NEWS: COMPUTER WORLD SECURITY NEWS
Setup News Ticker
   NEWS: COMPUTER WORLD SECURITY NEWS
Computer World Security News
Aug 22, 2019

Texas ransomware attacks: to pay or not to pay? | TECH(feed)
Nearly two dozen cities in Texas have been hit by a ransomware attack executed by a single threat actor. These attacks beg the question: Is it ever worth it to pay a cyber attacker's ransom? In this episode of TECH(feed), Juliet discusses the pattern of ransomware attacks on local governments, how municipalities have responded and how to prevent a ransomware attack in the first place.

Computer World Security News
Aug 22, 2019

Throwback Thursday: Eyes only
Programmer pilot fish goes online to a message board for a development system that's used for one of his company's applications.

But he gets a message that the site is blocked. He can either forget about it, click a link to continue, or click a link to see the company's access policy.

He clicks to continue, gets what he needs, and then, just out of curiosity, he clicks to see the access policy to get an idea of why this site is being blocked.

But instead of seeing the access policy, fish sees this message: Content blocked. Click here to access our internet resource policy.

Sputters baffled fish, "It actually blocked the policy!"

To read this article in full, please click here



Computer World Security News
Aug 21, 2019

How to avoid using RDP in Windows
Several new vulnerability disclosures in Windows Remote Desktop Protocol suggest it's time to stop using it. Here's how.

Computer World Security News
Aug 20, 2019

Safari to ape Firefox, go all-in on anti-tracking
The WebKit project - the open-source initiative that generates code for Apple's Safari browser - quietly announced last week that it would follow in Mozilla's footsteps and quash tracking technologies designed to follow users across the web.

In a short message on Aug. 14, the WebKit team pointed to its new Tracking Prevention Policy, a document that spells out its plans in detail, including what types of tracking it will create and how it will deal with any side effects.

[ Related: Get serious about privacy with the Epic, Brave and Tor browsers ] "We have implemented or intend to implement technical protections in WebKit to prevent all tracking practices included in this policy," the document read. "If we discover additional tracking techniques, we may expand this policy to include the new techniques and we may implement technical measures to prevent those techniques."

To read this article in full, please click here



Computer World Security News
Aug 19, 2019

Installing Windows 7 from a backup? You need a BitLocker patch right away
No doubt you recall the warning back in February that Windows 7, Server 2008 and Server 2008 R2 patches starting in July would use the SHA-2 encryption protocol. If you want to install Win7 patches issued after July, you have to get the SHA-2 translator installed.

[ Related: Windows 7 to Windows 10 migration guide ] A few days ago, Microsoft tossed a zinger into the FAQs down at the bottom of its SHA-2 post, 2019 SHA-2 Code Signing Support requirement for Windows and WSUS. That post now says that you have to install a seemingly unrelated patch, KB 3133977, entitled, BitLocker can't encrypt drives because of service crashes in svchost.exe process in Windows 7 or Windows Server 2008 R2.  

To read this article in full, please click here



Computer World Security News
Aug 15, 2019

Microsoft warns of Visual Basic, VBA and VBScript 'procedure call' errors after August patches
August is going to be a perilous patching month.

We're tracking down credible reports of the Server 2012 R2 Monthly rollup breaking RDP logins, a conflict between the Win10 1903 cumulative update and last month's version of Outlook 365, confusion about Win7 patches being branded as "IA64 only," dealing with the lack of telemetry (!) in the August Win7 Security Only patch, much mayhem trying to install SHA-2 signed patches (including the Win7 Monthly Rollup) on systems using Symantec Endpoint Protection, even

Computer World Security News
Aug 15, 2019

3 Google privacy tips for Mac and iOS users
Alternative search engines such as DuckDuckGo are attracting growing numbers of privacy focused users, but there's no doubt that Google dominates the industry, even on Apple products. Fortunately, there are several ways to make your Google activity more private.

Do you have a Google account? (You probably do) Do you use Gmail? Did you one use Google ? Perhaps you employ Google Drive, Google Docs or any of the company's other products. If so, you have a Google account.

To read this article in full, please click here



Computer World Security News
Aug 15, 2019

Chrome, Firefox to expunge Extended Validation cert signals
Google and Mozilla have decided to eliminate visual signals in their Chrome and Firefox desktop browsers of special digital certificates meant to assure users that they landed at a legitimate site, not a malicious copycat.

The certificates, dubbed "Extended Validation" (EV) certificates, were a subset of the usual certificates used to encrypt browser-to-server-and-back communications. Unlike run-of-the-mill certificates, EVs can be issued only by a select group of certificate authorities (CAs); to acquire one, a company must go through a complicated process that validates its legal identity as the site owner. They're also more expensive.

[ Further reading: 10 must-have Safari extensions ] The idea behind EVs was to give web users confidence that they were at their intended destination, that the site computerworld.com, for instance, was owned by its legal proprietor, IDG, and not a fishy - and phishy - URL run by It's Crooks All the Way Down LLC and chockablock with malware. Browsers quickly took to the concept, rewarding EV-secured sites with in-your-face visual cues, notably the verified legal identity in front of the domain in the address bar. The identity was often shaded in green as an additional tip-off. (Chrome dismissed the green in September 2018 as of Chrome 69.)

To read this article in full, please click here



Computer World Security News
Aug 12, 2019

Why blockchain-based voting could threaten democracy
Public tests of blockchain-based mobile voting are growing.

Even as there's been an uptick in pilot projects, security experts warn that blockchain-based mobile voting technology is innately insecure and potentially a danger to democracy through "wholesale fraud" or "manipulation tactics."

The topic of election security has been in the spotlight recently after Congress held classified briefings on U.S. cyber infrastructure to identify and defend against threats to the election system, especially after Russian interference was uncovered in the 2016 Presidential election.

