Friday, October 7, 2022
HomeCyber SecurityKaspersky blames “misconfiguration” after clients obtain “expensive and beautiful” electronic mail •...

Kaspersky blames “misconfiguration” after clients obtain “expensive and beautiful” electronic mail • Graham Cluley


Prospects of Russian safety agency Kaspersky are understandably interested in an electronic mail they obtained yesterday, seemingly from the agency, calling them “expensive and beautiful”.

A number of customers have posted on Kaspersky’s help discussion board involved that the e-mail – which mentions their title and electronic mail tackle – suggests an unauthorised celebration has been in a position to compromise Kaspersky’s methods to ship the e-mail.

Signal as much as our publication
Safety information, recommendation, and suggestions.

Some customers have identified that the e-mail was obtained at an electronic mail tackle that that they had “solely given to Kaspersky.”

Did Kaspersky actually select to ship an electronic mail to its clients addressing them as “expensive and beautiful”? Had Kaspersky suffered an information breach? Had a hacker discovered a approach to ship messages to the safety firm’s buyer base?

A Kaspersky worker has provided the next clarification:

Kaspersky is conscious that some customers of the corporate’s merchandise might have not too long ago obtained emails from the corporate’s electronic mail tackle with irrelevant content material. This electronic mail was despatched following a misconfiguration within the firm’s inner IT atmosphere. Kaspersky is reaching out to the corporate’s customers to tell them of the difficulty and apologize for the inconvenience brought on.

So, Kaspersky is saying a “misconfiguration” is responsible. They don’t seem to be saying the emails have been despatched in error. They’re additionally not debunking the concern some customers had that the emails have been despatched by an unauthorised celebration.

I imply, come on. A “misconfiguration” doesn’t trigger an electronic mail to be despatched like this. What can be extra correct can be to say {that a} goof has occurred – it could be that the e-mail was despatched in error by an worker, or that somebody has *exploited* a safety gap launched by way of carelessness.

Whether or not Kaspersky buyer particulars have fallen into the palms of hackers is just too early to say primarily based upon what the corporate has stated. However the unauthorised electronic mail blastout actually seems like some sort of safety breach.

Let’s hope Kaspersky shares extra data quickly.

Hat-tip: @touseef__

Replace:

Kaspersky has been in contact with the next assertion:

The e-mail was an error, not an information breach. An electronic mail utilized by the IT staff for assessments was despatched from a staging atmosphere to actual customers by mistake. Kaspersky is reaching out to the corporate’s customers to tell them of the difficulty and apologise for the inconvenience brought on.

Kaspersky is conscious that some customers of the corporate’s merchandise might have not too long ago obtained emails from the corporate’s electronic mail tackle with irrelevant content material. This electronic mail was despatched following a misconfiguration within the firm’s inner IT atmosphere.

Discovered this text fascinating? Observe Graham Cluley on Twitter to learn extra of the unique content material we publish.



Graham Cluley is a veteran of the anti-virus trade having labored for quite a few safety firms because the early Nineties when he wrote the primary ever model of Dr Solomon’s Anti-Virus Toolkit for Home windows. Now an impartial safety analyst, he recurrently makes media appearances and is an worldwide public speaker on the subject of pc safety, hackers, and on-line privateness.

Observe him on Twitter at @gcluley, or drop him an electronic mail.



RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Most Popular

Recent Comments