US prohibits sales of Kaspersky antivirus software due to Russian connections
The tech wars are alive and well...
On June 20, the Department of Commerce's Bureau of Industry and Security (BIS) issued a Final Determination prohibiting Kaspersky Lab, Inc., and its affiliates from providing anti-virus software and cybersecurity products or services in the U.S. due to national security concerns.
Here are a few key points:
This action marks the first use of BIS’s Office of Information and Communications Technology and Services (OICTS) authority, which found that Kaspersky's operations posed an unacceptable risk due to potential influence from the Russian government.
BIS has added Kaspersky's Russian and UK entities to the Entity List for cooperating with Russian military and intelligence agencies. U.S. users of Kaspersky software are urged to switch to other vendors by September 29, 2024, to avoid security risks.
This decision continues previous U.S. government actions to mitigate potential threats posed by Kaspersky's products (e.g. Trump administration banning federal agencies from using Kaspersky products).
“BIS has determined that Kaspersky poses an undue or unacceptable risk to national security for the following reasons:
Jurisdiction, control, or direction of the Russian Government: Kaspersky is subject to the jurisdiction of the Russian Government and must comply with requests for information that could lead to the exploitation of access to sensitive information present on electronic devices using Kaspersky’s anti-virus software.
Access to sensitive U.S. customer information through administrative privileges: Kaspersky has broad access to, and administrative privileges over, customer information through the provision of cybersecurity and anti-virus software. Kaspersky employees could potentially transfer U.S. customer data to Russia, where it would be accessible to the Russian Government under Russian law.
Capability or opportunity to install malicious software and withhold critical updates: Kaspersky has the ability to use its products to install malicious software on U.S. customers’ computers or to selectively deny updates, leaving U.S. persons and critical infrastructure vulnerable to malware and exploitation.
Third-party integration of Kaspersky products: Kaspersky software is integrated into third-party products and services through resale of its software, integration of its cybersecurity or anti-virus software into other products and services, or licensing of Kaspersky cybersecurity or anti-virus software for purposes of resale or integration into other products or services. Third-party transactions such as these create circumstances where the source code for the software is unknown. This increases the likelihood that Kaspersky software could unwittingly be introduced into devices or networks containing highly sensitive U.S. persons data.”
Things I’m reading today
Cyber gang's NHS data breach sparks London hospitals disruption (link)
A cyber criminal gang has caused extensive disruption to multiple London hospitals by publishing sensitive patient data stolen from an NHS blood testing company.
Known as Qilin, the gang hacked NHS provider Synnovis on June 3 and has since attempted to extort money. The breach involved nearly 400GB of private information, including patient names, dates of birth, and NHS numbers, with uncertain inclusion of test results.
Over 3,000 hospital and GP appointments and operations have been affected. Despite ransom demands, the gang published the data after Synnovis refused payment, prompting ongoing investigations by NHS England and cybersecurity authorities.
The incident underscores growing cyber threats to healthcare sectors globally, with experts emphasizing the need for robust cybersecurity measures amid increasing attacks (Via Joe Tidy/BBC).
Photographers report that Meta is labeling genuine photos as 'Made with AI.' (link)
Meta began labeling photos created with AI tools on its social networks in February, applying a "Made with AI" tag on Facebook, Instagram, and Threads since May.
However, the company faced backlash from users and photographers as the label appeared erroneously on photos not created using AI. Examples included images like the Kolkata Knight Riders' cricket victory, where the label was visible on mobile apps but not the web.
Photographer Pete Souza noted his frustration after Meta tagged one of his photos, suspecting it was due to a change in Adobe's tools. Meta's approach, while aiming for transparency, has led to confusion among users and debates among photographers regarding the appropriate use of AI labels (Via Ivan Mehta/TechCrunch).
