Normal view

There are new articles available, click to refresh the page.
Before yesterdayMain stream

A week in security (June 17 – June 23)

✇Malwarebytes Labs
24 June 2024 at 03:07

Last week on Malwarebytes Labs:

Last week on ThreatDown:

Stay safe!

Our business solutions remove all remnants of ransomware and prevent you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

U.S. Bans Sale of Kaspersky Cybersecurity Software

✇Security Boulevard
By: Michael Vizard
21 June 2024 at 17:59
IoT checkmark, consumer, act, compliance, cybersecurity

Long simmering suspicions about the loyalty of Kaspersky Software, a cybersecurity firm headquartered in Russia, came to a head this week after the U.S. government banned the sale of the company’s software, effective July 20th, to both companies and individual consumers. In addition, the U.S. Treasury Department has placed sanctions on 12 senior leaders of..

The post U.S. Bans Sale of Kaspersky Cybersecurity Software appeared first on Security Boulevard.

After Banning Sales of Kaspersky Products, U.S. Sanctions its Top Executives

✇Cybersecurity News and Magazine
By: Mihir Bagwe
21 June 2024 at 16:16

Kaspersky, Kaspersky top executives, Kaspersky top executives sanctioned

A day after the Biden administration announced a U.S. ban on the sale of Kaspersky Lab products, the U.S. Treasury Department on Friday sanctioned a dozen top executives and senior leaders at the Russian cybersecurity company. Kaspersky took issue with the Biden administration's moves and said, "The decision does not affect the company’s ability to sell and promote cyber threat intelligence offerings and/or trainings in the U.S." The company said the action will instead benefit cybercriminals by restricting international cooperation between cybersecurity experts. The decision to ban Kaspersky is "based on the present geopolitical climate and theoretical concerns," the company said in a scathing response to the Commerce Department's ban. The sanctions represent the latest in a series of punitive measures against the Russian antivirus company, underscoring growing concerns about cybersecurity and national security risks associated with the firm's operations.

Details of the Kaspersky Sanctions

The Treasury Department’s Office of Foreign Assets Control (OFAC) specifically targeted key individuals within Kaspersky Lab, including the chief operating officer, chief legal officer, chief of human resources, and chief business development and technology officers, among others. [caption id="attachment_78565" align="aligncenter" width="588"]Kaspersky, Kaspersky top executives, Kaspersky top executives sanctioned Source: U.S. Department of the Treasury[/caption] The Treasury added all the above individuals to its Specially Designated Nationals list. SDN is a list maintained by OFAC that publicly identifies persons determined by the U.S. government to be involved in activities that threaten or undermine U.S. foreign policy or national security objectives. Notably, the sanctions did not extend to Kaspersky Lab itself, its parent or subsidiary companies nor to its CEO Eugene Kaspersky. The sanctions came just a day after the U.S. Commerce Department issued a final determination to ban Kaspersky Lab from operating in the United States. This ban is rooted in longstanding concerns over national security and the potential risks to critical infrastructure. The Commerce Department also added three Kaspersky divisions to its entity list due to their cooperation with the Russian government in cyber intelligence activities. The U.S. government has been wary of Kaspersky Lab's ties to the Russian government, fearing that its software could be used to facilitate cyber espionage. Bloomberg in 2017 first reported it had seen emails between chief executive Eugene Kaspersky and senior Kaspersky staff outlining a secret cybersecurity project apparently requested by the Russian intelligence service FSB. Kaspersky refuted these claims, calling the allegations "false"  and "inaccurate." However, these concerns have led to a broader push to restrict the company's operations within the U.S. and to mitigate any potential threats to national security.

