InfoSecBulletin Cybersecurity for mankind
The US plans to ban the sale of Kaspersky antivirus software due to its alleged ties to the Kremlin. Gina Raimondo, the US Commerce Secretary, said that Moscow’s control over the company was a big threat to US infrastructure and services.
She said that the US was compelled to take action due to Russia’s “capacity and… intent to collect and weaponize the personal information of Americans”.
SonicWall patched SSLVPN Vuln Allowing Firewall Crashing
GitLab Releases Security Update For Multiple Vulns
ISPAB president “whatsapp” got hacked via phishing link
Zyxel released patches 2 vulns in its USG FLEX H series firewalls
South Korea’s largest SK Telecom Hit by Malware: SIM-related info leaked
ChatGPT Develops Exploit for CVEs Before Public PoCs Share
TP-Link Router Vulns Allow to Execute Malicious SQL Commands
SSL.com’s domain validation system’s bug found: Hacker exploited
Amazon Follows Microsoft’s Lead, Halts Some Data Center Deals
Hackers Exploit Zoom’s Remote Control Feature for System Access
“Kaspersky will generally no longer be able to, among other activities, sell its software within the United States or provide updates to software already in use,” the Commerce Department said.
The plan uses strong powers given by the Trump administration to stop or control business deals between US companies and technology firms from “foreign adversary” nations such as Russia and China.
Starting from September 29th, the plan will prohibit software updates, resales, and licensing of the product. Additionally, new business will be limited within 30 days of the announcement.
Sellers and resellers who break the rules will be fined by the Commerce Department. The Commerce Department will list two Russian and one UK-based unit of Kaspersky. They are being accused of cooperating with Russian military intelligence.
US regulators have been focusing on the company for a long time. In 2017, the Department of Homeland Security banned its main antivirus product from federal networks due to suspected links to Russian intelligence.
The multinational company is based in Moscow, but it has offices in 31 countries worldwide. It serves over 400 million users and 270,000 corporate clients in more than 200 countries. The Commerce Department stated that the number of affected customers in the US is confidential business information.
However, a Commerce Department official was quoted by Reuters as saying that it was a “significant number” and included state and local governments and companies that supply telecommunications, power, and healthcare.
Kaspersky said in a statement that the Commerce Department “made its decision based on the present geopolitical climate and theoretical concerns,” and vowed to “pursue all legally available options to preserve its current operations and relationships.”
“Kaspersky does not engage in activities which threaten US national security and, in fact, has made significant contributions with its reporting and protection from a variety of threat actors that targeted US interests and allies,” the company said.
