InfoSecBulletin Cybersecurity for mankind
The US plans to ban the sale of Kaspersky antivirus software due to its alleged ties to the Kremlin. Gina Raimondo, the US Commerce Secretary, said that Moscow’s control over the company was a big threat to US infrastructure and services.
She said that the US was compelled to take action due to Russia’s “capacity and… intent to collect and weaponize the personal information of Americans”.
CERT-In Flags Multiple Critical Vulnerabilities in Zoom app
Daily Security Digest Dated 11/23/24
SafetyDetectives’ Research
Malware evades Microsoft Defender and 2FA, stealing $24K in crypto (video)
Over 145,000 ICS Across 175 Countries Found Exposed Online
World to see AI powered “human washing machines”
Hacker compromised over 2000 Palo Alto Networks Firewalls
“Forces Penpals” exposed US and UK Military Social Network’s 1 Million Records
CVE-2024-51503
Trend Micro released updates for Deep Security Agent RCE
Apple Releases Patch for two Actively Exploited Zero-Day
Maxar Space Data Leak, Company admit, Investigation ongoing!
“Kaspersky will generally no longer be able to, among other activities, sell its software within the United States or provide updates to software already in use,” the Commerce Department said.
The plan uses strong powers given by the Trump administration to stop or control business deals between US companies and technology firms from “foreign adversary” nations such as Russia and China.
Starting from September 29th, the plan will prohibit software updates, resales, and licensing of the product. Additionally, new business will be limited within 30 days of the announcement.
Sellers and resellers who break the rules will be fined by the Commerce Department. The Commerce Department will list two Russian and one UK-based unit of Kaspersky. They are being accused of cooperating with Russian military intelligence.
US regulators have been focusing on the company for a long time. In 2017, the Department of Homeland Security banned its main antivirus product from federal networks due to suspected links to Russian intelligence.
The multinational company is based in Moscow, but it has offices in 31 countries worldwide. It serves over 400 million users and 270,000 corporate clients in more than 200 countries. The Commerce Department stated that the number of affected customers in the US is confidential business information.
However, a Commerce Department official was quoted by Reuters as saying that it was a “significant number” and included state and local governments and companies that supply telecommunications, power, and healthcare.
Kaspersky said in a statement that the Commerce Department “made its decision based on the present geopolitical climate and theoretical concerns,” and vowed to “pursue all legally available options to preserve its current operations and relationships.”
“Kaspersky does not engage in activities which threaten US national security and, in fact, has made significant contributions with its reporting and protection from a variety of threat actors that targeted US interests and allies,” the company said.
