KasperskyLab
Latest
Engadget giveaway: Stay protected and connected courtesy of Kaspersky Lab!
Kaspersky Lab, has been a familiar name in infosec for quite some time, uncovering malware and espionage tools all along the way. These finely honed skills are also available to help everyday people protect their data and manage their digital lives. The Kaspersky Security Cloud for both individuals and families can cover multiple devices with real-time security alerts, password assistance, parental controls and more. This week, the company has put together a package of devices to keep you charged up, backed up and secure wherever you go. This includes a portable generator, power bank, 3TB portable hard drive, a Kaspersky Lab backpack and a one year subscription to Kaspersky Security Cloud Family (covering 20 devices). All you need to do is head to the Rafflecopter widget below for up to five chances at winning this protected and connected package. Winners: Congratulations to Mike S. of Metairie, LA and James B. of Shiprock, NM!
Sophisticated malware attacks through routers
Security researchers at Kaspersky Lab have discovered what's likely to be another state-sponsored malware strain, and this one is more advanced than most. Nicknamed Slingshot, the code spies on PCs through a multi-layer attack that targets MikroTik routers. It first replaces a library file with a malicious version that downloads other malicious components, and then launches a clever two-pronged attack on the computers themselves. One, Canhadr, runs low-level kernel code that effectively gives the intruder free rein, including deep access to storage and memory; the other, GollumApp, focuses on the user level and includes code to coordinate efforts, manage the file system and keep the malware alive.
Attackers used Telegram to deliver cryptocurrency-mining malware
Kaspersky Lab says it spotted evidence of a vulnerability in the desktop version of Telegram that allowed attackers to install cryptocurrency mining malware on users' computers. The zero-day exploit was used to trick Telegram users into downloading malicious files, which could then be used to deliver cryptocurrency mining software and spyware. According to Kaspersky, those behind the exploit used the computers their malware had been installed on to mine digital currencies like Monero, Zcash, Fantomcoin and others. Kaspersky also says it found a stolen cache of Telegram data on one of the attackers' servers.
Kaspersky sues US government over federal software ban
To no one's surprise, Kaspersky Lab isn't happy that the US government has banned its software over the potential for Russian influence. The security firm has sued the Trump administration to challenge the ban, arguing that the Department of Homeland Security's September directive didn't provide "due process" and unfairly tarnished the company's reputation.
Israel warned the US about Kaspersky after hacking its network
Kaspersky is in hot water...again. The US government recently prohibited federal agencies from using the company's products, and the FBI is reportedly convincing private entities to do the same. Its latest headache is linked to the NSA cyberattacks allegedly carried out by Russian hackers, who made away with official cyber defense material in 2015. The US intelligence agency claimed it noticed the stolen files using Kaspersky software. Little else was revealed about the incident (news of which broke last week) until now. It seems Israeli officials tipped off the US about the Russian intrusion, having hacked into Kaspersky's network, according to The New York Times.
US bans use of Kaspersky software in federal agencies
The US government has officially banned the use of Kaspersky security software in all of its federal agencies. Kaspersky has been under suspicion for cyberespionage for several months now, especially due to its ties to the Russian government and the fact that the company is required under Russian law to comply with Russian intelligence agency requests. According to a statement provided by the Department of Homeland Security to the Washington Post: "The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems directly implicates U.S. national security." Kaspersky Lab, on the other hand, firmly denies the accusations, stating that it "doesn't have any inappropriate ties with any government" and that there's "no credible evidence" to back up the "false allegations." It also complained that it's being treated unfairly, and that it's never helped any government in cyberespionage. The US government has already removed Kaspersky from its approved vendors list back in July amid speculation that it's involved with Russian authorities. Now the government is going so far as to ban it altogether, giving federal agencies three months to remove the software. A draft version of the Senate's National Defense Authorization Act has banned the Department of Defense from using it as well, though The Washington Post notes that the Defense Department doesn't generally use it anyway.