Kaspersky Lab’s Response

Kaspersky Lab has consistently denied any allegations of being influenced or controlled by any government. The company has pledged to explore all legal options in response to the Commerce Department’s ban and the recent sanctions imposed by the Treasury. In a statement, Kaspersky Lab reiterated its commitment to transparency and maintaining the trust of its users worldwide, emphasizing it has never assisted any government in cyber espionage activities. "Kaspersky does not engage in activities which threaten U.S. national security and, in fact, has made significant contributions with its reporting and protection from a variety of threat actors that targeted U.S. interests and allies," it said.
"Kaspersky provides industry-leading products and services to customers around the world to protect them from all types of cyber threats, and has repeatedly demonstrated its independence from any government." - Kaspersky Lab
The antivirus company claimed it has also implemented significant transparency measures that demonstrate its commitment to integrity and trustworthiness. But "the Department of Commerce’s decision unfairly ignores the evidence," Kaspersky said. The company said it also proposed a system in which the security of Kaspersky products could have been independently verified by a trusted third party.
"Kaspersky believes that the Department of Commerce made its decision based on the present geopolitical climate and theoretical concerns, rather than on a comprehensive evaluation of the integrity of Kaspersky’s products and services."
However, Brian Nelson, Treasury’s Undersecretary for Terrorism and Financial Intelligence, stated, “Today’s action against the leadership of Kaspersky Lab underscores our commitment to ensure the integrity of our cyber domain and to protect our citizens against malicious cyber threats. The U.S. will take action where necessary to hold accountable those who would seek to facilitate or otherwise enable these activities.”

Implications and Future Actions

The sanctions against Kaspersky Lab’s leadership signal a broader strategy by the U.S. government to address cybersecurity threats posed by foreign entities. This approach is part of a larger effort to strengthen national security and protect critical infrastructure from potential cyberattacks.

Legal and Business Repercussions

Kaspersky Lab’s legal battles and its efforts to counteract these sanctions will be closely watched. The company's ability to operate in the international market could be significantly affected by these measures, impacting its business operations and customer trust.

Global Cybersecurity Landscape

This development also highlights the ongoing tensions in the global cybersecurity landscape, where national security concerns often intersect with business interests. The actions taken by the U.S. government may set a precedent for how other nations address similar concerns with foreign technology firms. The U.S. Treasury Department's decision to sanction senior leaders at Kaspersky Lab marks a pivotal moment in the ongoing scrutiny of the Russian cybersecurity firm. While Kaspersky Lab denies any wrongdoing and prepares to contest the sanctions legally, the actions taken by the U.S. government underscore a determined effort to mitigate potential cyber threats and protect national security. As the situation unfolds, it will have significant implications for both Kaspersky and the broader cybersecurity environment.

US bans Kaspersky, warns: “Immediately stop using that software”

✇Malwarebytes Labs
21 June 2024 at 04:19

The US government will ban the sale of Kaspersky antivirus products to new customers in the United States starting July 20, with a follow-on deadline to prohibit the cybersecurity company from providing users with software updates after September 29.

The move follows years of allegations that the cybersecurity firm served as a hacking conduit for Russian intelligence agencies—allegations that the company has consistently denied.  

While current US Kaspersky customers will see no immediate impact from the ban, the September 29 software update deadline signals a bigger change. Without available updates, any cybersecurity product becomes less secure over time, and means the company won’t be able to protect customers against the newest threats.

In a briefing call with reporters on Thursday, US Department of Commerce Secretary Gina Raimondo offered consolation and advice to current customers of the antivirus products:

“You have done nothing wrong, and you are not subject to any criminal or civil penalties. However, I would encourage you, in as strong as possible terms, to immediately stop using that software and switch to an alternative in order to protect yourself and your data and your family.”

Kaspersky rebuffed the Biden Administration’s decision in a statement shared on social media Thursday.

“Kaspersky does not engage in activities which threaten US national security and, in fact, has made significant contributions with its reporting and protection from a variety of threat actors that targeted US interested and allies,” the company said. “The company intends to purse all legally available options to preserve its current operations and relationships.”

The ban, first reported by Reuters and released Thursday, includes “AO Kaspersky Lab,” “OOO Kaspersky Group,” and “Kaspersky Labs Limited.”

According to the US Department of Commerce, all three Kaspersky entities are being banned “for their cooperation with Russian military and intelligence authorities in support of the Russian government’s cyber intelligence objectives.”

In October 2017, The New York Times reported that Israeli intelligence officers managed to catch Russian government hackers using Kaspersky to conduct clandestine searches across the globe. That reporting followed a bombshell investigation from The Wall Street Journal that claimed that Russian hackers stole classified NSA materials from a contractor’s personal computer which had Kaspersky software installed on it.

