Tag Archives: kaspersky

Kaspersky blew whistle on NSA hacking tool hoarder

Enlarge / NSA got a message from Kaspersky that one of its own was being very, very bad, according to a new Politico report. Harold T. Martin III, a former government contractor, is still facing trial for the alleged theft of massive amounts of National Security Agency data, including documents and tools from the NSA's Tailored Access Operations Division. Now, a new report by Kim Zetter for Politico  suggests that the NSA and the Justice Department tracked down Martin thanks to information shared by an ironic source: the Moscow-based malware protection company Kaspersky Lab. Citing two anonymous sources familiar with the investigation, Zetter reports that Kaspersky Lab employees passed information on Martin to the US government after he sent unusual direct messages via Twitter to the company in 2016. Kaspersky passed the US government five messages from an anonymous Twitter account named @HAL999999999 to two researchers at the company. The first message , sent August 15, 2016, requested that a researcher facilitate a conversation with "Yevgeny," the given name of Kaspersky Lab founder and CEO Eugene Kaspersky. "So, figure out how we talk... With Yevgeny present," the message read. The second message: "Shelf life, three weeks." The messages came just 30 minutes before someone calling themselves Shadow Brokers dumped a link to a collection of NSA tools in a Tumblr post and announced additional tools would be auctioned off for 1 million Bitcoin. Read 3 remaining paragraphs | Comments

Read More »

Kaspersky pulls plug on Europol joint venture after EU parliament vote to ban its software

Fresh political woes for Russian security firm Kaspersky, which has reacted angrily to a vote in the European Union Parliament last week to ban its software — on the grounds that it has been “ confirmed as malicious “. Kaspersky denies this characterization of its software, saying it’s “untrue”. It has also retaliated by pulling the plug on an existing collaboration with Europol, at least temporarily. In a statement, a company spokesperson said:  Today, the European Parliament voted on a report in which Polish representative, MEP Fotyga included an amendment referencing Kaspersky Lab which is based on untrue statements. Although this report has no legislative power it demonstrates a distinct lack of respect for the company which has been a firm friend of Europe in the fight against cybercrime. It is for that reason that Kaspersky Lab has taken the difficult decision to temporarily halt our numerous collaborative European cybercrime-fighting initiatives, including that with Europol, until we receive further official clarifications from the European Parliament . On account of this news, we will regretfully have to pause one of our successful joint initiatives  –  NoMoreRansom   project – recognised by the European Parliament Research Services as a successful case of public-private cooperation in their recent report – helped many organisations and users to decrypt files on their devices, saving them from financial losses. We hope to be able to resume this and other European collaborative efforts soon. Founder Eugene Kaspersky added that the company has been “forced to freeze” its co-operation as a result of the parliament’s vote. The way we conducted public-private partnership is unfortunately ceased until the withdraw of the European Parliament decision. — Eugene Kaspersky (@e_kaspersky) June 13, 2018 “This decision from the European Parliament welcomes cybercrime in Europe. I do not wish to do anything to further encourage the balkanization of the internet, but I feel that the decision taken in Europe leaves me with no choice but to take definitive action. Kaspersky Lab has only ever tried to rid the world of cybercrime. We have showed time and again that we disclose cyber threats regardless of origin and author, even to our own detriment.

Read More »

Critical Windows bug fixed today is actively being exploited to hack users

Enlarge (credit: Lisa Brewster / Flickr ) Microsoft on Tuesday patched two Windows vulnerabilities that attackers are actively exploiting in the wild to install malicious apps on the computers of unwitting users. The first vulnerability resides in the VBScript Engine included in all currently supported versions of Windows. A so-called use-after-free flaw involving the way the engine handles computer memory allows attackers to execute code of their choice that runs with the same system privileges chosen by the logged-in user. When targeted users are logged in with administrative rights, attackers who exploit the bug can take complete control of the system. In the event users are logged in with more limited rights, attackers may still be able to escalate privileges by exploiting a separate vulnerability. CVE-2018-8174, as the flaw is formally indexed, is being actively exploited by attackers, Microsoft officials said. The vulnerability was discovered by antivirus provider Kaspersky Lab, which then reported it to Microsoft. In the exploits observed by Kaspersky Lab: Read 4 remaining paragraphs | Comments

Read More »

US officials: Kaspersky “Slingshot” report burned anti-terror operation

Enlarge / US Navy SEALs conducting special reconnaissance of Al Qaeda operations in Afghanistan in 2002. JSOC added malware to Special Operations units' bag of tricks, and it may have been exposed by Kaspersky. (credit: Department of Defense) A malware campaign discovered by researchers for Kaspersky Lab this month was in fact a US military operation, according to a report by CyberScoop 's Chris Bing and Patrick Howell O'Neill. Unnamed US intelligence officials told CyberScoop that Kaspersky's report had exposed a long-running Joint Special Operations Command (JSOC) operation targeting the Islamic State and Al Qaeda. The malware used in the campaign, according to the officials, was used to target computers in Internet cafés where it was believed individuals associated with the Islamic State and Al Qaeda would communicate with their organizations' leadership. Kaspersky's report showed Slingshot had targeted computers in countries where ISIS, Al Qaeda, and other radical Islamic terrorist groups have a presence or recruit: Afghanistan, Yemen, Iraq, Jordan, Turkey, Libya, Sudan, Somalia, Kenya, Tanzania, and the Democratic Republic of Congo. The publication of the report, the officials contended, likely caused JSOC to abandon the operation and may have put the lives of soldiers fighting ISIS and Al Qaeda in danger. One former intelligence official told CyberScoop that it was standard operating procedure "to kill it all with fire once you get caught... It happens sometimes and we’re accustomed to dealing with it. But it still sucks. I can tell you this didn’t help anyone." Read 3 remaining paragraphs | Comments

Read More »

Sophisticated malware attacks through routers

Security researchers at Kaspersky Lab have discovered what's likely to be another state-sponsored malware strain, and this one is more advanced than most. Nicknamed Slingshot, the code spies on PCs through a multi-layer attack that targets MikroTik...

Read More »