Kaspersky under scrutiny after Bloomberg story claims close links to FSB

Enlarge / Kaspersky Lab CEO and Chairman Eugene Kaspersky speaks at a conference in Russia on July 10, 2017. (credit: Anton NovoderezhkinTASS via Getty Images)

Shortly after Bloomberg Businessweek published an explosive story under the headline: "Kaspersky Lab Has Been Working With Russian Intelligence," the security firm released a lengthy statement noting that the company does not have "inappropriate ties with any government."

The article, which was published in the early morning hours on Tuesday, says that the Moscow-based firm "has maintained a much closer working relationship with Russia's main intelligence agency, the FSB, than it has publicly admitted. It has developed security technology at the spy agency's behest and worked on joint projects the CEO knew would be embarrassing if made public." Media organization McClatchy made seemingly similar claims in a July 3 report.

In the same statement, Kaspersky responded further: "It's important to be clear: the company never received a request from the Russian government or any affiliated organization to create or participate in ANY secret projects, including one for anti-DDoS protection."

Read 5 remaining paragraphs | Comments

Microsoft Releases July 2017 Security Updates

Original release date: July 11, 2017

Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of a system.

US-CERT encourages users and administrators to review Microsoft's July 2017 Security Update Summary and Deployment Information and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.


Adobe Releases Security Updates

Original release date: July 11, 2017

Adobe has released security updates to address vulnerabilities in Adobe Flash Player and Adobe Connect. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

Users and administrators are encouraged to review Adobe Security Bulletins APSB17-21 and APSB17-22 and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.


DHS and FBI – Hackers Are Targeting US Nuclear, Energy, and Manufacturing Facilities

According to a new joint report issued by the US Department of Homeland Security (DHS) and Federal Bureau of Investigation (FBI), hackers have been penetrating the computer networks of companies that operate nuclear power stations, energy facilities, and manufacturing plants in the US since May 2017. The joint report carried an urgent amber warning, which is the second-highest rating for the sensitivity of a threat. The report was publicized by the New York Times last week.

According to the report, an “advanced persistent threat” actor was responsible for the attacks, which has included thus far:

  • Hackers writing targeted email messages containing fake resumes for control engineering jobs and then sending them to senior industrial control engineers who have access to critical industrial control systems. The resumes were Microsoft Word documents that contained malicious code. Once the recipient clicks on the document, the attackers copy the recipient’s credentials and access the network.
  • Hackers compromising websites they know their victims visit (watering hole attack).
  • Hackers redirecting the victims’ internet traffic through their own machines (man-in-the-middle attack).

The report does not say whether the cyber intrusions are an attempt at espionage, or part of a plan to cause physical damage. Nor is there any indication as to how many facilities were compromised. The report does state, however, that the hackers appear to be mapping out computer networks for future attacks.

In a joint statement issued by the DHS and FBI, a spokesperson for the DHS said “There is no indication of a threat to public safety, as any potential impact appears to be limited to administrative and business networks.” John Keeley, a spokesperson for the Nuclear Energy Institute (which works with the 99 utilities that operate nuclear plans in the US), said nuclear facilities are required to report cyber attacks that relate to their safety, security and operations. None have reported any cyber attacks thus far.

On May 11, as the attacks were ongoing, President Trump signed an executive order to strengthen the cybersecurity of federal networks and critical infrastructure.

If you or your enterprise is engaged in the energy or manufacturing sectors, cyber threat preparation and monitoring is your first line of defense against bad actors. Dentons’ team of cybersecurity experts can assist you in establishing and implementing an effective and compliant incident response plan and set of programs to monitor internal and external threats, including threat intelligence and access control and vulnerability assessments.

Dentons is the world’s largest law firm, a leader on the Acritas Global Elite Brand Index, a BTI Client Service 30 Award winner, and recognized by prominent business and legal publications for its innovations in client service, including founding Nextlaw Labs and the Nextlaw Global Referral Network. Dentons’ global Privacy and Cybersecurity Group operates at the intersection of technology and law, and was recently singled out as one of the law firms best at cybersecurity by corporate counsel, according to BTI Consulting Group.