Mon, Mar 28, 2022 4:27 PM·1 min read Russian software company Kaspersky joined US list of threats to its national security (AFP/Pau BARRENA) (Pau BARRENA) US regulators declared the software maker Kaspersky antivirus a "threat to national security", which will lead to a restriction of its business in the United States.The Federal Communications Commission (FCC) has added Kaspersky to a threat list - which blocks the company from paying certain US government subsidies - that also includes Chinese companies such as Huawei and ZTE.The FCC statement published on Friday did not mention the Russian invasion of Ukraine, but Kaspersky attributed the sanction to "political reasons"."This decision is not based on any technical evaluation of Kaspersky's products," the company said in a statement.German cybersecurity agency BSI earlier this month urged consumers not to use Kaspersky's antivirus, warning that the company could be involved, willingly or unintentionally, in hacking attacks amid the war between Russia and Ukraine.Kaspersky's inclusion on the US threat list blocks money from the FCC fund that supports telecoms in rural areas.The US government has made a major update to the list of security holes being actively used by cybercriminals, with the addition of 66 vulnerabilities.All can be used in large-scale scams against organizations and public bodies in the country, with a request for official agencies and companies alike to carry out updates as soon as possible.In the case of the public sphere, for example, the deadline for mitigation runs until April 15, with CISA (Cybersecurity and Infrastructure Agency, in free translation) also offering technical support.The alert indicates the need to apply updates, perform configurations and mitigations as soon as possible;in most cases, the holes added to the list already have patches available, with the oldest one being discovered in 2005 and still being used in cybercriminal attacks.The most recent, for example, are from February of this year and involve openings in a Microsoft remote printing system.Through them, an attacker would be able to execute malicious code remotely, in a series of flaws that originally date back to July 2021 and became known as PrintNightmare.As said, all versions of Windows have patches available from the last month to close such gaps.Also part of the list are openings in connected Mitel devices, which could be used to amplify denial-of-service blows, and vulnerabilities in software such as Adobe Reader and Acrobat, phpMyAdmin, Hewlett Packard OpenView and many others.In all cases involving software, too, the recommendation is to immediately apply updates and mitigation measures.The addition of the 66 vulnerabilities does not mean that all of them have been actively exploited against US companies and government agencies, but their inclusion does indicate that if they haven't yet, they may soon.In addition, the idea is that such disclosures, even if they are in the tens, are being made gradually as a way to ensure well-applied corrections, without overloading system administrators and digital security experts.As of this writing, CISA's list of known vulnerabilities has 570 holes, all with an indication of remediation and mitigation.The list is updated periodically or whenever a wide-ranging vulnerability is detected, especially when it involves the possibility of attacks against essential service providers and infrastructure.