Kaspersky
Latest
Best Buy pulls Kaspersky's antivirus software from its shelves
Amid growing concern/speculation/hysteria that Kaspersky Lab products could be tied to the Russian government, retailer Best Buy has stopped selling its antivirus. Minnesota's StarTribune first reported the move, citing a source who said that the company felt there are "too many unanswered questions" after conducting its own investigation. There's no word on what those questions are, or why Kaspersky's offer to share its source code isn't enough to prove there's no backdoor, and the company hasn't spoken about the move beyond confirming the report. In a tweet, Kaspersky noted its products are available through other retailers and said that while its relationship with Best Buy is suspended, it "may be re-evaluated in the future."
Inside the store that only accepts personal data as currency
On the internet, technology companies try to track your every move. The news story you liked on Facebook last week. Your Google searches. The videos you watch on YouTube. They're all monitored by algorithms that want to serve you highly targeted ads. We don't realise it, but the breadcrumb trail we leave online has value. Real, monetary value. To emphasise that point, cybersecurity firm Kaspersky Lab is running a pop-up shop in London called The Data Dollar Store this week. Inside, you'll find exclusive t-shirts, mugs and screen prints by street artist Ben Eine. The catch? You can only buy them by giving up some personal data.
FBI reportedly advising companies to ditch Kaspersky apps
Kaspersky Lab's tussle with the US government could have ramifications for its dealings with the private sector. A new report claims the FBI has been meeting with companies to warn them of the threat posed by the cybersecurity firm. The briefings are the latest chapter in an ongoing saga concerning the use of Kaspersky's products by government agencies. Officials claim the company is a Russian stooge that can't be trusted with protecting America's critical infrastructure. The company denies these claims -- its CEO Eugene Kaspersky has even offered up its source code in a bid to clear his firm's name.
Kaspersky and Microsoft reach truce over antivirus software
Microsoft and Kaspersky Lab appear to have reached a truce over their ongoing antivirus (AV) software battle. The Moscow-based cyber security firm has agreed to withdraw antitrust complaints following Microsoft's announcement that it would change the way it delivers security updates to users. The dispute between the two companies began in 2016 when Kaspersky accused Microsoft of anti-competitiveness. The company argued that the US tech giant wasn't giving other developers enough notice of updates and new releases that would mess up third-party security software settings. As such, users' computers would either be left unprotected or would automatically default to Windows Defender.
Congress looks into government agencies' deals with Kaspersky
Kaspersky has a long and difficult path ahead if it wants to clear its name. The US House of Representatives Committee on Science, Space and Technology has just asked 22 government agencies for all the documents and communications they have about Kaspersky Lab products, staring from January 1st, 2013 until today. It wants to see their internal risk assessments, the lists of all the systems they're using loaded with Kaspersky products and the lists of their contractors and subcontractors that use the cyber security company's offerings.
Kaspersky launches its free antivirus software worldwide
Kaspersky has finally launched its free antivirus software after a year-and-a-half of testing it in select regions. While the software was only available in Russia, Ukraine, Belarus, China and in Nordic countries during its trial run, Kaspersky is releasing it worldwide. The free antivirus doesn't have VPN, Parental Controls and Online Payment Protection its paid counterpart offers, but it has all the essential features you need to protect your PC. It can scan files and emails, protect your PC while you use the web and quarantine malware that infects your system.
Kaspersky in the crosshairs
Kaspersky is in what you might call "a bit of a pickle." The Russian cybersecurity firm, famous for its antivirus products and research reports on active threat groups is facing mounting accusations of working with, or for, the Russian government.
Kaspersky offers code to prove it's not a Russian stooge
Kaspersky Lab is understandably worried that it might lose US government contracts over fears that it's in bed with the Russian government, and it's making a dramatic offer in a bid to keep the money flowing. Founder Eugene Kaspersky tells the AP that he's willing to provide source code to prove that his online security company isn't a Trojan horse for Russian spies. He's ready to testify in front of Congress, too -- "anything" to show that his company is above board.
Draft defense bill would ban Kaspersky's security software
American officials are worried that Russian software could be used to compromise national security, and they aren't taking any chances. A draft version of the Senate's National Defense Authorization Act, which greenlights military funding, explicitly bans the Department of Defense from using Kaspersky Lab's security software over concerns that it could be "vulnerable to Russian government influence." Senator Jeanne Shaheen, who added the clause, believes Kaspersky "cannot be trusted" to protect the US' critical infrastructure. The links between the company and the Russian government are "very alarming," she says.
How used cars became a security nightmare
Application security for connected cars is far less mature than anyone should be comfortable with. This was clear at the RSA information security conference last week in San Francisco, where two presentations demonstrated different ways cars can be remotely controlled or even stolen by non-owners. All because the people designing connected car apps literally didn't think things through and consider the possibility of second owners -- or hackers.
The Morning After: Monday, November 14, 2016
Engadget's weekend included a Japan-only Kindle made for manga and comics, an early tour of Nike's tech-packed store in NYC and staring at a supermoon. So it wasn't a bad weekend. This week, expect to hear plenty of car news direct from the LA Auto Show. And even if you're no petrolhead, there should be more than enough tech news, reviews and occasionally furious editorials to get you through the week.
Kaspersky says Windows' security bundle is anti-competitive
Windows 10's bundled Defender security tool can be helpful for basic antivirus protection, but what if you prefer third-party software? The operating system normally steps aside when you run other programs, but antivirus mainstay Eugene Kaspersky (above) believes Microsoft still isn't playing fair. He just filed complaints in both the European Union and Russia alleging that Windows 10's handling of third-party antivirus tools is anti-competitive. The argument mostly hinges around when Microsoft switches you to Defender and the amount of breathing room given to other developers.
