Security News

The US Commerce Department's Bureau of Industry and Security has relaxed restrictions that barred export of some encryption technologies to Huawei, in the name of ensuring the United States is in a better position to negotiate global standards. A Thursday announcement [PDF] explains the decision was taken because American businesses have told the Biden administration they're confused about whether they need to seek a license before bringing some tech to standards talks.

The Government of Canada announced its intention to ban the use of Huawei and ZTE telecommunications equipment and services across the country's 5G and 4G networks. "Today, the Government of Canada is ensuring the long-term safety of our telecommunications infrastructure. As part of that, the government intends to prohibit the inclusion of Huawei and ZTE products and services in Canada's telecommunications systems," reads the announcement.

The Canadian government has joined many of its allies and banned the use of Huawei and ZTE tech in its 5G networks, as part of a new telecommunications security framework. "The Government is committed to maximizing the social and economic benefits of 5G and access to telecommunications services writ large, but not at the expense of security," stated the Government of Canada.

Chinese telecom giant Huawei has issued a mandatory month-long furlough to some of its Russia-based staff and suspended new orders, according to Russian media. The business mag also reported that Chinese nationals working for Huawei Russia are still going to the office.

As the invasion of Ukraine heads into its third week with NATO allies ratcheting up sanctions against Russia, infosec vendors have urged Western governments and businesses to prepare for retaliatory cyberattacks. According to Mandiant, Ukraine remains the top target for destructive or disruptive cyberattacks.

Suspicions about the integrity of Huawei products among US government officials can be attributed in part to a 2012 incident involving a Huawei software update that compromised the network of a major Australian telecom company with malicious code, according to a report published by Bloomberg. The snooping code reportedly deleted itself, but Australia's intelligence services decided China's intelligence services were responsible, "Having infiltrated the ranks of Huawei technicians who helped maintain the equipment and pushed the update to the telecom's systems."

Cynos.7 trojan found its way into 9.3 million downloads Cybersecurity researchers at anti-virus software company Dr Web have discovered a treasure trove of malware-laced Android games on Huawei's...

It doesn't: "Cat cute diary" is one of 190 trojanized games that Doctor Web malware analysts have found on AppGallery, the official app store for Huawei Android. Here's the full list of the 190 apps the researchers are identifying as malicious.

At least 9.3 million Android devices have been infected by a new class of malware that disguises itself as dozens of arcade, shooter, and strategy games on Huawei's AppGallery marketplace to steal device information and victims' mobile phone numbers. The mobile campaign was disclosed by researchers from Doctor Web, who classified the trojan as "Android.Cynos.7.origin," owing to the fact that the malware is a modified version of the Cynos malware.

US President Joe Biden has signed The Secure Equipment Act yesterday, legislation that prevents US regulators from even considering the issuance of new telecom equipment licenses for companies deemed security threats - which means the likes of China's Huawei and ZTE. In October, the legislation was unanimously approved by the US Senate, while the House of Representatives passed it on a 420-4 vote. ZTE Corp and other Chinese tech companies, the bill itself specifies that this includes equipment that is listed in the Secure and Trusted Communications Networks Act of 2019.