Tighten Up Your Security: Weekly Cybersecurity Brief

Share on facebook
Share on linkedin
Share on twitter
Share on email
Share on whatsapp

Airport security refers to the techniques and methods used to protect passengers and staff from malicious crime or other threats. When one goes through the airport security line, they must complete several steps such as remove clothing items, place belongings in an x-ray machine and even enter a full-body scanner. Cybersecurity is like airport security because it aims to protect users from threats. Although this is a key similarity, there is one main difference between the two: the U.S. government and businesses have yet to prioritize implementing cybersecurity processes that keep users safe. Articles by multiple authors from ProPublica, Matthew Gault from Vice and Ravie Lakshmanan from The Hacker News shine light on why organizations should implement precautionary steps and proper security when it comes to cybersecurity. 

For the last few months, cybersecurity professionals around the country have identified several vulnerabilities with the U.S. voting system that could potentially lead to a compromised election. One major vulnerability has yet to be pointed out – email security. Recently, Texas voters received fake email replies with hidden malware in a Word Document attachment. This instance exposed the vulnerability of email systems in county offices that handle voting processes. Typically, these local offices cannot afford the proper security that is required to carry out a safe election. With hackers being a threat to our American democracy, cybersecurity practices should be implemented and funded to protect the authenticity of votes.

Another government entity that has been hacked is the Department of Homeland Security (DHS). The DHS Office of Inspector General recently revealed that 184,000 facial recognition photos were stolen and at least 19 of them were posted on the Dark Web. The images were part of a facial recognition pilot program and were hacked from a subcontractor called Perceptics. Some believe this vulnerability will not be solved until Border Control stops storing people’s data and taking their pictures, but since that is not an option, the government should implement stricter measures and processes when it comes to online security.

There are currently over 1 billion active users on the Instagram App. Little do these 1 billion users know that the Instagram App could lead to a severe privacy breach. Earlier this year, researchers found a vulnerability with Instagram’s Android app that allows hackers to perform actions on behalf of the user. These actions include spying on private messages, posting on the users account and even executing arbitrary code on the device. Facebook was notified about this vulnerability and released a patch update a few weeks later. A corporation as large as Facebook should have mandatory security checks when it comes to their applications to protect its users. If not, the privacy of many could be severely compromised.

Whether it be the U.S. election, Border Control, or social media applications, there should be proper cybersecurity steps set in place to ensure user safety. Like an airport, customers and employees should have to go through required steps to protect not only themselves, but others as well. 

Key Takeaways

“Foreign Hackers Cripple Texas County’s Email System, Raising Election Security Concerns” – Jack Gillum, Jessica Huseman, Jeff Kao, and Derek Willis, ProPublica

  • Recently, Texas voters received fake email replies with hidden malware attached to Word Documents.
  • An overlooked security weakness that could affect the November election is the vulnerability of email systems in county offices that handle voting processes
  • Smaller local governments who cannot afford proper security are increasingly vulnerable
  • ProPublica found that at least 50 election-related websites are vulnerable to cyber attacks

“DHS Admits Facial Recognition Photos Were Hacked, Released on Dark Web” – Matthew Gault, Vice

  • The DHS Office of Inspector General recently revealed that 184,000 facial recognition photos were stolen and at least 19 of them were posted on the Dark Web
  • The images were part of a facial recognition pilot program, and were hacked from a subcontractor called Perceptics
  • Some believe this issue will remain until Border Control stops storing people’s data and taking their pictures, which is nearly impossible

“Major Instagram App Bug Could’ve Given Hackers Remote Access to Your Phone” – Ravie Lakshmanan, The Hacker News

  • Check Point researchers found a vulnerability with Instagram’s Android app that allows hackers to perform actions on behalf of the user. 
  • This includes spying on private messages, posting on the users account and even executing arbitrary code on the device
  • Facebook was notified about the vulnerability and released a patch update to mitigate risk
  • Yaniv Balmas, the head of cyber research at Check Point, says three ways to prevent attackers from entering your mobile device are to always install updates, monitor permissions and think twice about approvals.

Sources

https://thehackernews.com/2020/09/instagram-android-hack.html

https://www.propublica.org/article/foreign-hackers-cripple-texas-countys-email-system-raising-election-security-concerns?token=SV45W9VHgigYbUE-m7o9xnvExqobnjcg

https://www.vice.com/en/article/m7jzbb/dhs-admits-facial-recognition-photos-were-hacked-released-on-dark-web 

Discover More: