Posts

Election security experts call for rigorous audit to protect upcoming California gubernatorial recall

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360


A group of election security experts on Thursday called for a rigorous audit of the upcoming recall election for California’s governor after copies of systems used to run elections across the country were released publicly.

Their letter sent to the secretary of state’s office urges the state to conduct a type of post-election audit that can help detect malicious attempts to interfere.

The statewide recall targeting Democratic Gov. Gavin Newsom, set for Sept. 14, is the first election since copies of Dominion Voting Systems’ election management system were distributed last month at an event organized by MyPillow CEO Mike Lindell, an ally of former President Donald Trump who has made unsubstantiated claims about last year’s election. Election offices across 30 states use the Dominion system, including 40 counties in California.

Election security experts have said the breaches, from a county in Colorado and another in Michigan, pose a heightened risk to elections because the system is used for a number of administrative functions — from designing ballots and configuring voting machines to tallying results. In the letter, the experts said they do not have evidence that anyone plans to attempt a hack of the systems used in California and are not casting blame on Dominion.

“However, it is critical to recognize that the release of the Dominion software into the wild has increased the risk to the security of California elections to the point that emergency action is warranted,” the experts wrote in their letter, which was shared with The Associated Press.

The eight experts signing the letter include computer scientists, election technology experts and cybersecurity researchers.

Jenna Dresner, a spokeswoman for Secretary of State Shirley Weber, said the 40 counties in California using Dominion employ a different version of the election management system that meets various state-specific requirements. She outlined numerous security measures in place to protect voting systems across the state. That includes regular testing for vulnerabilities, strict controls on who has access, physical security rules and pre-election testing to ensure that no…

Source…

Activision Blizzard accused by California watchdog of fostering ‘frat boy’ culture, fatally toxic atmosphere • The Register

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360


California’s Department of Fair Employment and Housing on Thursday sued Activision Blizzard and its subsidiaries, alleging the company fostered a “frat boy” culture that led to lower pay for female employees, sex and race discrimination, and sexual harassment.

According to the lawsuit, as an example of the effects of this toxic culture, a female worker killed herself on a company trip due to a sexual relationship she had with her male boss.

“All employers should ensure that their employees are being paid equally and take all steps to prevent discrimination, harassment, and retaliation,” said dept director Kevin Kish in a statement [PDF]. “This is especially important for employers in male-dominated industries, such as technology and gaming.”

Activision Blizzard, the gaming behemoth forged in 2008 and based in Santa Monica, California, makes popular computer games such as Diablo, Call of Duty, and World of Warcraft, and runs online gaming service Battle.net.

Accusations of sexism, sexual harassment, and pay inequality have dogged the gaming industry for decades, as demonstrated recently by “gamergate” in 2014 and 2015 and harassment claims at UbiSoft in 2020. But as the “#MeToo” movement has shown, workplace hostility toward women extends far beyond electronic entertainment.

An Activision Blizzard spokesperson told The Register in an emailed statement the gaming biz takes these issues seriously and the Department of Fair Employment and Housing (DFEH) allegations don’t reflect its current workplace.

We note that one Blizzard executive identified in the complaint, “so known to engage in harassment of females that his suite was nicknamed the ‘Crosby Suite’ after alleged rapist Bill Crosby,” appears to have quietly left the company around June 2020. A DFEH spokesperson tentatively confirmed that this is a misspelling of “Cosby,”…

Source…

How California schools are fighting ransomware attacks

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360


As ransomware attacks target them, some California schools are scrambling to respond while others have done little to protect themselves.

SAN DIEGO COUNTY, Calif. — Schools aren’t exactly known for their expansive budgets. Many struggle to pay for basic operations such as functioning air conditioning and employee salaries.  

But this past year, cybercriminals have attacked a growing number of schools across California and the country. A handful of California schools, colleges and universities have experienced ransomware attacks, often with harsh consequences: Sierra College had some systems shut down during finals week, Newhall School District’s 10 elementary schools went a week without online school during the pandemic, and UC San Francisco paid a $1.14 million ransom.

While hospitals and oil pipelines might seem lucrative, schools hardly scream “Jackpot!”

The average ransom paid by mid-sized organizations across the world in 2021 is about $170,000, according to a survey by London-based software company Sophos. Still, cybercriminals try to make their ransoms affordable. UC Berkeley cybersecurity researcher Nick Merrill said he thinks would-be thieves will charge as much as schools are willing to pay.

“At the end of the day, (the criminals) don’t want this to drag out for a long time, that increases their liability,” he said. “I’m guessing they’ll pick the highest number that they think you’ll pay quickly.”

Ransomware attacks are increasing against schools not only in California but across the country, according to several experts. How schools respond and what security measures they have in place are evolving rapidly. 

What do cyber criminals do first?

Source…

Under Attack: California Schools Face Ransomware Threat

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360


Sixth grade teacher Hilary Hall had just started teaching one Monday morning in September when her teacher’s group chats at Newhall School District exploded with confused messages. Teachers in the Santa Clarita school district — located just north of Los Angeles — were panicking.

While Hall had no issues logging onto her computer from home, many of her colleagues, connected to the school district’s server, were met with a mysterious pop-up message.

It said users wouldn’t be able to log into the server.

People turned to Hall, co-president of the district’s teacher’s union, for information, but she didn’t know what was going on, either.

A few minutes later, an answer arrived via phone call from each grade’s head teacher: The school district, all 10 schools representing under 6,000 children, had been hit with a ransomware attack. All teachers were instructed to log off immediately.

“Read a book!” Hall told the kids in her class, trying to think of educational activities on the spot as she quickly logged off.

While incidents like the Colonial pipeline ransomware attack and the Kaseya attack received international attention, schools and universities have also been on the wrong end of cybercriminals.

Experts interviewed by CalMatters — including researchers, cybersecurity companies, IT employees and the FBI — all agree the number of cyberattacks has increased over the pandemic. Many believe the number of attacks on the education sector has also increased, but it’s an area so new to cybercrime that there’s virtually no comprehensive data on it.

Emsisoft, a New Zealand-based software company, expects these data theft attacks to double in 2021.

California schools, colleges and universities have scrambled to adjust. In the past five years, more than two dozen California school systems have been targeted, from Rialto Unified School District in San Bernardino to Stanford University’s School of Medicine.

Prior to the ransomware attack last September, Newhall had implemented what experts consider common sense security measures like internal firewalls to prevent malicious software from affecting entire systems. A few…

Source…