That reported hacking incident allegedly resulted in the US government’s decision that same year to remove Kaspersky antivirus software from US government devices.

In the same Thursday briefing call, Secretary Raimondo cited the threat of Russian influence in the Department’s decision to ban Kaspersky:

“Russia has shown it has the capacity and… the intent to exploit Russian companies like Kaspersky to collect and weaponize the personal information of Americans and that is why we are compelled to take the action that we are taking today.”

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

Biden Bans Kaspersky for Good: How It Started and What It Means for Cybersecurity Companies in US

✇Cybersecurity News and Magazine
By: Samiksha Jain
21 June 2024 at 04:16

US banning Kaspersky

The Department of Commerce's Bureau of Industry and Security (BIS) has announced a Final Determination prohibiting Kaspersky Lab, Inc., the U.S. subsidiary of the Russian cybersecurity firm, from providing any products or services in the United States. This historic decision of the US banning Kaspersky marks the first Final Determination by the Office of Information and Communications Technology and Services (OICTS). The BIS has set a deadline of September 29, 2024, giving U.S. consumers and businesses time to switch to alternative cybersecurity solutions. Kaspersky will no longer be able to sell its software within the United States or provide updates to software already in use. The prohibition also applies to Kaspersky Lab, Inc.’s affiliates, subsidiaries, and parent companies (together with Kaspersky Lab, Inc., “Kaspersky” The US banning Kaspersky incident highlights rising concerns over national security risks linked to foreign technology companies, especially those from adversarial states. Further, it reflects years of scrutiny and represents a significant escalation in U.S. efforts to safeguard its cyber infrastructure. “This action is the first of its kind and is the first Final Determination issued by BIS’s Office of Information and Communications Technology and Services (OICTS), whose mission is to investigate whether certain information and communications technology or services transactions in the United States pose an undue or unacceptable national security risk,” reads the official BIS announcement. Additionally, BIS has added three entities—AO Kaspersky Lab and OOO Kaspersky Group (Russia), and Kaspersky Labs Limited (United Kingdom)—to the Entity List for their cooperation with Russian military and intelligence authorities in support of the Russian Government’s cyber intelligence objectives. This article delves into the timeline and context of U.S. actions against Kaspersky, highlighting the shift from the Trump administration to the Biden administration.

US vs Kaspersky: A Timeline of Cybersecurity Actions

US banning Kaspersky

2017

September- The Trump Administration’s heightened scrutiny of Kaspersky began. The Department of Homeland Security (DHS) issued a Binding Operational Directive (BOD 17-01) that mandated removing and discontinuing Kaspersky products from all federal information systems. This directive followed mounting evidence suggesting that the Russian government could use Kaspersky’s products to infiltrate U.S. networks. December- The National Defense Authorization Act (NDAA) for Fiscal Year 2018 cemented these concerns into law by prohibiting the use of Kaspersky software across all federal agencies. This legislative action reflected a bipartisan consensus on the potential risks posed by the Russian firm.

2022

March- The Federal Communications Commission (FCC) added Kaspersky to its “List of Communications Equipment and Services that Pose a Threat to National Security.” This action was part of a broader effort to secure the nation’s communications networks from foreign influence and control.

2024

June - Today’s Final Determination by the BIS represents the culmination of a thorough investigation by the Office of Information and Communications Technology and Services (OICTS). This office, established to assess whether certain information and communications technology (ICT) transactions pose unacceptable national security risks, has found Kaspersky’s operations in the U.S. untenable.

US Banning Kaspersky: The Context and Implications of BIS’s Final Determination

The BIS’s decision comes after a comprehensive investigation revealed that Kaspersky’s operations in the United States posed an undue or unacceptable national security risk. The key concerns highlighted include:
  1. Jurisdiction and Control by the Russian Government: Kaspersky is subject to Russian laws requiring cooperation with intelligence agencies. This legal framework gives the Russian government potential access to data managed by Kaspersky’s software. Therefore, Kaspersky is subject to Russian laws, requiring it to comply with requests for information that could compromise U.S. national security.
  2. Access to Sensitive Information: Kaspersky’s software has extensive administrative privileges over customer systems, creating opportunities for data exploitation.
  3. Potential for Malicious Activities: Kaspersky could theoretically introduce malware or withhold crucial security updates, compromising U.S. cybersecurity.
  4. Third-Party Integrations: Integrating Kaspersky products into third-party services further complicates the risk, as the source code might be obscured, increasing vulnerability in critical U.S. systems.

