Tag Archive for: Exclusive

Exclusive: Ukraine war spurs U.S. to ramp up security probe of software maker Kaspersky

/in


WASHINGTON, May 9 (Reuters) – The Biden administration ramped up a national security probe into Russia’s AO Kaspersky Lab antivirus software earlier this year amid heightened fears of Russian cyberattacks after Moscow invaded Ukraine, three people familiar with the matter told Reuters.

The case was referred to the Commerce Department by the Department of Justice last year, a fourth person said, but Commerce made little progress on it until the White House and other administration officials urged them to move forward in March, the three people added.

At issue is the risk that the Kremlin could use the antivirus software, which has privileged access to a computer’s systems, to steal sensitive information from American computers or tamper with them as tensions escalate between Moscow and the West.

Register now for FREE unlimited access to Reuters.com

Access to the networks of federal contractors and operators of critical U.S. infrastructure such as power grids are seen as particularly concerning, the three people said.

U.S. regulators have already banned federal government use of Kaspersky software, and could ultimately force the company to take measures to reduce risks posed by its products or prohibit Americans from using them altogether.

The probe, which has not previously been reported, shows the administration is digging deep into its tool kit to hit Moscow with even its most obscure authorities in a bid to protect U.S. citizens and corporations from Russian cyber attacks.

The authorities are “really the only tool that we have to deal with the threat (posed by Kaspersky) on an economy-wide commercial basis, given our generally open market,” said Emily Kilcrease, a former deputy assistant U.S. Trade Representative.

Other regulatory powers stop short of allowing the government to block private sector use of software made by the Moscow-headquartered company, long seen by U.S. officials as a serious threat to U.S. national security.

The departments of Commerce and Justice, and Kaspersky declined to comment. The company has for years denied wrongdoing or any secret partnership with Russian intelligence.

AUTHORITIES TARGET ‘FOREIGN ADVERSARIES’

The ramped-up probe is being executed…

Source…

Security and usability are not mutually exclusive in mobile applications

/in


Organizations that build or maintain mobile applications have a greater responsibility than ever to secure their applications as the number of application downloads continues to grow. 

3.8 billion smartphone users accounted for 218 billion app downloads in 2020 alone.

Zimperium conducted a survey last year in which 250 enterprises described the security issues they  struggled with the most within their their mobile applications.

The greatest security issue with applications for Android was lacking runtime protection at 93% while this data point was at 79% for iOS. Where iOS struggles was in lacking code protection at 94% while it is only 63% on Android.

The two other most common issues were vulnerable encryption for which both application types hovered around 50%, while the lack of data protection sat at around 26-38% for both device types. 

The survey found that enterprises were concerned with the right things, such as ensuring data is securely stored and transmitted and ensuring proprietary source code cannot be stolen, but the fixes for these concerns were not being focused on enough, Krishna Vishnubhotla, VP of product strategy at Zimperium, said during a recent SD Times Live!  webinar “Top Five Best Practices for Mobile DevSecOps.” 

The reason is a lot of the companies fear that implementing security solutions can make the user experience suffer and slow up development or make it difficult to use. However, this can be mitigated by asking questions from the vendor to see whether the challenges or concerns can be minimized or removed. 

“People tend to look at mobile and they think it’s a contained environment. There’s this feeling of it being a little bit more secure than your desktops,” said Adam Wosotowsky, principal data architect at Zimperium. ”It really surprised me just how not true that is. From a security perspective, they have existing security wrapped around their app, and therefore they think they don’t have to worry about it quite as much. But the problem is all of that security can be pretty easily bypassed.” 

To bolster security organizations should be looking to:

  1. Ensure security still works when an attacker controls…

Source…

EXCLUSIVE Chinese province targets journalists, foreign students with planned new surveillance system

/in


BEIJING, Nov 29 (Reuters) – Security officials in one of China’s largest provinces have commissioned a surveillance system they say they want to use to track journalists and international students among other “suspicious people”, documents reviewed by Reuters showed.

A July 29 tender document published on the Henan provincial government’s procurement website – reported in the media for the first time – details plans for a system that can compile individual files on such persons of interest coming to Henan using 3,000 facial recognition cameras that connect to various national and regional databases.

A 5 million yuan ($782,000) contract was awarded on Sept. 17 to Chinese tech company Neusoft (600718.SS), which was required to finish building the system within two months of signing the contract, separate documents published on the Henan government procurement website showed. Reuters was unable to establish if the system is currently operating.

Register now for FREE unlimited access to reuters.com

Shenyang-based Neusoft did not respond to requests for comment.

China is trying to build what some security experts describe as one of the world’s most sophisticated surveillance technology networks, with millions of cameras in public places and increasing use of techniques such as smartphone monitoring and facial recognition.

U.S.-based surveillance research firm IPVM, which has closely tracked the network’s expansion and first identified the Henan document, said the tender was unique in specifying journalists as surveillance targets and providing a blueprint for public security authorities to quickly locate them and obstruct their work.

“While the PRC has a documented history of detaining and punishing journalists for doing their jobs, this document illustrates the first known instance of the PRC building custom security technology to streamline state suppression of journalists,” said IPVM’S Head of Operations Donald Maye, using the initials of the People’s Republic of China.

Reuters was unable to find any documents identifying journalists or foreigners as specific targets of surveillance systems in other parts of China.

The Henan provincial government and police did not respond to…

Source…

EXCLUSIVE Pacific island turns to Australia for undersea cable after spurning China

/in


FILE PHOTO: An exterior view of the government offices of the small island nation of Nauru is pictured, February 10, 2012. REUTERS/Rod Henshaw/File Photo – RC2U6O9T1FKI

  • New plan involves laying cable from Nauru to Solomons – sources
  • Subsea cables raise regional security issues for U.S. and allies
  • Nauru helped sink World Bank project over China worry – sources

SYDNEY, June 24 (Reuters) – The Pacific island of Nauru is negotiating for the construction of an undersea communications cable that would connect to an Australian network, two sources with knowledge of the talks told Reuters, after the earlier rejection of a Chinese proposal.

The United States and its Pacific allies have concerns that cables laid by China could compromise regional security. Beijing has denied any intent to use commercial optic fibre cables, which have far greater data capacity than satellites, for spying.

Nauru, which has strong ties to U.S. ally Australia, helped scupper a World Bank-led cable tender earlier this year over concerns the contract would be awarded to the former Huawei Marine, now called HMN Tech, after the Chinese firm lodged a bid priced at more than 20% below rivals.

The tiny Pacific nation of just over 12,000 people has now approached the Asian Development Bank (ADB) to help fund an alternative, the development agency told Reuters.

“ADB is involved in very early discussions with the government of Nauru to explore possible options to help fund an undersea cable to deliver low-cost, high quality internet service,” the ADB said in a statement to Reuters.

“The details of the connection arrangement and funding sources will be determined in due course.”

The two sources said the new plan would involve laying a cable from Nauru to the Solomon Islands capital of Honiara, located about 1,250 kilometres (776.7 miles) apart.

The new line would then tap into the Coral Sea Cable system, a 4,700km network that connects Australia to the Solomons and Papua New Guinea. That line, majority funded by Australia and built by Sydney-headquartered Vocus Group (VOC.AX), was completed in 2019 to shut out a competing offer from Huawei Marine, then owned by Huawei Technologies.

The former Huawei Marine is now majority owned…

Source…