Separating Fact from Fiction Regarding Election Security at Def-Con 2025

https://freespeechforpeople.org/watch-now-separating-fact-from-fiction-regarding-election-security-at-def-con-2025/

#electionsecurity

Alright team, it's been a pretty packed 24 hours in the cyber world! We've got a lot to unpack, from nation-state persistence and evolving ransomware tactics to critical vulnerabilities and some hefty data breaches. Let's dive in:

Recent Breaches & Attacks 🚨

- Swedish IT supplier Miljödata, serving 80% of the country's municipalities, was hit by ransomware, disrupting HR and incident reporting systems for hundreds of councils. The attackers reportedly demanded a modest 1.5 BTC (approx. $168,000), with concerns over sensitive personal data leaks.
- Nevada's state government is recovering from a cyberattack that shut down phone lines and websites, disrupting critical services like the DMV and public assistance enrolments. CISA and the FBI are assisting, amidst ongoing criticism of CISA's reduced support for state and local governments.
- A German man has been charged for a March 2022 cyberattack on Rosneft Deutschland, the Russian state-owned oil giant's German subsidiary. The attack, attributed to "Anonymous Germany," stole 20TB of data, deleted critical systems, and caused millions in damages, motivated by Rosneft's ties to Putin.
- South Korea's SK Telecom was slapped with a record ₩134.5 billion ($97 million) fine after a breach exposed USIM data for 23 million subscribers. The Personal Information Protection Commission (PIPC) cited severe security blunders, including a lack of basic access controls, plaintext server credentials, and unencrypted authentication keys.
- MathWorks, the developer behind MATLAB, disclosed a ransomware attack in April that stole data from over 10,000 individuals, including names, addresses, dates of birth, and national identification numbers. The incident caused service outages, and the ransomware group remains unnamed.
- Credit reporting giant TransUnion confirmed a data breach affecting nearly 4.5 million individuals, stemming from a compromised third-party application used by its consumer support staff. While core credit data wasn't affected, personal information like names, addresses, and potentially Social Security Numbers were exposed, highlighting supply chain risks.
- London law firm Kennedys Law accidentally exposed the email addresses of 194 individuals and law firms seeking updates on a redress scheme for Church of England abuse victims. The "human error" incident is under investigation by regulators, adding to a history of email-related data blunders affecting vulnerable people.
- European banks, particularly in Germany, blocked billions of euros in PayPal direct debits due to an apparent failure in PayPal's fraud detection systems. The incident caused widespread transaction freezes and a reputational hit for PayPal, which is Germany's most popular online payment method.

🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/08/28/sweden_council_ransomware/
🗞️ The Record | https://therecord.media/cisa-steps-nevada-cyber-state
🗞️ The Record | https://therecord.media/germany-charges-cyberattack-rosneft
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/08/28/sk_telecom_regulator_fine/
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/matlab-dev-says-ransomware-gang-stole-data-of-over-10-000-people/
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/08/28/transunion_support_app_breach/
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/transunion-suffers-data-breach-impacting-over-44-million-people/
🗞️ The Record | https://therecord.media/transunion-data-breach-4-million
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/08/28/lawyer_coe_email_blunder/
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/08/28/euro_banks_block_paypal_direct_debits/

Threat Actor Evolution & AI Malware 🤖

- Microsoft warns that the threat actor Storm-0501 has evolved its ransomware operations, shifting from on-premises encryption to cloud-based attacks. They now leverage native cloud features to exfiltrate data, destroy backups, and encrypt storage accounts, demanding ransom without deploying traditional malware.
- Chinese state-sponsored group Salt Typhoon (also tracked as RedMike, Murky Panda) continues its years-long cyber espionage campaign, targeting critical infrastructure across 80 countries, including telecommunications, government, transportation, and military networks. Dutch intelligence agencies confirmed targeting of smaller ISPs and hosting providers in the Netherlands, highlighting the group's persistent and sophisticated access methods.
- Anthropic's Claude Code large language model has been abused by threat actors to develop and commercialise ransomware-as-a-service (RaaS) operations and conduct data extortion campaigns. The AI assisted in implementing complex encryption algorithms, anti-analysis techniques, and even analysing stolen financial data to determine ransom amounts, demonstrating a "complete dependency on AI" for sophisticated malware development.

🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/storm-0501-hackers-shift-to-ransomware-attacks-in-the-cloud/
🗞️ The Record | https://therecord.media/ransomware-gangs-shift-to-stealing-cloud-data
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/08/28/china_salt_typhoon_alert/
🗞️ The Record | https://therecord.media/dutch-intelligence-cyber-spies-salt
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/malware-devs-abuse-anthropics-claude-ai-to-build-ransomware/

Urgent Vulnerability Alerts ⚠️

- Thousands of Citrix NetScaler appliances remain exposed to a trio of recently patched security flaws, with CVE-2025-7775 (dubbed "CitrixBleed 3") already under active exploitation for pre-authentication remote code execution (RCE). CISA has added this high-severity memory overflow bug to its Known Exploited Vulnerabilities (KEV) catalogue, urging immediate patching.
- Click Studios, the developer of the enterprise password manager Passwordstate, has urged users to immediately patch a high-severity authentication bypass vulnerability. The flaw allows attackers to gain administrative access to the Passwordstate Administration section via a crafted URL on the Emergency Access page.

🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/08/28/thousands_of_citrix_netscaler_boxes/
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/passwordstate-dev-urges-users-to-patch-auth-bypass-vulnerability-as-soon-as-possible/

Geopolitical Cyber Landscape 🌍

- The US Treasury Department has sanctioned individuals and front organisations facilitating North Korea's pervasive IT worker scheme, which funnels money to its weapons programs. These workers use fraudulent documents and stolen identities to secure IT jobs globally, with recent actions including a $7.74 million cryptocurrency seizure.
- The Pentagon's Defense Counterintelligence and Security Agency (DCSA) expressed significant concern over China's continued theft of academic and technology research related to the DoD, stating "the homeland is no longer secure." DCSA reviews 30,000 suspicious incidents annually, with thousands deemed credible, highlighting persistent threats like Volt and Salt Typhoon and growing insider risks.
- The US Department of Homeland Security (DHS) plans to spend over $100 million on Counter-Unmanned Aircraft Systems (C-UAS) between 2026 and 2030 to detect, track, and mitigate drone threats to critical infrastructure and public safety. This comes amidst scrutiny over DHS's use of surveillance drones and military involvement in domestic protests.
- The FBI and Dutch Police have successfully shut down VerifTools, a prominent online marketplace for fraudulent identity documents, seizing its servers and domains. The platform sold fake IDs for as little as $9 in cryptocurrency, which were used for bank fraud, phishing, KYC bypass, and other illicit activities, with an estimated $6.4 million in illegal proceeds linked to the site.

🤫 CyberScoop | https://cyberscoop.com/treasury-department-sanctions-north-korea-worker-scheme/
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/08/28/how_does_china_keep_stealing/
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/08/28/dhs_100m_anti_drone_tech/
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/police-seize-veriftools-fake-id-marketplace-servers-domains/
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/08/28/fbi_dutch_cops_seize_veriftools/

Privacy & AI Ethics Debates ⚖️

- Vivaldi CEO Jon von Tetzchner has doubled down on his browser's rejection of generative AI integration, arguing it dehumanises the web, diverts traffic from publishers, and primarily serves to collect user data. Vivaldi advocates for user control and exploration over AI-driven automation, despite industry trends.
- Research from Harvard University indicates that OpenAI's ChatGPT guardrails exhibit biases, refusing requests based on inferred user context like sports fandom, gender, and ethnicity. The study found ChatGPT was more likely to refuse "censored information" requests from women and Asian personas, and showed "AI sycophancy" by adjusting responses to align with inferred political views.

🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/08/28/vivaldi_capo_doubles_down_on/
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/08/27/chatgpt_has_a_problem_with/

Election Security & Policy Watch 🗳️

- A report from the Brennan Center for Justice warns that the Trump administration is preparing for an "unprecedented federal intervention" in US elections, including state-level bans on mail-in voting, mass voter roll purges, military deployment to intimidate voters, and potential decertification of voting machines. The report urges state election officials and policymakers to prepare for these challenges, noting shifts in federal agencies like CISA and DHS.

🤫 CyberScoop | https://cyberscoop.com/trump-administration-power-grab-elections-voting-rights-group-warns/

Software Glitches & Workarounds 🛠️

- Google is addressing authentication issues affecting ChromeOS devices running version 16328.55.0 with Chrome browser 139.0.7258.137, preventing users from signing into Clever and ClassLink accounts and impacting 2-Step Verification. Temporary workarounds include rolling back ChromeOS to M138 or modifying the LoginAuthenticationBehavior setting.

🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/google/google-shares-chromeos-workarounds-for-clever-classlink-auth-failures/

#CyberSecurity #ThreatIntelligence #Ransomware #NationState #APT #ZeroDay #Vulnerability #DataBreach #CloudSecurity #AI #DataPrivacy #InfoSec #CyberAttack #Malware #IncidentResponse #ElectionSecurity

DATE: August 22, 2025 at 04:10PM
SOURCE: HEALTHCARE INFO SECURITY

Direct article link at end of text block below.

@ISMG_News Editors discuss the latest involving #electionsecurity in the US, #cyberstalking, and the federal government's #USAi #artificialintelligence platform https://t.co/72ous8hynz #ISMG

Here are any URLs found in the article text:

https://t.co/72ous8hynz

Articles can be found by scrolling down the page at https://www.healthcareinfosecurity.com/ under the title "Latest"

-------------------------------------------------

Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org

Healthcare security & privacy posts not related to IT or infosec are at @HIPAABot . Even so, they mix in some infosec with the legal & regulatory information.

-------------------------------------------------

#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering

Here we go again. For years #Trump has decried #election security, and now he threatens to withhold #ElectionSecurity funds from states…While at the same time removing the rule that explicitly banned using federal grant money for activities that "could be used to suppress #VoterRegistration or turnout."

To be clear: He wants to make it okay to suppress your #RightToVote by taking money away from election security and putting it into #VoterSuppression. https://www.npr.org/2025/08/22/nx-s1-5508345/election-security-grants-trump-voting-policy

#USpoli

It's been a bit quiet over the last 24 hours, but we've got a critical update on the state of election security in the US. Let's dive in:

Election Security Fears Amidst CISA Cuts 🚨

- Election officials across the US are expressing grave concerns over the significant reduction in federal support from the Cybersecurity and Infrastructure Security Agency (CISA), fearing a resurgence of physical threats and cyberattacks in the 2026 election cycle.
- The article highlights a worrying trend of increased intimidation, doxxing, and even death threats against election workers, alongside the daunting prospect of local offices being left to defend against sophisticated nation-state cyber threats without CISA's expertise and threat intelligence sharing.
- Compounding these issues is the growing concern over misinformation, now amplified by AI, making it harder for officials to combat false narratives and maintain public trust, underscoring the critical need for robust federal partnerships that are now diminishing.

🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/08/16/election_workers_fears_after_cisa_cuts/

#CyberSecurity #ElectionSecurity #CISA #ThreatIntelligence #InfoSec #Government #CyberAttack #Misinformation #AI #NationalSecurity