WebProNews

Category: CybersecurityUpdate

CybersecurityUpdate

  • Google Fi VPN Expanding to Support iPhones

    Google Fi VPN Expanding to Support iPhones

    Google is expanding its VPN for its Google Fi cell service to iPhone users, as well as bringing the Android version out of beta.

    Google Fi is a mobile virtual network operator (MVNO) cellular service, first established in 2015. Google Fi piggybacks on T-Mobile and U.S. Cellular’s networks. In 2018, the company unveiled Fi VPN, allowing users to protect their calls and privacy. Originally, however, the VPN service was only available for Android.

    According to a blog post, the company is bringing the Fi VPN service to iPhone users in the spring.

    Everyone should have easy access to tools that protect their personal information. That’s why we’re expanding access to the VPN to iPhone®, so that it will be available for all users on Fi. We plan to roll out the VPN to iPhone® users starting this spring.

    In addition, the Android version of Fi VPN is finally leaving beta, after more than two years. Google’s updates to Fi VPN should help keep users protected, regardless of their phone platform of choice.

  • Microsoft’s New Patch Will Completely Replace Legacy Edge With New Version

    Microsoft’s New Patch Will Completely Replace Legacy Edge With New Version

    Microsoft has announced that an upcoming Windows 10 update will replace Edge Legacy with the new version.

    Microsoft Edge is the company’s replacement for Internet Explorer. Originally, Edge used Microsoft’s own in-house rendering engine. As part of the Windows 10 October 2020 Update, Microsoft unveiled the new version of Edge. The new version is based on Chromium, the same open source foundation for Google’s Chrome. This allows Edge to take advantage of Chrome’s popularity and compatibility.

    Microsoft has announced it is ending support for Edge Legacy on March 9. As a result, to prevent users from using an outdated, insecure browser, Microsoft is removing Edge Legacy and replacing it with the Chromium-based version.

    To replace this out of support application, we are announcing that the new Microsoft Edge will be available as part of the Windows 10 cumulative monthly security update—otherwise referred to as the Update Tuesday (or “B”) release—on April 13, 2021. When you apply this update to your devices, the out of support Microsoft Edge Legacy desktop application will be removed and the new Microsoft Edge will be installed. The new Microsoft Edge offers built-in security and our best interoperability with the Microsoft security ecosystem, all while being more secure than Chrome for businesses on Windows 10.

    While some users may be put off by the thought of Microsoft removing a copy of their program, in this case the company is doing the responsible thing. Web browsers are one of the most commonly exploited attack vectors, so Microsoft removing an outdated and unsupported browser will likely go a long way toward protecting user security.

  • Google Releases Chrome 88 to Fix Zero-Day Vulnerability

    Google Releases Chrome 88 to Fix Zero-Day Vulnerability

    Google Chrome users should immediately update to version 88, as the update fixes a vulnerability that is being actively exploited.

    Google has a policy of not disclosing too much detail about security issues until the majority of users have updated:

    Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

    Nonetheless, the update includes a fix for a heap buffer overflows in the V8 JavaScript engine. The most worrisome detail is that the vulnerability is already being exploited:

    Google is aware of reports that an exploit for CVE-2021-21148 exists in the wild. We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.

    Even if automatic updates are enabled, users should manually update as soon as possible to make sure there’s not unnecessary gaps in their security.

  • Clearview AI Dealt Blow in Canada, Called Illegal

    Clearview AI Dealt Blow in Canada, Called Illegal

    Clearview AI has been dealt its biggest blow yet, with Canada calling the app illegal and demanding it delete photos of Canadian citizens.

    Clearview AI made headlines last year when the depth of its activities were uncovered. The company scraped photos from countless websites, including the top social media platforms, and amassed a database of billions of photos. Clearview then sold access to that database to law enforcement officials all over the country.

    Despite its claims, however, Clearview wasn’t the responsible purveyor of information it claimed to be. Instead, it gave investors, clients and friends access to the company’s database for their own personal uses, including entertainment. The company also began expanding internationally, working on deals with authoritarian regimes.