To read this article in full, please click here



Computer World Security News
Aug 09, 2019

Apple announces a new iPhone (and you can't have it)
Apple has announced a new iPhone for 2020, but it will only be made available to a select group of security researchers - along with huge bounties to anyone informing the company of a new OS vulnerability.

Probably the world's most exclusive iPhone Ivan Krstic, Apple's head of security engineering provided big insights into Apple's platform security during his presentation at Black Hat U.S. 2019.

To read this article in full, please click here



Computer World Security News
Aug 09, 2019

The best privacy and security apps for Android
Let's get one thing out of the way right off the bat: If you're looking for recommendations about Android security suites or other malware-scanning software, you've come to the wrong place.

Why? Because, like most people who closely study Android, I don't recommend using those types of apps at all. Android malware isn't the massive real-world threat it's frequently made out to be, and Google Play Protect and other native Android features are more than enough to keep most devices safe.

To read this article in full, please click here



Computer World Security News
Aug 08, 2019

Many VPN apps on Apple's App store can't be trusted, researcher warns
I'm told Apple is at last looking into the privacy and security of free VPN apps made available across its platforms, following a report from researcher, Simon Migliano.

Who owns your VPN service? The researcher has flagged up several concerns that really should be recognized by anyone choosing a VPN service from both the Apple and Google App Stores:

Ownership: Migliano claims that almost 60 percent of the most popular VPN apps are actually owned (sometimes opaquely) by Chinese companies. Privacy: The researcher also found that as many as 77% of these VPN apps may have what he calls "serious privacy flaws",including no privacy policy at all, generic policies with no mention of VPN or no detailed logging policy. Data protection: Migliano claims Apple is not enforcing its third-party data-sharing ban against VPN apps, with 80 percent of the top free VPN apps "in breach of the rules", he said. Many are sharing data with third parties, he claims. That last allegation is particularly concerning.

To read this article in full, please click here



Computer World Security News
Aug 08, 2019

Almost half of tested free Android antivirus apps fail. That might prove very useful to IT.
One of the problems with enterprise mobile BYOD efforts is that corporate apps — and lots of corporate data, including sensitive intellectual property — must coexist on the same device with whatever employees choose to download on the personal side. That's far from ideal, but even worse is if employees choose to download a second antivirus program. Unlike doubling up on most apps (two VPNs, two word processors, two email programs, etc.), antivirus programs often conflict and fight each other, generating false positives and other bad results.

Unlike two deadbolts on a door, doubling up on security not only doesn't work with antivirus, it can actually sharply weaken security. This all assumes that both antivirus programs are professional, effective and well-intentioned. But that's often not the case. There are quite a few free antivirus programs out there, and they are disproportionately the ones employees opt to download. After all, if the company has already installed a high-level antivirus on the phone, why would an employee pay to install a second? But a free antivirus program is much more tempting.

To read this article in full, please click here



Computer World Security News
Aug 07, 2019

Microsoft relaxes telemetry rule for PCs managed with Windows Update for Business
Microsoft has quietly relaxed a rule that prevented privacy-first organizations from managing the Windows Update for Business (WUfB) service using group policies.

With Windows 10 1903, aka "Windows 10 May 2019 Update," which debuted in late May, organizations no longer are required to set the "diagnostic data level" for their devices to "Basic" or higher.

[ Related: Windows 10 May 2019 Update: Key enterprise features ] That diagnostic data level is a multi-step categorization of what Microsoft pulls from Windows devices and sends to its own servers. Also dubbed "telemetry," the data harvesting is used by Microsoft for a range of tasks, notably deciding when a specific PC receives a feature upgrade.

To read this article in full, please click here



Computer World Security News
Aug 07, 2019

How to set up Edge Chromium security options
Edge Chromium can provide more protection for organizations that use older versions of Windows.

Computer World Security News
Aug 06, 2019

Slack beefs up mobile security controls for Enterprise Grid
Slack today unveiled new security capabilities for Enterprise Grid customers, including tighter controls for admins who oversee mobile device access.

Enterprise Grid was launched in 2017 for Slack's biggest customers, with additional features to support large-scale deployments. Among the 150 organizations now using Enterprise Grid are Capital One, IBM and Target. 

Slack has continued to build out security and compliance features for the software since its introduction, including the addition of enterprise key management last September.  

To read this article in full, please click here



Computer World Security News
Aug 06, 2019

Train to become an ethical hacker for only $39
There are countless hackers and threats looming on the internet, so IT departments are in high demand for cybersecurity professionals to pinpoint threats before they strike. Luckily, there's no better way to fight fire than with fire; ethical hackers study hacking techniques so that IT infrastructures will be better prepared for attacks. If you're interested in becoming a hacker (legally, of course), then this $39 bundle is right for you.

To read this article in full, please click here



Computer World Security News
Aug 02, 2019

It's time to install most of July's Windows and Office patches
With one glaring exception, July was a rather benign patching month. The Win10 versions got their usual two cumulative updates (the second considered "optional"). Visual Studio had some hiccups, but they're fixed now.

To read this article in full, please click here



Computer World Security News
Aug 02, 2019

Apple suspends Siri snooping (and promises more control for the rest of us)
Apple has once again proved that it listens to valid criticism with the immediate global suspension of the Siri listening program that attracted so much controversy.

When it comes to privacy, Siri listens At issue was quality control.

A small number of conversational snippets were shared with third party human contractors for quality control purposes.

To read this article in full, please click here



Computer World Security News
Aug 01, 2019

Black Hat 2019 and DEF CON 27: What to expect at hacker summer camp | TECH(talk)
Every year, thousands of hackers arrive in Las Vegas for three large security conferences -- DEF CON, Black Hat and Bsides Las Vegas -- taking place from Monday through Sunday next week. CSO Online's J.M. Porup chats with Juliet about what to expect at the conferences' sessions and what he's looking forward to.

