The election is over, but not without a hitch or two. Some voters in Georgia and Ohio had to use paper ballots after hand sanitizer leaked into voting machines — an unexpected casualty of the pandemic. And a slew of robocalls across a number of swing states urged voters to “stay safe and stay home,” in an effort to disenfranchise voters from going to the polls. With record voter turnout, there’s little evidence to show it worked.
But we saw nothing like the hack-and-leak operations like we did four years ago, which delivered an “October surprise” that derailed the election for Hillary Clinton, despite winning the popular vote by three million votes.
Government officials and cybersecurity firms said there were no significant or damaging cyberattacks during Election Day. One Homeland Security official called it “another Tuesday on the internet,” but conceded there was still cause for concern in the election aftermath.
With the bulk of the votes counted, government officials pointed to the threat of “foreign influence” campaigns — or misinformation — that would try to cast doubt on the election results. In reality, much of the false and misleading claims ended up coming from inside the White House as the Trump administration tried to cling onto power. After being caught out four years ago, the social media giants put into place measures and policies that limited the spread of false news — including Trump’s repeated attempts to claim victory.
Fears that the 2020 election could turn into a national, or even an international security matter did not come to fruition. The U.S. is in a better place than it was four years ago by simply learning the lessons from Russia’s efforts to interfere with the election. Imagine where we could be in another four?
Since you, like us, were glued to the television screens last week, here’s more from the week you might have missed.
THE BIG PICTURE
Grayshift, the maker of phone unlocking tech, raises a Series A round
Grayshift, the secretive startup behind the U.S. government’s favorite phone unlocking technology, has raised $47 million in fresh funding. The Series A round was led by PeakEquity Partners, and — as first reported by Forbes — is a huge round for a little-known phone forensics firm.
One of only a few photos of the mysterious GrayKey phone unlocking devices. Image Credits: Malwarebytes
Grayshift exploded onto the mobile forensics scene in 2018, months after the company began quietly selling its proprietary GrayKey technology to federal agencies for about $15,000 each. The FBI and other agencies use their purchased GrayKey devices to break into encrypted phones without needing the passcode.
The GrayKey, like other mobile cracking technology, is believed to exploit unknown security vulnerabilities in iPhones and other devices to break through the lock screen. Apple, Google and other phone makers are in a constant cat-and-mouse chase to find and fix the flaws before they can be abused.
But the funding round is a validation that the technology works. At least, for now.
Resident Evil video game firm Capcom was hacked
Capcom, the video game maker behind the Resident Evil and Street Fighter franchises has been hacked. The company confirmed it had shut down some of its internal networks but that “at present” there was no sign of a data breach. That, of course, can always change.
It’s the latest attack against a video game company, following claims of an apparent network intrusion and theft of source code of a Ubisoft game, Watch Dogs: Legion, which ironically is about hacking. The breach is believed to be a data-stealing ransomware attack by the Egregor group, of which little is known. Ubisoft said it was investigating the claims made by the hacker group, who also claimed to have targeted Crytek, a European video game maker behind the CryEngine platform.
Update to iOS 14.2, with bugs under active attack
Apple pushed out iOS and iPadOS 14.2 last week, the latest software update for iPhones and iPads. Included are a ton of new features and additions, including over 100 new emojis — including the long-awaited transgender flag, new wallpapers and the intercom feature for the HomePod Mini, out later this month.
But if you needed another reason to update, iOS 14.2 packs in security patches for three previously unreported vulnerabilities. Google, which found and reported the issues, said the vulnerabilities were being “actively exploited” by hackers.
It’s not known exactly what the hackers are up to, or their motives. Shane Huntley, who heads Google’s Threat Analysis Group, which is tasked with tracking nation-state hackers, said in a tweet that the hackers were engaged in “targeted” exploitation — in other words, very specific victims — but that the attacks were unrelated to the election.
If you haven’t already, update today!
MOVERS AND SHAKERS
Adobe has hired its newest chief security officer, Mark Adams, to push the company into the post-Flash future.
Remember Flash? For a time it was one of the most popular web browser plugins going. But it was a security nightmare. Month after month, Adobe would slap patches on the software to the point where it was held together by string and sticky tape. In the end — after Apple refused to allow Flash onto iPhones and Flash adoption began to plummet as the world took to HTML5 — Adobe decided to pull the plug on Flash altogether. Flash is due to be sunset at the end of 2020.
Back to Adams, who hails from games maker Blizzard where he served as chief security officer. Adams will oversee Adobe’s overall security posture and policies — as well as security incident response.
“Here’s to a new adventure with an incredible team and company!” he said in a LinkedIn post.
$ECURITY $TARTUPS
Cado Security, a U.K.-based cloud forensics startup, has raised $1.5 million in a seed round by Ten Eleven Ventures. The company helps incident responders understand the scope of a breach or security incident across all environments, including clouds, containers and on-premise systems.
And, Israel-based ReSec Technologies, has raised $4 million in a Series A round led by Hong Kong venture fund, QBN Capital. The company helps companies protect against file-based malware threats, which remain as one of the most common ways for ransomware and malware attacks to deploy on victim networks. ReSec said it’ll use the round to expand its global operations.
Send tips securely over Signal and WhatsApp to +1 646-755-8849.