    Despite multiple investigations in the US, it appears Canada has taken the strongest stance yet, declaring the software illegal.

    “Clearview sells a facial recognition tool that allows law enforcement and commercial organizations to match photographs of unknown people against a massive databank of 3 billion images, scraped from the Internet,” said Daniel Therrien, Privacy Commissioner of Canada. “The vast majority of these people have never been, and will never be, implicated in any crime.

    “What Clearview does is mass surveillance and it is illegal. It is an affront to individuals’ privacy rights and inflicts broad-based harm on all members of society, who find themselves continually in a police lineup. This is completely unacceptable.”

    Clearview tried to make the claim that it did not need permission to collect the photos it uses, since they’re already posted on social media. The Canadian government disagreed, since Clearview’s purpose for collecting the photos differed from the reason people uploaded them.

    As a result, the investigation came to the following conclusion:

    We recommended that Clearview: (i) cease offering its facial recognition tool to clients in Canada; (ii) cease the collection, use and disclosure of images and biometric facial arrays collected from individuals in Canada; and (iii) delete images and biometric facial arrays collected from individuals in Canada in its possession.

    While the government doesn’t yet have the authority to enforce the investigation’s recommendations, Therrien is hopeful Parliament will take them under advisement when it considers upcoming privacy legislation.

    “The company essentially claims that individuals who placed or permitted their images to be placed on the Internet lacked a reasonable expectation of privacy in such images, that the information was publicly available, and that the company’s appropriate business interests and freedom of expression should prevail,” Therrien added.

    “My colleagues and I think these arguments must be rejected. As federal Commissioner, I hope that Parliament considers this case as it reviews Bill C-11, the proposed new private-sector privacy legislation. I hope Parliamentarians will send a clear message that where, as here, there is a conflict between commercial objectives and privacy protection, Canadians’ privacy rights should prevail.”

  • Xiaomi Sues US Government In Effort to Overturn Ban

    Xiaomi Sues US Government In Effort to Overturn Ban

    Xiaomi is suing the US Treasury Department and the Department of Defense in an effort to overturn a Trump administration ban.

    Xiaomi, along with Huawei and ZTE, were banned by the Trump administration over national security concerns. Xiaomi was accused of having close ties with the People’s Liberation Army.

    The company is now challenging the ban, according to Bloomberg, suing the US Treasury and Defense departments.

    “Xiaomi faces imminent, severe, and irreparable harm if the Designation remains in place and the restrictions take effect,” the company said in its court filing, naming Defense Secretary Lloyd Austin and Treasury Secretary Janet Yellen as defendants.

    It remains to be seen what action the Biden administration will take against Chinese firms, and whether it will uphold past action. It’s clear, however, that Xiaomi is testing the waters to see if the the change of administration will result in a change of policy.

  • COVID Has Really Impacted Aerospace… and the Air Force

    COVID Has Really Impacted Aerospace… and the Air Force

    “COVID has really impacted the aerospace industry in this nation and nations around the world disproportionately to other industries… and the Air Force has not been exempt from these impacts,” says former Assistant Secretary of the Air Force for Acquisition, Technology and Logistics, Dr. Will Roper:

    COVID Has Really Impacted Aerospace… and the Air Force

    COVID has really impacted the aerospace industry in this nation and nations around the world disproportionately to other industries. The Air Force has not been exempt from these impacts. We have had to go into a wartime posture and engage with exceptional authorities and funding to keep the aerospace industry, which allows us to go to war, whole.

    But aside from the crisis response that we’ve all been in it’s forced us to do some serious reflection about how we engage with production and supply chains going forward. How does the Air Force need to change the way it views its future self so that we’re not just more ready for a crisis when it occurs but we’re actually designing better systems, doing better engineering, and using technology more effectively? Systems that we need to go to war are going to be hidden behind doors where their vulnerabilities are never going to be exposed because of secrecy.

