Information Technology

The number of ads on hacking forums selling access to compromised IT networks has tripled in September 2020, compared to the previous month.

In a report published today and shared with ZDNet, cyber-security firm KELA said it indexed 108 “network access” listings posted on popular hacking forums last month, collectively valued at a total asking price of around $505,000.
Of these, KELA said around a quarter of the listings were sold to other threat actors looking to attack the compromised companies.
The “initial access” market
These type of ads have been posted on hacking forums for years, but for the most part, they’ve been a niche in the “initial access” market, with most cybercrime groups opting to buy access to compromised networks via criminal marketplaces selling RDP access (called “RDP shops”) or from malware botnet operators (known as Malware-as-a-Service, or “bot installs”).
However, beginning with the summer of 2019, a large number of vulnerabilities in major networking products have been disclosed. This included vulnerabilities in Pulse Secure and Fortinet VPN servers, Citrix network gateways, Zoho computer fleet management systems, and many others.
Threat actors were quick to exploit these vulnerabilities, compromising devices en-masse. Many of these systems had to be monetized in some way or another.
While some “initial access brokers” partnered with ransomware gangs, many didn’t have the deep connections and the needed reputation in a closed cybercrime economy to establish these partnerships from the get-go. Instead, these brokers began selling their compromised networks on popular hacking forums like XSS, Exploit, RAID, and others.
But networking devices were only a part of the listings on these forums.
Many brokers also sold access to compromised RDP or VNC endpoints. Most of these systems are compromised via brute-force attacks launched with IoT botnets, while others are bought from classic RDP shops, have their access expanded from user to admin levels, and then resold on forums at higher prices.
Some networks sold for tens of thousands of US dollars
Over the past year, these ads have been steadily increasing in frequency and the price for access to hacked networks.
Based on its monitoring, KELA said that the average price for a compromised network sold on hacker forums is around $4,960, with the price range going from as low as $25 to as much as $102,000.
KELA product manager Raveed Laeb said the price for a “network access” ad usually varies depending on factors such as the company value and the level of privilege.
Obviously, networks with a compromised admin account are valued more than networks where the compromised account only has regular user privileges. However, this doesn’t seem to dissuade the seller, as some threat actors will only be looking for an initial foothold, having their own capabilities of escalating access.
In some cases, it’s the initial access brokers doing the privilege escalation, with the perfect example being a seller who doubled their listing’s price by gaining access to an admin account after posting an initial version of their ad.

Image: KELA
Another interesting observation is that initial access brokers tend to use the “value” of a company rather than the size of its network when deciding on the price, citing statistics like annual revenue rather than the number of endpoints.
This illustrates that initial access brokers are often tailoring their ads for ransomware gangs, where a victim’s annual revenue and profits are used to negotiate the ransom demand, rather than the size of the network, which is usually less significant as a well-placed ransomware attack can often cripple a company even without locking thousands of its computers.
KELA, which analyzed some of the highest-priced ads posted in September, said it found brokers peddling access to a major maritime and shipbuilding company (sold for $102,000), a Russian bank ($20,000), a Turkish aviation firm ($16,000), and a Canadian franchise company ($10,600), with access for this victim’s network being sold in just a few hours.
A larger “initial access” market is hidden in the shadows
However, KELA says that hacking forums like the ones it’s tracking only provide a summary view of the entire “initial access” market, which it’s much, much larger.
Initial access brokers also operate in closed circles, such as private RDP shops, via encrypted communications with selected clients, or via Malware-as-a-Service platforms, such as malware botnets.
Tracking sales and victims via these mediums is impossible, but the glimpse security firms are getting by observing sales on public hacking forums shows just how lucrative this market can be and how easily a hacked RDP or networking equipment can find its way from the hands of a low-level attacker running some publicly-shared exploit to professional malware gangs operating ransomware or POS malware. More

A widespread hacking operation that has been targeting organisations around the world in a phishing and malware campaign which has been active since 2016 has now switched to ransomware attacks, reflecting how successful ransomware has become a money-making tool for cyber criminals.
Dubbed FIN11, the campaign has been detailed by cybersecurity researchers at FireEye Mandiant, who describe the hackers as a ‘well-established financial crime group’ which has conducted some of the longest running hacking campaigns.
The group started by focusing attacks on banks, retailers and restaurants but has grown to indiscriminately target a wide range of sectors in different locations around the world, sending thousands of phishing emails out and simultaneously conducting attacks against several organisations at any one time.
For example, in just one week, Mandiant observed concurrent campaigns targeting pharmaceuticals, shipping and logistics industries in both North America and Europe.
But despite attacks targeting a wide variety of organisations around the world, many of the initial phishing campaigns are still customised on a target by target basis for the maximum possible chance of encouraging a victim to download a malicious Microsoft Office attachment which says macros must been enabled.
This starts an infection chain which creates multiple backdoors into compromised systems, as well as the ability to grab admin credentials and move laterally across networks.
SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic) 
FIN11 campaigns initially revolved around embedding themselves into networks in order to steal data, with researchers noting that the hacking group commonly deployed BlueSteal, a tool used to steal banking information from Point-of-Sale (POS) terminals.
With finances being the focus of the group, it’s likely FIN11 sold this information to other cyber criminals on the dark web, or simply exploited the details for their own gain.
But now FIN11 is using its extensive network as means of delivering ransomware to compromised networks, with the attackers favouring Clop ransomware and demanding bitcoin to restore the network.
Put simply, this shift in tactics is all about making as much money as possible – and ransomware has become a quick and easy way for cyber criminals to make money from a wider variety of targets.
“FIN11 has likely shifted their primary monetization method to ransomware deployment because it is more profitable than traditional methods such as deploying POS malware,” Genevieve Stark, analyst at Mandiant Threat Intelligence told ZDNet.
“Ransomware also increases the potential victim pool since it can be deployed at nearly any organization while POS malware is only effective against certain targets,” she added.
In an effort to blackmail victims into paying the ransom, some ransomware gangs have taken to using their access to networks to steal sensitive or personal data and threaten to leak it if they don’t receive payment for the decryption key – and FIN11 have adopted this tactic, publishing data from victims who don’t pay.
“FIN11’s adoption of data-theft and extortion to increase leverage on victims is further evidence that their motivations are exclusively financial,” said Stark.
SEE: My stolen credit card details were used 4,500 miles away. I tried to find out how it happened
Based on analysis of Russian language in FIN11’s files, researchers say that this purely financially motivated operation is likely operating out of one of the Commonwealth of Independent States – and it’s highly likely the ransomware attacks will continue.
“We anticipate that FIN11 will continue to conduct widespread phishing campaigns with consistently evolving delivery tactics for the foreseeable future,” said Stark.
“FIN11 will probably continue conducting ransomware and data theft extortion for the immediate future, given many organizations acquiesce to extortion demands,” she added.
The attacks have been prolific and successful, but organisations can avoid falling victim to campaigns by FIN11 and other financially motivated groups by following common security advice and applying patches to prevent attackers using known exploits to gain a foothold in networks.
And with FIN11 and other hackers exploiting on Microsoft Office macros to conceal malicious payloads, it’s recommended that macros are disabled to stop them being used as a starting point for attacks.
READ MORE ON CYBERSECURITY More

Google has released details of a high-severity flaw affecting the Bluetooth stack in the Linux kernel versions below Linux 5.9 that support BlueZ.
Linux 5.9 was just released two days ago and Intel is recommending in its advisory for the high-severity Bluetooth flaw, CVE-2020-12351, to update the Linux kernel to version 5.9 or later. 

