Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations

9/11/2019
01:00 PM
50%
50%

Fed Kaspersky Ban Made Permanent by New Rules

A new set of regulations converts the government ban on using Kaspersky products from a temporary rule to one that's permanent.

The Federal Acquisition Regulation Council has published a final, formal regulation that bars government agencies, departments, and bureaus from buying security software and services from Kaspersky Lab. This new rule replaces a temporary regulation that had instructed Federal purchasers on how they should act in abiding with terms of the 2018 National Defense Authorization Act.

The new regulation, spelled out in Sections 1634 (a) and (b) of the National Defense Authorization Act for Fiscal Year 2018, is a blanket prohibition that extends beyond the government itself; no contractor with a government practice is allowed to have Kaspersky software or services in any of its systems, either.

Kaspersky was hit with the prohibition in 2017 because of concerns that it could be serving as a "backdoor" attack surface for agents of Russia's government. Kaspersky has protested that the regulation is unconstitutional because it targets a single company, not a set of behaviors.

For more, read here.

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "Security Pros’ Painless Guide to Machine Learning, AI, ML & DL."

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
kathleenrkeaton
100%
0%
kathleenrkeaton,
User Rank: Apprentice
9/11/2019 | 11:49:26 PM
thank you somuch
Thank so much
COVID-19: Latest Security News & Commentary
Dark Reading Staff 11/19/2020
New Proposed DNS Security Features Released
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/19/2020
How to Identify Cobalt Strike on Your Network
Zohar Buber, Security Analyst,  11/18/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: He hits the gong anytime he sees someone click on an email link.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-29071
PUBLISHED: 2020-11-25
An XSS issue was found in the Shares feature of LiquidFiles before 3.3.19. The issue arises from the insecure rendering of HTML files uploaded to the platform as attachments, when the -htmlview URL is directly accessed. The impact ranges from executing commands as root on the server to retrieving se...
CVE-2020-29072
PUBLISHED: 2020-11-25
A Cross-Site Script Inclusion vulnerability was found on LiquidFiles before 3.3.19. This client-side attack requires user interaction (opening a link) and successful exploitation could lead to encrypted e-mail content leakage via messages/sent?format=js and popup?format=js.
CVE-2020-26241
PUBLISHED: 2020-11-25
Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. This is a Consensus vulnerability in Geth before version 1.9.17 which can be used to cause a chain-split where vulnerable nodes reject the canonical chain. Geth's pre-compiled dataCopy (at 0x00...04) co...
CVE-2020-26242
PUBLISHED: 2020-11-25
Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth before version 1.9.18, there is a Denial-of-service (crash) during block processing. This is fixed in 1.9.18.
CVE-2020-26240
PUBLISHED: 2020-11-25
Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. An ethash mining DAG generation flaw in Geth before version 1.9.24 could cause miners to erroneously calculate PoW in an upcoming epoch (estimated early January, 2021). This happened on the ETC chain on...