    Secrecy Hinders Our Ability To Digitally Go To War

    We’re moving into an era where we’re leveraging commercial technology more frequently. Because of that, we can no longer hope that secrecy, keeping our systems classified, will be the sole means for us to be secure. We need to find a new paradigm where openness is also part of our security posture. Now we’re not going to be able to copy commercial industry one for one. Our systems in many cases don’t have a commercial analog. We can’t quickly replace them.

    We’re not in a competition where spirals occur in years. Many of our aerospace breakthroughs, especially those in technologies like stealth, take time to do. Secrecy is going to continue to be part of the equation. But secrecy can’t be the catch-all approach to how we ensure systems are able to digitally go to war and be ready to fight in a cyber environment against an adversary as capable as we are.

    Containerization Solves The Secrecy Problem

    The software development capabilities that technologies like Kubernetes or containerization and Istio bring in to the Air Force. It’s amazing that companies like Google that have now transitioned this to an open-source driven initiative have solved a lot of what we would have to solve as a military. How do you write code in a development environment, in that tech stack that may also represent the physical aspects of your system, but it certainly represents the software components?

    How do you go from your development environment out to the edge securely and know your code will run the same way. Containerization solves that problem for us. The military is behind and adopting it. It’s not old but this technology is moving through industry as fast as Linux did. If we don’t get off the dime we will be left behind. Keep pushing the Air Force and Space Force on this. Do not let us get comfortable.

    COVID Has Really Impacted Aerospace… and the Air Force
  • iOS 14 iMessage Has a Major Security Upgrade

    iOS 14 iMessage Has a Major Security Upgrade

    iMessage in iOS 14 has a major upgrade over previous versions, taking security to an all-new level.

    With more than 1 billion iPhones, Apple’s iMessage is one of the most popular messaging platforms on the market. As a result, it’s a popular target for hackers and bad actors looking for an attack vector.

    It appears Apple has taken a significant step toward protecting iMessage users in iOS 14, adding a behind-the-scenes feature called BlastDoor, first noticed by Samuel Groß, a security researcher with Google’s Project Zero, and reported on by ZDNet.

    BlastDoor unpacks a received message and all its contents in a safe, secure silo. This allows the the message to be opened and viewed without it being able to access the underlying system, user data or anything that could allow it to post a threat.

    Groß seems confident the changes will be a net positive for iMessage security and should help reduce iMessage exploits.

    Overall, these changes are probably very close to the best that could’ve been done given the need for backwards compatibility, and they should have a significant impact on the security of iMessage and the platform as a whole. It’s great to see Apple putting aside the resources for these kinds of large refactorings to improve end users’ security. Furthermore, these changes also highlight the value of offensive security work: not just single bugs were fixed, but instead structural improvements were made based on insights gained from exploit development work.

  • SolarWinds Attack More Widespread, 30% Of Victims Did Not Use Software

    SolarWinds Attack More Widespread, 30% Of Victims Did Not Use Software

    A troubling detail has come to light as part of the SolarWinds investigation, namely that 30% of victims didn’t use the software in question.

    The SolarWinds attack was one of the worst cybersecurity breaches in US history. Hackers compromised SolarWinds’ Orion IT software, injecting a trojan that allowed them to target companies and organizations using the software. The attack was what is known as a supply chain attack, as it compromised legitimate software in the supply chain, before it could be distributed.

    According to new information, however, it appears the hackers behind the attack were not relying solely on SolarWinds software since roughly 30% of victims weren’t using it.

    The hackers “gained access to their targets in a variety of ways. This adversary has been creative,” Brandon Wales, acting director of the Cybersecurity and Infrastructure Security Agency, told The Wall Street Journal. “It is absolutely correct that this campaign should not be thought of as the SolarWinds campaign.”

    The revelation casts a new light on the attack, and the ingenuity the hackers demonstrated, as well as the threat they pose.

  • SolarWinds Hack Was Supply Chain Attack, Says Datadog CEO

    SolarWinds Hack Was Supply Chain Attack, Says Datadog CEO

    “What’s interesting here about the SolarWinds hack, in particular, is that it’s what’s called a supply chain attack,” says Datadog CEO Olivier Pomel. “This means the attack was made on the code that was shipped to the SolarWinds customer. Then there is this new notion in security called shifting left. By left, it means is closer to the developer and earlier in the development process.”

