Qualcomm receives U.S. permission to sell 4G chips to Huawei

Qualcomm Inc on Friday received a license from the U.S. government to sell 4G mobile phone chips to China’s Huawei Technologies Co Ltd, an exemption to U.S. trade restrictions imposed on Qualcomm and all other American semiconductor companies amid rising tensions with  China. Representatives declined to comment on the specific 4G products Qualcomm can sell to Huawei but said they were related to mobile devices. This will assist Huawei whose own chip design plans were thwarted in September by U.S. trade restrictions. It remains unclear if 5G chips will be allowed next.

(Reuters)

Microsoft says three APTs have targeted seven COVID-19 vaccine makers

The advanced persistent threats have been identified by Microsoft as being state sponsored attacks traced to Strontium (aka Fancy Bear, APT28) based in Russia, and North Korea-based Zinc (aka the Lazarus Group) and a new North Korean group named Cerium. According to Microsoft, the attacks targeted companies located in Canada, France, India, South Korea, and the United States and focused on vaccine makers, a clinical research organization, and a COVID-19 test developer.

(ZDNet)

Cobalt Strike 4.0 toolkit shared online

The source code for the widely-used Cobalt Strike 4.0 penetration testing toolkit has allegedly been leaked online in a GitHub repository. Experts say the code has been recompiled, and is therefore not the original source code, but it is enough to be of serious concern to security professionals, since it removes barriers of entry to obtaining the tool and essentially makes it easy for the crime groups to procure and modify code as needed on the fly.

(Bleeping Computer)

Schneider Electric publishes a security advisory on Drovorub Linux malware

In another APT28 story, an alert published jointly by Schneider Electric, the NSA, and the FBI warns of Linux malware allegedly deployed by APT28 that would allow state-sponsored hackers to steal files, establishing backdoor access, and remote control targets’ computers, using a sophisticated evasion technique that leverages advanced ‘rootkit’ capabilities to remain under the radar. The government recommends that US organizations update any Linux system to a version running kernel version 3.7 or later to prevent Drovorub’s rootkit infections.

(Security Affairs)

Thanks to our sponsor, Dtex

Forget projects, get answers. Start preventing insider threats, stopping data loss, and monitoring remote employees in minutes, not days. And do it all without invading user privacy. DTEX Systems helps enterprises run safer and smarter with a first-of-its-kind human-centric approach to enterprise operational intelligence.
Learn more and start a free 30-day trial at
dtexsystems.com.

Turkey fines Google for market dominance

A $25.6 million fine was levied by the Turkish Competition Board, which found Google to be violating fair competition rules and abused its dominant power in the market through advertising, by placing text ads above organic search results and ostensibly preventing other companies from showing up in searches if they do not generate advertisement revenue for Google. This is the second major fine from Turkish authorities who are pushing beyond standard EU procedures in seeking punishments for powerful tech companies. 

(Arab News)

Details of 27.7 million Texas drivers exposed online

Vertafore, a provider of insurance software, recently disclosed that an unknown threat actor group illicitly accessed personal information of 27.7 million Texas-based drivers who used its services. Vertafore admitted that the data breach was caused due to a human error after three data files were inadvertently stored in an unsecured storage unit. The exposed information included standard drivers’ license details including vehicle registration histories, but Vertafore states that no social security numbers or financial information was compromised in the incident.

(CISOMag)

Passage of California privacy act could spur similar new regulations in other states

Privacy experts are suggesting that other states are likely to enact CPRA-like laws soon. The California Privacy Rights and Enforcement Act (CPRA), approved by California citizens on Election Day, strengthens privacy regulations in California by creating new requirements for companies that collect and share sensitive personal information. Although slowed by the COVID pandemic, Virginia, Florida, New Hampshire, Washington, Nebraska, New York, Maryland, and North Dakota have copycat versions of the earlier California Privacy Act in the works, with Washington leading the pack and pushing toward 2021 enactment.

(CISO Online)

Deutsche Bank suggests governments impose a tax on working from home

Citing what must be done to rebuild, Deutsche Bank strategist Luke Templeman suggests that a work-from-home tax be imposed to help an economic system that is “not set up to cope with people who can disconnect themselves from face-to-face society.” He suggested that those who continue to work from home should help fund efforts to “help those whose jobs they inadvertently destroy,” since they no longer have to pay for clothes, lunches, transport, and even after-work drinks. He suggests that once the pandemic all clear has been sounded, workers who continue to work from home should be taxed at five percent of their salary.

(The Register)