Welcome reader to your CybersecurityHQ report

Brought to you by:

Cypago - Enterprise-grade Cyber GRC Platform

Cypago enables strategic decision making through a full Cyber GRC product suite to help you avoid business reputation impact, financial or client trust losses

Cyber Threats Escalate Election Tensions

Only a week away from the U.S. Presidential Election, and cybersecurity themes are continuing to define a tense campaign.

As we covered, Iranian hackers with alleged links to Tehran (going by the name Mint Sandstorm or APT 24) accessed and leaked emails from former U.S. President Donald Trump's 2024 campaign. It began in July with an escalation of the leaks in September.

Notably, mainstream media outlets would not work with the group, with major outlets like Politico and The New York Times declining to publish due to verification issues.

But now, they’ve finally found publication through American Muckrakers PAC and independent journalists. David Wheeler, founder of American Muckrakers, stated his intent to expose Trump’s campaign strategies, calling the material “authentic and in the public interest.”

The hackers’ leaks continue to reveal contentious campaign insights, with more releases anticipated from Wheeler’s PAC.

Meanwhile, incendiary devices were used to destroy two ballot drop boxes—one in Vancouver, Washington, and one in Portland, Oregon. This real-world destruction of votes has kicked off a major investigation, and it may foreshadow cybersecurity issues with the election.

But in comments made last week, director of the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency Jen Easterly said, “I can say with confidence based on all the work that we've done together since 2016, that election infrastructure has never been more secure. There are cyber threats, there are physical threats to election officials, but we're at a point now with our election infrastructure secure and the election community prepared to meet the moment on the 5th of November.”

Akeyless Secures Deutsche Bank Investment

Akeyless, a trailblazer in identity security, has secured a strategic investment from Deutsche Bank's Corporate Venture Capital (CVC) group. The startup is revolutionizing enterprise security with its unified Secrets & Machine Identity platform, designed to combat the leading cause of breaches: compromised identities and secrets.

In modern multi-cloud environments, machine identities far outnumber human ones, using secrets like credentials and certificates to communicate securely. However, enterprises currently rely on a complex array of tools and vendors to manage these identities and secrets effectively.

"Enterprises use over 12 tools across 15 categories and 75 vendors for secrets and machine identity management, increasing costs and weakening security," said Oded Hareven, CEO of Akeyless. "Deutsche Bank's investment will accelerate our mission to empower enterprises with enhanced control and security for managing secrets and machine identities."

Deutsche Bank's Joerg Landsch emphasized their focus on investing in startups that enable innovative services or increase process productivity. This collaboration marks a significant milestone for Akeyless and underscores Deutsche Bank's commitment to supporting high-growth startups tackling emerging cybersecurity challenges.

Chinese Hackers Target U.S. Election

In our final piece of pre-election coverage, Chinese hackers have allegedly waged a broad espionage campaign targeting the cell phones of Donald Trump, JD Vance, and members of the Kamala Harris campaign—according to Friday's story by the Associated Press.

This is alongside—and potentially interlinked with—the ongoing investigation into Chinese hacks of major U.S. broadband providers, based on reportage from the Wall Street Journal.

The new information is based on insights from people familiar with the matter, speaking with the Associated Press under the condition of anonymity.

Those sources say it is still unclear what data may have been accessed.

For its part, the Chinese embassy said in an official statement that, “The presidential elections are the United States’ domestic affairs. China has no intention and will not interfere in the U.S. election. We hope that the U.S. side will not make accusations against China in the election.”

ISC2 Misleading Cybersecurity Job Market Data

In his open letter to the ISC2 board, Ira Winkler, an award-winning CISO, challenges ISC2’s claims on cybersecurity workforce demand, spotlighting issues in the organization’s recent data presentation. Winkler contends that ISC2 has confused “need” with “demand” in claiming a 4.8 million workforce gap.

According to Winkler, ISC2 misleadingly suggests this figure reflects current job openings, but he argues this “gap” is aspirational, not grounded in real, paying job demand. His critique underscores ISC2’s duty to accurately represent employment data, calling out ethical and competency concerns.

Winkler warns that ISC2’s narrative risks misleading entry-level professionals with false promises of high-paying opportunities and encourages the board to refocus on transparency and genuine community service. He also outlines recommendations for restoring ISC2's credibility. Read his full letter on LinkedIn here.

