News for December 3, 2022


FCC Bans Import and Sale of Chinese Devices
by Artie Kaye

Huawei, ZTE Corporation, Hytera Communications, Hikvision Digital Technology, Dahua Technology, and their subsidiaries have had their devices and software banned from import and sale in the US.  The FCC states that these companies’ devices and programs threaten national security.  This expands the ban that was enacted recently that was for governmental agencies.  With the FCC decision, these products are no longer allowed in the private sector.

https://www.bleepingcomputer.com/news/security/us-bans-sales-of-huawei-hikvision-zte-and-dahua-equipment/

https://www.securityweek.com/us-bans-huawei-zte-telecoms-gear-over-security-risk

https://thehill.com/policy/technology/3750969-fcc-bans-import-sales-of-certain-chinese-tech-over-unacceptable-risk-to-national-security/

Android Programming Shift
by Artie Kaye

Google has made a shift to a programming language that is intended to keep the devices more secure.  Rust is a language that allows for fewer memory vulnerabilities in the architecture of programs on the devices.  Instead of remaking the entire system using Rust, they’re going to be working on all new projects using it, or another similarly defined language.  While no measures are 100% effective, anything that brings efficacy close to that number is beneficial for users.

https://www.securityweek.com/google-migrating-android-memory-safe-programming-languages

https://www.zdnet.com/article/google-after-using-rust-we-slashed-android-memory-safety-vulnerabilities/

https://www.msn.com/en-us/news/technology/google-says-android-runs-better-when-covered-in-rust/ar-AA14QkVP

LastPass’s Recent Data Breach
by Artie Kaye

LastPass has acknowledged a second breach, believed to be related to the August incident. The company has engaged security services to examine the extent of the incursion. Customer information is not believed to be at risk.

https://www.securityweek.com/goto-lastpass-notify-customers-new-data-breach-related-previous-incident

https://www.darkreading.com/application-security/lastpass-discloses-second-breach-in-three-months

https://thehackernews.com/2022/12/lastpass-suffers-another-security.html

https://www.bleepingcomputer.com/news/security/lastpass-says-hackers-accessed-customer-data-in-new-breach/

Patches For This Week
by Artie Kaye

NVidia has released a new set of drivers for their graphics cards, addressing many bugs.  It is recommended to download the installer from NVidia directly for the most up-to-date versions.

Google has patched a zero-day in Chrome, the patch should roll out to Chromium-based browsers as their respective teams fix the problem.  Update your browser as soon as you are able.

https://www.securityweek.com/nvidia-patches-many-vulnerabilities-windows-linux-display-drivers

https://www.bleepingcomputer.com/news/security/nvidia-releases-gpu-driver-update-to-fix-29-security-flaws/

https://www.securityweek.com/chrome-108-patches-high-severity-memory-safety-bugs

https://www.bleepingcomputer.com/news/security/google-chrome-emergency-update-fixes-9th-zero-day-of-the-year/