Computer World Security News
Jul 31, 2019

The latest large-scale data breach: Capital One | TECH(feed)
Just a few days after Equifax settled with the FTC over its 2017 data breach, Capital One announced it was the target of a March attack. Identifying information and bank account numbers are among some of the data breached in the attack that affects 100 million people. A software engineer is behind the attack and is awaiting a hearing. In this episode of TECH(feed), Juliet discusses the consequences of the attack and how to find out if you've been affected.

Computer World Security News
Jul 31, 2019

How an attacker can target phishing attacks
There are a number of ways attackers can exploit public information about your organization's employees. CSO Online's Susan Bradley walks through how an attacker can gain access to your organization's Office 365 accounts and how you can protect your enterprise from these potential attacks.

Computer World Security News
Jul 30, 2019

Microsoft Patch Alert: Welcome to the Upside Down
This month, Microsoft Patch Land looks like a stranger Stranger Things Upside Down, where Security-only patches carry loads of telemetry, Visual Studio patches appear for the wrong versions... and we still can't figure out how to keep the Win10 1903 upgrade demogorgon from swallowing established drivers.

As we end the month, we've seen the second "optional" monthly cumulative updates for all Win10 versions — the 1903 patch was released, pulled, then re-released — and fixes for Visual Studio's transgressions. There's a kludge for getting the Win10 1903 upgrade to work. And BlueKeep still looms like a gorging Mind Flayer.

Win7 Security-only patch brings telemetry Those of you who have been dodging Windows 7 telemetry by using the monthly Security-only patches — a process I described as "Group B" three years ago — have reached the end of the road. The July 2019 Win7 "Security-only" patch, KB4507456, includes a full array of telemetry/snooping, uh, enhancements.

To read this article in full, please click here



Computer World Security News
Jul 29, 2019

Apple's shock Siri surveillance demands a swift response
News that Siri records snippets of our conversations with the voice assistant isn't new, but claims that those short recordings are listened to by human agents is- particularly in light of the company's big push on privacy.

These are bad optics I'm a passionate believer in the importance of privacy.

It isn't only important in terms of preserving hard-won liberties and protecting public discourse, it's also of growing importance across every part of human existence, for every school, medical facility or enterprise. History shows that the absence of privacy has a corrosive effect on society, turning family members against each other and dampening innovation.

To read this article in full, please click here



Computer World Security News
Jul 26, 2019

Android security: Analysis, advice, and next-level knowledge
It's tough to talk about Android security without venturing into sensational terrain.

A large part of that is due to the simple fact that the forces driving most Android security coverage are companies that make their money by selling Android security software — and thus companies with strong interests in pushing the narrative that every Android phone is on the perpetual brink of grave, unfathomable danger. Plus, let's face it: A headline about 70 gazillion Android phones being vulnerable to the MegaMonsterSkullCrusher Virus is far more enticing than one explaining the nuanced realities of Android security.

In actuality, though, Android security is a complex beast — one with multiple layers in place to protect you and one that almost never warrants an alarmist attitude. I've been covering Android security closely since the platform's earliest days, and I've busted more myths and called out more shameless publicity stunts than I can even count at this point.

To read this article in full, please click here



Computer World Security News
Jul 26, 2019

Mozilla blames 'interlocking complex systems' and confusion for Firefox's May add-on outage
Mozilla has issued multiple after-action reports analyzing the major mix-up in May that crippled most Firefox add-ons. The reports also made recommendations for preventing similar incidents in the future.

The fiasco started just after 8 p.m. ET on Friday, May 3, when a certificate used to digitally sign Firefox extensions expired. Because Mozilla had neglected to renew the certificate, Firefox assumed add-ons could not be trusted - that they were potentially malicious - and disabled any already installed. Add-ons could not be added to the browser for the same reason.

To read this article in full, please click here



Computer World Security News
Jul 25, 2019

Researchers to launch intentionally ‘vulnerable' blockchain at Black Hat
Hoping to raise awareness about blockchain vulnerabilities, cybersecurity firm  Kudelski Security next week plans to launch the industry's first "purposefully vulnerable" blockchain - and will demo it at next month's Black Hat conference.

Kudelski Security's FumbleChain project is aimed at highlighting vulnerabilities in blockchain ecosystems, according to Nathan Hamiel, head of cybersecurity research at Kudelski.

[ Read the Download: Beginner's guide to blockchain special report ] The flawed blockchain ledger is written in Python 3.0, making it easy for anyone to read and modify its source code, and it's modular - allowing users to hack and add new challenges to promote continuous learning.

To read this article in full, please click here



Computer World Security News
Jul 25, 2019

5 smart questions that'll smother most Android security scares
I haven't looked at today's tech news too closely just yet, but I have a sneaking suspicion some evil-sounding virtual gremlin or other is probably on the brink of invading my smartphone, stealing my secrets, and setting me up for a lifetime of dread and despair.

He might even be covertly eating all the salty snacks from my kitchen this very second. ALL THE SALTY SNACKS, DAMN IT!

I don't have to scan the headlines too closely to know there's a decent chance of all of this happening — because all of this happens practically every other week here in the Android world. A solid few to several times a month, it seems, some hilariously named and made-to-seem-scary new piece of malware (ViperRat! Desert Scorpion! Ooga-Booga-Meanie-Monster!) is making its way onto our phones and into our lives. Or so we're told, rather convincingly and repeatedly. (All right, so I may have made Ooga-Booga-Meanie-Monster up just now, but c'mon: It's probably only a matter of time til we see something using that name.)