    Datadog CEO Olivier Pomel discusses how the SolarWinds hack signals an increased focus by hackers to target software earlier in its development:

    The SolarWinds hack was definitely a very big one. It’s not especially surprising to see new important hacks like this one but definitely a very impactful one. What it makes very clear is that there’s going to be even more of an arms race when it comes to security. It’s not surprising companies are transforming. They’re having more and more of their activity that is happening online is happening in software. So there’s much more that can be done by attacking that software.

    What we do is we gather as many signals as possible across observability and monitoring. This is the way we come from and across security. What’s interesting here about the SolarWinds hack, in particular, is that it’s what’s called a supply chain attack. This means the attack was made on the code that was shipped to the SolarWinds customer. Then there is this new notion in security called shifting left. By left, it means is closer to the developer and earlier in the development process.

    There’s something really interesting there when it relates to us (Datadog) in how we can solve the problem for our customers by bringing security earlier into the development process and tied in more to the operations and the development of the application. That’s definitely something that we’re investing in and something that we think is going to be a big area of investment for customers in the future.

    SolarWinds Hack Was Supply Chain Attack, Says Datadog CEO Olivier Pomel
  • iPhone and iPad Users Should Run Software Update immediately

    iPhone and iPad Users Should Run Software Update immediately

    iPhone and iPad user should run Software Update immediately and install the latest operating system (OS) version, according to Apple.

    Apple released iOS and iPadOS 14.4 on Tuesday, and the update addressed security issues that may have been actively exploited. The release notes don’t go into detail about the specifics of the security issues, saying that “Apple doesn’t disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available.”

    Apple does say the OS update address an issue with the kernel, as well as with WebKit. In the case of the kernel fix, Apple says “a malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited.”

    Similarly, in regard to the WebKit issue, Apple says “a remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.”

    As a result, all iPhone and iPad users should update to version 14.4 immediately.

  • Gartner: ‘Responsible AI a Societal Concern’

    Gartner: ‘Responsible AI a Societal Concern’

    Gartner has released its Predicts 2021 reports and the outlook for artificial intelligence (AI) includes some troubling growing pains.

    AI is one of the fastest growing industries, and one of the most controversial. Experts have come out on all sides of the debate, with some believing it will help solve some of mankind’s most elusive challenges.

    Others, including Elon Musk, believe it represents one of the biggest existential threats to humanity. Recent research suggests that a super-intelligent AI will be impossible to control, further raising concerns.

    Gartner’s latest reports indicate there are a number of more pressing issues that could pose challenges for AI researchers and the industry at large. Gartner highlights five specific ways AI will impact society:

    By 2025, the concentration of pretrained AI models among 1% of AI vendors will make responsible AI a societal concern.

    In 2023, 20% of successful account takeover attacks will use deepfakes to socially engineer users to turn over sensitive data or move money into criminal accounts.

    By 2024, 60% of AI providers will include a means to mitigate possible harm as part of their technologies.

    By 2025, 10% of governments will use a synthetic population with realistic behavior patterns to train AI while avoiding privacy and security concerns.

    By 2025, 75% of conversations at work will be recorded and analyzed, enabling the discovery of added organizational value and risk.

    These issues illustrate the need for companies and organizations to take the necessary steps now to ensure AI is a force for good.

  • Google Hasn’t Updated iOS Apps Possibly to Avoid Privacy Labels

    Google Hasn’t Updated iOS Apps Possibly to Avoid Privacy Labels

    It’s been a month and a half since Apple introduced privacy labels, and Google has yet to updates many of its iOS apps to support the feature.

    Apple introduced App Privacy Details in iOS and iPadOS 14.3 as a way to inform users of what data apps collect and keep about them. The feature is built around the novel concept that users should know what data companies collect and have a say in it.

    Some companies, such as Facebook have already faced quite a bit of flack when they updated their apps and revealed the extent of the data they collected. It’s been speculated that Google may be trying to avoid that by simply not updating.