“Improper input validation in BlueZ may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access,” Intel notes in its advisory for CVE-2020-12351. BlueZ is found on Linux-based IoT devices and is the official Linux Bluetooth stack.
SEE: Security Awareness and Training policy (TechRepublic Premium)
Intel says the BlueZ project is releasing Linux kernel fixes to address the high-severity flaw, as well as fixes for two medium-severity flaws, CVE-2020-12352 and CVE-2020-24490. 
CVE-2020-12352 is due to improper access control in BlueZ that “may allow an unauthenticated user to potentially enable information disclosure via adjacent access.” CVE-2020-24490 refers to BlueZ’s lack of proper buffer restrictions that “may allow an unauthenticated user to potentially enable denial of service via adjacent access.”
Andy Nguyen, a security engineer from Google, reported the bugs to Intel.
Researchers from Purdue University last month claimed that BlueZ was also vulnerable to BLESA (Bluetooth Low Energy Spoofing Attack), along with the Fluoride (Android), and the iOS BLE stack. 
Google has detailed the bugs on the Google Security Research Repository on GitHub. Nguyen’s description of the BleedingTooth vulnerability sounds more serious than Intel’s write-up. 
Nguyen says it’s a “zero click” Linux Bluetooth Remote Code Execution flaw and has published a short video demonstrating the attack using commands on one Dell XPS 15 laptop running Ubuntu to open the calculator on a second Dell Ubuntu laptop without any action taken on the victim’s laptop.  
[embedded content]
BlueZ contains several Bluetooth modules including the Bluetooth kernel subsystem core, and L2CAP and SCO audio kernel layers. 
According to Francis Perry of Google’s Product Security Incident Response Team, an attacker within Bluetooth range who knows the target’s Bluetooth device address (bd address) can execute arbitrary code with kernel privileges. BleedingTooth affects Linux kernel versions 5.8 and higher but not Linux 5.9 and higher.   
“A remote attacker in short distance knowing the victim’s bd address can send a malicious l2cap packet and cause denial of service or possibly arbitrary code execution with kernel privileges. Malicious Bluetooth chips can trigger the vulnerability as well,” Perry writes. 
SEE: Network security policy (TechRepublic Premium)
Google has also published proof-of-concept exploit code for the BleedingTooth vulnerability.  
Google plans to publish further details about BleedingTooth shortly on the Google Security Blog. 
Intel recommends installing the following kernel fixes to address these issues if a kernel upgrade is not possible.  More

IBM is announcing a bevy of updates to Cloud Pak for Security, its platform for tackling cybersecurity threats across multicloud and hybrid environments. 

Launched last year as the foundation of IBM’s open security strategy, Cloud Pak for Security is designed to glean threat information and insights from various sources without having to move data. The system leverages IBM’s investment in Red Hat, including Open Shift, and is designed specifically to unify security across hybrid cloud environments.
Over the last year IBM has expanded the capabilities within Cloud Pak for Security to address some of the key components of threat management — such as detection, investigation and response — using AI and automated workflows.  
IBM is now rolling out new capabilities that aim to extend the platform even further, including a new integrated data security hub that promises to bring data security insights directly into threat management and security response platforms. IBM posits that data security has historically been siloed from threat management, focused on policy and compliance rather than integrated into threat detection and response.
With integrated data security, IBM said it can connect these previously siloed functions and offer security and response teams greater visibility into data-level security.
In addition to the data security hub, IBM is also announcing pre-built connectors for five third-party threat intelligence feeds, and dedicated service offerings that aim to help Cloud Pak customers get up and running on the the platform.
“With these updates, Cloud Pak for Security will include 1 access to six threat intelligence feeds, 25 pre-built connections to IBM and third-party data sources, and 165 case management integrations which are connected through advanced AI to prioritize threats, and automation playbooks to streamline response actions for security teams,” IBM said in a press release. “With the new capabilities, Cloud Pak for Security has become the first platform in the industry to connect data-level insights and user behavior analytics with threat detection, investigation and response.” More

New South Wales Attorney General and Minister for the Prevention of Domestic Violence Mark Speakman on Wednesday introduced legislation to state Parliament with the aim of offering further protections for victims of the distribution of non-consensual intimate images and videos online, colloquially known as “revenge porn”.
Under the proposed amendments to the Criminal Procedure Act 1986, victims of intimate image abuse would have the same court protections as other sexual assault complainants. Judicial officers would also have greater powers to order images and recordings be destroyed.
Speakman said the proposed reforms acknowledge the seriousness of these types of offences and the distress and damage they inflict on victims’ lives.
See also: New Australian Online Safety Act to include take-down of cyber abuse
“Coming to court can often involve extensive questioning about intimate details of a victim’s experience and the terrible hurt caused. These reforms are aimed at helping to reduce the trauma of that experience,” he said.
“It is vital victims know if they report intimate image abuse that they will be appropriately supported in court, while also helping them regain privacy and dignity.” 
The proposed reforms allow the court to order an offender to remove, retract, delete, or destroy an intimate image when found guilty of threatening to distribute it without consent.
“What happens to intimate images can be a source of ongoing fear and trauma for many victims, and our Bill seeks to address that anxiety,” Speakman added. “It will give victims some sense of control and peace of mind that even when only a threat is made, that those images can no longer be accessed or disseminated in the future.
See also: Facebook gets about 500,000 reports of revenge porn a month, report says (CNET)
“Unfortunately, the rapid advent of technology has facilitated a rise in this type of criminal behaviour, so it is crucial our justice response keeps pace.”
The amendments, if passed, would also provide victims with the ability to give evidence remotely and in a closed court, access a support person, have their identity protected from publication, and avoid cross-examination by an unrepresented accused personally.
Citing the NSW Bureau of Crime Statistics and Research, Speakman said there were 296 charges for intimate image offences between July 2018 and June 2019, and 420 charges laid between July 2019 and June this year.
The Australian government in August 2018 passed legislation aimed at protecting citizens from revenge porn by mandating civil and criminal penalties.
Under the legislation, individuals could face civil penalties of up to AU$105,000 and corporations of up to AU$525,000 if they do not remove an image when requested to by the eSafety Commissioner.
IF YOU OR ANYONE YOU KNOW IN AUSTRALIA NEEDS HELP CONTACT ONE OF THESE SERVICES:
Suicide Call Back Service on 1300 659 467
Lifeline on 13 11 14
Kids Helpline on 1800 551 800
MensLine Australia on 1300 789 978
Beyond Blue on 1300 22 46 36
Headspace on 1800 650 890
QLife on 1800 184 527
LATEST FROM NSW More

