Vulnerabilities, Kaspersky, & More

The Cybersecurity & Infrastructure Security Agency (CISA) added 15 known exploited vulnerabilities this week, the details of which you can find here.  The exploits include 14 Microsoft Vulnerabilities, as well as a SonicWall SonicOS Buffer Overflow Vulnerability (CVE-2020-5135).  These vulnerabilities have also been added as required to fix by federal agencies, and recommended to apply to businesses as well.  With the current cybersecurity threat landscape, paying attention to critical vulnerabilities and maintaining patching is very important.

In other news, the German Cybersecurity Authority has warned against using the Russian headquartered company Kaspersky.  In 2019, the US Government banned the use of any and all products provided by or using software made by Russia-based Kaspersky Labs . 

In September of 2019, the Federal Acquisition Regulation Council put forth a policy forbidding federal agencies to purchase Kaspersky products. The policy didn’t come with a list of justifications, and it affected only government entities. While Kaspersky products and solutions remain fully available to you, me, and any other American individuals, London Security Solutions does NOT recommend using Kaspersky for a number of reasons, but most especially with what is going on in the Russian-Ukrainian conflict.

Additionally, as part of the US Government Funding this week, there are new reporting requirements of critical infrastructure - requiring them to report an attack with 72 hours!  These requirements include direction to CISA to report potential threats to affected industries, and provide tools to National Security Agencies to monitor ongoing cybersecurity threats that face the United States.  These tools will improve on the strong relationship between government agencies such as the FBI, CISA, and National Security Agencies to provide direction to the private sector regarding potential risks and threats that are being seen in the wild.

On the flip side, it is important to review whether or not your reporting / compliance requirements will change with new legislation coming out.  As cyber attacks are on the rise, knowing whether or not your business is required to report potential breaches or ransomware payment is deeply important as the fines can be incredibly expensive.

With the increasing threat of Russian Cyberterrorism, London Security Solutions continues to offer our services to interested customers in evaluating their security threat landscape.  Our engineers will work with you to analyze your potential risk, and qualify whether or not your existing security technology will be capable of facing today's threats.  Do you have 24/7/365 coverage?  Are you able to prevent an outbreak, or are you just sent an email notification when you've been compromised?  All of these are things we can review and potentially provide if your current cybersecurity provider does not.

Contact us to discuss how London Security Solutions can help you, call us today - we're here to help!