Cybersecurity News


Highlights from TikTok CEO’s Congress grilling – Week in security with Tony Anscombe

Here are some of the key moments from the five hours of Shou Zi Chew's testimony and other interesting news on the data privacy front

The post Highlights from TikTok CEO’s Congress grilling – Week in security with Tony Anscombe appeared first on WeLiveSecurity

24 March 2023

What TikTok knows about you – and what you should know about TikTok

As TikTok CEO attempts to placate U.S. lawmakers, it’s time for us all to think about the wealth of personal information that TikTok and other social media giants collect about us

The post What TikTok knows about you – and what you should know about TikTok appeared first on WeLiveSecurity

24 March 2023

Spotlight On: BT Group, a New Principal Participating Organization

 

Welcome BT Group, a new Principal Participating Organization (PPO) at the PCI Security Standards Council! The Council’s Participating Organization program enables global collaboration by bringing together industry leaders to strategize about how to protect payment data from the latest threats and to anticipate the needs of an ever-changing payment ecosystem. In this special spotlight edition of our PCI Perspectives Blog, Simon Turner, Senior Manager, ISSCA Consultancy Services at BT Group introduces us to his company and how they are helping to shape the future of payment security.

23 March 2023

TikTok to be banned from UK parliamentary devices

TikTok to be banned from UK parliamentary devices

Move follows UK government’s decision to ban Chinese-owned video-sharing app

Parliament is to ban the Chinese-owned video-sharing app TikTok from “all parliamentary devices and the wider parliamentary network”, citing the need for cybersecurity.

The move goes further than the ban last week of the app on government mobile phones and devices, covering the whole parliamentary network. That means that MPs and parliamentary staff who continue to have TikTok installed on personal devices will find the service blocked if they try to access it over parliamentary wifi.

Continue reading...
23 March 2023

Understanding Managed Detection and Response – and what to look for in an MDR solution

Why your organization should consider an MDR solution and five key things to look for in a service offering

The post Understanding Managed Detection and Response – and what to look for in an MDR solution appeared first on WeLiveSecurity

23 March 2023

Google Suspends Chinese E-Commerce App Pinduoduo Over Malware

Google says it has suspended the app for the Chinese e-commerce giant Pinduoduo after malware was found in versions of the app. The move comes just weeks after Chinese security researchers published an analysis suggesting the popular e-commerce app sought to seize total control over affected devices by exploiting multiple security vulnerabilities in a variety of Android-based smartphones.
22 March 2023

Watch Questions with the Council: PCI DSS v4.0 and the Customized Approach

 

In the second installment of the “Questions with the Council” video series, Data Security Standards Manager, Kandyce Young, answers the payment industry’s questions about PCI DSS v4.0. The questions focus specifically on the customized approach and compensating controls. Questions include:

20 March 2023

Twitter ends free SMS 2FA: Here’s how you can protect your account now

Twitter’s ditching of free text-message authentication doesn’t mean that you should forgo using 2FA. Instead, switch to another – and, indeed, better – 2FA option.

The post Twitter ends free SMS 2FA: Here’s how you can protect your account now appeared first on WeLiveSecurity

20 March 2023

Why You Should Opt Out of Sharing Data With Your Mobile Provider

A new breach involving data from nine million AT&T customers is a fresh reminder that your mobile provider likely collects and shares a great deal of information about where you go and what you do with your mobile device -- unless and until you affirmatively opt out of this data collection. Here's a primer on why you might want to do that, and how. Certain questions might be coming to mind right now, like "What the heck is CPNI?" And, 'If it's so 'customer proprietary,' why is AT&T sharing it with marketers?" Also maybe, "What can I do about it?" Read on for answers to all three questions.
20 March 2023

BBC urges staff to delete TikTok from company mobile phones

BBC urges staff to delete TikTok from company mobile phones

Move comes after UK government bans app on government devices over fears of data being accessed by Chinese state

The BBC has urged its staff to delete the Chinese-own social media app TikTok from corporate mobile phones.

Guidance to BBC staff circulated on Sunday said: “We don’t recommend installing TikTok on a BBC corporate device unless there is a justified business reason. If you do not need TikTok for business reasons, TikTok should be deleted.”

Continue reading...
19 March 2023

Feds Charge NY Man as BreachForums Boss “Pompompurin”

The U.S. Federal Bureau of Investigation (FBI) this week arrested a New York man on suspicion of running BreachForums, a popular English-language cybercrime forum where some of the world biggest hacked databases routinely first show up for sale. The forum's administrator "Pompompurin" has been a thorn in the side of the FBI for years, and BreachForums is widely considered a reincarnation of RaidForums, a remarkably similar crime forum that the FBI infiltrated and dismantled in 2022.
17 March 2023

Why is TikTok banned from government phones – and should rest of us be worried?