    Google issued a blog post on January 12 outlining its support for iOS App Privacy Details, and said it would be updating its apps to support them. A quick look at the App Store at time of writing, however, only show two apps that have been updated to include the information, namely Google Translate and Google Classroom.

    Google’s Privacy Label
    Google’s Privacy Label

    It remains to be seen when Google will update its more popular apps but, the longer the company takes, the more speculation will build that Google doesn’t want to disclose its data collection.

  • On His Way Out, Ajit Pai Warns of China’s Threats to Telecoms

    On His Way Out, Ajit Pai Warns of China’s Threats to Telecoms

    Ajit Pai has stepped down as Federal Communications Commission Chairman (FCC), but he had some parting words of warning regarding China.

    For the last few years, the US and China have been engaged in a devastating trade war. US officials have also targeted a number of Chinese companies over cybersecurity and national security concerns.

    In an interview with Reuters, Pai warned of “injection of malware into networks here in the United States or around the world. There are a number of bad things that can happen when insecure equipment is used to handle sensitive information.”

    Those concerns led the Trump administration to ban Huawei and ZTE, as well as take action against China Telecom. US officials pressured allies to take similar action, many of whom did. It remains to be seen if the Biden administration will continue to restrict Chinese telecom firms, but Pai is warning against taking Beijing lightly in this arena.

    “The Chinese Communist Party has a very determined world view. They want to dominate this space and exert their will — even beyond their own borders,” Pai said Tuesday. “That is a serious threat not just to internet freedom but to national security for us and for many of our allies.”

  • Mozilla Expands VPN to Mac and Linux – Testing Included

    Mozilla Expands VPN to Mac and Linux – Testing Included

    Mozilla has been looking to expand its services and products beyond its Firefox web browser in an effort to diversify its profits. One of those endeavors is its VPN service that started life as a Firefox extension, before transitioning to a closed beta and then a publicly available service.

    The initial releases, however, only supported Windows, Android and iOS. The company has now expanded its support to include macOS and Linux, rounding out support for every major platform.

    Mozilla VPN currently offers service in the US, the UK, Canada, New Zealand, Singapore and Malaysia. This makes its focus far more narrow than competing services, such as ExpressVPN, although Mozilla says more countries will be added.

    Mozilla promises it doesn’t log network activity and doesn’t restrict bandwidth. Like many of its competitors, Mozilla VPN can be run on five different devices from a single account.

    The company has claimed that its service is faster than rivals because it uses less code. In our testing, however, those claims seem highly subjective, based on the selected VPN server.

    For example, starting with an internet connection that averages 35 to 40 Mbps, we connected to Mozilla VPN using the three closest available locations. Two of the locations yielded speeds ranging from 0.37 to 0.44 Mbps. The third location, Chicago, yielded speeds of 32 and 33 Mbps.

    Mozilla VPN Speed Tests
    Mozilla VPN Speed Tests

    While not comprehensive, our brief testing shows Mozilla still has some work to do before it rivals ExpressVPN, widely considered the fastest service available.

    Nonetheless, with Mozilla’s well-established reputation for protecting user privacy, their entry into the market is a welcome one.

  • India Wants WhatsApp to Abandon Its Planned Privacy Changes

    India Wants WhatsApp to Abandon Its Planned Privacy Changes

    India has asked WhatsApp to reconsider its announced privacy changes, the latest backlash the company is facing.

    WhatsApp made headlines when it notified users it was changing its privacy terms. Under the new terms, the company would share data it collects with other Facebook-owned companies, regardless of whether users have accounts with them or not. Users originally had until February 8 to accept the terms or stop using WhatsApp.

    Needless to say, the backlash was swift and severe. Users began abandoning WhatsApp, migrating to Signal and Telegram, while new downloads of WhatsApp plummeted. As a result, the company announced it was moving back the implementation date till May 15.

    In the meantime, however, India is asking WhatsApp to abandon the plans altogether, according to Reuters.