The Australian Transaction Reports and Analysis Centre (Austrac) announced on Wednesday it has concluded its investigation into Afterpay, having decided it will not pursue any further regulatory action.
Austrac ordered the appointment of an external auditor into Afterpay’s Australian operations in June last year. Specifically, the regulator asked for the examination of Afterpay’s compliance with the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act).
“In response to the findings and recommendations identified in the external audit report, Afterpay has uplifted its AML/CTF compliance framework and financial crime function, and completed all remediation necessary to ensure compliance,” Austrac wrote on Wednesday.
“After considering the report and the response by Afterpay, Austrac has decided not to undertake further regulatory action.
Austrac said it has “reiterated the importance” for Afterpay to meet its compliance obligations in the future, and that it would continue to work with the company to ensure it understands the compliance obligations it has, as well as its role in fighting financial crime.
See also: Sweeping change: Fintech committee offers ‘quick wins’ fix to Australian ecosystem
The regulator took the opportunity to remind new and emerging financial services businesses that they may have obligations under the AML/CTF Act.  
“Startup ventures and technology-based financial businesses must consider whether they have AML/CTF obligations and if they do put in place systems and controls that identify and mitigate money laundering and terrorism financing risks,” Austrac said.
Austrac in September asked for a similar investigation of PayPal, with the examination to focus on “ongoing concerns” regarding the Australian arm’s compliance with the AML/CTF Act.
These concerns relate to PayPal Australia’s compliance with its International Funds Transfer Instruction reporting obligations.
However, Austrac in March announced an extension was granted to the auditors, taking into consideration the scope of the audit, the size, and complexity of PayPal Australia’s business operations and the overlap with PayPal’s international operations.
“The extension will allow PayPal Australia and the external auditor to fully examine their compliance with the AML/CTF Act,” Austrac said.
Last month, Austrac reached an agreement with Westpac to settle the anti-money laundering and counter-terrorism financing allegations that were raised by the watchdog in November 2019.
Should the Federal Court accept the penalty, the bank will pay AU$1.3 billion for breaching the AML/CTF Act over 23 million times. Westpac has admitted to the breaches, which include failing to report international funds transfers of more than AU$11 billion.
MORE FROM AUSTRAC More