Why is TikTok banned from government phones – and should rest of us be worried?

UK has removed app over concerns data can be monitored by Chinese state, but public remain vulnerable

TikTok is wildly popular, with more than 1 billion people consuming its short video posts around the world. But the app is less favoured by politicians in key markets such as the US and UK, where it has been banned from government-issued phones over security fears. We answer your questions about why TikTok has become a lightning rod for suspicion of Chinese state espionage – and whether nationwide bans are likely.

Continue reading...
17 March 2023

Banking turmoil opens opportunities for fraud – Week in security with Tony Anscombe

Scammers are looking to cash in on the chaos that has set in following the startling meltdowns of Silicon Valley Bank and Signature Bank and the crisis at Credit Suisse

The post Banking turmoil opens opportunities for fraud – Week in security with Tony Anscombe appeared first on WeLiveSecurity

17 March 2023

SVB collapse is a scammer’s dream: Don’t get caught out

How cybercriminals can exploit Silicon Valley Bank's downfall for their own ends and at your expense

The post SVB collapse is a scammer’s dream: Don’t get caught out appeared first on WeLiveSecurity

17 March 2023

The TikTok wars – why the US and China are feuding over the app

The TikTok wars – why the US and China are feuding over the app

The US says the extremely popular video-sharing app ‘screams’ of national security concerns and considers a countrywide ban

TikTok is once again fending off claims that its Chinese parent company, ByteDance, would share user data from its popular video-sharing app with the Chinese government, or push propaganda and misinformation on its behalf.

China’s foreign ministry on Wednesday accused the US itself of spreading disinformation about TikTok’s potential security risks following a report in the Wall Street Journal that the committee on foreign investment in the US – part of the treasury department – was threatening a US ban on the app unless its Chinese owners divest their stake.

Continue reading...
16 March 2023

MPs and peers ask information commissioner to investigate TikTok

MPs and peers ask information commissioner to investigate TikTok

Letter argues that Chinese-owned video-sharing app could be in breach of UK law

A cross-party group of MPs and peers have asked the information commissioner to investigate whether the Chinese-owned TikTok’s handling of personal information is in breach of UK law.

The letter from the Inter-Parliamentary Alliance on China (IPAC) argues that TikTok cannot be compliant with data protection rules – and comes just hours after the UK announced a ban on the popular video-sharing app appearing on ministers’ and officials’ government-owned phones.

Continue reading...
16 March 2023

Significant Milestone Hit for Payment Software Security

 

The PCI Security Standards Council recently hit a significant milestone of 100 products validated to the Secure Software Standard. We sat down with Jake Marcinko, Senior Manager, Solutions Standards and Matt O’Connor, Director, Products and Solutions to discuss what this benchmark means for payment security.  

16 March 2023

US threatens to ban TikTok unless Chinese owners divest

US threatens to ban TikTok unless Chinese owners divest

Move is latest escalation by lawmakers over fears user data could be passed on to China’s government

The Biden administration has threatened to ban TikTok in the US unless the social media company’s Chinese owners divest their stakes in it, according to news reports on Wednesday.

The move, first reported by the Wall Street Journal, is the most dramatic in a series of escalations by US officials and legislators, driven by fears that US user data held by the company could be passed on to China’s government. It also comes amid a global backlash to the popular video-based app over concerns about the potential for Chinese spying, with countries including the UK, Canada and Australia recently moving to ban the app from government phones.

Continue reading...
16 March 2023

UK bans TikTok from government mobile phones

UK bans TikTok from government mobile phones

Move brings Britain in line with US and Europe and reflects worsening relations with China

Britain is to ban the Chinese-owned video-sharing app TikTok from ministers’ and civil servants’ mobile phones, bringing the UK in line with the US and the European Commission and reflecting deteriorating relations with Beijing.

The decision marks a sharp U-turn from the UK’s previous position and came a few hours after TikTok said its owner, ByteDance, had been told by Washington to sell the app or face a possible ban in the country.

Continue reading...
16 March 2023

Voice system used to verify identity by Centrelink can be fooled by AI

Voice system used to verify identity by Centrelink can be fooled by AI

Exclusive: Voiceprint program used by millions of Australians to access data held by government agencies shown to have a serious security flaw

A voice identification system used by the Australian government for millions of people has a serious security flaw, a Guardian Australia investigation has found.

Centrelink and the Australian Taxation Office (ATO) both give people the option of using a “voiceprint”, along with other information, to verify their identity over the phone, allowing them to then access sensitive information from their accounts.

Sign up for Guardian Australia’s free morning and afternoon email newsletters for your daily news roundup

Continue reading...
16 March 2023