InfoSecBulletin Cybersecurity for mankind
On February 21, the Australian Department of Home Affairs issued a directive prohibiting the installation of Kaspersky Lab products and services on all Australian government systems and devices.
The directive under the protective security policy framework (PSPF) mandates federal entities to eliminate “all instances” of Kaspersky’s products.
Within Minute, RamiGPT To Escalate Privilege Gaining Root Access
Australian fintech database exposed in 27000 records
Over 200 Million Info Leaked Online Allegedly Belonging to X
FBI investigating cyberattack at Oracle, Bloomberg News reports
OpenAI Offering $100K Bounties for Critical Vulns
Splunk Alert User RCE and Data Leak Vulns
CIRT alert Situational Awareness for Eid Holidays
Cyberattack on Malaysian airports: PM rejected $10 million ransom
Micropatches released for Windows zero-day leaking NTLM hashes
VMware Patches Authentication Bypass Flaw in Windows Tool
Home Affairs secretary Stephanie Foster assessed that Kaspersky software “poses an unacceptable security risk to Australian government, networks and data, arising from threats of foreign interference, espionage and sabotage.”
“I also considered the important need for a strong policy signal to critical infrastructure and other Australian governments regarding the unacceptable security risk associated with the use of Kaspersky Lab products and web services.”
All non-corporate Commonwealth entities must stop using Kaspersky Lab products and services and uninstall them by 1 April 2025, the directive states.
Only agencies involved in “national security or regulatory functions, including compliance and law enforcement functions” can seek an exemption to the ban, if mitigations are in place.
This decision follows a six-month ban by the U.S. government on Kaspersky software sales in North America.
Australia has joined the US and Canada in banning Kaspersky software from government systems, becoming the third Five Eyes nation to do so. The US implemented its ban in 2017.
