« Previous 1 2
News for Admins
Tech News
Microsoft Launches Bug Bounty Program to Protect Electronic Voting Machines
More and more democracies are relying on electronic voting machines over paper ballots, and some of these machines remain unacceptably vulnerable to attack.
In order to protect voting machines, Microsoft recently released an open source software development kit called ElectionGuard.
ElectionGuard SDK uses homomorphic encryption (https://en.wikipedia.org/wiki/Homomorphic_encryption) to ensure that votes recorded by electronic systems of any type remain encrypted, secure, and secret. It also allows verifiable and accurate tallying of ballots by any third-party organization without compromising secrecy or security.
The code can run on any voting system hardware and can be integrated into existing (or new) voting system software.
Now Microsoft is taking the security of these machines to the next level by launching a bug bounty program for ElectionGuard.
"Researchers from across the globe, whether full-time cyber security professionals, part-time hobbyists, or students, are invited to discover high-impact vulnerabilities in targeted areas of the ElectionGuard SDK (https://github.com/microsoft/ElectionGuard-SDK) and share them with Microsoft under Coordinated Vulnerability Disclosure (CVD) (https://www.microsoft.com/en-us/msrc/cvd). Eligible submissions with a clear, concise proof of concept (POC) are eligible for awards up to US$15,000," said Jarek Stanley, Senior Program Manager, Microsoft Security Response Center.
Source: https://msrc-blog.microsoft.com/2019/10/18/introducing-the-electionguard-bounty-program/
New Fileless Malware Discovered
Security researchers from Microsoft (https://www.microsoft.com/security/blog/2019/09/26/bring-your-own-lolbin-multi-stage-fileless-nodersok-campaign-delivers-rare-node-js-based-malware/) and Cisco Talos have discovered a new malware loader dubbed "Nodersok" and "Divergent," which is being distributed through online advertisements.
According to Microsoft, the Nodersok (and Divergent) campaign has been pestering thousands of machines in the last several weeks, with most targets located in the United States and Europe. "The majority of targets are consumers, but about 3% of encounters are observed in organizations in sectors like education, professional services, healthcare, finance, and retail," said the company in a blog post.
What makes this malware unique, according to the Hacker News (https://thehackernews.com/2019/09/windows-fileless-malware-attack.html) is the fact that "it's an advanced fileless malware, and second, it leverages only legitimate built-in system utilities and third-party tools to extend its functionality and compromise computers, rather than using any malicious piece of code."
« Previous 1 2
Buy this article as PDF
(incl. VAT)