To read this article in full, please click here



Computer World Security News
Jul 24, 2019

How to set up Azure AD to spot risky users
You have several options to set up alerts in Azure Active Directory to help spot risky user behavior.

Computer World Security News
Jul 23, 2019

Utah County to pilot blockchain-based mobile voting
Utah County is the latest government entity to pilot a mobile voting application based on blockchain to allow military absentee voters and their family members living overseas to vote in an upcoming municipal primary election.

The county, which has more than a half million residents, is the third in the U.S. to partner with Tusk Philanthropies on a national effort to expand mobile voting. The pilot is a collaboration between the Utah County Elections Division, Tusk Philanthropies, the National Cybersecurity Center and Boston-based voting app developer Voatz.

To read this article in full, please click here



Computer World Security News
Jul 23, 2019

Mozilla to add password manager, hack alert to Firefox 70
Mozilla plans bake its Lockwise password manager into Firefox 70, the upgrade now set to launch Oct. 22.

At the same time, the browser will also be more tightly integrated with Firefox Monitor, which will provide warnings to users when their saved passwords have been revealed by a data hack.

[ Further reading: 14 must-have Firefox add-ons ] According to Firefox bug reports and project documentation, Lockwise will automatically record username-and-password pairs, generate complex passwords on demand, identify victimized accounts and instruct users to change any passwords that have leaked.

To read this article in full, please click here



Computer World Security News
Jul 23, 2019

9 steps to lock down corporate browsers
Everyone in the enterprise loves the web browser when it's delivering news, email, documentation, and sales leads. With the shift to web apps, it's arguably the most important installed software on any corporate desktop. But the internet is filled with people who aren't nice — sometimes even dangerous — and the same browser can also bring viruses, rootkits, and worse. Even if the browser sits on a little-used desktop in a dusty corner with no access to sensitive information, an attacker can use the seemingly unimportant machine as a stepping stone.

Keeping your users' browsers secure is essential. The browser companies work hard to block the attackers by sealing the back doors, side doors, and cracks in between, but that isn't always enough. Some useful features have dark sides, and enterprises can increase security dramatically by shutting down or tightly limiting access to these options.

To read this article in full, please click here

(Insider Story)

Computer World Security News
Jul 22, 2019

Slack tweaks desktop app to be faster, more efficient
Slack has overhauled its desktop software, adding offline access and tweaking the software for faster load times.

Recent efforts to improve the desktop app were highlighted at Slack Frontiers last year and the coming update - which the company says will launch 33% faster than before - will be available to users "over the next few weeks."

[ Related: AR and VR bring a new twist to collaboration ] Calls made to team mates via the app should be a speedier too, up to 10 times quicker, Slack said. "That could mean the difference between showing up to a meeting on time or not," the company said in a blog post Monday. "These moments saved can quickly add up, giving you more time to focus on the tasks at hand."

To read this article in full, please click here



Computer World Security News
Jul 19, 2019

What is the dark web? And what will you find there?
The dark web may sound ominous, but it's really a catch-all term for the part of the internet that isn't indexed by search engines. Stay tuned for a guided tour of the web's less mainstream regions.

Computer World Security News
Jul 18, 2019

How and why Apple users should switch to DuckDuckGo for search
Like liberty for all, privacy demands vigilance, and that's why Apple users who care about either are moving to DuckDuckGo for search.

Why use DuckDuckGo? Privacy is under attack.

It doesn't take much effort to prove this truth. At time of writing, recent news is full of creeping privacy erosion:

We've seen video conferencing solutions that surreptitiously install software on your Macs; A face changing photography app perhaps implicated in the assembly of a vast database of faces; Ahousehold name in smart speakers sharing your private conversations with people you don't know, including chatter you didn't know was recorded in the first place. And then there's Duck Duck Go.

To read this article in full, please click here



Computer World Security News
Jul 17, 2019

How to manage Microsoft Windows BitLocker
Use these techniques to inventory your network to determine which devices have BitLocker.

Computer World Security News
Jul 16, 2019

What the FTC's $5 billion fine really means for Facebook | TECH(feed)
Last week, the Federal Trade Commission hit Facebook with a $5 billion fine for mishandling user data. The fine comes after the FTC's investigation following the Cambridge Analytica scandal. On this episode of TECH(feed), Juliet discusses the implications of this fine -- and how Facebook may (or may not) change its practices.

Computer World Security News
Jul 15, 2019

How to take control of Face ID (with tools you may not know exist)
If you travel frequently and use an iPhone or iPad then you simply must familiarize yourself with these two tips - they'll make it much easier to secure your device and its contents when you are on the move.

In praise of Face ID I've become very used to using Face ID. It's seamless.

On the iPhone, I like that I can pay for groceries with a look and find it much easier to use in the dark than the Home button.

My iPad experience is similar, but I do get annoyed sometimes that I must raise the tablet slightly to get the face angle right - this isn't always as intuitive as I would like.

All the same, given Apple's claim that there is a 1 in 50,000 chance that someone else's fingerprint will unlock your iPhone and a 1 in 1,000,000 chance that it will be unlocked by another person's face, I'll always opt for the highly secure choice.

To read this article in full, please click here



Computer World Security News
Jul 15, 2019

Memory-Lane Monday: Even worse than you thought
This government agency has cashiers' stations for handling transactions with the public, and the treasurer's office decides it needs new software to run those stations, according to a pilot fish in IT.

And there's going to be one sign-on and password for all the stations, brag the higher-ups.

Bad idea, protest all the IT programmers and system administrators. For one thing, having a single user sign-on to the system will prevent tracking who is completing each transaction. They cite security, accountability and separation of duties, but their protests fall on deaf ears.

