MeriTalk News Briefs: VA Confirmation Urged, Midterm Hacking Revealed, Microsoft Bug Bounty Announced

Welcome to MeriTalk News Briefs, where we bring you all the day’s action that didn’t quite make the headlines. No need to shout about ‘em, but we do feel that they merit talk.

Sen. Isakson Urges Confirmation of VA Secretary Nominee

Sen. Johnny Isakson, R-Ga., chairman of the Senate Veterans’ Affairs Committee, released a statement today urging the full Senate to confirm Veterans Affairs Secretary nominee Robert Wilkie “without delay,” saying that he is “eminently qualified for the position.” The Senate VA Committee voted to approve Wilkie’s nomination on July 10, following a hearing with Wilkie on June 27 to examine his qualifications. “It is of utmost importance that any policy changes that impact the future of the department be made by a confirmed VA secretary who can be held accountable by Congress and the American people,” Isakson said. A vote on Wilkie’s nomination in the full Senate has not yet been scheduled.

First Midterm Election Hacking Revealed

On Thursday afternoon, Microsoft revealed the first known example of cyber interference into the 2018 midterm elections. Tom Burt, Microsoft’s vice president for security and trust, said at the Aspen Security Forum that Microsoft successfully detected and blocked hacking attempts aimed at three congressional candidates. Burt didn’t name the targeted candidates. “Earlier this year, we did discover that a fake Microsoft domain had been established as the landing page for phishing attacks,” said Burt. “And we saw metadata that suggested those phishing attacks were being directed at three candidates who are all standing for election in the midterm elections.”

Microsoft Launches New Bug Bounty Program

Microsoft announced on Wednesday it was launching a new bug bounty program to defend its services that manage users’ digital identities. Bounties range from $500 to $100,000, depending on the quality of the report and the security impact of the vulnerability.

Voter Data Left Exposed

Virginia-based Robocent, a political campaign and robodialer firm, left thousands of voter records exposed online. The files were found by Kromtech Security’s Bob Diachenko on a public Amazon S3 bucket that anyone could access without a password. “Robocent cloud storage, with 2594 listed files, was available for anybody on the internet searching for a ‘voters’ keyword, long before I have spotted it,” Diachenko wrote in a blog post. The repository of voter data included voters’ full names, phone numbers, home addresses, political affiliation, age and birth year, gender, voting jurisdiction, and demographics based on ethnicity, language, and education. Diachenko said that after alerting Robocent, the files were secured by a developer. The developer’s response, according to Diachenko, was, “We’re a small shop (I’m the only developer) so keeping track of everything can be tough.”

Recent