Security News

As the invasion of Ukraine heads into its third week with NATO allies ratcheting up sanctions against Russia, infosec vendors have urged Western governments and businesses to prepare for retaliatory cyberattacks. According to Mandiant, Ukraine remains the top target for destructive or disruptive cyberattacks.

Suspicions about the integrity of Huawei products among US government officials can be attributed in part to a 2012 incident involving a Huawei software update that compromised the network of a major Australian telecom company with malicious code, according to a report published by Bloomberg. The snooping code reportedly deleted itself, but Australia's intelligence services decided China's intelligence services were responsible, "Having infiltrated the ranks of Huawei technicians who helped maintain the equipment and pushed the update to the telecom's systems."

Cynos.7 trojan found its way into 9.3 million downloads Cybersecurity researchers at anti-virus software company Dr Web have discovered a treasure trove of malware-laced Android games on Huawei's...

It doesn't: "Cat cute diary" is one of 190 trojanized games that Doctor Web malware analysts have found on AppGallery, the official app store for Huawei Android. Here's the full list of the 190 apps the researchers are identifying as malicious.

At least 9.3 million Android devices have been infected by a new class of malware that disguises itself as dozens of arcade, shooter, and strategy games on Huawei's AppGallery marketplace to steal device information and victims' mobile phone numbers. The mobile campaign was disclosed by researchers from Doctor Web, who classified the trojan as "Android.Cynos.7.origin," owing to the fact that the malware is a modified version of the Cynos malware.

US President Joe Biden has signed The Secure Equipment Act yesterday, legislation that prevents US regulators from even considering the issuance of new telecom equipment licenses for companies deemed security threats - which means the likes of China's Huawei and ZTE. In October, the legislation was unanimously approved by the US Senate, while the House of Representatives passed it on a 420-4 vote. ZTE Corp and other Chinese tech companies, the bill itself specifies that this includes equipment that is listed in the Secure and Trusted Communications Networks Act of 2019.

A new version of a Linux crypto-mining malware previously used to target Docker containers in 2020 now focuses on new cloud service providers like the Huawei Cloud. The analysis of the new campaign comes from researchers at TrendMicro, who explains how the malware has evolved with new features while retaining its previous functionality.

Only ZTE and Huawei kit is held to pose such a threat. The FCC will notify successful applicants not long afterwards, then in Q2 2022 will advise of funding allocations.

Mozi, a peer-to-peer botnet known to target IoT devices, has gained new capabilities that allow it to achieve persistence on network gateways manufactured by Netgear, Huawei, and ZTE, according to new findings. "Network gateways are a particularly juicy target for adversaries because they are ideal as initial access points to corporate networks," researchers at Microsoft Security Threat Intelligence Center and Section 52 at Azure Defender for IoT said in a technical write-up.

A California-based IT consultancy has sued Huawei and its subsidiary in Pakistan alleging the Chinese telecom firm stole its trade secrets and failed to honor a contract to develop technology for Pakistani authorities. The complaint [PDF], filed on Wednesday in the US District Court in Santa Ana, California, describes how Business Efficiency Solutions, LLC, began working with Huawei Technologies in 2016 to overhaul the IT systems available to the Punjab Police Integrated Command, Control and Communication Center of Lahore, capital of the Punjab province of Pakistan.