Category: BlackHat

e-Voting

Threats to our electoral process can come from outside the country or nefarious insiders. Our country needs to be better prepared. After Russian state security personnel were accused of hacking the Democratic National Committee, the possibility of outsiders manipulating the American political process became a reality. With the reliance on computers to collect votes, report results, communicate campaign strategies, and coordinate voter registration activities, the electoral process has new vulnerabilities. In addition, rogue countries aren’t the only threats; insiders are also capable of manipulating election results. Here are six ways that elections can be hacked.

Read more at
http://www.darkreading.com/endpoint/6-ways-to-hack-an-election/a/d-id/1326762?

NSA-Exploits-Cisco-extrabacon-modifiedRecently released NSA exploit from “The Shadow Brokers” leak that affects older versions of Cisco System firewalls can work against newer models as well. Dubbed ExtraBacon, the exploit was restricted to versions 8.4.(4) and earlier versions of Cisco’s Adaptive Security Appliance (ASA) – a line of firewalls designed to protect corporate, government networks and data centers. However, the exploit has now been expanded to 9.2.(4) after researchers from Hungary-based security consultancy SilentSignal  were able to modify the code of ExtraBacon to make it work on a much newer version of Cisco’s ASA software. Both Cisco and Fortinet have confirmed their firewalls are affected by exploits listed in the Shadow Brokers cache that contained a set of “cyber weapons” stolen from the Equation Group.

Read more at
http://thehackernews.com/2016/08/cisco-firewall-hack.html

BlackHatAh, the irony: As the security community gears up for Black Hat USA 2016, a flaw in the official conference app enables attackers to become anyone or spy on attendees.

Conference attendees can install the app on their mobile devices to browse the conference’s agenda, get exhibitor info, message attendees, schedule events they will attend and participate in a conference-wide Twitter-like activity feed. According to Lookout Security, a flaw opens the door to attendee impersonation—so users should be cautious of any activity or messages that are posted or received within the app.

“While investigating both the iOS and Android versions of the Black Hat USA 2016 app, we discovered that a user could register using any email address they want (as long as it hasn’t already been used to register with the app previously),” explained Lookout researcher Andrew Blaich, in a blog. “This includes any email address, whether or not the person signing up owns the email address. It doesn’t even matter if the email address exists at all.” Further, to log in, the Black Hat app does not require confirmation; the user is immediately logged into the app after typing in any email address.

Read more at
http://www.infosecurity-magazine.com/news/official-black-hat-usa-app-allows/