Congress looks into government agencies' deals with Kaspersky
Kaspersky has a long and difficult path ahead if it wants to clear its name. The US House of Representatives Committee on Science, Space and Technology has just asked 22 government agencies for all the documents and communications they have about Kaspersky Lab products, staring from January 1st, 2013 until today. It wants to see their internal risk assessments, the lists of all the systems they're using loaded with Kaspersky products and the lists of their contractors and subcontractors that use the cyber security company's offerings.
US government removes Kaspersky from approved vendors list
Kaspersky Lab's ongoing fears that it would lose US government contracts due to its alleged links with the Russian government have been realised. The Trump administration has removed the Moscow-based cyber security company from two lists of approved vendors covering IT services and digital photographic equipment. According to a spokeswoman for the US General Services Administration, the decision was made "after review and careful consideration". However, the move represents the most concrete action taken against Kaspersky since US government officials became suspicious of its involvement with Russian authorities.
Kaspersky offers code to prove it's not a Russian stooge
Kaspersky Lab is understandably worried that it might lose US government contracts over fears that it's in bed with the Russian government, and it's making a dramatic offer in a bid to keep the money flowing. Founder Eugene Kaspersky tells the AP that he's willing to provide source code to prove that his online security company isn't a Trojan horse for Russian spies. He's ready to testify in front of Congress, too -- "anything" to show that his company is above board.
Draft defense bill would ban Kaspersky's security software
American officials are worried that Russian software could be used to compromise national security, and they aren't taking any chances. A draft version of the Senate's National Defense Authorization Act, which greenlights military funding, explicitly bans the Department of Defense from using Kaspersky Lab's security software over concerns that it could be "vulnerable to Russian government influence." Senator Jeanne Shaheen, who added the clause, believes Kaspersky "cannot be trusted" to protect the US' critical infrastructure. The links between the company and the Russian government are "very alarming," she says.
Kaspersky says Windows' security bundle is anti-competitive
Windows 10's bundled Defender security tool can be helpful for basic antivirus protection, but what if you prefer third-party software? The operating system normally steps aside when you run other programs, but antivirus mainstay Eugene Kaspersky (above) believes Microsoft still isn't playing fair. He just filed complaints in both the European Union and Russia alleging that Windows 10's handling of third-party antivirus tools is anti-competitive. The argument mostly hinges around when Microsoft switches you to Defender and the amount of breathing room given to other developers.
US and UK spy agencies are exploiting flaws in security software
Those worries that governments are trying to undermine security software? They're well-founded. The Intercept has learned that both the US' National Security Agency and the UK's Government Communications Headquarters have been reverse engineering security software, such as antivirus tools and encryption programs, to look for flaws that can be used in surveillance hacks. Some of the targets in recent years include Kaspersky Lab's security suite (sound familiar?), Acer's eDataSecurity and Exlade's CrypticDisk. GCHQ also deconstructed numerous other commonly available programs, including vBulletin's forum software and popular server management tools.
The NSA hides surveillance software in hard drives
It's been known for a while that the NSA will intercept and bug equipment to spy on its soon-to-be owners, but the intellgency agency's techniques are apparently more clever than first thought. Security researchers at Kaspersky Lab have discovered apparently state-created spyware buried in the firmware of hard drives from big names like Seagate, Toshiba and Western Digital. When present, the code lets snoops collect data and map networks that would otherwise be inaccessible -- all they need to retrieve info is for an unwitting user to insert infected storage (such as a CD or USB drive) into an internet-connected PC. The malware also isn't sitting in regular storage, so you can't easily get rid of it or even detect it.
Stuxnet worm entered Iran's nuclear facilities through hacked suppliers
You may have heard the common story of how Stuxnet spread: the United States and Israel reportedly developed the worm in the mid-2000s to mess with Iran's nuclear program by damaging equipment, and first unleashed it on Iran's Natanz nuclear facility through infected USB drives. It got out of control, however, and escaped into the wild (that is, the internet) sometime later. Relatively straightforward, right? Well, you'll have to toss that version of events aside -- a new book, Countdown to Zero Day, explains that this digital assault played out very differently.