The vendor rep shows up one day, and he and the treasurer do a presentation for an audience that includes IT managers. The two sound excited, and a touch proud, when they tell everyone that the cashiers will sign on with the user ID "Cash." They don't share the top-secret password, though; that's just for the cashiers to know.

To read this article in full, please click here



Computer World Security News
Jul 11, 2019

Zoom fixes webcam flaw for Macs, but security concerns linger
Zoom released a patch this week to fix a security flaw in the Mac version of its desktop video chat app that could allow hackers to take control of a user's webcam. 

The vulnerability was discovered by security researcher Jonathan Leitschuh, who published information about it in a blog post Monday. The flaw potentially affected 750,000 companies and approximately 4 million individuals using Zoom, Leitschuh said.

[ Related: 6 tips for scaling up team collaboration tools ] Zoom said it's seen "no indication" any users were affected. But concerns about the flaw and how it works raised questions about whether other similar apps could be equally vulnerable.

To read this article in full, please click here



Computer World Security News
Jul 11, 2019

How to set up Microsoft Cloud App Security
This new add-on will let you set up alerts about suspicious sign-on activity for Office 365 and other cloud apps.

Computer World Security News
Jul 11, 2019

New Windows 7 'security-only' update installs telemetry/snooping, uh, feature
Back in October 2016, Microsoft divided the Win7 and 8.1 patching worlds into two parts.

Those who got their patches through Windows Update received so-called Monthly Rollups, which included security patches, bug fixes - and we frankly don't know what else - rolled out in a cumulative stream.

The folks who were willing to download and manually install patches were also given the option of installing "security-only" patches, not cumulative; these were meant to address just the security holes.

To read this article in full, please click here



Computer World Security News
Jul 09, 2019

Microsoft delivers Defender ATP security service to Macs
Microsoft on Monday made good on a March pledge by announcing that its most sophisticated endpoint security service is now available for Macs.

Microsoft Defender ATP (Advanced Threat Protection) for Mac shifted to what the company calls "general availability" on June 28, wrote Helen Allas, a principal program manager on the enterprise security team, in a July 8 post to a company blog. Core components of Defender ATP, including the latest - "Threat & Vulnerability Management," which made it to general availability a week ago - now serve Macs.

To read this article in full, please click here



Computer World Security News
Jul 09, 2019

How Apple is improving iCloud this year
Apple quite evidently plans many interesting improvements in its iCloud service this year. So, what's going on?

What we know so far Apple at WWDC made several announcements that will be reliant on iCloud - these include obvious things like new services and support for new functions, and less evident topics around sync, data and AI.

Most recently, the company began beta-testing Touch ID and Face ID access to iCloud.com online, meaning that if you happen to be using an Apple device (Mac, iPad, iPhone) you can access your online iCloud services with the touch of a finger or a quick eye scan.

This may also be Apple's way of testing the privacy-protecting Sign-in with Apple service it intends launching later this year.

To read this article in full, please click here



Computer World Security News
Jul 08, 2019

The top 8 problems with blockchain
While blockchain holds tremendous potential for creating new financial, supply chain and digital identity systems, it's often erroneously seen as a panacea for business problems.

The myriad of pilots and proofs of concept by large corporations and government agencies are showing real promise, but those projects don't always lead to obvious business cases that justify doing something differently. Sometimes a tried and true technology like a relational database can perform the task much more efficiently than a distributed ledger based on peer-to-peer technology that will require complex governance and rules.

To read this article in full, please click here

(Insider Story)

Computer World Security News
Jul 04, 2019

Throwback Thursday: Spoilsport
This IT security pilot fish knows something about audits — and knows what he expects of auditors.

"I have more than 15 years of audit experience in IT," fish says. "I have written and implemented policy and procedure, and developed incident response plans. I spent the better part of last year making sure that the external auditors could not find any inconsistencies in our control standards."

Then the internal audit director decides to perform an audit of fish's group — and sends a young auditor who thinks he knows everything IT.

After three weeks of research and testing, young auditor presents his results in a meeting with his boss the audit director and fish.

To read this article in full, please click here



Computer World Security News
Jul 01, 2019

Message to IT: Trusting Apple and Google for mobile app security is career suicide
Ready for the mobile security news that IT doesn't want to hear about but needs to? When security firm Positive Technologies started pen-testing various mobile apps, security holes were rampant.

We'll plunge into the details momentarily, but here's the upshot: "High-risk vulnerabilities were found in 38 percent of mobile applications for iOS and in 43 percent of Android applications" and "most cases are caused by weaknesses in security mechanisms — 74 percent and 57 percent for iOS and Android apps, respectively, and 42 percent for server-side components — because such vulnerabilities creep in during the design stage, fixing them requires significant changes to code."

To read this article in full, please click here



Computer World Security News
Jul 01, 2019

Microsoft Patch Alert: The Windows patching heavens buzz with silver bullets
How many bugs could a WinPatcher patch, if a WinPatcher could patch bugs?

Ends up that June's one of the buggiest patching months in recent memory - lots of pesky little critters, and the ones acknowledged by Microsoft led to even more patches later in the month.

In June, we saw eight single-purpose Windows patches whose sole mission is to fix bugs introduced in earlier Windows patches. I call them silver bullets - all they do is fix earlier screw-ups. If you install security patches only, these eight have to be installed manually to fix the bugs introduced earlier. It's a congenital defect in the patching regimen - bugs introduced by security patches get fixed by non-security "optional" patches, while waiting for the next month's cumulative updates to roll around.

To read this article in full, please click here



Computer World Security News
Jun 27, 2019

Mozilla takes swipe at Chrome with 'Track THIS' project
Mozilla this week touted Firefox's anti-ad tracking talents by urging users of other browsers to load 100 tabs to trick those trackers into offering goods and services suitable for someone in the 1%, an end-times devotee and other archetypes.

