Vulnerabilities / Threats

3/22/2018
12:20 PM
100%
0%

US Federal Spending Bill Includes $380 Million for Securing Election Systems

Spending bill includes election technology grants for states to shore up security of their voting systems, reports say.

Congress has included $380 million for election cybersecurity in its new omnibus spending package, marking the legislative branch's first official move toward improving security of the voting and election systems in the wake of concerns over Russian meddling in the 2016 race, Reuters reports.

The funding would include election technology grants for states to better lock down their election systems, according to report in The Hill. The bill also is expected to include additional funding for the FBI - $307 million - in its efforts to battle Russian nation-state cyberattackers.

Also in the package is $26 million for the US Department of Homeland Security's cybersecurity unit for its programs helping states lock down their election systems.

Read more here and here

Interop ITX 2018

Join Dark Reading LIVE for two cybersecurity summits at Interop ITX. Learn from the industry’s most knowledgeable IT security experts. Check out the security track here.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
3/27/2018 | 7:48:08 AM
Re: Spending bill to improve our voting systems
Always have faith in the ability of states to receive revenue and find OTHER useful pockets to put it in.  Having tech is great ---- having IT staffers who know how it works (and not in Bangalore) is better. 
cyclepro
50%
50%
cyclepro,
User Rank: Strategist
3/23/2018 | 9:30:53 AM
Spending bill to improve our voting systems
It is great that Congress is acting on this. However I wonder if it will be in time for the mid-term elections. If not then what can we do to secure the systems in time for those elections?

 

Anyway.. It is a good move and about time!

Maybe both political parties can take heed from this and protect their servers better as well.

 
White House Cybersecurity Strategy at a Crossroads
Kelly Jackson Higgins, Executive Editor at Dark Reading,  7/17/2018
Mueller Probe Yields Hacking Indictments for 12 Russian Military Officers
Kelly Jackson Higgins, Executive Editor at Dark Reading,  7/13/2018
10 Ways to Protect Protocols That Aren't DNS
Curtis Franklin Jr., Senior Editor at Dark Reading,  7/16/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-10869
PUBLISHED: 2018-07-19
redhat-certification does not properly restrict files that can be download through the /download page. A remote attacker may download any file accessible by the user running httpd.
CVE-2018-10870
PUBLISHED: 2018-07-19
redhat-certification does not properly sanitize paths in rhcertStore.py:__saveResultsFile. A remote attacker could use this flaw to overwrite any file, potentially gaining remote code execution.
CVE-2018-12959
PUBLISHED: 2018-07-19
The approveAndCall function of a smart contract implementation for Aditus (ADI), an Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer all contract balances into their account).
CVE-2018-14336
PUBLISHED: 2018-07-19
TP-Link WR840N devices allow remote attackers to cause a denial of service (connectivity loss) via a series of packets with random MAC addresses.
CVE-2018-10620
PUBLISHED: 2018-07-19
AVEVA InduSoft Web Studio v8.1 and v8.1SP1, and InTouch Machine Edition v2017 8.1 and v2017 8.1 SP1 a remote user could send a carefully crafted packet to exploit a stack-based buffer overflow vulnerability during tag, alarm, or event related actions such as read and write, with potential for code t...