unprecedented takedowns, WordPress has finally removed the Display Widgets plugin from its repository after being implicated in malicious activity yet again. The plugin was sold several years ago and has since been installed on over 200,000 PCs, though it is hard to tell how many users have upgraded to more secure plugin versions. Even more worrisome is that backdoors became part of the plugin’s payload, and could be actively running on any of the 200,000 known devices.

The post Cyber News Rundown: Edition 9/15/17 appeared first on Webroot Threat Blog.