    “The proposed changes raise grave concerns regarding the implications for the choice and autonomy of Indian citizens,” wrote the Ministry of Electronics and Information Technology in an email to WhatsApp boss Will Cathcart and seen by Reuters. “Therefore, you are called upon to withdraw the proposed changes.”

    Given how popular WhatsApp is in India, not to mention the company’s plans to expand its services there, India’s request could pose significant issues for WhatsApp’s proposed changes.

  • FBI Warns of Increased Voice Phishing Attacks Over VoIP

    FBI Warns of Increased Voice Phishing Attacks Over VoIP

    The FBI is warning that cyber criminals are taking advantage of VoIP systems to target company employees in sophisticated voice phishing attacks.

    As the pandemic has forced unprecedented numbers of employees to work remotely, maintaining the same level of corporate security has become an issue. Cyber criminals are taking advantage of this by gaining access to VoIP systems and company chatrooms and then convincing employees to log into a fake VPNs in an effort to steal their credentials.

    The FBI issued an advisory to warn companies and help them mitigate the threat.

    As of December 2019, cyber criminals collaborated to target both US-based and international-based employees’ at large companies using social engineering techniques. The cyber criminals vished these employees through the use of VoIP platforms. Vishing attacks are voice phishing, which occurs during a phone call to users of VoIP platforms. During the phone calls, employees were tricked into logging into a phishing webpage in order to capture the employee’s username and password. After gaining access to the network, many cyber criminals found they had greater network access, including the ability to escalate privileges of the compromised employees’ accounts, thus allowing them to gain further access into the network often causing significant financial damage.

    In one instance, the cyber criminals found an employee via the company’s chatroom, and convinced the individual to log into the fake VPN page operated by the cyber criminals. The actors used these credentials to log into the company’s VPN and performed reconnaissance to locate someone with higher privileges. The cyber criminals were looking for employees who could perform username and e-mail changes and found an employee through a cloud-based payroll service. The cyber criminals used a chatroom messaging service to contact and phish this employee’s login credentials.

    The FBI recommends multiple mitigation steps, including enabling multi-factor authentication, starting new employees with minimal security privileges, actively scanning for unauthorized access or modifications, implementing network segmentation and giving administrators two accounts, one with admin privileges and the second for other duties.

  • Facebook Suing Chrome Extension Makers For Spying On Users

    Facebook Suing Chrome Extension Makers For Spying On Users

    Facebook is suing the makers of four Chrome extensions, claiming the extensions are used to spy on users.

    Facebook, Inc. and Facebook Ireland filed a lawsuit againts two people behind the Portuguese business “Oink and Stuff.” Facebook alleges that the individuals have created four Chrome extensions that scrape information from a user’s Facebook profile, as well as from the information stored in their browser unrelated to Facebook. To make matters worse, the extensions’ privacy policy specifically claims the software doesn’t collect any personal information.

    The extensions in question are Web for Instagram plus DM, Blue Messenger, Emoji keyboard and Green Messenger. Jessica Romero, Director of Platform Enforcement and Litigation, described the information being scraped:

    When people installed these extensions on their browsers, they were installing concealed code designed to scrape their information from the Facebook website, but also information from the users’ browsers unrelated to Facebook — all without their knowledge. If the user visited the Facebook website, the browser extensions were programmed to scrape their name, user ID, gender, relationship status, age group and other information related to their account. The defendants did not compromise Facebook’s security systems. Instead, they used the extensions on the users’ devices to collect information.

    Facebook does not appear to be seeking any monetary damages, but is instead looking for an injunction that will force the defendants to delete all the Facebook data they have collected.

    For a company that has a reputation for being on the wrong side of privacy issues, it’s a nice change to see Facebook on the right side of this one. On the flip side, it should be a major concern to users that Google’s own Chrome Web Store is insecure enough that Facebook felt it necessary to sue a Chrome extension maker to resolve the issue.

  • Google Not Impacted by SolarWinds Hack, Despite Using Its Software

    Google Not Impacted by SolarWinds Hack, Despite Using Its Software

    Google has announced it was not impacted by the SolarWinds hack, one of the biggest cybersecurity breaches in US history.