Transition Period and Recommendations

While users won’t face legal penalties for continued use of Kaspersky products during this period, they assume all associated cybersecurity risks. This grace period is crucial for minimizing disruptions and ensuring a smooth transition to secure alternatives. The Department of Commerce, along with DHS and DOJ, is actively working to inform and assist users in transitioning to alternative cybersecurity solutions. “The actions taken today are vital to our national security and will better protect the personal information and privacy of many Americans. We will continue to work with the Department of Commerce, state and local officials, and critical infrastructure operators to protect our nation’s most vital systems and assets,” said Secretary of Homeland Security Alejandro N. Mayorkas. runZero, meanwhile, released tools to detect Kaspersky products on in most Windows installations, which also work with the company's free community edition.

Historical Background: From Trump to Biden

The determination against Kaspersky is part of a broader U.S. strategy to safeguard its information and communications technology infrastructure. The roots of this policy can be traced back to Executive Order 13873, “Securing the Information and Communications Technology and Services Supply Chain,” which empowers the Commerce Department to evaluate and act against risks posed by foreign ICTS transactions. The scrutiny of Kaspersky began during the Trump administration, amid growing concerns about Russia's cyber capabilities and potential espionage activities. The Trump-era directives and legislative actions laid the groundwork for stricter controls, reflecting a bipartisan consensus on the threat posed by foreign cyber interference. Under the Biden administration, the approach has evolved into a more comprehensive and coordinated effort. The establishment of the OICTS within BIS and the issuance of the Final Determination represents a significant escalation in the U.S. government's efforts to protect its digital infrastructure. The Biden administration's emphasis on a “whole-of-government” strategy underscores the critical importance of cybersecurity in national defense. The U.S. government has taken a coordinated approach to implementing this determination. Commerce Secretary Gina Raimondo emphasized the commitment to national security and innovation, stating that this action is a clear message to adversaries. “Russia has shown time and again they have the capability and intent to exploit Russian companies, like Kaspersky Lab, to collect and weaponize sensitive U.S. information, and we will continue to use every tool at our disposal to safeguard U.S. national security and the American people. Today’s action, our first use of the Commerce Department’s ICTS authorities, demonstrates Commerce’s role in support of our national defense and shows our adversaries we will not hesitate to act when they use their technology poses a risk to the United States and its citizens,” said Raimondo.

The Future of U.S. Cybersecurity Policy

The inclusion of Kaspersky and related entities on the Entity List highlights the U.S. government’s proactive stance. This list, maintained under the Export Control Reform Act of 2018, identifies entities engaged in activities contrary to U.S. national security interests. Additions to this list involve rigorous interagency review, ensuring that actions are based on concrete, specific evidence of risk. “With today’s action, the American cyber ecosystem is safer and more secure than it was yesterday,” said Under Secretary for Industry and Security Alan Estevez. “We will not hesitate to protect U.S. individuals and businesses from Russia or other malign actors who seek to weaponize technology that is supposed to protect its users.” As the September deadline approaches, businesses and individuals alike must stay informed and take necessary steps to secure their digital environments. The U.S. government's decisive action against Kaspersky highlights the critical importance of vigilance and proactive measures in the ever-evolving landscape of cybersecurity.

Citing national security, US will ban Kaspersky anti-virus software in July

✇Ars Technica
By: Andrew Cunningham
21 June 2024 at 17:00
Citing national security, US will ban Kaspersky anti-virus software in July

Enlarge (credit: Kaspersky Lab)

The Biden administration will ban all sales of Kaspersky antivirus software in the US starting in July, according to reporting from Reuters and a filing from the US Department of Commerce (PDF).

The US believes that security software made by Moscow-based Kaspersky Lab represents a national security risk and that the Russian government could use Kaspersky's software to install malware, block other security updates, and "collect and weaponize the personal information of Americans," said US Commerce Secretary Gina Raimondo.

