As expected, the UK banned Huawei from participation in its 5G buildout, reversing an earlier decision to permit the company some limited role in non-core sections of its infrastructure. The Guardian reports that all Huawei 5G equipment must be out of British 5G networks by 2027, and that no new 5G gear may be purchased after the end of this year. The BBC says Tory backbenchers remain unsatisfied (they want quicker action) but the decision represents a sharp setback for Huawei. According to Sky News, Huawei UK’s chair, Lord Browne, has resigned.
Trustwave updates its report on Golden Tax, spyware-infested tax software intended for use by companies doing business in China. Their first reports concentrated on GoldenSpy, and they’re now describing GoldenHelper, an earlier malware dropper embedded in Golden Tax.
ESET says the Molerats, also known as the Gaza Hackers, have resurfaced with Welcome Chat, an app that represents itself as offering secure messaging. It does indeed deliver messaging, but security not so much: it’s a spyware carrier by design.
Check Point warns that the Porphiex botnet is delivering Avadon ransomware.
It's Patch Tuesday, and Redmond will issue its round of fixes later today, but SAP is already out with a significant patch. The issue, CVE-2020-6287, arises in the LM Configuration Wizard of the NetWeaver Application Server. Researchers at Onapsis discovered the vulnerability, which is reckoned a serious one. There’s no evidence of exploitation in the wild so far, but CISA strongly recommends applying the patch as soon as possible.