Inside the Fight for Unhackable Voting Machines

In an in-depth article by Bloomberg, Chip Trowbridge, CTO of Clear Ballot Group, dives into the intricate safeguards protecting the company’s voting machines. Trowbridge meticulously explains each layer of security on the ClearCast scanners, countering rising concerns over voting technology with a step-by-step breakdown of the tamper-proof processes in place. Clear Ballot machines, which do not connect to the internet, rely solely on physical data storage, and log every action, ensuring all activity is traceable. To add a layer of transparency, the system backs up digital scans of ballots, creating a redundant paper trail for audits.

Clear Ballot’s shift towards a paper-based system reflects a broader industry trend, especially after the shortcomings of direct-recording electronic (DRE) machines in the early 2000s. By reverting to hand-marked ballots, verified digitally and backed by high-tech audit software, Clear Ballot aims to restore public confidence, even amid pervasive conspiracy theories amplified by influential figures like Elon Musk. Despite the growing paranoia, Trowbridge and CEO Bob Hoyt contend that electronic voting machines, while imperfect, remain a more secure and scalable solution than manual counts. A fully analog system would be slower and riskier due to potential human error.

For now, Clear Ballot, certified in 14 states, navigates a labyrinth of federal regulations to maintain secure, accessible, and user-friendly technology. Its robust processes offer a quieter reassurance amid the frenzy of election disinformation, underscoring a commitment to safeguarding American democracy, ballot by ballot.

Operation Magnus: Infostealer Network Dismantled

On October 28th, 2024, the Dutch National Police, the FBI, and international partners in Operation Magnus disrupted the notorious RedLine and Meta infostealers. These malicious tools—which exfiltrate everything from login credentials to financial info—have siphoned sensitive information from millions worldwide.

Three individuals face charges so far—one in the U.S. and two in Belgium—with more arrests likely on the horizon. The U.S. Justice Department unsealed charges against Maxim Rudometov, believed to be a key developer and administrator of RedLine. If convicted, he could face up to 20 years in prison for money laundering alone.

Security company ESET  Netherlands discovered malicious servers and sent the information along to Dutch police, leading to a year-long investigation. ESET has since released an online scanner for users to check if they were infected. You can find that at www.operation-magnus.com.

The Dutch police utilized lawful hacking to dismantle the malware's infrastructure, rendering it incapable of stealing new data. This included shutting down Telegram accounts that distributed the infostealers. "Until recently, Telegram was a service where criminals felt untouchable and anonymous. This action has shown that this is no longer the case," the Dutch Police stated.

In a bold move, authorities teased the cybercriminals with a final update video mimicking their own ads. The video declares, "We gained full access to all Redline and Meta servers. Did you know they are actually pretty much the same? This version of Redline and Meta includes unique insights into your data. Username, passwords, IP addresses, timestamps, registration date, and much more.”

Election Watchers or Voter Intimidation?

In an alarming resurgence of post-2020 election fervor, election deniers in swing states are mobilizing en masse to “guard” polling stations, driven by unproven claims of fraud. Using Telegram, groups from Arizona to Wisconsin coordinate surveillance efforts, capturing potential voters on camera to share “suspicious” footage with law enforcement. Leaked documents, acquired by transparency group Distributed Denial of Secrets, reveal extensive plans for watching ballot drop boxes—a move civil rights organizations warn could deter voters.

Rooted in Trump’s baseless 2020 fraud claims, these efforts are creating a charged atmosphere around polling sites. The Trump campaign, along with the RNC, says it’s training over 230,000 poll watchers, but critics argue the “protection” efforts could cross into voter suppression. Groups like the League of Women Voters are on alert, ready to litigate if these self-appointed “patriots” intimidate voters.

This phenomenon highlights a disturbing convergence of digital platforms and real-world action. Far-right channels on Telegram, a Russia-based app notorious for enabling extremists, now serve as organizing hubs for U.S. militias and activists. Despite pledges to respect legal boundaries, the high-profile, pervasive surveillance plans risk spooking voters and threatening the democratic process.

Russian Court Sentences REvil Hackers

On Friday, October 25, a Russian court sentenced four members of the REvil ransomware gang to prison sentences ranging from four to six years. The four defendants are Artem Zayets, Aleksey Malozemov, Daniil Puzyrevsky, and Ruslan Khansvyarov.