[ Related: Get serious about privacy with the Epic, Brave and Tor browsers ] Tagged as "Track THIS," the only-semi-tongue-in-cheek project lets users select from four personas - including "hypebeast," "filthy rich," "doomsday prepper," and "influencer" - for illustrative purposes. Track THIS then opens 100 tabs "to fool trackers into thinking you're someone else."

To read this article in full, please click here



Computer World Security News
Jun 26, 2019

How updates to MongoDB work to prevent data breaches | TECH(talk)
CSO senior writer Lucian Constantin and Computerworld Executive Editor Ken Mingis talk database security and how MongoDB's new field-level encryption takes security to the next level.

Computer World Security News
Jun 26, 2019

Microsoft beefs up OneDrive security
Microsoft today announced changes to its OneDrive storage service that will let consumers protect some or even all of their cloud-stored documents with an additional layer of security.

The new feature - dubbed OneDrive Personal Vault - was trumpeted as a special protected partition of OneDrive where users could lock their "most sensitive and important files." They would access that area only after a second step of identity verification, ranging from a fingerprint or face scan to a self-made PIN, a one-time code texted to the user's smartphone or the use of the Microsoft Authenticator mobile app. (The process is often labeled as two-factor security to differentiate it from the username/password that typically secures an account.)

To read this article in full, please click here



Computer World Security News
Jun 21, 2019

How ‘Find My' Mac works in macOS Catalina and iOS 13
Apple is changing how its Find My Mac tool works in macOS Catalina and iOS - it will now use Bluetooth and should find your Mac even when it is asleep.

How does ‘Find My' Mac work? Apple is combining two apps - Find My Friends and Find My iPhone into a new ‘Find My' app.

The combined app offers what we are used to from each one of these individual apps, but introduces new tools based on Bluetooth.

The ideas is that it will use low energy Bluetooth signals to help bring people together with lost things.

To read this article in full, please click here



Computer World Security News
Jun 19, 2019

Google asks Chrome users for help in spotting deceptive sites
Google this week asked for help in identifying suspicious websites, offering users of its Chrome browser an add-on that lets them rat out URLs.

The Suspicious Site Reporter, which can be added to desktop Chrome, places a new flag-style icon on the top bar of the browser. "By clicking the icon, you're now able to report unsafe sites to Safe Browsing for further evaluation," Emily Schechter, a Chrome product manager, wrote in a Tuesday post to a company blog.

[ Related: How to protect Windows 10 PCs from ransomware ] Safe Browsing is the name of the technology used by Google's search engine, Chrome, Mozilla's Firefox, Apple's Safari, and Android to steer users away from sites that host malicious or deceptive content. On the back end, Google uses robots to scan the web and build a list of websites that host malware, harmful downloads or deceptive ads and pages. Software developers can then plug into an API to integrate this list into their own applications, something rival browser makers have done for years.

To read this article in full, please click here



Computer World Security News
Jun 18, 2019

What the latest iOS passcode hack means for you
A mobile device forensics company now says it can break into any Apple device running iOS 12.3 or below.

Israeli-based Cellebrite made the announcement on an updated webpage and through a tweet where it asserted it can unlock and extract data from all iOS and "high-end Android" devices.

[ Further reading: The wireless road warrior's essential guide ] On the webpage describing the capabilities of its Universal Forensic Extraction Device (UFED) Physical Analyzer, Cellebrite said it can "determine locks and perform a full file- system extraction on any iOS device, or a physical extraction or full file system (File-Based Encryption) extraction on many high-end Android devices, to get much more data than what is possible through logical extractions and other conventional means."

To read this article in full, please click here



Computer World Security News
Jun 18, 2019

How the Huawei ban could become a security threat | TECH(feed)
We've already talked about how the Huawei ban may affect business, but how will it affect security? Google has already warned of security threats should the company be unable to send updates to Huawei's Android-powered devices. And even if Huawei responds with its own OS, will people trust it? In this episode of TECH(feed), Juliet discusses those security implications and what some people think the U.S. should do instead.

Computer World Security News
Jun 18, 2019

Time-Machine Tuesday: Get a room!
This security pilot fish is a big believer in automated systems. And he's very impressed when his company moves into new offices where the meeting rooms take the manual labor out of scheduling meetings.

"There are room wizards outside every door to assist in scheduling," fish says. "And there's full integration with Microsoft Exchange, so that your meeting information is accurate and timely and always shows the proper room."

One of fish's most important meetings is a committee meeting every month on the day after Patch Tuesday to consider how to handle that batch of Microsoft updates. It's been a regular meeting for years, and after the move the new scheduling system seems to handle it fine.

To read this article in full, please click here



Computer World Security News
Jun 17, 2019

WWDC: Has Apple closed the door on non-Mac App Store apps?
Ever since Apple introduced the Mac App Store developers have warned it plans to close off its platform, so news the company will insist on App Notarization in macOC Catalina set those critics off again. The thing is, it's a little more complicated.

What is Apple doing? Yes, Apple is making it a little more difficult for Mac users to install apps that aren't sold at the Mac App Store or made available from bona fide developers happy to submit their software for the company's speedy App notarization service.

To read this article in full, please click here



Computer World Security News
Jun 17, 2019

The case against knee-jerk installation of Windows patches
Heresy. Yes, I know. Any way you slice it, from my point of view anyway, Windows Automatic Update is for chumps.

Just like the "users must be forced to change their passwords frequently" argument that's no longer au courant, the "users must get patched immediately" argument is based on old, faulty, and totally unsubstantiated claims that make security people feel better — and little else.

With a few notable exceptions, in the real world, the risks of getting clobbered by a bad patch far, far outweigh the risks of getting hit with a just-patched exploit. Many security "experts" huff and puff at that assertion. The poohbahs preach Automatic Update for the unwashed masses, while frequently exempting themselves from the edict.

