Malware designed to provide backdoor access to corporate networks, gain administrative privileges and deliver additional payloads was hidden in tax software the Chinese government requires companies doing business in the nation to use, researchers at the security firm Trustwave report.
Ramping up authentication as e-commerce continues to grow requires achieving a delicate balance of a frictionless, yet secure, consumer experience, says Robert Capps of NuData Security, a unit of Mastercard.
Britain's U-turn on Huawei, announcing that it will now ban the manufacturer's gear from its 5G networks, highlights this as yet unresolved problem: Years of underinvestment and policy failures have left Britain and its allies with no inexpensive, trusted alternative.
The British government has officially reversed course and will now ban Huawei's telecom gear from its 5G networks. The ban on use of the Chinese firm's equipment, based in part on U.S. sanctions against the manufacturer, goes into effect at year's end.
Auction website LiveAuctioneers has acknowledged that it sustained a data breach in June. The announcement came after threat intelligence firm CloudSEK reported that it discovered about 3.4 million LiveAutioneers customers' records had been posted for sale on a darknet forum.
An Israeli court has dismissed a petition filed by Amnesty International that sought to revoke the security export license of NSO Group, a tech firm that's been accused of selling hacking tools to governments for targeting dissidents, journalists and lawyers.
It's common for security researchers to be ignored when reporting a software vulnerability. The latest example - vulnerabilities found by Independent Security Evaluators in a router made by China-based Tenda.
Enterprises want to make greater use of connected devices to develop new services and gain efficiencies, but security is a paramount concern. Piers Hogarth-Scott and Katherine Robins of KPMG break down the risks and the challenges around IoT security.
The lessons of the Mirai botnet's abuse of internet-connected devices four years ago have been taken to heart, says Aaron Guzman of OWASP, which is working with others to improve security benchmarks and testing for connected devices.
Manufacturers are increasingly adding connectivity to everyday devices, but it's not always evident how privacy and security is managed. Detailed technical labels could give purchasers more insight, says Pardis Emami-Naeini, a post-doctoral scholar at Carnegie Mellon University.
Wells Fargo, the fourth largest bank in the U.S., has directed employees to remove the TikTok social media app from their company-issued devices, citing security concerns. The news comes after Amazon sent mixed signals to its employees about use of the social media app.