Instagram banner mistakenly advertises Wednesday as Election Day for some subscribers

On Tuesday, a subset of Instagram subscribers saw a notification that stated “Tomorrow is Election Day” which could have led to confusion as to whether Tuesday or Wednesday was the actual day for voting. Instagram representatives declined to mention how many subscribers might have seen the outdated message which was attributed to users not refreshing their cache by leaving Instagram open overnight. The message did not mention a specific day and date. 

(Protocol)

Robocalls urging voters to skip Election Day are subject of FBI investigation

As of Election Day, an estimated 10 million calls had been sent out urging people to “stay safe and stay home,” falsely telling voters in Michigan they could vote today, Wednesday, due to long election lines. The FBI is “tracking down this issue,” said a senior official in DHS’s Cybersecurity and Infrastructure Security Agency. But the agency stated this year’s robocall volume has not been any different from previous years. 

(Cyberscoop)

Ant Group falls afoul of Chinese regulators, causing Alibaba to drop 8 percent

Ant Group’s IPO is suddenly on hold in both Shanghai and Hong Kong due to regulatory issues with the Chinese government. Ant is the sister company to Alibaba. The IPO was on track to be among the largest in history, perhaps raising as much as $34.5 billion, and would have catapulted Ant’s market capitalization to $300 B illion. Ant has a history of regulatory issues with the Chinese Communist Party and details regarding the hold are unclear but the government’s shaky relationship with Ant chairman Jack Ma might be a contributing factor. The hold trimmed $60 billion of Alibaba’s valuation.

(TechCrunch)

Twitter hides Trump mail voting tweet ahead of polling day

Mr. Trump’s tweet suggested that a Supreme Court decision to allow more time for postal ballots to arrive in Pennsylvania was “very dangerous” and that rampant and unchecked cheating would follow. Facebook also labelled the message with a fact-check that contradicted the president. The tweet was hidden behind a warning on the president’s account that the content was “disputed and might be misleading”. Twitter It characterized Mr. Trump’s tweet as “fomenting fear of violence”, and said it was part of a broader attempt to spread false information about the legitimacy of the election.

(BBC News)

Thanks to our sponsor, Trusona

Trusona enables enterprises to secure and simplify user access by removing passwords from the Windows 10 login experience. With a single desktop sign-in using Trusona’s passwordless MFA, employees are automatically authenticated into Office 365 or their SSO, giving them secure access to all of their corporate applications. Give your workforce a solution they don’t have to work around.

Adobe fixes critical security vulnerabilities in Acrobat, Reader

The 14 vulnerabilities affected Adobe Acrobat and Reader for Windows and macOS and could enable attackers to execute arbitrary code on vulnerable devices, as well as local privilege escalation, information disclosure, arbitrary JavaScript execution, and dynamic library injection. Ten of vulnerabilities were rated as either critical or important severity bugs. As always, Adobe recommends customers update vulnerable products by choosing Help > Check for Updates.

(Bleeping Computer)

Wroba Trojan now targeting U.S. users

Famous for its attacks in Asian markets, researchers at Kaspersky Labs are seeing the Wroba mobile banking trojan appear on U.S. Android an Apple phones as a text message alerting of a missed package delivery. Android victims are then prompted to perform fake browser updates while iPhone users are directed to a spoofed Apple login page. Wroba belongs to a family of malware that attempts to steal mobile banking accounts as well as one-time passwords sent by banks for client authentication.

(CISO Mag)

After two zero-days in Chrome desktop, Google patches a third zero-day in the Android version

Chrome for Android version 86.0.4240.185 was released last night with fixes for a bug that would allow attackers to bypass and escape the Chrome security sandbox on Android devices and run code on the underlying OS. This marks the third Chrome zero-day discovered by Google’s Threat Analysis Group in the past two weeks. The first, announced on October 20, affected Chrome’s FreeType font rendering library, and the second was a Windows zero-day exploit announced on October 30.

(ZDNet)

Cyber-attackers target high profile Munich conference attendees

The Iranian hacker group Phosphorus disguised themselves as conference organizers and targeted over 100 high-profile individuals including heads of state, world leaders, former ambassadors, and industry experts to extract intelligence information. According to a Microsoft report, the group targeted potential attendees of the upcoming Munich Security Conference and the Think 20 (T20) Summit in Saudi Arabia using fake invitations sent via email. It is believed the hack was done to collect intelligence on the guests themselves.

(CISOMag)