To read this article in full, please click here



Computer World Security News
Jun 13, 2019

WWDC: Apple's iOS 13 NFC improvements are good for business
Apple will make NFC much more useful in iPhones running iOS 13, and these enhancements will impact the retail, medical, government and security industries.

What is Apple changing?

Apple already uses NFC to support Apple Pay and the Apple Pay Express Transit system which is rolling out at this time.

While it has incrementally extended the tasks NFC supports over the years, the company has limited its NFC support to the NDEF standard until now, but extends this with support for new standards in its Core NFC Framework in iOS 13.

To read this article in full, please click here



Computer World Security News
Jun 13, 2019

Microsoft is better at documenting patch problems, but issues abound
I don't know about you, but I've given up on Microsoft's ability to deliver reliable patches. Month after month, we've seen big bugs and little bugs pushed and pulled and squished and re-squished. You can see a chronology from the past two years in my patching whack-a-mole columns starting here.

[ Related: Windows 10 May 2019 Update: Key enterprise features ] For the past few months, though, we've seen some improvement. Microsoft has started identifying and publicly acknowledging big bugs, shortly after they're pushed. Consider:

To read this article in full, please click here



Computer World Security News
Jun 10, 2019

Save yourself a headache: Make sure Windows automatic update is off
Much has changed in the past month. We've seen an emergency cry for all Windows XP, Vista, Win7, Server 2003, 2008 and 2008 R2 systems to get patched in order to fend off widely anticipated BlueKeep attacks. We've also seen Microsoft officially release Windows 10 version 1903, with unsuspecting "seekers" now the prime targets.

To read this article in full, please click here



Computer World Security News
Jun 07, 2019

WWDC: Get to know Apple's 11 new privacy tools
Apple introduced an array of additional privacy protections at WWDC 2019. Many of these both offer protection and help us better understand how our privacy is undermined.

Why does this matter? Apple CEO Tim Cook is passionate about the need to protect user privacy and this is by no means a one man mission.

Speaking with Vector, Apple's VP Software Technology, Bud Tribble stressed the need to educate people into the needs and benefits of privacy, a topic he believes is much more" widely discussed now than before.

To read this article in full, please click here



Computer World Security News
Jun 06, 2019

Mozilla makes anti-tracking the Firefox default
Mozilla this week began to switch on an aggressive anti-tracking technology in Firefox that it has touted since 2015.

With a June 4 update to Firefox 67, Mozilla turned on Enhanced Tracking Protection (ETP) by default for new users. Existing customers simply updating their browsers may enable ETP themselves. The default-of-on will be extended to those users "in the coming months," Mozilla said, apparently activating it in stages as a last-step quality control.

[ Related: What's in the latest Firefox update? ] Mozilla also used the update to Firefox 67.0.1 to trumpet other privacy- and security-centric enhancements, including an add-on that brings its Lockwise password manager to the desktop browser and an improved Facebook Container, an extension designed to keep the social network behemoth from tracking users elsewhere on the web.

To read this article in full, please click here



Computer World Security News
Jun 05, 2019

NSA, Microsoft implore enterprises to patch Windows' 'BlueKeep' flaw before it's too late
The U.S. National Security Agency (NSA) on Tuesday called on IT administrators to apply security updates issued by Microsoft three weeks ago, adding to a chorus of voices urging haste.

"The National Security Agency is urging Microsoft Windows administrators and users to ensure they are using a patched and updated system in the face of growing threats," the NSA said in a June 4 advisory.

[ Related: Microsoft Windows 10 vs. Apple macOS: 18 security features compared ] The agency's advice followed by several days that of Microsoft itself. On Thursday, May 30, a company official reminded users of the updates - which the company released May 14 - and implied that time is short. "We strongly advise that all affected systems should be updated as soon as possible," Simon Pope, the director of incident response at the Microsoft Security Response Center (MSRC), wrote in a blog post.

To read this article in full, please click here



Computer World Security News
Jun 04, 2019

WWDC: What you need to know about Sign In with Apple
There's lots of interest in Apple's new Sign In with Apple system, a highly secure, private way to sign in to apps and websites. Here's what you need to know:

What is Sign In with Apple? Apple has noticed that sign-in systems for services, apps, and websites rely on services that use your action of signing in to place cookies on your computer and track what you do.

Apple's focus on privacy means it is attempting to restrict such practices, which is why it has developed the new system as a more private way to sign into these apps and services.

To read this article in full, please click here



Computer World Security News
Jun 04, 2019

It's time to install the May Windows and Office patches
May 2019 will go down in the annals of Patch-dom as the month we all ran for cover to fend off another WannaCry-caliber worm, but a convincing exploit never emerged.

Microsoft officially released Windows 10 version 1903 on May 21, but I haven't yet heard from anyone who's been pushed. All of the complaints I hear are from those "seekers" who went to the download site and installed 1903 with malice and forethought. A triumph of hope over experience.

This month, if you let Windows Update have its way on your machine, you may end up with a different build number than the person sitting next to you. Blame the gov.uk debacle for that: Folks with Windows set up for U.K. English get an extra cumulative update pushed onto their machines, whilst those who don't fly the Union Jack will get the fix in due course next month.

To read this article in full, please click here



Computer World Security News
May 31, 2019

Who watches the iOS parental control apps?
Children are emotional. Protecting them matters. When it comes to technology, do you want developers you don't know over whom you have no control watching what your children do on their devices?

Apple doesn't Apple recently cut developers off from using MDM software to drive third-party parental control solutions.

Developers were upset, and seventeen smaller developers you've probably never heard of got together just days before Apple's WWDC 2019 conference with a well-organized PR campaign and a professional website to demand access to new API's that let them develop parental control software for iOS.

