The Biden administration has banned approvals of new telecommunications equipment from China's Huawei Technologies and ZTE because they pose "an unacceptable risk" to U.S. national security. The U.S. Federal Communications Commission said on Friday it had adopted the final rules, which also bar the sale or import of equipment made by Chinese surveillance equipment maker Dahua Technology Co, video surveillance firm Hangzhou Hikvision Digital Technology Co Ltd and telecoms firm Hytera Communications Corp Ltd. (Reuters)
Google has released an emergency security update for the desktop version of the Chrome web browser, addressing the eighth zero-day vulnerability exploited in attacks this year. The high-severity flaw is tracked as CVE-2022-4135 and is a heap buffer overflow in GPU, discovered by Clement Lecigne of Google's Threat Analysis Group on November 22, 2022. (BleepingComputer)
The notorious Emotet malware has returned with renewed vigor as part of a high-volume malspam campaign designed to drop payloads like IcedID and Bumblebee. "Hundreds of thousands of emails per day" have been sent since early November 2022, enterprise security company Proofpoint said last week, adding, "the new activity suggests Emotet is returning to its full functionality acting as a delivery network for major malware families." (The Hacker News)
A proposed SEC rule will require companies to disclose their cybersecurity governance capabilities, including the board’s oversight of cyber risk, a description of management’s role in assessing and managing cyber risks, the relevant expertise of such management, and management’s role in implementing the company’s cybersecurity policies, procedures, and strategies. Meeting the new regulatory requirements can be better achieved by aligning how operational leaders discuss cybersecurity with their boards. Operational managers must start presenting their plans in a way that align with the way boards best contribute — the language of risk, resiliency, and reputation. (Harvard Business Review)
A developing threat activity cluster has been found using Google Ads in one of its campaigns to distribute various post-compromise payloads, including the recently discovered Royal ransomware. Microsoft, which spotted the updated malware delivery method in late October 2022, is tracking the group under the name DEV-0569. (The Hacker News)