FCC Bans Import and Sale of Chinese Devices
by Artie Kaye
Huawei, ZTE Corporation, Hytera Communications, Hikvision Digital Technology, Dahua Technology, and their subsidiaries have had their devices and software banned from import and sale in the US. The FCC states that these companies’ devices and programs threaten national security. This expands the ban that was enacted recently that was for governmental agencies. With the FCC decision, these products are no longer allowed in the private sector.
https://www.securityweek.com/us-bans-huawei-zte-telecoms-gear-over-security-risk
Android Programming Shift
by Artie Kaye
Google has made a shift to a programming language that is intended to keep the devices more secure. Rust is a language that allows for fewer memory vulnerabilities in the architecture of programs on the devices. Instead of remaking the entire system using Rust, they’re going to be working on all new projects using it, or another similarly defined language. While no measures are 100% effective, anything that brings efficacy close to that number is beneficial for users.
https://www.securityweek.com/google-migrating-android-memory-safe-programming-languages
LastPass’s Recent Data Breach
by Artie Kaye
LastPass has acknowledged a second breach, believed to be related to the August incident. The company has engaged security services to examine the extent of the incursion. Customer information is not believed to be at risk.
https://www.darkreading.com/application-security/lastpass-discloses-second-breach-in-three-months
https://thehackernews.com/2022/12/lastpass-suffers-another-security.html
Patches For This Week
by Artie Kaye
NVidia has released a new set of drivers for their graphics cards, addressing many bugs. It is recommended to download the installer from NVidia directly for the most up-to-date versions.
Google has patched a zero-day in Chrome, the patch should roll out to Chromium-based browsers as their respective teams fix the problem. Update your browser as soon as you are able.
https://www.securityweek.com/nvidia-patches-many-vulnerabilities-windows-linux-display-drivers
https://www.securityweek.com/chrome-108-patches-high-severity-memory-safety-bugs