Dive Brief:

• Security experts at Swiss cybersecurity firm Modzero discovered a keylogger in an audio driver package on HP business and enterprise laptops, according to a security advisory. The keylogger was discovered by researchers on April 28 and publicly disclosed Thursday.
• A keylogger records all of a computer user's keystrokes, including things like passwords, and saves the information to a local file. Malicious software installed on the computer, or a person with physical access to the computer, can then copy the log file and gain access to historical keystroke data, according to a Modzero blog.
• HP offered a patch for the impacted models last week, ZDNet reports. Mike Nash, a vice president of the consumer PC and solutions, printing and personal systems group at Hewlett-Packard Company, said the company mistakenly included the keylogger feature in the driver’s production code. HP never intended to include the feature in end-user devices. 

Dive Insight:

Even though the keylogger was accidently included, it still presents a significant risk to users. It’s another example of how tech companies can make some really bad moves when they aren’t dedicating enough resources to security and quality control.

Earlier this month, IBM sent out a flash alert to customers after the company identified a "malicious file" distributed on USB flash drives it sent customers as part of an initialization tool for IBM Storwize V3500, V3700 and V5000 Gen 1 systems. It’s unclear how the malicious file made its way onto the USBs.

In an era of heightened security, the last thing companies need is to discover vendors inadvertently included potentially-damaging software. With most companies turning to third-parties for services and products, vendors will have to remain diligent about security. Customers, on the other hand, will have to ensure they can trust their technology providers.