News for Admins

Tech News

Microsoft Launches Bug Bounty Program to Protect Electronic Voting Machines

More and more democracies are relying on electronic voting machines over paper ballots, and some of these machines remain unacceptably vulnerable to attack.

In order to protect voting machines, Microsoft recently released an open source software development kit called ElectionGuard.

ElectionGuard SDK uses homomorphic encryption (https://en.wikipedia.org/wiki/Homomorphic_encryption) to ensure that votes recorded by electronic systems of any type remain encrypted, secure, and secret. It also allows verifiable and accurate tallying of ballots by any third-party organization without compromising secrecy or security.

The code can run on any voting system hardware and can be integrated into existing (or new) voting system software.

Now Microsoft is taking the security of these machines to the next level by launching a bug bounty program for ElectionGuard.

"Researchers from across the globe, whether full-time cyber security professionals, part-time hobbyists, or students, are invited to discover high-impact vulnerabilities in targeted areas of the ElectionGuard SDK (https://github.com/microsoft/ElectionGuard-SDK) and share them with Microsoft under Coordinated Vulnerability Disclosure (CVD) (https://www.microsoft.com/en-us/msrc/cvd). Eligible submissions with a clear, concise proof of concept (POC) are eligible for awards up to US$15,000," said Jarek Stanley, Senior Program Manager, Microsoft Security Response Center.

Source: https://msrc-blog.microsoft.com/2019/10/18/introducing-the-electionguard-bounty-program/

New Fileless Malware Discovered

Security researchers from Microsoft (https://www.microsoft.com/security/blog/2019/09/26/bring-your-own-lolbin-multi-stage-fileless-nodersok-campaign-delivers-rare-node-js-based-malware/) and Cisco Talos have discovered a new malware loader dubbed "Nodersok" and "Divergent," which is being distributed through online advertisements.

According to Microsoft, the Nodersok (and Divergent) campaign has been pestering thousands of machines in the last several weeks, with most targets located in the United States and Europe. "The majority of targets are consumers, but about 3% of encounters are observed in organizations in sectors like education, professional services, healthcare, finance, and retail," said the company in a blog post.

What makes this malware unique, according to the Hacker News (https://thehackernews.com/2019/09/windows-fileless-malware-attack.html) is the fact that "it's an advanced fileless malware, and second, it leverages only legitimate built-in system utilities and third-party tools to extend its functionality and compromise computers, rather than using any malicious piece of code."

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs



Support Our Work

ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.

Learn More”>
	</a>

<hr>		    
			</div>
		    		</div>

		<div class=