news
Huawei opens Global Cybersecurity and Privacy Protection Transparency Centre in China
uawei opened its largest Global Cybersecurity
H and Privacy Protection Transparency Centre in
Dongguan , China , with representatives from GSMA , SUSE , the British Standards Institution and regulators from the UAE and Indonesia speaking at the opening ceremony .
Along with the opening of the new centre , Huawei also released its Product Cybersecurity Baseline , marking the first time the company has made its product security baseline framework and management practices available to the industry as a whole .
Together , we can strike the right balance between security and development in an increasingly digital world .”
The centre is designed to demonstrate solutions and share experience , facilitate communication and joint innovation and support security testing and verification . It will be open to regulators , independent third-party testing organisations and standards organisations , as well as Huawei customers , partners and suppliers .
These actions are part of the company ’ s broader efforts to engage with customers , suppliers , standards organisations and other stakeholders to jointly strengthen cybersecurity across the industry .
“ Cybersecurity is more important than ever ,” said Ken Hu , Huawei ’ s Rotating Chairman , at the opening of the Dongguan centre . “ As an industry , we need to work together , share best practices and build our collective capabilities in governance , standards , technology and verification . “ We need to give both the general public and regulators a reason to trust in the security of the products and services they use on a daily basis .
Tenable research finds serious vulnerability in Microsoft Teams
enable has disclosed details of a serious vulnerability
T in Microsoft Teams discovered by its Zero-Day
Research Team . By abusing PowerApps functionality ( a separate product used within Teams for building and using custom business apps ), threat actors could gain persistent read / write access to a victim user ’ s email , Teams chats , OneDrive , Sharepoint and a variety of other services by way of a malicious Microsoft Teams tab and Power Automate flows .
According to Microsoft , Teams reached 145 million daily active users in March 2021 , roughly a 90 % increase in the last 12 months . The growth is largely driven by a surge in remote work and distance learning , with many organisations rushing to make cloud-based communication and collaboration as simple as possible .
“ Despite its simplicity , this vulnerability poses a significant risk as it could be leveraged to launch a number of different attacks across a variety of services , potentially exposing sensitive files and conversations , or to allow an attacker to masquerade as other users and perform actions on their behalf ,” said Evan Grant , Staff Research Engineer at Tenable .
Exploit of this vulnerability is limited to authenticated users within a Teams organisation who have the ability to create Power Apps tabs , meaning it can ’ t be exploited by an untrusted / unauthenticated attacker .
At this time , there is no evidence that this vulnerability has been exploited in the wild . Microsoft has implemented a solution to this issue , with no further action needed from end-users .
12 www . intelligentciso . com