A hacker offered to sell an unpatched system vulnerability in the U.S. Election Assistance Commission website on the Dark Web for thousands of dollars. The vulnerability would have given an attacker access to the site and backend systems. The FBI is conducting an ongoing criminal investigation. The seller s native language is Russian and goes by the online handle Rasputin Security firm Recorded Future declined to share technical specifics of the vulnerability or EAC’s compromised platform.
Source: https://threatpost.com/sql-injection-attack-is-tied-to-election-commission-breach/122571/