Cybersecurity News
Highlights from TikTok CEO’s Congress grilling – Week in security with Tony Anscombe
Here are some of the key moments from the five hours of Shou Zi Chew's testimony and other interesting news on the data privacy front
The post Highlights from TikTok CEO’s Congress grilling – Week in security with Tony Anscombe appeared first on WeLiveSecurity
What TikTok knows about you – and what you should know about TikTok
As TikTok CEO attempts to placate U.S. lawmakers, it’s time for us all to think about the wealth of personal information that TikTok and other social media giants collect about us
The post What TikTok knows about you – and what you should know about TikTok appeared first on WeLiveSecurity
Spotlight On: BT Group, a New Principal Participating Organization
Welcome BT Group, a new Principal Participating Organization (PPO) at the PCI Security Standards Council! The Council’s Participating Organization program enables global collaboration by bringing together industry leaders to strategize about how to protect payment data from the latest threats and to anticipate the needs of an ever-changing payment ecosystem. In this special spotlight edition of our PCI Perspectives Blog, Simon Turner, Senior Manager, ISSCA Consultancy Services at BT Group introduces us to his company and how they are helping to shape the future of payment security.
TikTok to be banned from UK parliamentary devices
Move follows UK government’s decision to ban Chinese-owned video-sharing app
Parliament is to ban the Chinese-owned video-sharing app TikTok from “all parliamentary devices and the wider parliamentary network”, citing the need for cybersecurity.
The move goes further than the ban last week of the app on government mobile phones and devices, covering the whole parliamentary network. That means that MPs and parliamentary staff who continue to have TikTok installed on personal devices will find the service blocked if they try to access it over parliamentary wifi.
Continue reading...Understanding Managed Detection and Response – and what to look for in an MDR solution
Why your organization should consider an MDR solution and five key things to look for in a service offering
The post Understanding Managed Detection and Response – and what to look for in an MDR solution appeared first on WeLiveSecurity
Google Suspends Chinese E-Commerce App Pinduoduo Over Malware
Google says it has suspended the app for the Chinese e-commerce giant Pinduoduo after malware was found in versions of the app. The move comes just weeks after Chinese security researchers published an analysis suggesting the popular e-commerce app sought to seize total control over affected devices by exploiting multiple security vulnerabilities in a variety of Android-based smartphones.Watch Questions with the Council: PCI DSS v4.0 and the Customized Approach
In the second installment of the “Questions with the Council” video series, Data Security Standards Manager, Kandyce Young, answers the payment industry’s questions about PCI DSS v4.0. The questions focus specifically on the customized approach and compensating controls. Questions include:
Twitter ends free SMS 2FA: Here’s how you can protect your account now
Twitter’s ditching of free text-message authentication doesn’t mean that you should forgo using 2FA. Instead, switch to another – and, indeed, better – 2FA option.
The post Twitter ends free SMS 2FA: Here’s how you can protect your account now appeared first on WeLiveSecurity
Why You Should Opt Out of Sharing Data With Your Mobile Provider
A new breach involving data from nine million AT&T customers is a fresh reminder that your mobile provider likely collects and shares a great deal of information about where you go and what you do with your mobile device -- unless and until you affirmatively opt out of this data collection. Here's a primer on why you might want to do that, and how. Certain questions might be coming to mind right now, like "What the heck is CPNI?" And, 'If it's so 'customer proprietary,' why is AT&T sharing it with marketers?" Also maybe, "What can I do about it?" Read on for answers to all three questions.BBC urges staff to delete TikTok from company mobile phones
Move comes after UK government bans app on government devices over fears of data being accessed by Chinese state
The BBC has urged its staff to delete the Chinese-own social media app TikTok from corporate mobile phones.
Guidance to BBC staff circulated on Sunday said: “We don’t recommend installing TikTok on a BBC corporate device unless there is a justified business reason. If you do not need TikTok for business reasons, TikTok should be deleted.”
Continue reading...Feds Charge NY Man as BreachForums Boss “Pompompurin”
The U.S. Federal Bureau of Investigation (FBI) this week arrested a New York man on suspicion of running BreachForums, a popular English-language cybercrime forum where some of the world biggest hacked databases routinely first show up for sale. The forum's administrator "Pompompurin" has been a thorn in the side of the FBI for years, and BreachForums is widely considered a reincarnation of RaidForums, a remarkably similar crime forum that the FBI infiltrated and dismantled in 2022.Why is TikTok banned from government phones – and should rest of us be worried?