“When you think about national security, you may think about guns and tanks and missiles,” said Raimondo during a press briefing, as reported by Wired. “But the truth is, increasingly, it's about technology, and it's about dual-use technology, and it's about data.”

Read 6 remaining paragraphs | Comments

Researchers Discovered 24 Vulnerabilities in ZKTeco Biometric Terminals Used In Nuclear Plants

✇Cybersecurity News and Magazine
By: Alan J
12 June 2024 at 17:30

24 Vulnerabilities in ZKTeco Biometric Terminals

Kaspersky researchers discovered widespread vulnerabilities in biometric terminals developed by ZKTeco, which are known to be deployed internationally. These flaws could be exploited by threat actors to bypass authentication, steal sensitive data, and even gain full control over affected terminals. The vulnerabilities pose a major risk, as these biometric terminals are often white-labeled to be sold under various brand names by multiple distributors. They are also widely used in high-security/sensitive environments, such as nuclear power plants, chemical plants or hospitals while storing thousands of facial templates.

Vulnerabilities in ZKTeco Biometric Terminals

Biometric terminals see multiple uses aside from their primary purpose of acquiring biometric data such as fingerprints, voices, facial features, or irises. They can be connected to other scanners to support alternative authentication methods, or be deployed as a means of ensuring employee productivity or to reduce fraud. These devices see increasing usage in confidential facilities such as power plants, executive suites or server rooms. ZKTeco biometric terminals support facial recognition(with the ability to store thousands of face templates), password entry, electronic pass, and QR codes. Researchers conducted several tests to assess the security and reliability of these devices, finding 24 different vulnerabilities that may be exploited by threat actors in real attack scenarios on confidential facilities:
  • 6 SQL injection vulnerabilities
  • 7 buffer stack overflow vulnerabilities
  • 5 command injection vulnerabilities
  • 4 arbitrary file write vulnerabilities
  • 2 arbitrary file read vulnerabilities
The researchers grouped some of the more critical vulnerabilities present in these devices by their attack type:
  • Physical Bypass via Fake QR Codes CVE-2023-3938 allows cybercriminals to perform a SQL injection attack by injecting malicious code into access strings. This could allow them to gain unauthorized entry to restricted areas.
  • Biometric Data Theft and Backdoor Deployment The CVE-2023-3940 and CVE-2023-3942 vulnerabilities could give attackers access to sensitive user data and password hashes stored on the device. Additionally, CVE-2023-3941 could allow them to remotely alter device databases, allowing them to potentially add unauthorized individuals into systems or create a backdoor.
  • Remote Code Execution The CVE-2023-3939 and CVE-2023-3943 flaws enable the execution of arbitrary commands or code on the device, effectively giving attackers full control and the ability to launch further attacks on the wider network.
Georgy Kiguradze, Senior Application Security Specialist at the cybersecurity firm, expressed concern over the risks posed by these vulnerabilities in real scenarios, risks posed by deepfake and social engineering tactics, and the urgency of immediately patching these vulnerabilities. He stated:
“The impact of the discovered vulnerabilities is alarmingly diverse. To begin with, attackers can sell stolen biometric data on the dark web, subjecting affected individuals to increased risks of deepfake and sophisticated social engineering attacks. Furthermore, the ability to alter the database weaponizes the original purpose of the access control devices, potentially granting access to restricted areas for nefarious actors. Lastly, some vulnerabilities enable the placement of a backdoor to covertly infiltrate other enterprise networks, facilitating the development of sophisticated attacks, including cyberespionage or sabotage. All these factors underscore the urgency of patching these vulnerabilities and thoroughly auditing the device's security settings for those using the devices in corporate areas.”

Mitigating Risks to Biometric Terminals

The researchers stated that they had disclosed all information about the discovered vulnerabilities to ZKTeco, but lacked accessible data on whether these vulnerabilities had been patched. The researchers have shared the following recommendations to protect these biometric terminals from attacks in the meanwhile:
  • Isolate biometric reader usage into a separate network segment.
  • Employ robust administrator passwords and change default ones.
  • Audit and fortify the device's security settings, including enabling temperature detection.
  • If feasible, minimize the use of QR code functionality.
  • Regularly update the device's firmware.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
❌
❌