All four were found guilty of illegally sourcing and transferring funds, while two were also convicted of using and distributing malicious software. They all maintain their innocence.

Though the REvil gang members have been in police custody since 2022, many observers were not expecting such a definitive outcome. That’s especially true given the origin of the arrest.

Russian security service FSB claims that they made the initial breakup and arrest of REvil based on a request by the U.S. The initial arrests captured 14 suspects, 8 of which were brought to trial. The FSB also claims to have seized 426 million rubles ($600,000), luxury cars, and more.

Upgrade your subscription for exclusive access to member-only insights and services.

Upgrade to paid

Cybersecurity Firms Poised for Growth

The industry was filled with positive business news. For a start, cybersecurity firm Armis is now preparing to launch an IPO in 2026, hot off of a $200 million funding round. The company is currently valued at $4.2 billion.

The company offers risk management services for a range of companies including United Airlines, Colgate-Palmolive Co., and Mondelez International Inc.

They’ve been holding out for the market to improve before going public, and now seems like the time. IPOs in the U.S. have leapt up in 2024 compared to the previous year.

Meanwhile, MIND—a data loss prevention firm—claimed on Wednesday that they raised $11 million in an early funding round. They call it their emergence from “stealth mode,” a move that follows a year of working with select companies in secret.

The MIND platform integrates automation and AI to make data leak protection more immediate. The team is led by co-founders Eran Barak, Itai Schwartz, and Hod Bin Noon—all former members of Israel’s 8200 military intelligence unit. The company maintains its R&D in Israel, though its headquarters are in the U.S.

Another Domino Falls to Putin

In the latest chapter of Georgia’s turbulent political saga, the ruling Georgian Dream party’s October 26 parliamentary election win has ignited controversy. Accusations of election fraud have emerged, with the opposition claiming Russian interference to tilt Georgia toward Moscow—a move President Salome Zourabichvili has labeled a “Russian special operation.” She condemned the election as fraudulent, urging citizens to boycott the results. Moscow-aligned voices, including Russia's Dmitry Medvedev, have even called for her removal, escalating tensions.

Despite claims of a rigged vote, the opposition has struggled to rally a coordinated response, prompting fears that their passivity could deepen public disillusionment. On the ground, the International Society for Fair Elections and Democracy found no overt irregularities in the vote count but flagged voter intimidation, alleged bribery, and other pressures leading up to the vote.

The stakes are high: Georgian Dream’s claimed victory, bolstered by surprising support in regions long mired in election controversy, points to a pivotal shift. Many fear that without opposition resistance, Georgia will edge closer to authoritarian Russia, potentially aligning with Moscow-favored alliances such as BRICS. With Western leaders voicing concern, Georgia’s fragile democracy is again at a crossroads.

U.S. Prioritizes AI for Defense

In a push to stay ahead in the AI race, the Biden administration has unveiled a new national security strategy calling for rapid deployment of AI within military and intelligence operations. National Security Advisor Jake Sullivan warned that U.S. rivals are determined to overtake America's military edge, urging national security leaders to embrace AI technologies swiftly yet responsibly. Speaking at the National War College, Sullivan underscored that AI’s role in enhancing nuclear physics, stealth, and more could be crucial to retaining dominance in critical areas like space and undersea operations.

The memo reveals U.S. concerns about China’s swift AI advancements, with a White House fact sheet emphasizing the risks of technological espionage. The administration promises cybersecurity support for AI developers and aims to diversify chip supply chains to safeguard these technologies. Despite some collaboration with China, Sullivan voiced skepticism about the potential for shared ethics in AI, citing China’s AI use for repression and misinformation.

Not all experts are sold. Sarah Myers West of the AI Now Institute cautioned against over-reliance on AI in military contexts, fearing operators might defer excessively to machine decisions. As AI reshapes warfare, U.S. officials stress the need for a “human in the loop,” while critics, like the Stop Killer Robots campaign, argue these steps are insufficient safeguards.

New ChatGPT Jailbreak Bypasses Safeguards

Mozilla's 0Din bug bounty program recently revealed a new jailbreak for ChatGPT-4o, bypassing its safeguards through hex-encoded malicious instructions. Disclosed by Marco Figueroa, the jailbreak enables ChatGPT to perform restricted actions, such as generating a Python exploit for a CVE vulnerability.