US and UK spy agencies are exploiting flaws in security software
Those worries that governments are trying to undermine security software? They're well-founded. The Intercept has learned that both the US' National Security Agency and the UK's Government Communications Headquarters have been reverse engineering security software, such as antivirus tools and encryption programs, to look for flaws that can be used in surveillance hacks. Some of the targets in recent years include Kaspersky Lab's security suite (sound familiar?), Acer's eDataSecurity and Exlade's CrypticDisk. GCHQ also deconstructed numerous other commonly available programs, including vBulletin's forum software and popular server management tools.
Malware used Foxconn digital certificate to spy on Iran nuclear talks
Russian security firm Kaspersky Lab has looked deeper into the malware that attacked its network and found that it used a digital certificate stolen from Foxconn. That's the same Taiwanese company frequently associated with big names in electronics, since its factories manufacture everything from iPhones and iPads to PS4s and Xbox Ones. The malware, known as Duqu 2.0 due to its shared programming with an older spyware called Duqu, also infected the networks of hotels where the UN Security Council held meetings about Iran's nuclear development. Duqu 1.0 and its predecessor, the Stuxnet worm, also redirected traffic through digital certificates stolen from Taiwanese companies, presumably to make it appear like the attacks came from China.
State-backed spyware targets antivirus maker, Iranian nuclear talks
The threat posed by state-sponsored malware might be even larger than first thought. Antivirus developer Kaspersky Lab says it discovered an attack on its network by allegedly government-made spyware that appears to be an upgraded version of Duqu, the Stuxnet-based worm used by Israel and the US to derail Iran's nuclear efforts. This "Duqu 2.0" not only tried to obtain details about Kaspersky's investigations and detection abilities, but remained remarkably stealthy. Pre-release software was necessary to catch it, and there were attempts to throw researchers off the scent by suggesting that China or Eastern Europe was to blame.
Kaspersky releases decryption tool that unlocks ransomware
You never should have clicked on the email attachment from that Nairobian prince. Now ransomware's got you locked out of your own computer and is demanding money before you can use it again. But before you reach for you wallet, take a look at this decryption key generator that Kaspersky has built. The Netherland's National High Tech Crime Unit (NHTCU) recently got its hands on a CoinVault command-and-control server (a type of ransomware that has been infecting Windows systems since last November) and, upon examining it, discovered a large database of decryption keys. The NHTCU shared this information with Kaspersky which used it to build the Noransomware decryption tool. Granted, the program isn't 100 percent effective yet -- it's not like the NHTCU got all of the potential keys off of that one server or anything -- but as police forces around the world continue to investigate the CoinVault ransom campaign, Kaspersky expects to grow the key database and further improve the tool's functionality. Plus, it's still better than paying some schmuck hacker to give you back your digital dominion.
High-tech TV: How realistic is the hacking in prime-time shows?
A group of five impeccably dressed high school girls are almost murdered dozens of times by the same, mysterious stalker and the police in their idyllic small town are either corrupt or too incompetent to care. How do the girls fight back? Hacking, of course. At least, that's one way they do it on Pretty Little Liars. "Hacking" is the deus ex machina in plenty of scenarios on Pretty Little Liars and other mainstream programs, allowing people to easily track, harass, defend and stalk each other 30 to 60 minutes at a time. But how real is it? To determine the feasibility of the hacks presented on shows like Pretty Little Liars, Sherlock, Scandal, Arrow, CSI: Cyber and Agents of SHIELD, I spoke to Patrick Nielsen, senior security researcher at Kaspersky Lab.
The NSA hides surveillance software in hard drives
It's been known for a while that the NSA will intercept and bug equipment to spy on its soon-to-be owners, but the intellgency agency's techniques are apparently more clever than first thought. Security researchers at Kaspersky Lab have discovered apparently state-created spyware buried in the firmware of hard drives from big names like Seagate, Toshiba and Western Digital. When present, the code lets snoops collect data and map networks that would otherwise be inaccessible -- all they need to retrieve info is for an unwitting user to insert infected storage (such as a CD or USB drive) into an internet-connected PC. The malware also isn't sitting in regular storage, so you can't easily get rid of it or even detect it.
Subtle malware lets hackers swipe over $300 million from banks
It's no secret that hackers see banks as prime targets, but one band of digital thieves is conducting heists on a truly grand scale. Security researchers at Kaspersky have published details of malware attacks that have stolen at least $300 million from financial institutions in 30 countries. The crooks not only trick bank employees into installing a virus (Carbanak) through spoofed email, but spy on staff in order to mimic their behavior and prevent any telltale signs that money is falling into the wrong hands. Many of the attacks focus on shuffling money to outside accounts, although some will send paper cash to ATMs monitored by criminals.
Stuxnet worm entered Iran's nuclear facilities through hacked suppliers
You may have heard the common story of how Stuxnet spread: the United States and Israel reportedly developed the worm in the mid-2000s to mess with Iran's nuclear program by damaging equipment, and first unleashed it on Iran's Natanz nuclear facility through infected USB drives. It got out of control, however, and escaped into the wild (that is, the internet) sometime later. Relatively straightforward, right? Well, you'll have to toss that version of events aside -- a new book, Countdown to Zero Day, explains that this digital assault played out very differently.
