Kaspersky Lab has laughed off attempts to have its wares banned from US government computers by saying it hardly sold to the Feds anyway.
“Given that U.S. government sales have not been a significant part of the company’s activity in North America, Kaspersky Lab is exploring opportunities to better optimize the Washington D.C. office responsible for threat intelligence offerings to U.S. government entities,” the company says in a statement.
The statement goes on to say that “North America remains a strategic market for Kaspersky Lab”. So strategic, in fact, that it plans to open offices in Los Angeles, Chicago and Toronto Canada during 2018.
“Expanding the company’s presence in the region will better enable Kaspersky Lab to provide its customers with the best cybersecurity solutions and services,” the statement said.
Company founder Eugene Kaspersky’s Tweeted take on the topic is below.
Despite geopolitical turbulence we remain committed to N.American customers: 3 reg.offices to be opened in 2018 https://t.co/51OURGHnCc pic.twitter.com/I11gtktXjx
— Eugene Kaspersky (@e_kaspersky) September 12, 2017

Kaspersky Lab’s statements ignore the fact that it faces a wider backlash after retailer Best Buy withdrew its products from its shelves. Best Buy did not link its decision to US Senator Jeanne Shaheen’s attempt to have Kaspersky banned on government computers, but didn’t explain it either.
Senator Shaheen argued for the ban on grounds that Kaspersky products chat to servers in Russia, which she characterises as a “hostile country”. That allegation is made possible by findings that Russia interfered in the United States 2016 election season, spreading misinformation and possibly abetting hackers of the Democratic National Congress and/or making sure the results of that heist made it to Wikileaks.
国农科技完成重大资产出售 2016年净利增逾30倍
Vendors have survived this sort of thing before: Huawei remains forbidden from selling to the US and Australian governments, but its consumer handset business is doing very well in both markets and its enterprise business is a contender in many industries. ®
The Joy and Pain of Buying IT – Have Your Say



Adobe Patches Two Critical Flaws in Flash Player

Adobe has patched only two vulnerabilities in Flash Player this month, but they can both be exploited for remote code execution and both have been classified as critical.
The flaws, tracked as CVE-2017-11281 and CVE-2017-11282, were discovered by Mateusz Jurczyk and Natalie Silvanovich of Google Project Zero in Flash Player and earlier. The security holes are caused by memory corruption issues.
Adobe said there was no evidence that either of the two flaws had been exploited in attacks before the patches were released. Adobe and several tech giants have decided to kill Flash Player by the end of 2020.

The company has also released patches for a couple of vulnerabilities affecting the Windows version of its help authoring tool RoboHelp. RoboHelp 2017.0.1 and earlier and and earlier are affected by an important input validation flaw that can be exploited for cross-site scripting (XSS) attacks, and a moderate-severity unvalidated URL redirect issue that can be leveraged for phishing attacks.
Reynold Regan of the CNSI – Center for Technology & Innovation in Chennai has been credited for reporting the weaknesses to Adobe.
Security updates have also been released for ColdFusion 11 and 2016 to address a critical XML parsing vulnerability and an XSS flaw that can lead to information disclosure. The updates also include mitigations designed to prevent remote code execution via unsafe Java deserialization.
Nick Bloor of NCC Group, Daniel Sayk of Telekom Security, and Daniel Lawson of Depth Security have reported these flaws to Adobe.
Related: Adobe Patches 69 Flaws in Reader, Acrobat
Related: Adobe Fixes Vulnerabilities in Flash Player, Connect
Related: Firefox Makes Adobe Flash Click-to-Activate by Default
Related: Adobe Patches Flaws in Creative Cloud, RoboHelp
网络安全法动漫宣传片 002 国家网络安全的现状与重要性概述


网络安全法普法宣传 004《网络安全法》的突出亮点
范冰冰李晨烧烤店撸串何炅作陪 两人全程十指紧扣


  据外媒 9 月 6 日报道,继美国私人安全公司 TigerSwan 9,400 份雇佣简历在未受保护的 AWS 数据库上泄露后,安全公司研究人员 Kromtech 再次曝光另一起 AWS 存储数据泄露事件 —— 知名云服务供应商 BroadSoft 未妥善保护时代华纳托管在亚马逊存储服务器的数据,导致逾 400 万客户信息在线泄露,其中包括客户地址、账户设置、电话号码、用户名、MAC 地址、调制解调器硬件序列号等敏感信息。

  BroadSoft 是一家知名云服务企业,其上市公司在 80 多个国家拥有逾 600 家服务供应商。BroadSoft 合作伙伴通常与通信、电信、媒体或其他领域的知名企业有关,其中包括时代华纳、AT&T、Sprint、沃达丰等大型公司。此外,在全球排名前 30 的服务提供商中,有 25 家都使用 BroadSoft 基础设施。

  调查显示,研究人员 Kromtech 于 8 月底针对该公司基于云服务存储数据库进行安全检查时发现,管理人员因配置错误未关闭服务器公共访问权限,导致任意用户均可匿名访问。因此,攻击者只需使用匿名登录就可从该数据库中窃取想要信息。目前,BroadSoft 并未作出任何置评,而时代华纳在事件发生后当即通知受害用户并告知供应商删除所有数据记录。