Image: ZDNet
Microsoft has released today its monthly batch of security updates known as Patch Tuesday, and this month the OS maker has patched 87 vulnerabilities across a wide range of Microsoft products.
By far, the most dangerous bug patched this month is CVE-2020-16898. Described as a remote code execution (RCE) vulnerability in the Windows TCP/IP stack, this bug can allow attackers to take over Windows systems by sending malicious ICMPv6 Router Advertisement packets to an unpatched computer via a network connection.
The bug was discovered internally by Microsoft engineers, and OS versions vulnerable to CVE-2020-16898 include Windows 10 and Windows Server 2019.
With a severity score of 9.8 out of a maximum of 10, Microsoft considers the bug dangerous and likely to be weaponized, and rightfully so.
Patching the bug is recommended, but workarounds such as disabling disable ICMPv6 RDNSS support also exist, which would allow system administrators to deploy temporary mitigations until they quality-test this month’s security updates for any OS-crashing bugs.
Another bug to keep an eye on is CVE-2020-16947, a remote code execution issue in Outlook. Microsoft says this bug can be exploited by tricking a user “to open a specially crafted file with an affected version of Microsoft Outlook software.”
Below are additional details about today’s Microsoft Patch Tuesday and security updates released by other tech companies:
Microsoft’s official Security Update Guide portal lists all security updates in a filterable table.
ZDNet has published this file listing all this month’s security advisories on one single page.
Adobe’s security updates are detailed here.
SAP security updates are available here.
Intel security updates are available here.
VMWare security updates are available here.
Chrome 86 security updates are detailed here.
Android security updates are available here.
Tag
CVE ID
CVE Title
Adobe Flash Player
ADV200012
October 2020 Adobe Flash Security Update
.NET Framework
CVE-2020-16937
.NET Framework Information Disclosure Vulnerability
Azure
CVE-2020-16995
Network Watcher Agent Virtual Machine Extension for Linux Elevation of Privilege Vulnerability
Azure
CVE-2020-16904
Azure Functions Elevation of Privilege Vulnerability
Group Policy
CVE-2020-16939
Group Policy Elevation of Privilege Vulnerability
Microsoft Dynamics
CVE-2020-16978
Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability
Microsoft Dynamics
CVE-2020-16956
Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability
Microsoft Dynamics
CVE-2020-16943
Dynamics 365 Commerce Elevation of Privilege Vulnerability
Microsoft Exchange Server
CVE-2020-16969
Microsoft Exchange Information Disclosure Vulnerability
Microsoft Graphics Component
CVE-2020-16911
GDI+ Remote Code Execution Vulnerability
Microsoft Graphics Component
CVE-2020-16914
Windows GDI+ Information Disclosure Vulnerability
Microsoft Graphics Component
CVE-2020-16923
Microsoft Graphics Components Remote Code Execution Vulnerability
Microsoft Graphics Component
CVE-2020-1167
Microsoft Graphics Components Remote Code Execution Vulnerability
Microsoft NTFS
CVE-2020-16938
Windows Kernel Information Disclosure Vulnerability
Microsoft Office
CVE-2020-16933
Microsoft Word Security Feature Bypass Vulnerability
Microsoft Office
CVE-2020-16929
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office
CVE-2020-16934
Microsoft Office Click-to-Run Elevation of Privilege Vulnerability
Microsoft Office
CVE-2020-16932
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office
CVE-2020-16930
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office
CVE-2020-16955
Microsoft Office Click-to-Run Elevation of Privilege Vulnerability
Microsoft Office
CVE-2020-16928
Microsoft Office Click-to-Run Elevation of Privilege Vulnerability
Microsoft Office
CVE-2020-16957
Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
Microsoft Office
CVE-2020-16918
Base3D Remote Code Execution Vulnerability
Microsoft Office
CVE-2020-16949
Microsoft Outlook Denial of Service Vulnerability
Microsoft Office
CVE-2020-16947
Microsoft Outlook Remote Code Execution Vulnerability
Microsoft Office
CVE-2020-16931
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office
CVE-2020-16954
Microsoft Office Remote Code Execution Vulnerability
Microsoft Office
CVE-2020-17003
Base3D Remote Code Execution Vulnerability
Microsoft Office SharePoint
CVE-2020-16948
Microsoft SharePoint Information Disclosure Vulnerability
Microsoft Office SharePoint
CVE-2020-16953
Microsoft SharePoint Information Disclosure Vulnerability
Microsoft Office SharePoint
CVE-2020-16942
Microsoft SharePoint Information Disclosure Vulnerability
Microsoft Office SharePoint
CVE-2020-16951
Microsoft SharePoint Remote Code Execution Vulnerability
Microsoft Office SharePoint
CVE-2020-16944
Microsoft SharePoint Reflective XSS Vulnerability
Microsoft Office SharePoint
CVE-2020-16945
Microsoft Office SharePoint XSS Vulnerability
