{% text "preview_text" label="Preview Text This will be used as the preview text that displays in some email clients", value="", no_wrapper=True %}


READ IN BROWSER

09/27/2019
linkedin facebook twitter instagram
WorkScoop
DEF CON's Voting Village released its report on the vulnerabilities unearthed at this year's conference. A disinfo campaign aimed at Hong Kong protestors was super sloppy. And a popular delivery app wants to you know it "takes security very seriously," despite leaking millions of passwords. This is CyberScoop for Friday, September 27.

All the flaws found in this year's Voting Village

This year’s DEF CON Voting Village report on vulnerabilities in election equipment singles out ballot-marking devices, the specialized computers that let voters make their choices on a screen and then print them out. “Current and proposed next-generation ballot marking devices have not been designed with security considerations in mind,” says the report, the product of researchers’ days of hacking and tinkering at DEF CON last month. Done right, BMDs can improve the voter experience, experts say. But much more about their design and how voters interact with them needs to be studied. Among other flaws, the researchers found weaknesses in passwords used by some of the voting equipment, with a supervisory password stored in plaintext for one electronic pollbook. The report serves as a call to action to make equipment more secure before the 2020 presidential election. Sean Lyngaas has more.


A Message From AWS Educate

With over 1,500 institutions and hundreds of thousands of students who use AWS Educate, we wanted to take you on a trip around the world and highlight how students are learning and innovating with the cloud. Learn more.


Not the most sophisticated operation we've seen

Hackers that appear to be acting in the interest of China’s government have been hijacking and using fake accounts on Facebook, Twitter and YouTube to push narratives denigrating the Hong Kong protests, according to research from Graphika. The sweeping, cross-platform campaign — which tends to focus on promoting YouTube videos — appears to have been in operation for years, Graphika says. As the Hong Kong protests against China’s controversial extradition law gained traction in June, the spam network ramped up, with accounts, pages and channels linking to content across the platforms. The people behind the campaign attempted to avoid detection algorithms by posting a small amount of political content interspersed with higher volumes of spam, such as pictures of cats or landscapes, TikTok videos and sports content. But at times the campaign, dubbed "Spamouflage Dragon," appears to be very sloppily put together and low-impact, according to Graphika. Shannon Vavra has more.


Special Delivery! It's your PII!

DoorDash, one of the most popular food delivery apps on the market, informed the public of a data breach in which 4.2 million customers, Dashers (read: delivery people) and merchants had a bunch of personally identifiable information swiped from a third party. The incident affected users who were on the platform before April 5, 2018. Information ranged from the usual (names, email addresses, phone numbers) to the particularly bad (100,000 driver's license numbers; the last four digits of payment cards) to the potentially embarrassing (order histories). What other breach can you say has info on your passwords as well as the time you ordered 80 Wendy's spicy nuggets at 3 a.m. on a Wednesday? Read DoorDash's Medium post for more info.


In case you missed this from NIST

The National Institute of Standards and Technology wants feedback on its definition of zero trust security architecture, as well as potential deployments of the technology. The federal agency outlined its request in a draft special publication released this week. Zero trust refers to the narrowing of cyberdefenses from wide network perimeters to micro-perimeters around individual or small groups of resources, NIST says in the new guidance. In addition to providing a roadmap, the document highlights a number of use cases, including agencies with satellite facilities, multi-cloud environments and contracted services. Dave Nyczepir has more at FedScoop.


Tweet Of The Day

Image

Do better, everyone.


Want more? Catch our events for all things workforce!
{% widget_block rich_text 'unsubscribe' label='Unsubscribe' overridable=true no_wrapper=true %} {% widget_attribute 'html' %} Copyright (c) 2019 WorkScoop, All rights reserved.

{{ site_settings.company_name }}
{{ site_settings.company_street_address_1 }}
{{ site_settings.company_city }} {{ site_settings.company_state }} 20036

Update your email preferences
Unsubscribe {% end_widget_attribute %} {% end_widget_block %} {# {% widget_block rich_text 'unsubscribe' label='Unsubscribe' overridable=true no_wrapper=true %} {% widget_attribute 'html' %} You received this email because you are subscribed to {{ subscription_name }} from {{site_settings.company_name}}. If you prefer not to receive emails from {{site_settings.company_name}} you may unsubscribe or set your email preferences. {% end_widget_attribute %} {% end_widget_block %} #}