Normally, direct requests for such tasks are blocked, but encoding requests in hexadecimal or using emoji-based prompts bypasses these guardrails.

OpenAI has since patched these vulnerabilities, but recent hacks, including Palo Alto Networks’ “Deceptive Delight,” continue to challenge LLM security.

Russia’s Cyber Campaign Targets Ukraine

In more Russia news, Google has reported a Russian cyberespionage and influence campaign targeting Ukrainian military recruits.

Using a persona named “Civil Defense” on Telegram, the campaign distributes malware disguised as software for locating military recruiters. The malware, including CraxsRat and SunSpinner on Android and Pronsis Loader on Windows, can steal personal data, monitor device activity, and exfiltrate credentials.

Google noted that the Civil Defense website directs users to disable security features like Google Play Protect, enabling the malware to infect devices. The campaign also spreads anti-mobilization propaganda, encouraging users to upload videos to discredit the Ukrainian military. Promoted posts on legitimate Ukrainian Telegram channels amplify its reach, while the website hosts anti-mobilization content.

Google has notified Ukrainian authorities, blocked the website within Ukraine, and added the malware to Safe Browsing. This campaign aligns with Russian influence tactics observed by EUvsDisinfo to disrupt Ukraine’s mobilization efforts.

GEC's Battle Against Disinformation Uncertain

In an era where digital battlegrounds are as contentious as physical ones, the State Department's Global Engagement Center (GEC) emerges as a crucial but controversial player in the fight against foreign disinformation. Tasked with exposing and countering state-backed falsehoods, particularly from adversaries like Russia and China, the GEC's achievements are notable—dismantling a significant Russian disinformation campaign in Africa and spearheading an international accord to combat global misinformation.

However, as its congressional mandate teeters on the brink of expiration this December, the GEC finds itself embroiled in a fierce battle not with foreign propagandists, but with domestic political tumult. Skeptical Republican lawmakers challenge the center's scope and accuse it of overreaching into domestic politics—a charge stemming from its associations and funding decisions. As bipartisan efforts intensify to secure its reauthorization, the center's fate hangs in balance, underlining the increasingly complex nexus between national security, politics, and the global misinformation war.

Moldova: Democracy's Cyber Battleground

Moldova's electoral integrity is under siege from Russian interference, with disinformation, cyberattacks, and historical vote-buying tactics ramped up ahead of its pivot-point presidential elections. The stakes are high: choose continued European integration or slip into Moscow's shadow. The US and allies from the EU to NATO are on high alert, dispatching advisors, and sharing intelligence to thwart Putin's ploys.

The White House accuses pro-Russian forces of a large-scale, cash-fueled campaign against EU membership, while Telegram channels buzz with pro-Russian propaganda. The US Cybersecurity and Infrastructure Security Agency, alongside other Western entities, lends its expertise to combat these cyber onslaughts. As the world watches, the outcome may not only dictate Moldova's trajectory but also signal the viability of Western defenses against Russia's digital warfare in shaping geopolitics.

Interesting Read

Geofencing Tech Sparks Privacy Fears

Using privately-owned technology that’s available to anyone willing to pay for it, you can now easily track someone’s daily movements just by drawing a box on a map.

But this isn’t dangerous tech only now being unleashed. It’s a widespread capacity of commercial services that are now facing legal challenges in a case that could go to the Supreme Court.

All of the details are covered brilliantly in this article by Brian Krebs. 

Meet Atlas Data Privacy Corp. This Delaware-based organization removes users’ personal information from consumer data brokers. But they continually run into issues getting companies to follow their requests. Atlas claims this is in violation to Daniel’s Law—a New Jersey statute that requires commercial data brokers to completely remove information they have for people when requested.

Atlas has a new target in their sights: Babel Street. This company offers powerful geofencing and device tracking capabilities, blurring the line between commercial convenience and invasive surveillance. The images of the interface are dystopian. Using their LocateX platform, you can track devices on maps by simply drawing a box. That includes in places like mosques, abortion clinics, and courtrooms—a fact that brings up implications that have many privacy advocates worried. 

This raises profound questions about personal privacy, the safety of vulnerable groups, and how far commercial surveillance can go without government oversight

Twitter Highlights

Stay Safe, Stay Secure.

The CybersecurityHQ Team