    Corporations and government agencies were compromised by a supply chain attack involving SolarWinds’ Orion IT software. Hackers managed to compromise Orion IT, creating a trojanized version that left organizations using it open to attack.

    Despite using SolarWinds software, Google has announced it is not one of the companies impacted. Phil Venables, CISO, Google Cloud, confirmed the information in a blog post:

    Based on what is known about the attack today, we are confident that no Google systems were affected by the SolarWinds event. We make very limited use of the affected software and services, and our approach to mitigating supply chain security risks meant that any incidental use was limited and contained. These controls were bolstered by sophisticated monitoring of our networks and systems.

    This is good news for Google, as well as its cloud customers.

  • Trump Administration Blocking More Companies From Selling to Huawei

    Trump Administration Blocking More Companies From Selling to Huawei

    The Trump administration is moving to revoke the licenses of companies previously cleared to sell products to Huawei.

    The US has engaged in a coordinated effort to isolate Huawei, citing national security concerns. The company is widely believed to have close ties with the Chinese government and intelligence apparatus. While all Chinese firms are required to cooperate with the government, Huawei’s ties are seen as closer than most.

    US officials have already banned Huawei, and pressured allies to do the same, with many following suit. The US even modified the Entity List and Foreign Direct Product Rule to cut the company off from suppliers, including those in other countries that rely on US technology. This resulted in Huawei losing access to chips from TSMC, Samsung and SK Hynix. In spite of that, some companies were granted licenses that allowed them to continue doing business with Huawei, such as Intel and Qualcomm.

    It appears the administration is preparing to revoke a number of those licenses, as well as deny additional applications, according to Reuters. One of the main companies impacted is Intel, with their license being one of the ones revoked.

    Reuters saw an email by the Semiconductor Industry Association, in which it said the Commerce Department intends “to deny a significant number of license requests for exports to Huawei and a revocation of at least one previously issued license.”

    It remains to be seen if the incoming Biden administration will take the same hard stance against Huawei but, for the time being, this is another major blow to the Chinese firm.

  • Illinois Facebook Users Will Receive $350 From Settlement

    Illinois Facebook Users Will Receive $350 From Settlement

    Illinois Facebook users will be receiving roughly $350 from the landmark privacy case against the social media giant.

    In January 2020, Facebook tentatively agreed to a $550 million settlement in an Illinois class-action lawsuit over the state’s biometric privacy law, with the final amount reaching $650 million. The Illinois Biometric Information Privacy Act prohibits private companies from collecting or using biometric data — such as facial recognition, voiceprint or fingerprint data — without written notification and written consent.

    In the first true test of the law, the Illinois class-action suit against Facebook took the company to task for violating that law. Facebook uses biometric data in a number of ways, including using facial recognition for photo tagging recommendations.

    According to the Chicago Tribune, some 1.6 million Illinois Facebook users will be receiving payments to the tune of $350 each. The payments were originally estimated to be closer to $400, but an additional 200,000 claims lowered the amount.

    Either way, the settlement should serve as a warning to companies to do a better job of respecting their users’ privacy.

  • Swedish Court Strikes Dashes Huawei’s Hopes, Upholds Ban

    Swedish Court Strikes Dashes Huawei’s Hopes, Upholds Ban

    A Swedish court has dismissed Huawei’s appeal of a ban preventing it from participating in the country’s 5G network.

    Huawei has been under pressure around the globe, as a result of its perceived ties to the Chinese government and intelligence community. The US, in particular, has been vocal in accusing the company of being a security risk. A number of countries have banned Huawei from participation in their 5G networks, including Sweden.

    Huawei appealed the ban, but a Swedish court has struck down the appeal, according to U.S. News & World Report, despite Huawei reportedly being willing to meet any demand the Swedish government might have.

    “A ruling by the Administrative Court of Appeal in a case relating to the law on electronic communication is final and therefore cannot be appealed,” the Supreme Administrative Court said. “The appeal should thus be dismissed.”

    This is just the latest in a string of defeats for the Chinese company that has seen it cut off from its primary chipmakers and forced to sell its smartphone business.