Posts

Election security experts say giving Maricopa County routers to Arizona Senate’s election auditors would be concerning

Opt-in to Cyber Safety. Multiple layers of protection for your devices, online privacy and more.


Routers serve as the mail carrier of a computer network: They deliver messages using maps of networks and computer addresses.

Senate liaison Ken Bennett on the latest with the Arizona Senate audit of ballots

UP NEXT

UP NEXT

Think of it like a mail carrier who relies on maps and addresses to get mail to the right place.

Given access to the mail carriers’ or routers’ information, it would be easier for a bad actor to get access to a person’s mail, or to target the information inside the network.

Start the day smarter. Get all the news you need in your inbox each morning.

That’s an analogy one tech expert – Matt Bernhard, a research engineer at Voting Works, a nonpartisan nonprofit that advocates for open source election technology — gave while explaining the importance of keeping Maricopa County’s routers secure.

Arizona Senate Republicans are trying to get access to the county’s routers and administrative passwords to the county’s voting machines, and to provide that to private contractors they’ve hired to audit the county’s 2020 election results, which began April 23.



a group of people sitting in chairs: Maricopa County ballots from the 2020 general election are examined and recounted by contractors hired by the Arizona Senate in an audit at the Veterans Memorial Coliseum in Phoenix on May 11, 2021.


© David Wallace/The Republic
Maricopa County ballots from the 2020 general election are examined and recounted by contractors hired by the Arizona Senate in an audit at the Veterans Memorial Coliseum in Phoenix on May 11, 2021.

Bernhard said providing access to the routers is a “pretty specific risk” to the county. Also, he and other election security consultants across the country are unsure why exactly the auditors would need the routers to audit the election results.

Loading...

Load Error

Senate liaison Ken Bennett has said they are needed to check whether the county’s voting machines were connected to the internet during the election. But a county spokesperson said that the auditors already have the information and machines to perform that check, and a previous independent audit commissioned by the county proved they were not.

County Attorney Allister Adel has said that giving…

Source…

Take Control of Your Internet Security and Privacy With NextDNS

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being.


Users tend to fiddle with the DNS settings only if a website does not load or when the internet speed is suddenly slow on a particular device. However, a DNS not only improves your internet experience, but some even let you control, monitor, and secure your online activity.

NextDNS is a modern DNS service that lets you do exactly that. So what is DNS? And how can you use NextDNS to take control of your security and privacy?

What Is a DNS?

Source…

Internet Security Apps Called Out for Personal Data Abuse

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being.


When you download a mobile app designed to keep you safe online, you probably don’t expect it to abuse your personal data.

But that’s exactly what many of China’s most popular mobile security apps are doing, according to a new announcement (link in Chinese) by the country’s internet regulator.

Some 36 security apps, including those developed by internet titans Tencent Holdings Ltd., Baidu Inc. and Qihoo 360 Technology Co. Ltd., are guilty of illegally obtaining data without users’ consent, collecting more information than they need to operate, and demanding excessive numbers of permissions, according to the notice, which was published Monday.

The document singled out a further 48 online lending apps for similar violations, including those developed by the personal finance arms of ride-hailing giant Didi Chuxing, Alibaba Group Holding Ltd.’s e-commerce site Taobao, Ping An Insurance Group Co. of China Ltd. and several national banks.

Data privacy is a long-running problem in China, which lacks robust laws and regulations governing the collection and use of personal information.

A flagship data protection law is in the works, but remains in the draft stage amid debate over how it would affect both businesses and individuals.

For now, Chinese authorities largely content themselves with naming and shaming — and sometimes removing (link in Chinese) — apps that violate user privacy.

The companies on the latest naughty list have 15 working days to clean up their act or face legal punishment, the regulator said, without being specific.

Contact reporter Matthew Walsh ([email protected])

Related: China Mulls Severe Penalties in New Data Protection Law

 

Source…

Why OOO Messages And New Employees Are Major Business Security Risks

Opt-in to Cyber Safety. Multiple layers of protection for your devices, online privacy and more.


Ed Bishop is CTO and Co-Founder at cybersecurity company Tessian.

Hackers don’t hack companies; they hack the people who work for them — the human layer of an organization. This might be one of the most simple yet important statements about business security. Hacking humans often doesn’t require any advanced technology or special skills. Bad actors can find everything they need to trick an employee using an email account and some simple internet searching. 

These kinds of social engineering attacks can be highly effective — just look at the Twitter hack in 2020. All it took were a few impersonations to trick Twitter employees and bring down one of the world’s most powerful social media sites. These kinds of attacks are on the rise, too. My company’s researchers saw a 15% increase in social engineering attacks over email during the last six months of 2020.

The more bad actors know about an employee, the more personalized and convincing their attacks will be. A recent Tessian report shed light on two human layer security vulnerabilities — out-of-office (OOO) messages and new employees. The data provides new insight into how companies can safeguard against these attacks. 

TMI In Your OOO

Most people don’t think twice before creating an out-of-office email. In fact, Tessian’s survey of 4,000 employees found that 98% automate their OOO messages. But these email responses can be a gold mine for hackers looking to trick a colleague into sharing sensitive information, login credentials or money. 

In the first instance, many hackers will send a seemingly innocuous mass email to a company’s employees, like a fake newsletter. These emails are designed to trigger OOO messages that provide valuable information, such as how long an employee will be gone, where they’re going and the contact information of a colleague.

These details are the raw material for a convincing email scam. Imagine receiving this email from what appears to be your boss’s personal email: “Hey, I’m visiting my in-laws in Florida and forgot to invoice our consulting partner for the work they did last month. Can you process the attached, using the bank account details…

Source…