With just a few days left until 2024 presidential election In the United States, WIRED reported on documents revealing US government assessments of multiple components of electoral security and stability. First obtained by the national security transparency nonprofit Property of the People, a report distributed by the U.S. Department of Homeland Security in October assessed that Financially motivated cybercriminals and ideologically motivated hacktivists are more likely than state-backed hackers to attack US election infrastructure.. Another government memo He warned of the risk of internal threats to the elections.noting that such internal malfeasance “could derail or jeopardize a fair and transparent electoral process.”

With so much at stake in a hyperpolarized and combative climate, US elections have become increasingly militarizedwith bulletproof glass, drones, defensive blockades and snipers protecting election offices, and election officials preparing for the possibility of violent attacks. A WIRED investigation also revealed a successful CIA hack of Venezuela’s military payroll system that was part of a clandestine effort by the Trump administration to overthrow the country’s autocratic president, Nicolás Maduro.

In other cybersecurity news, WIRED delved into the Firewall vendor Sophos’ five-year turf war to try to eliminate Chinese hackers conducting espionage operations on some vulnerable devices and keep them away. And researchers warn that a “critical” no-click vulnerability in a default photography application on Synology network-attached storage devices They could be exploited by hackers to steal data or infiltrate networks.

As always, there is more. Each week, we round up the security and privacy news we didn’t cover in depth. Click on the headlines to read the full stories. And stay safe out there.

A Disney employee who was fired from the company and still had access to his passwords allegedly hacked software used by Walt Disney World restaurants, according to a report from 404 Media and Court surveillance. A criminal complaint against Michael Scheuer claims he repeatedly accessed a third-party menu creation system created for Disney and changed menus, including changing fonts to Windings, the font composed entirely of symbols.

“The threat actor renamed the fonts to keep the original font name, but the actual characters appeared as symbols,” the criminal complaint says. “As a result of this change, all menus within the database became unusable because the font changes propagated throughout the database.”

However, the accusations are not limited to the capricious vandalism of fountains. The federal complaint also details how Scheuer allegedly changed menu listings to say foods with peanuts were safe for people with allergies, attempted to log into Disney employees’ accounts, blocked 14 employees from accessing their accounts by try to log in with an automated system. script, and kept a folder of personal information about employees and showed up at someone’s home. An attorney representing Scheuer had no comment on the allegations.

During the last years, information thieves They have become a popular tool of choice for hackers, from cybercriminals trying to make money to sophisticated nation-state groups. Malware, often included in pirated software, uses web browsers to collect usernames and passwords, cookies, financial information, and other data you enter on your computer. This week, police officers from around the world took down information thief Redlinewhich has been used to capture more than 170 million pieces of data and has been linked to large-scale attacks. An almost identical information stealer called Meta was also discontinued. As part of Operation Magnus, US officials identified Russian national Maxim Rudometov as being behind the development of Redline. As TechCrunch reportsRudometov was identified following a series of security operational errors, including the reuse of online identifiers and emails on social media applications and other websites. In its criminal complaint, the US Department of Justice pointed to Rudometov’s dating profile, which was apparently liked by 89 other users and He didn’t get likes in return..

In January 2018, it emerged that GPS data from the running and cycling app Strava could expose secret military locations and the movements of people exercising around them. Officials warned that it was a clear security risk. Years later, many apparently haven’t been paying attention. french newspaper Le Monde has revealed In a series of stories, US Secret Service agents are leaking their data through the fitness app, allowing the movements of Joe Biden, Donald Trump and Kamala Harris to be tracked. Security personnel linked to French President Emmanuel Macron and Russian President Vladimir Putin are also exposing their movements. Those who exposed their data used public profiles and often posted tours that began or ended at places where they stayed during official trips. The leaks included Putin-linked bodyguards running near a palace that the Russian leader has denied owning.

Italian prosecutors placed four people under house arrest and revealed that they are investigating at least 60 more after an intelligence company in the country allegedly hacked into government databases and collected information on more than 800,000 people. The intelligence company Equalize allegedly collected information on some of the most prominent politiciansbusinessmen and sports stars, Politico reported. The information accessed is alleged to have included banking transactions, police investigations and more. The hacked information was reportedly sold or potentially used as part of extortion attempts, with those behind the scheme allegedly making €3.1 million. The scandal, which has infuriated Italian politicians, may also be wider than its impact in Italy, as latest reports suggest that Equalize counted Israeli intelligence and the Vatican as clients.