Hacker allegedly stole logins from a US election agency - conleyknowded
A Russian-talking hacker has been base selling taken login credentials for a U.S. delegacy that tests and certifies voting equipment, according to a security measures firm.
The cyberpunk was attempting to deal out more than 100 allegedly compromised login certificate belonging to the U.S. Election Help Commission (EAC), the security firm Record Upcoming said in a Thursday blog post. The company said it disclosed online chatter about the breach on Dec. 1.
Some of these credentials included the highest administrative privileges. With much access, an intruder could steal sensitive entropy from the delegacy, which the drudge claimed to have done, Recorded Subsequent aforementioned.
According to screenshots obtained past Prerecorded Future, the hacker had access code to details about tests of election systems and software.
The EAC said it has concluded access to the smitten application and is working with federal law enforcement to determine the source of the criminal activity.
The EAC was formed in 2002. Additionally to certifying ballot systems, it develops best practices for administering elections.
In a statement, the charge said that information technology was aware of a "potential intrusion" involving a network-facing EAC application.
The attainable breach comes after weeks of allegations that the Russian government attempted to influence last month's U.S. election direct different high-profile hacks.
The commission does non directly administer U.S. elections. They are carried out away states and local jurisdictions.
"The EAC does not maintain voter databases. The EAC does not tabularise or store vote totals," the commission same.
Recorded Future A systems status report pageboy happening the perpetration's application.
Record Future also same the hacker IT known doesn't come out to personify sponsored by whatever foreign government. The security firm's blog post didn't cite any evidence that the hack had resulted in balloting-meddling in the election.
To drag off the transgress, the cyberpunk exploited an unpatched SQL injection vulnerability, a common attack point saved in websites. The hacker Crataegus laevigata too have tried to sell details about this exposure to a broker working along behalf of a Geographic area government, Prerecorded Future said.
"It's not uncommon for this type of exposure to lead to broader system level access, however, therein case the nourished extent of the EAC via media cadaver unknown," Prerecorded Future said.
The stolen login credentials could have also allowed a hacker to qualify or plant malware happening the commission's web-facing application, the company said.
It's clouded how long the vulnerability remained unpatched, so it's possible new bad actors May throw exploited it, Recorded Future aforesaid.
Source: https://www.pcworld.com/article/411376/hacker-allegedly-stole-logins-from-a-us-election-agency.html
Posted by: conleyknowded.blogspot.com
0 Response to "Hacker allegedly stole logins from a US election agency - conleyknowded"
Post a Comment