Microsoft Office SharePoint
CVE-2020-16946
Microsoft Office SharePoint XSS Vulnerability
Microsoft Office SharePoint
CVE-2020-16941
Microsoft SharePoint Information Disclosure Vulnerability
Microsoft Office SharePoint
CVE-2020-16950
Microsoft SharePoint Information Disclosure Vulnerability
Microsoft Office SharePoint
CVE-2020-16952
Microsoft SharePoint Remote Code Execution Vulnerability
Microsoft Windows
CVE-2020-16900
Windows Event System Elevation of Privilege Vulnerability
Microsoft Windows
CVE-2020-16901
Windows Kernel Information Disclosure Vulnerability
Microsoft Windows
CVE-2020-16899
Windows TCP/IP Denial of Service Vulnerability
Microsoft Windows
CVE-2020-16908
Windows Setup Elevation of Privilege Vulnerability
Microsoft Windows
CVE-2020-16909
Windows Error Reporting Elevation of Privilege Vulnerability
Microsoft Windows
CVE-2020-16912
Windows Backup Service Elevation of Privilege Vulnerability
Microsoft Windows
CVE-2020-16940
Windows – User Profile Service Elevation of Privilege Vulnerability
Microsoft Windows
CVE-2020-16907
Win32k Elevation of Privilege Vulnerability
Microsoft Windows
CVE-2020-16936
Windows Backup Service Elevation of Privilege Vulnerability
Microsoft Windows
CVE-2020-16898
Windows TCP/IP Remote Code Execution Vulnerability
Microsoft Windows
CVE-2020-16897
NetBT Information Disclosure Vulnerability
Microsoft Windows
CVE-2020-16895
Windows Error Reporting Manager Elevation of Privilege Vulnerability
Microsoft Windows
CVE-2020-16919
Windows Enterprise App Management Service Information Disclosure Vulnerability
Microsoft Windows
CVE-2020-16921
Windows Text Services Framework Information Disclosure Vulnerability
Microsoft Windows
CVE-2020-16920
Windows Application Compatibility Client Library Elevation of Privilege Vulnerability
Microsoft Windows
CVE-2020-16972
Windows Backup Service Elevation of Privilege Vulnerability
Microsoft Windows
CVE-2020-16877
Windows Elevation of Privilege Vulnerability
Microsoft Windows
CVE-2020-16876
Windows Application Compatibility Client Library Elevation of Privilege Vulnerability
Microsoft Windows
CVE-2020-16975
Windows Backup Service Elevation of Privilege Vulnerability
Microsoft Windows
CVE-2020-16973
Windows Backup Service Elevation of Privilege Vulnerability
Microsoft Windows
CVE-2020-16974
Windows Backup Service Elevation of Privilege Vulnerability
Microsoft Windows
CVE-2020-16922
Windows Spoofing Vulnerability
Microsoft Windows
CVE-2020-0764
Windows Storage Services Elevation of Privilege Vulnerability
Microsoft Windows
CVE-2020-16980
Windows iSCSI Target Service Elevation of Privilege Vulnerability
Microsoft Windows
CVE-2020-1080
Windows Hyper-V Elevation of Privilege Vulnerability
Microsoft Windows
CVE-2020-16887
Windows Network Connections Service Elevation of Privilege Vulnerability
Microsoft Windows
CVE-2020-16885
Windows Storage VSP Driver Elevation of Privilege Vulnerability
Microsoft Windows
CVE-2020-16924
Jet Database Engine Remote Code Execution Vulnerability
Microsoft Windows
CVE-2020-16976
Windows Backup Service Elevation of Privilege Vulnerability
Microsoft Windows
CVE-2020-16935
Windows COM Server Elevation of Privilege Vulnerability
Microsoft Windows Codecs Library
CVE-2020-16967
Windows Camera Codec Pack Remote Code Execution Vulnerability
Microsoft Windows Codecs Library
CVE-2020-16968
Windows Camera Codec Pack Remote Code Execution Vulnerability
PowerShellGet
CVE-2020-16886
PowerShellGet Module WDAC Security Feature Bypass Vulnerability
Visual Studio
CVE-2020-16977
Visual Studio Code Python Extension Remote Code Execution Vulnerability
Windows COM
CVE-2020-16916
Windows COM Server Elevation of Privilege Vulnerability
Windows Error Reporting
CVE-2020-16905
Windows Error Reporting Elevation of Privilege Vulnerability
Windows Hyper-V
CVE-2020-16894
Windows NAT Remote Code Execution Vulnerability
Windows Hyper-V
CVE-2020-1243
Windows Hyper-V Denial of Service Vulnerability
Windows Hyper-V
CVE-2020-16891
Windows Hyper-V Remote Code Execution Vulnerability
Windows Installer
CVE-2020-16902
Windows Installer Elevation of Privilege Vulnerability
Windows Kernel
CVE-2020-16889
Windows KernelStream Information Disclosure Vulnerability
Windows Kernel
CVE-2020-16892
Windows Image Elevation of Privilege Vulnerability
Windows Kernel
CVE-2020-16913
Win32k Elevation of Privilege Vulnerability
Windows Kernel
CVE-2020-1047
Windows Hyper-V Elevation of Privilege Vulnerability
Windows Kernel
CVE-2020-16910
Windows Security Feature Bypass Vulnerability
Windows Media Player
CVE-2020-16915
Media Foundation Memory Corruption Vulnerability
Windows RDP
CVE-2020-16863
Windows Remote Desktop Service Denial of Service Vulnerability
Windows RDP
CVE-2020-16927
Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability
Windows RDP
CVE-2020-16896
Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
Windows Secure Kernel Mode
CVE-2020-16890
Windows Kernel Elevation of Privilege Vulnerability More