Engadget Giveaway: win one of five backpacks containing a Sony VAIO Fit 15, courtesy of Kaspersky Lab!
As we gently tumble from summer to fall we know you'll invariably start to ponder just what exactly you're going to need to kit yourself out for the school year. While we can't help you with your textbooks, Kaspersky Lab has generously offered up five CaseLogic backpacks loaded with stuff to get you started. The highlight is the Sony Vaio Fit 15 but you'll also find a Microsoft Sculpt Touch Mouse, a $25 Amazon gift card and an activation code for Kaspersky's flagship Internet Security 2014 packed along for the ride. Sound good? All you need to do to get involved is drop down to the widget below and get yourself signed up for the contest. Winners: Congratulations to our five winners: Milton C., Peoria, IL; Asif H., PIttsford, NY; Maya M., Hinesville, GA; Sarah B., Buzzards Bay, MA; and Shannon C., Korbel, CA!
Ubisoft working with Kaspersky Lab to make Watch Dogs' hacking more true to life
Upcoming third-person action game Watch Dogs is set in a near-future environment modeled on Chicago, a city that's overseen by computers that can be manipulated. And while the game has some instances of fantastical hacking perpetrated by main character Aiden Pearce, Ubisoft's creative team is also working with security firm Kaspersky Lab to bring an air of realism to the game's hacking themes. "They have really hardcore experts there on hacking. We send them some of our designs and we ask them [for] feedback on it, and it's interesting to see what gets back," Ubisoft Montreal senior producer Dominic Guay told our sister site, Joystiq. "Sometimes they say, 'Yeah, that's possible, but change that word,' or, 'That's not the way it works.'" Check out the full piece right here. Along with a new Assassin's Creed game, Ubisoft is bringing Watch Dogs to next-gen consoles this year (as well as current-gen and PC), leading its next-gen push.
Kaspersky Labs preps its own OS to guard vital industry against cyberwarfare
Kaspersky Labs' namesake Eugene Kaspersky is worried that widely distributed and potentially state-sponsored malware like Flame and Stuxnet pose dire threats to often lightly protected infrastructure like communication and power plants -- whatever your nationality, it's clearly bad for the civilian population of a given country to suffer even collateral damage from cyberattacks. To minimize future chaos and literally keep the trains running, Kaspersky and his company are expanding their ambitions beyond mere antivirus software to build their own, extra-secure operating system just for large-scale industry. The platform depends on a custom, minimalist core that refuses to run any software that isn't baked in and has no code outside of its main purposes: there'll be no water supply shutdowns after the night watch plays Solitaire from an infected drive. Any information shared from one of these systems should be completely trustworthy, Kaspersky says. He doesn't have details as to when the OS will reach behind-the-scenes hardware, but he stresses that this is definitely not an open-source project: some parts of the OS will always remain confidential to keep ne'er-do-well terrorists (and governments) from undermining the technology we often take for granted.
Adobe dominates Kaspersky Lab's top ten PC vulnerabilities list
Being number one is usually an honor, but not when it comes to Kaspersky Lab's top ten PC vulnerabilities list. Unfortunately for the software giant, Adobe took top dishonors for Q1 this year, pulling in five total spots on the list, including the top three. According to the security firm, all of the vulnerabilities appearing on the list allowed cyber-criminals to control computers at the system level. The number one spot was occupied by a vulnerability in Adobe Reader that was reportedly detected on 40 percent of machines running the application, while Flash Player flaws took second and third. Other dishonorees included the Java Virtual Machine, coming in at fourth and fifth place, Apple QuickTime, Winamp, and Microsoft Office. That ain't bad, considering Microsoft ruled the vulnerabilities roost in 2010.