UK has removed app over concerns data can be monitored by Chinese state, but public remain vulnerable
TikTok is wildly popular, with more than 1 billion people consuming its short video posts around the world. But the app is less favoured by politicians in key markets such as the US and UK, where it has been banned from government-issued phones over security fears. We answer your questions about why TikTok has become a lightning rod for suspicion of Chinese state espionage – and whether nationwide bans are likely.
Continue reading...Banking turmoil opens opportunities for fraud – Week in security with Tony Anscombe
Scammers are looking to cash in on the chaos that has set in following the startling meltdowns of Silicon Valley Bank and Signature Bank and the crisis at Credit Suisse
The post Banking turmoil opens opportunities for fraud – Week in security with Tony Anscombe appeared first on WeLiveSecurity
SVB collapse is a scammer’s dream: Don’t get caught out
How cybercriminals can exploit Silicon Valley Bank's downfall for their own ends and at your expense
The post SVB collapse is a scammer’s dream: Don’t get caught out appeared first on WeLiveSecurity
The TikTok wars – why the US and China are feuding over the app
The US says the extremely popular video-sharing app ‘screams’ of national security concerns and considers a countrywide ban
TikTok is once again fending off claims that its Chinese parent company, ByteDance, would share user data from its popular video-sharing app with the Chinese government, or push propaganda and misinformation on its behalf.
China’s foreign ministry on Wednesday accused the US itself of spreading disinformation about TikTok’s potential security risks following a report in the Wall Street Journal that the committee on foreign investment in the US – part of the treasury department – was threatening a US ban on the app unless its Chinese owners divest their stake.
Continue reading...MPs and peers ask information commissioner to investigate TikTok
Letter argues that Chinese-owned video-sharing app could be in breach of UK law
A cross-party group of MPs and peers have asked the information commissioner to investigate whether the Chinese-owned TikTok’s handling of personal information is in breach of UK law.
The letter from the Inter-Parliamentary Alliance on China (IPAC) argues that TikTok cannot be compliant with data protection rules – and comes just hours after the UK announced a ban on the popular video-sharing app appearing on ministers’ and officials’ government-owned phones.
Continue reading...Significant Milestone Hit for Payment Software Security
The PCI Security Standards Council recently hit a significant milestone of 100 products validated to the Secure Software Standard. We sat down with Jake Marcinko, Senior Manager, Solutions Standards and Matt O’Connor, Director, Products and Solutions to discuss what this benchmark means for payment security.
US threatens to ban TikTok unless Chinese owners divest
Move is latest escalation by lawmakers over fears user data could be passed on to China’s government
The Biden administration has threatened to ban TikTok in the US unless the social media company’s Chinese owners divest their stakes in it, according to news reports on Wednesday.
The move, first reported by the Wall Street Journal, is the most dramatic in a series of escalations by US officials and legislators, driven by fears that US user data held by the company could be passed on to China’s government. It also comes amid a global backlash to the popular video-based app over concerns about the potential for Chinese spying, with countries including the UK, Canada and Australia recently moving to ban the app from government phones.
Continue reading...UK bans TikTok from government mobile phones
Move brings Britain in line with US and Europe and reflects worsening relations with China
Britain is to ban the Chinese-owned video-sharing app TikTok from ministers’ and civil servants’ mobile phones, bringing the UK in line with the US and the European Commission and reflecting deteriorating relations with Beijing.
The decision marks a sharp U-turn from the UK’s previous position and came a few hours after TikTok said its owner, ByteDance, had been told by Washington to sell the app or face a possible ban in the country.
Continue reading...Voice system used to verify identity by Centrelink can be fooled by AI
Exclusive: Voiceprint program used by millions of Australians to access data held by government agencies shown to have a serious security flaw
A voice identification system used by the Australian government for millions of people has a serious security flaw, a Guardian Australia investigation has found.
Centrelink and the Australian Taxation Office (ATO) both give people the option of using a “voiceprint”, along with other information, to verify their identity over the phone, allowing them to then access sensitive information from their accounts.
Sign up for Guardian Australia’s free morning and afternoon email newsletters for your daily news roundup
Continue reading...