President Donald Trump claims mail carriers in West Virginia are “selling the ballots” and that the postal service “is losing 30 and 40 percent [of mailed-in ballots].” These are lies. It’s all part of an attempt to cast fear, uncertainty, and doubt around the election. Meanwhile, the California GOP has installed unofficial ballot drop-off boxes that state officials say are illegal. Think your vote will be counted if you were to drop your ballot off in one of these? I doubt it.

2020 Election

So, what can you do? How do you make sure your drop-off ballot or early vote doesn’t disappear into a black hole? People from Google, Microsoft, and other companies have come up with their own answer: WeVoteSafely.org.
WeVoteSafely is a non-partisan site, run by volunteers and without corporate support, for US citizens who are worried about voting in-person on November 3 and concerned that the US Postal Service will lose their ballots.
To help with the third option for voting — ballot drop-off — WeVoteSafely offers a searchable listing of legitimate authorized ballot drop-off locations. Users can locate their nearest ballot drop box by entering their address or using a location service. They will then see a map showing exactly where real drop-off boxes are located. The map also provides a link back to the source of the collection box information to provide trust in the data. 
Tara Grumm, Director of Microsoft Research Outreach, explained, “WeVoteSafely.org is a public service, the site does not display ads, track users or collect any personal information other than the location data needed to provide accurate voting information. The location data is discarded after use, and the site only tracks county-level information about usage to identify gaps in data or other issues to fix.”
The data has been collected by volunteers and its sources can be found on a county-by-county basis. This data was then gathered into Google Sheets and Excel workbooks. Volunteers collected information on the type of safe voting location (e.g. ballot drop box versus early voting); the location’s physical address; and the URL of the authoritative city/county/state source for the information. Additional elements — such as dates/times of availability and location notes — were also captured, where available.
Don’t trust the data? The group understands your skepticism. From their FAQ: “It is ALWAYS a best practice to NOT blindly believe something you happen to read on the Internet. That is even (especially!) true with information on voting. Every location on our maps include a link back to the original city/county/state source of official information.” 
The site uses a human-curated, crowd-sourced search engine and the FAQ notes that while “there is a LOT of cutting/pasting that went into building this site, we might have missed something along the way.” So, if you find an error/omission or have updated information, they want you to tell them so they can fix the problem.
The data for each legal drop-off site is then geocoded. Confusion is still possible — for example, LaGrange, IL vs La Grange, IL — therefore, some manual corrections were made to the data. 
This data is then loaded into Microsoft’s Power BI, a business analytics service running on Microsoft’s Azure cloud. The front-end uses Google Maps. 
Even now there are a few outstanding issues. Some states and counties haven’t finished nailing down their drop-off and early voting sites. Fairfax City and Fairfax County in Virginia, for example, is still proving troublesome. Still, the database covers 98% of the country with over 16,000 locations.
Worried about your own data? The group wants you to know: The service collects no personally identifiable information. That means:

We do NOT use cookiesWe do NOT use any third-party analytics tools or plug-insWe do NOT log/track your specific address or lat/long location information (however, we DOtrack the city, county, and state that users are querying for to help prioritize our dropbox/earlyvoting location research efforts)We do NOT use unique user identifiers on sites across the webNo tricks, no gotchas, no exceptions

I checked the site with my own privacy tools and it’s as clean as a whistle. I also looked at its data for my own home county, Buncombe county in North Carolina, and found it was accurate. If you want to vote early and you want to make sure your vote is counted, I highly recommend this site.
Related Stories: More