ISBuzz Team

The UK government has decided to allow Huawei to continue to be in its 5G networks, despite US officials warning to do so would pose a severe security risk. Reactions on Twitter: https://twitter.com/ScotNational/status/1222446030236667904 https://twitter.com/freddie1999/status/1222293179254349824 https://twitter.com/HOBMakanju/status/1222271329631645696 https://twitter.com/john_p_d/status/1222226082520346624

It has been reported that Gedia Automotive Group has been the victim of a cyber-attack by a gang using ransomware known as Sodinokibi. The German automotive parts maker, which is based in Attendorn, supplies lightweight chassis parts to carmakers across the world from locations including Spain, Poland, Hungary, China and the US. In an initial statement the company said that following the attack it had immediately shut down its systems to prevent a complete breakdown of IT infrastructure. https://twitter.com/DtgJon/status/1220814709810745344

According to BBC News, the UK government is developing laws that would require manufacturers to ensure their smart gadgets cannot be hacked and exploited via the internet. This is in the face of concerns that many internet-enabled devices lack basic security features. Under the proposed laws, manufacturers would have to: ensure all internet-enabled devices had a unique password provide a public point of contact so anyone could report a vulnerability state the minimum length of time a device would receive security updates

It has been reported that an antivirus program used by hundreds of millions of people around the world is selling highly sensitive web browsing data to many of the world’s biggest companies, a joint investigation by Motherboard and PCMag has found. The Avast division charged with selling the data is Jumpshot, a company subsidiary that’s been offering access to user traffic from 100 million devices, including PCs and phones. In return, clients—from big brands to e-commerce providers—can learn what consumers are buying and where, whether it be from a Google or Amazon search, an ad from a news article, or a post on Instagram.…

All Internet of Things and consumer smart devices will need to adhere to specific security requirements, under new government proposals. The aim of the legislation is to help protect UK citizen and businesses from the threats posed by cyber criminals increasingly targeting Internet of Things devices. The proposed measures from the Department for Culture, Media and Sport (DCMS) have been developed in conjunction with the UK’s National Cyber Security Centre (NCSC) and come following a consultation period with information security experts, product manufacturers and retailers and others. “Our new law will hold firms manufacturing and selling internet-connected devices to account and stop hackers threatening…

Hackers could eavesdrop on scores of Zoom Meetings by generating and verifying Zoom Meeting IDs; Zoom rolls out a series of security changes to fix flaws  Check Point Research identified a major security flaw in Zoom, the popular video conferencing service used by over 60% of the Fortune 500.  Check Point’s researchers were able to prove that hackers could easily generate and verify Zoom Meeting IDs to target victims, enabling a hacker to eavesdrop on Zoom meetings, giving them intrusive access to all audio, video and documents shared throughout the duration of the meeting. Guessing Zoom Meeting IDs  Zoom meeting…

A spike in fraudulent transactions has forced the Google Security team to suspend all publishing and uploading of paid Chrome extensions to the Chrome Web store. https://twitter.com/androidcentral/status/1222057977877798914

In response to reports that the Chrome Web Store has experienced a wave of fraudulent transactions prompting a temporary suspension or updating of any commercial Chrome extensions on the official Chrome Web Store, security experts commented below.

It has been reported that the US Cybersecurity and Infrastructure Agency (CISA) today issued an advisory for six high-severity security vulnerabilities in patient monitoring devices. These flaws could allow an attacker to make changes at the software level of a device and in doing so interfere with its functionality, render it unusable, change alarm settings, or expose personal health information.

Cofense has released release its Q4 2019 Malware Trends report, shedding light on the malware families, delivery methods and campaigns that dominated the past quarter. Q4 2019 demonstrated an overall decrease in malware volume, as Emotet (also known as Geodo) overtook the limelight and threat actors scaled down for the holidays. The information stealer Loki Bot edged out once abundant Agent Tesla keylogger from its top spot as the most prevalent non-Emotet malware, demonstrating perpetual lead changes between the two. Less-experienced threat actors have likely favored Loki Bot over its competition thanks to easy deployment and low maintenance, enabling more…