Matters of cybersecurity started off the week with Politico announcing that the US federal government intended to issue a warning about threats to election operations ahead of the November 8, 2022 midterms. Concerns about disinformation and misinformation campaigns continued to mount as the week went on.
The Washington Post reported, “a coalition of 60 consumer and civil rights groups says Meta, Twitter [now owned by Elon Musk], TikTok and YouTube are ill-prepared to fight disinformation from politicians and other public figures whose public pronouncements about the 2022 midterms could undermine Americans’ faith in the electoral process or lead to violence.” The Guardian echoed the sentiment, claiming that TikTok has great potential to be a dangerous source of election misinformation. Then, Mandiant published a report this week warning that pro-China actors are working to spread disinformation ahead of elections.
According to The PEW Charitable Trusts, those who continue to contest the results of the 2020 elections are wreaking havoc at ballot boxes across multiple states, leaving “election officials and experts…increasingly concerned that lies and falsehoods have left the U.S. election system vulnerable to disruptions and a crisis of confidence.”
Now let’s look at what else made cybersecurity headlines this week.
Oct. 28: A new law in the European Union, the Digital Markets Act, is expected to “change the internet forever.”
Oct. 28: Several government agencies, including the State Department, are making progress toward developing procedures to create a software bill of materials.
Oct. 28: “Developers of the OpenSSL cryptography library have taken the unusual step of pre-warning that an update is due to land next Tuesday (November 1) which will fix a critical vulnerability,” The Daily Swig reported.
Oct. 27: A security researcher published details on a flaw discovered in Apple iOS that could allow a malicious actor to listen in on conversations with Siri.
Oct. 26: “With the holiday season approaching, it means you should be on the lookout for delivery scams designed to steal your data and your cash, or even infect your computer,” We Live Security warned.
Oct. 26: Security Week reported, “VMware this week announced patches for a critical remote code execution vulnerability in VMware Cloud Foundation and NSX Data Center for vSphere (NSX-V).”
Oct. 25: In response to a growing number of fraudulent accounts on its platform, LinkedIn announced new security features to verify identity and enhance the automated systems used to detect bogus accounts.
Oct. 25: According to The Hacker News, “A high-severity vulnerability has been disclosed in the SQLite database library, which was introduced as part of a code change dating all the way back to October 2000 and could enable attackers to crash or control programs.”
Oct. 24: Another school district, this time the Kenosha Unified School District in Wisconsin, has been hit with a ransomware attack, according to The Record.Oct. 24: Infosecurity Magazine reported, “Several critical and high-severity vulnerabilities have been discovered affecting the Veeam Backup & Replication application that could be exploited by advertising fully weaponized tools for remote code execution (RCE).”