According to Fortinet's recent threat report, cybercriminals, hacktivists, and nation-state actors have threatened to disrupt or take advantage of the US election. The report discusses the threat landscape and adversarial activity that could impact this year's election. Fortinet recognizes that the usual threats come from financially motivated criminals, partisan hacktivists, and politically motivated elite nation-state actors. This article continues to discuss the cyber threats to November's Election Day.

Researchers from the University of Texas at Austin's SPARK Lab have identified "ConfusedPilot," a new cyberattack that targets Retrieval-Augmented Generation (RAG)-based Artificial Intelligence (AI) systems such as Microsoft 365 Copilot. Professor Mohit Tiwari, CEO of Symmetry Systems, led the team that discovered how attackers could manipulate AI-generated responses through the introduction of malicious content into documents referenced by the AI. This method could result in misinformation and flawed decision-making by organizations.

A new malware campaign delivers "Hijack Loader" artifacts signed with legitimate code-signing certificates. Researchers at HarfangLab detected the activity, noting that the attack chains aim to deploy the "Lumma" infostealer. Hijack Loader was discovered in September 2023, with attack chains that trick users into downloading a booby-trapped binary as pirated software or movies.

Intel and AMD have responded to security researchers' discoveries of new attack methods called "TDXDown" and "CounterSEVeillance" that target Trust Domain Extensions (TDX) and Secure Encrypted Virtualization (SEV) technology. The research focused on Intel and AMD Trusted Execution Environments (TEEs), which isolate the protected application or Virtual Machine (VM) from the operating system and other software on the same physical system in order to protect code and data.

North Korean hackers are infecting financial institutions' payment switch systems with a new Linux variant of "FASTCash" to withdraw cash. FASTCash previously targeted Windows and IBM AIX (Unix) systems, but security researcher "HaxRob" found a Linux variant that targets Ubuntu 22.04 LTS distributions.

Shawn Merdinger, a cybersecurity researcher, found that many organizations whose door access controllers he analyzed failed to protect them from hacker attacks. He showed how S2 Security door access controllers used by schools, hospitals, and other organizations could have been remotely hacked in 2010. Years later, he started a cybersecurity research project to show that physical access control vulnerabilities still affect many organizations.

The Volkswagen Group has recently made a public statement after a known ransomware group claimed to have stolen valuable information from the carmaker's systems.  The spokesperson says that this incident is known but added that the IT infrastructure of the Volkswagen Group is not affected.  The Volkswagen Group owns car brands such as Volkswagen, Skoda, Seat, Audi, Lamborghini, Porsche, Cupra, and Bentley. The company has not shared any other information on the cyberattack.

Code hosting platform GitHub has recently released patches for a critical severity vulnerability in the GitHub Enterprise Server that could lead to unauthorized access to affected instances.  The vulnerability is tracked as CVE-2024-9487 (CVSS score of 9.5), and was introduced in May 2024 as part of the remediations released for CVE-2024-4985, a critical authentication bypass defect allowing attackers to forge SAML responses and gain administrative access to the Enterprise Server.

Automattic recently announced patches for 101 versions of the popular WordPress security plugin Jetpack to resolve a critical severity vulnerability introduced in 2016.  The bug, which was discovered internally and does not have a CVE identifier yet, was introduced in Jetpack version 3.9.9 and affects all subsequent releases.  The company noted that during an internal security audit, they found a vulnerability with the Contact Form feature in Jetpack ever since version 3.9.9, released in 2016.

Splunk recently announced fixes for 11 vulnerabilities in Splunk Enterprise, two of which are high-severity bugs leading to remote code execution on Windows systems.  Splunk noted that the most severe of the flaws is CVE-2024-45733 (CVSS score of 8.8), an insecure session storage configuration issue that could allow a user without "admin" or "power" Splunk roles to execute code remotely.  According to Splunk, only instances running on Windows machines are affected by this vulnerability.  Instances that do not run Splunk Web are not impacted either.