Missed this last night, but apparently U.S. Cyber Command was behind the recent temporary disruption in the massive Trickbot botnet, which officials worry could be used to lock up election offices with ransomware. washingtonpost.com/national-secur…
Microsoft has won a court order giving it control of domain names associated with the Trickbot ransomware. The company has disabled the servers that let the malware's operators infect new computers. blogs.microsoft.com/on-the-issues/…
Ransomware affecting election systems is one of U.S. officials' biggest concerns right now.
Microsoft execs told NYT that "they had carefully timed their operations to put Russian cybercriminals on their heels weeks before the election."
This extraordinary allegation fits with a pattern of Trump officials like AG Barr distorting the IC's findings about evergreen Chinese and Iranian propaganda to distract from Russia's aggressive election interference efforts.
The acting (and, per GAO, illegally appointed) deputy DHS secretary allegedly ordered a subordinate to water down a warning about white supremacist terrorism.
Why doesn't Ken Cuccinelli (allegedly) want the government to understand the threat of white supremacist terrorists?
O'Brien has been one of the most aggressively dishonest officials re: election interference, constantly pushing falsehood that China is the biggest threat.
The test lab, Pro V&V, used VVSG 1.1, which @EACgov approved in 2015. Experts call the security reqs in 1.1 laughably anemic. (VVSG 2 is in the works.)
@jhalderm said the report “illustrates why VVSG 1.1 certification is inadequate to establish the security of a voting system.”
.@mspecter, who co-wrote a report exposing serious vulns in Voatz's system, told me that Pro V&V's report "says little-to-nothing."
For one thing, it doesn't even address flaws that MIT & @trailofbits identified in their reports.
BREAKING: U.S. charges two Chinese hackers with breaching hundreds of companies, NGOs, & dissidents + trying to hack 3 U.S. firms researching coronavirus. The men sometimes worked in partnership with a Chinese MSS officer.
Since September 2009, the defendants have allegedly hacked into medical device makers, industrial engineering firms, gaming and education software firms, pharma companies, and defense contractors.
Victims in U.S., Australia, Germany, Japan, U.K., and 6 other countries.
The hackers tried to breach the networks of Maryland, Massachusetts and California firms researching coronavirus vaccines and treatments.
The congressionally chartered Cyberspace Solarium Commission released its long-awaited report today at solarium.gov.
The report makes more than 75 recommendations to reorganize and improve govt cyber functions & strengthen private-sector security.
A few highlights...
First up, the big structural reforms. The report recommends creating an Office of the National Cyber Director inside the White House, creating cybersecurity committees to consolidate oversight, and reviving Congress's Office of Technology Assessment.
The report also suggests promoting @CISAgov's director to the equivalent of a deputy Cabinet secretary and floats the idea of turning the CISA Assistant Director positions into career roles.