The Cybersecurity and Infrastructure Security Agency has issued a warning that 16 or more states have been leveraging Dominion Voting Systems with software flaws that could present hacking risks, according to The Associated Press.
No threat actor has so far exploited the nine reported vulnerabilities, said the advisory, which also recommended states to promptly apply mitigation efforts, as well as stronger "defensive measures to reduce the risk of exploitation of these vulnerabilities."
Digital technology poses significant security risks in vote recording but there has not been uniform adherence to protections necessitated by such risks, noted University of Michigan computer scientist J. Alex Halderman.
"These vulnerabilities, for the most part, are not ones that could be easily exploited by someone who walks in off the street, but they are things that we should worry could be exploited by sophisticated attackers, such as hostile nation states, or by election insiders, and they would carry very serious consequences," said Halderman.
Vulnerabilities impacting cloud analytics and business intelligence software Qlik Sense have been exploited to facilitate the deployment of CACTUS ransomware in a new campaign, The Hacker News reports.
Vulnerability management: Finding and fixing fatal flaws
Reducing silos between Developers and AppSec in your Software Supply Chain with Snyk and ServiceNow
Vulnerability management: Finding and fixing your fatal flaws
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news