Welcome to Codebook, the only cybersecurity newsletter that doesn't like any Thanksgiving foods. Come at me.
Situational awareness: North Korea-linked hackers are suspected in another financial institution heist.
If you've got tips or story ideas, I'd love to see. Just reply to this email.
Illustration: Aïda Amer/Axios
Most states can't afford the complete election system overhauls security experts believe they need. But California has budgeted for election cybersecurity at a level most states could never manage without federal funding.
The big picture: California's elections are what those in every state could look like, with enough money.
What they're saying: "Secretaries of state know what the recommendations and best practices are — paper ballots, post election audits — we know all of those things," says California Secretary of State Alex Padilla. "But states and local governments need the resources to implement it."
The investment: Per the secretary of state's office:
That's about $7 a Californian on top of an election system that this year already abided by the most universal recommendations for running a safe election — ballots that leave a paper trail and auditing to make sure machines are working as intended.
The national government did pass legislation before the election to distribute leftover HAVA funds to states for election cybersecurity. But there wasn't much.
California's Office of Election Cybersecurity was a platform to head off misinformation about voting procedures and polling places — social media versions of the old dirty trick of sending people to the wrong polling place or giving them the wrong instructions.
Emailing residents is a why-doesn't-everyone-do-this type of move. "We are now the one official reliable source of information about the election," says Padilla.
The bottom line: Any state with leaders who honestly aim to maximize security and voter participation could implement all of this, for a price. But the mandate to strengthen the election system, given by everyone from The Incredible Hulk to the vice president, is still unfunded.
The Washington Post reports that Ivanka Trump used a personal email account hundreds of times for official business of the White House. Keen-eyed readers may notice a few parallels with a Hillary Clinton scandal Ivanka's father made a key point in his presidential campaign.
Both Clinton and Trump claimed they didn't understand the rules for email.
The scandal: Trump's use of personal email accounts was discovered during a public records request.
President Trump's supporters still chant "lock her up" at rallies. Democrats' schadenfreude can be heard from space.
Putin has a new doorway into systems! Photo: Alexei Druzhinin/TASS via Getty Images
Researchers at Palo Alto Networks discovered new malware being used by the believed-to-be Russian intelligence group Fancy Bear.
Why it matters: The "cannon" malware uses email to communicate with its command and control server. That's not common in malware right now, says Jen Miller-Osborn, deputy director of threat intelligence for the Palo Alto Networks' Unit 42 research team, and doesn't appear to be something Fancy Bear has ever done before.
Details: Cannon is a new early stage for multistage attacks — it communicates basic information with command and control servers and downloads additional malware.
The intrigue: "So we also don't know if the email technique is a one-off or something they are starting to use," says Miller-Osborn.
As The Information first reported Friday, Instagram notified some users that their passwords had been exposed in the web address when they used the site's "Download your Data" feature.
Here's the thing: Typically, passwords don't travel around the internet or even company servers without being encrypted first. This glitch implies that the passwords spend more time at Instagram unencrypted than would be ideal for the Facebook-owned product.
Researchers at FireEye were first to note that a widespread phishing campaign bore resemblance to Cozy Bear, a believed Russian spying operation distinct from Fancy Bear (mentioned above). FireEye reaffirmed Monday that they are not ready to attribute the attack to Cozy Bear.
Why it matters: The campaign, which FireEye still considers likely to be from Cozy Bear, would be the first appearance of Cozy Bear in more than a year. These hackers are a significant threat, and it would be significant to see them return.
FireEye will continue investigating to make a firmer attribution.
The intrigue: This phishing campaign used malware that would be easily caught by an antivirus program. If the attackers are, in fact, Cozy Bear, FireEye tells Axios that might actually be a sign the hackers are using this campaign as a smokescreen for a more covert attack.
We're taking the holiday off. See you in a week!