NEWS
Huawei opens cybersecurity center in China
Huawei has opened its largest Global Cybersecurity and Privacy Protection Transparency Center in Dongguan , China , with representatives from GSMA , SUSE , the British Standards Institution and regulators from the UAE and Indonesia speaking at the opening ceremony .
Along with the opening of the new center , Huawei also released its Product Cybersecurity Baseline , marking the first time the company has made its product security baseline framework and management practices available to the industry as a whole .
These actions are part of the company ’ s broader efforts to engage with customers , suppliers , standards organizations and other stakeholders to jointly strengthen cybersecurity across the industry .
“ Cybersecurity is more important than ever ,” said Ken Hu , Huawei ’ s Rotating Chairman , at the opening of the Dongguan center . “ As an industry , we need to work together , share best practices and build our collective capabilities in governance , standards , technology and verification .
We need to give both the general public and regulators a reason to trust in the security of the products and services they use on a daily basis . Together , we can strike the right balance between security and development in an increasingly digital world .”
The center is designed to demonstrate solutions and share experience , facilitate communication and joint innovation and support security testing and verification . It will be open to regulators , independent thirdparty testing organizations and standards organizations , as well as Huawei customers , partners and suppliers .
Tenable research finds serious vulnerability in Microsoft Teams
Tenable has disclosed details of a serious vulnerability in Microsoft
Teams discovered by its Zero-Day Research Team . By abusing PowerApps functionality ( a separate product used within Teams for building and using custom business apps ), threat actors could gain persistent read / write access to a victim user ’ s email , Teams chats , OneDrive , Sharepoint and a variety of other services by way of a malicious Microsoft Teams tab and Power Automate flows .
According to Microsoft , Teams reached 145 million daily active users in March 2021 , roughly a 90 % increase in the last 12 months . The growth is largely driven by a surge in remote work and distance learning , with many organizations rushing to make cloud-based communication and collaboration as simple as possible .
“ Despite its simplicity , this vulnerability poses a significant risk as it could be leveraged to launch a number of different attacks across a variety of services , potentially exposing sensitive files and conversations , or to allow an attacker to masquerade as other users and perform actions on their behalf ,” said Evan Grant , Staff Research Engineer at Tenable .
Exploit of this vulnerability is limited to authenticated users within a Teams organization who have the ability to create Power Apps tabs , meaning it can ’ t be exploited by an untrusted / unauthenticated attacker .
At this time there is no evidence that this vulnerability has been exploited in the wild . Microsoft has implemented a solution to this issue , with no further action needed from end-users .
www . intelligentcio . com INTELLIGENTCIO APAC 9