A lack of visibility into the app could expose business users to compliance risks and security threats, the company says.
Safeguard Cyber today debuted new security protections for WeChat, integrating the app into its NextGen Compliance platform. Enterprise users will be able to apply real-time policy monitoring, and automated archiving and retention, to their WeChat conversations.
WeChat has more than a billion daily active users and about 80% use it for business, SafeGuard Cyber reports. Western companies doing business in China have found it’s necessary to chat with local employees, suppliers, and customers. The problem is, WeChat doesn’t offer much visibility and could expose organizations to compliance risks and cyber threats. Companies don’t have a way to detect malicious links, for example, and US businesses must maintain a “system of record” to remain compliant with the SEC, FINRA, HIPAA, and Chinese regulations.
When authorized by an account owner, the platform can capture data sent and received via WeChat: recipient names, direct message conversation threats, and content types including videos, audio messages, files, and shared contacts. It can follow posted links to external web pages, capture content, and screenshot them. All the data it captures is indexed for search and discovery, and it can be exported. The content may be subject to retention rules, which may vary based on an organization’s needs. SafeGuard Cyber can’t access login credentials.
“WeChat is too big to ignore if you want to do business in China,” SafeGuard Cyber CTO and co-founder Otavio Freire said in a statement. “However, too many companies struggle with opting in to the app securely. Understanding how to empower employees to safely use WeChat is critical for protecting employees, securing sales communications, maintaining compliance, and even driving business insights.”
Read more details here.
Check outThe Edge, Dark Reading’s new section for features, threat data, and in-depth perspectives. Today’s top story:“You Gotta Reach‘Em to Teach‘Em.“
Dark Reading’s Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio
From DHS/US-CERT’s National Vulnerability Database
In Docker before 18.09.4, an attacker who is capable of supplying or manipulating the build path for the “docker build” command would be able to gain command execution. An issue exists in the way “docker build” processes remote git URLs, and results in command injection into the …
In GalliumOS 3.0, CONFIG_SECURITY_YAMA is disabled but /etc/sysctl.d/10-ptrace.conf tries to set /proc/sys/kernel/yama/ptrace_scope to 1, which might increase risk because of the appearance that a protection mechanism is present when actually it is not.
The import-users-from-csv-with-meta plugin before 18.104.22.168 for WordPress has directory traversal.
The import-users-from-csv-with-meta plugin before 22.214.171.124 for WordPress has XSS via imported data.
The import-users-from-csv-with-meta plugin before 126.96.36.199 for WordPress has XSS.