Florida man accused of hacking into Disney World menus and changing the font to Wingdings

With only a few days to go until the 2024 presidential election in the United States, WIRED reported on documents revealing the US government’s assessments of multiple components of election security and stability. A report first obtained by the national security transparency nonprofit Property of the People was distributed by the U.S. Department of Homeland Security in October. financially motivated cybercriminals and ideologically motivated hacktivists are more likely than state-sponsored hackers to attack US election infrastructure. Another government letter warned of the risk of insider threatsnoting that such internal crimes “could derail or jeopardize a fair and transparent electoral process.”

With so much at stake in a hyper-polarized and combative climate, US elections have become increasingly militarizedwith bulletproof glass, drones, defensive blockades and snipers protecting election offices, and election officials bracing for the possibility of violent attacks. A WIRED investigation also uncovered a successful CIA hack of Venezuela’s military payroll system part of a clandestine effort by the Trump administration to overthrow the country’s autocratic president, Nicolás Maduro.

In other cybersecurity news, WIRED did a deep dive into the Firewall vendor Sophos’ five-year battle to try to root out Chinese hackers conducting espionage operations on some vulnerable devices – and keep them out. And researchers warn about this a “critical” zero-click vulnerability in a standard photo app on Synology network storage devices can be abused by hackers to steal data or infiltrate networks.

As always, there is more. Every week we round up the security and privacy news that we haven’t covered in depth ourselves. Click on the headlines to read the full stories. And stay safe out there.

A Disney employee who was fired from the company and still had access to the passwords allegedly hacked into the software used by Walt Disney World’s restaurants, according to reporting by 404 Media And Court guard. A criminal complaint against Michael Scheuer alleges that he repeatedly accessed the third-party menu creation system created for Disney and modified menus, including changing fonts in Windings – the font composed entirely of symbols.

“The fonts were renamed by the threat actor to preserve the name of the original font, but the actual characters appeared as symbols,” the complaint said. “As a result of this change, all menus in the database were unusable as the font changes propagated through the database.”

However, the accusations are not limited to erratic font vandalism. The federal complaint also details how Scheuer allegedly changed menu listings to say that foods with peanuts in them were safe for people with allergies, tried to log into Disney employees’ accounts, blocked 14 employees from their accounts by trying to log in logging with an automated script, and kept a folder with personal information about employees and ended up in one person’s home. An attorney representing Scheuer did not comment on the allegations.

In recent years information stealers have become a popular tool for hackers, from cybercriminals trying to make money to sophisticated nation-state groups. The malware, which is often bundled into pirated software, uses web browsers to collect usernames and passwords, cookies, financial information, and other data you enter on your computer. This week police all over the world disabled the Redline infostealerwhich has been used to collect more than 170 million pieces of information and has been linked to large-scale hacks. A nearly identical infostealer named Meta was also disrupted. As part of Operation Magnus, US officials have identified Russian national Maxim Rudometov as being behind the development of Redline. If TechCrunch reportsRudometov was identified after a series of operational security failures, including the reuse of online handles and emails through social media apps and other websites. In its criminal complaint, the U.S. Department of Justice pointed to Rudometov’s dating profile, which apparently “liked” 89 other users and didn’t get any likes in return.

In January 2018 it turned out that GPS data comes from the running and cycling app Strava could uncover secret military locations and the movements of people exercising around them. Officials warned that it was a clear safety risk. Years later, many apparently haven’t been paying attention. French newspaper Le Monde has revealed in a series of stories that US Secret Service agents leaked their data through the fitness app, allowing the movements of Joe Biden, Donald Trump and Kamala Harris to be tracked. Security personnel linked to French President Emmanuel Macron and Russian President Vladimir Putin are similarly exposing their movements. Those who made their data public used public profiles and often posted runs that started or ended at the locations they stayed during official trips. The leaks also involved bodyguards linked to Putin who were close to a palace that Russia’s leader has denied owning.

Italian prosecutors have placed four people under house arrest it turned out that they are doing research at least 60 others after an intelligence firm in the country allegedly hacked into government databases and collected information on more than 800,000 people. Intelligence company Equalize is said to have collected information about a number of Italy most prominent politiciansentrepreneurs and sports stars, Politico reported. It is claimed that the information accessed included banking transactions, police investigations and more. The hacked information was reportedly sold or possibly used as part of extortion attempts, with the people behind the scheme reportedly making €3.1 million. The scandal, which has enraged Italian politicians, could also be wider than just its impact in Italy, with latest reports suggesting Equalize has counted. Israeli intelligence services and the Vatican as clients.