Network Security News | Ingalls Information Security

Articles of interest from the week of November 28, 2022

Written by John Frasier | Nov 28, 2022 5:00:00 AM

U.S. Bans Huawei, ZTE Equipment Sales, Citing National Security Risk

The Biden administration has banned approvals of new telecommunications equipment from China's Huawei Technologies and ZTE because they pose "an unacceptable risk" to U.S. national security. The U.S. Federal Communications Commission said on Friday it had adopted the final rules, which also bar the sale or import of equipment made by Chinese surveillance equipment maker Dahua Technology Co, video surveillance firm Hangzhou Hikvision Digital Technology Co Ltd and telecoms firm Hytera Communications Corp Ltd. (Reuters)


Google Pushes Emergency Chrome Update To Fix 8th Zero-Day in 2022

Google has released an emergency security update for the desktop version of the Chrome web browser, addressing the eighth zero-day vulnerability exploited in attacks this year. The high-severity flaw is tracked as CVE-2022-4135 and is a heap buffer overflow in GPU, discovered by Clement Lecigne of Google's Threat Analysis Group on November 22, 2022. (BleepingComputer)


Notorious Emotet Malware Returns With High-Volume Malspam Campaign

The notorious Emotet malware has returned with renewed vigor as part of a high-volume malspam campaign designed to drop payloads like IcedID and Bumblebee. "Hundreds of thousands of emails per day" have been sent since early November 2022, enterprise security company Proofpoint said last week, adding, "the new activity suggests Emotet is returning to its full functionality acting as a delivery network for major malware families." (The Hacker News)


Is Your Board Prepared for New Cybersecurity Regulations?

A proposed SEC rule will require companies to disclose their cybersecurity governance capabilities, including the board’s oversight of cyber risk, a description of management’s role in assessing and managing cyber risks, the relevant expertise of such management, and management’s role in implementing the company’s cybersecurity policies, procedures, and strategies. Meeting the new regulatory requirements can be better achieved by aligning how operational leaders discuss cybersecurity with their boards. Operational managers must start presenting their plans in a way that align with the way boards best contribute — the language of risk, resiliency, and reputation. (Harvard Business Review)


Microsoft Warns of Hackers Using Google Ads to Distribute Royal Ransomware

A developing threat activity cluster has been found using Google Ads in one of its campaigns to distribute various post-compromise payloads, including the recently discovered Royal ransomware. Microsoft, which spotted the updated malware delivery method in late October 2022, is tracking the group under the name DEV-0569. (The Hacker News)