5 Companies That Had A Rough Week

The Week Ending March 29

Topping this week's roundup of those having a rough week is Huawei, whose products, according to a just-released report in the U.K., have serious security vulnerabilities and problems.

Also making the list this week was Asus, whose PCs were found to be infected with malware distributed by a hacked software update. DXC Technology made the list for getting hit with an employee discrimination lawsuit while Salesforce.com was sued by women victimized by human traffickers, charging that the company's software aided the now-shuttered Backpage.com. And these are tough times for Oracle workers who are facing wide-scale layoffs.

Not everyone in the IT industry was having a rough go of it this week. For a rundown of companies that made smart decisions, executed savvy strategic moves—or just had good luck—check out this week's 5 Companies That Came To Win roundup.

British Watchdog Finds 'Serious' Huawei Security Vulnerabilities

Huawei, already battling U.S. accusations that its networking equipment could be used to spy for China, took another hit this week when a British review of Huawei's security found "serious" problems in the company's networking and telecommunications equipment that could be exploited by governments or independent hackers.

A report released Thursday by the Huawei Cyber Security Evaluation Centre said that vulnerabilities related to Huawei's "basic engineering competence and cybersecurity hygiene" could be exploited by a range of actors. The report also said that a number of the "several hundred vulnerabilities and issues" in Huawei products that HCSEC reported to the company last year have yet to be fixed.

The HCSEC is a British organization that reviews Huawei's hardware and software under a 2010 agreement between Huawei and the U.K.

Asus Deploys Security Fixes, Encryption After 'Sophisticated' Cyberattack

Asus scrambled this week to deploy fixes and improved encryption after an estimated 1 million Asus PCs were compromised by a malicious software update that was distributed through legitimate channels.

The cyberattack, initially disclosed by Kaspersky Lab and later confirmed by Symantec, said Asus' own PC update software was compromised by hackers in order to deliver malware to users. Cybercriminals specifically compromised the Asus Live Update utility, which provides BIOS, UEFI and software updates to Asus PCs, and delivered a malicious update between June and November of last year.

Kaspersky described the "ShadowHammer" hack as "one of the biggest supply chain attacks ever."

Asus acknowledged that there had been a "sophisticated attack" on the company's Live Update servers. The company issued a fix for PCs through its Live Update 3.6.8 and took steps to implement enhanced encryption for its software update systems and to strengthen its server-to-customer software architecture.

DXC Technology Hit With Discrimination Suit By Former Employee

DXC Technology, already facing a multimillion-dollar breach of contract lawsuit from a former executive, was hit with another lawsuit this week from a former employee alleging that her firing constituted age, racial and gender discrimination.

The lawsuit, which landed in U.S. District Court in Charleston, West Virginia, this week, was filed by a former operations manager at Molina Medicaid Solutions, which DXC acquired in October 2018. The plaintiff, a 56-year-old African American woman who had worked at Molina Medicaid since 2003, was fired along with four other employees in November despite what she said were earlier assurances that no layoffs were planned.

DXC is already defending itself against a $9.9 million breach of contract lawsuit filed in February by former executive vice president Stephen Hilton.

Lawsuit Alleges Salesforce Aided Backpage.com's Sex Trafficking Business

Sticking with the topic of lawsuits, CRM cloud application giant Salesforce found itself on the wrong end of a lawsuit this week when 50 women victimized by human traffickers sued Salesforce alleging the company's software supported the now-shuttered website that facilitated their prostitution.

Backpage.com, which allegedly included ads for prostitution and trafficking of minors, was shut down by federal agents last year for enabling human trafficking.

In the suit, filed in California Superior Court, 50 women said Backpage made possible their abuse and rape and Salesforce should be held accountable because the company supported Backpage with custom database services and tools.

The lawsuit puts Salesforce in an awkward position, given that the company is well-known for its philanthropic and human rights efforts. A Salesforce spokesperson declined to comment on the suit other than to say the company remains "deeply committed to the ethical and humane use" of its products.

Hundreds Of Oracle Workers Face Layoffs

Oracle revealed that it plans to cut hundreds of jobs across the U.S. as it looks to improve its financials in what appears to be part of a much larger workforce restructuring.

The software giant reported the layoffs to the state of California in accordance with state laws that require advance notification of workforce reductions. The company said it plans to lay off 255 workers at its Redwood Shores, Calif., headquarters, including developers in its product development organization, and another 97 at nearby Santa Clara, Calif., offices.

The California cutbacks appear to be part of a much larger, global workforce reduction including cuts at the company's Dyn unit in Manchester, N.H., in Seattle, and outside the U.S.