Reuters reports that the US government has held private briefings warning critical infrastructure organizations regarding the potential security risks of using Kaspersky software a day after Russia invaded Ukraine.
"The risk calculation has changed with the Ukraine conflict. It has increased," said a senior US official familiar with the matter.
The official added that Russia-based Kaspersky employees may be forced by Russian intelligence or law enforcement agencies into providing remote access to its clients, which include Microsoft, IBM, and Intel. The private briefings may be detrimental to the reputation of Kaspersky and "is not appropriate or just," according to a company spokesperson.
Information about the private briefings comes a week after the Federal Communications Commission included Kaspersky on its list of vendors regarded as a threat to US national security.
Meanwhile, the UK's National Cyber Security Centre has called on organizations to refrain from leveraging Russian technologies in their supply chain.
"We have no evidence that the Russian state intends to suborn Russian commercial products and services to cause damage to UK interests, but the absence of evidence is not evidence of absence," said the NCSC.
Seventy-four percent of codebases had high-risk open source vulnerabilities last year, representing a significant increase over the 48% of those with exploited flaws, proof-of-concept exploits, and remote code execution issues in 2022.