To read this article in full, please click here



Computer World Security News
May 30, 2019

What do recent public SAP exploits mean for enterprises? | TECH(talk)
Recently released public SAP exploits (dubbed 10KBLAZE) could pose a security risk for thousands of businesses. Computerworld executive editor Ken Mingis and CSO Online's Lucian Constantin discuss the fallout of 10KBLAZE, and how businesses using SAP should respond.

Computer World Security News
May 30, 2019

Microsoft Patch Alert: Patching whack-a-mole continues
In a normal month, you need a scorecard to keep track of Windows patches. Now, your scorecards need a scorecard. One ray of hope: It looks like some Windows 10 cumulative updates will include the new "Download and install now" feature.

The May 2019 Windows updates have taken so many twists and turns it's hard to pin things down, but as of Thursday morning, here's what we've seen.

Windows 10 cumulative updates As of now, all of the recent versions of Win10 (1607/Server 2016, 1703, 1709, 1803, 1809/Server 2019) have had three cumulative updates in May. Depending on where you live (or, more correctly, which locality you've chosen for your machine), you've been pushed one or two of them. If you're a "seeker" (and clicked "Check for updates" or downloaded and installed the patches), you've had at least two, and maybe three. Got that?

To read this article in full, please click here



Computer World Security News
May 24, 2019

AT&T becomes first big mobile carrier to accept Bitcoin payments
AT&T will allow customers to pay their mobile bills using Bitcoin, adding its name to a short list of major businesses and government agencies that allow the blockchain-based cryptocurrency to be used as a form of payment.

While not directly accepting cryptocurrency, AT&T is the first major U.S. mobile carrier to let customers pay in Bitcoin through a third-party service provider.

Customers using its online bill pay service or the myAT&T app will be able to choose BitPay, a cryptocurrency payment processor for payments. The customer pays in Bitcoin and BitPay verifies the funds and accepts the Bitcoin on behalf of the business.

To read this article in full, please click here



Computer World Security News
May 16, 2019

Microsoft sets post-retirement patching record with Windows XP fix - 5 years after support ended
Microsoft on Wednesday resurrected Windows XP and Windows Server 2003 long enough to push patches to the long-dead products. It was the first time since 2017 that Microsoft deemed the situation serious enough to warrant a security fix for XP.

Windows XP fell off the public support list in April 2014, while Windows Server 2003 was removed in July 2015.

[ Related: Windows 7 to Windows 10 migration guide ] "If you are on an out-of-support version, the best way to address this vulnerability is to upgrade to the latest version of Windows," Simon Pope, director of incident response at the Microsoft Security Response Center, asserted in a post to a company blog. "Even so, we are making fixes available for these out-of-support versions of Windows."

To read this article in full, please click here



Computer World Security News
May 16, 2019

Do Apple devices need anti-virus software?
Apple's devices are far better defended against malware and viruses than other platforms, but does this mean they don't need anti-virus software?

No, yes and maybe I've lost track of the number of times Mac users have told me Macs don't need virus protection because they are inherently more robust against such attacks.

I've also lost count of how many security researchers have said that Apple devices are becoming more liable to being attacked as their market share grows.

Both are right. Both are wrong.

To read this article in full, please click here



Computer World Security News
May 16, 2019

WhatsApp attacked by spyware | TECH(feed)
WhatsApp's recent spyware hack took advantage of a security vulnerability and allowed attackers to access private, digital communication. In this episode of TECH(feed), Juliet walks through the hack, who was affected and how you can secure your devices ASAP.

Computer World Security News
May 15, 2019

How to set up a Microsoft Azure backup process
Setting up a backup process in Azure is one way to quickly recover from a ransomware attack.

Computer World Security News
May 15, 2019

If you're running Windows XP, 7 or associated Servers, patch them
As of very early Wednesday morning, I don't hear any loud screams of pain from the May Patch Tuesday bumper crop of patches. There's still much we don't know about the "WannaCry-like" security hole in pre-Win8 versions of Windows — more about that in a moment — but all indications at this point lead me to believe that it's smarter to patch now and figure out how to fix any damage later.

The cause is a bug in Microsoft's Remote Desktop Services that can allow an attacker to take over your earlier-generation Windows PC if it's connected to the internet. Not all machines are vulnerable. But the number of exposed machines — the size of the honey jar — makes it likely that somebody will come up with a worm shortly.

To read this article in full, please click here



Computer World Security News
May 14, 2019

The iPhone user's guide to the WhatsApp hack attack
Hackers have used a security bug inside WhatsApp to install spyware through an infected WhatsApp voice call, and Apple users are affected.

What you need to do If you are one of the 1.5 billion people who use WhatsApp you should immediately update both your app and your iOS software to the latest version.

The app update includes fixes that should prevent hackers taking over your iPhone, while future Apple updates will also likely address these flaws.

What is the threat? Israeli hackers from a company called the NSO Group developed the spyware specifically so they could get into people's devices.

To read this article in full, please click here



Computer World Security News
May 14, 2019

Business laptop? $1,000. Sending away the thief? Priceless.
The time is 2001, not long after 9/11, and the place is New York City. Heightened security awareness is the order of the day, and everyone in pilot fish's office is required to carry an access card that activates the office doors. Look out for tailgaters, they're all told. Those are people dressed like professionals who slide in behind someone with an access card and then steal wallets, coats and more.

One morning, fish arrives at the office and passes a man in business-casual attire carrying a laptop tucked under his arm and headed for the elevators. Fish doesn't recognize the fellow, but he does know the co-worker who is running behind him, calling for someone to call building security and the police. The co-worker had returned to an empty desk just seconds after this tailgater had snatched his laptop, well before the tailgater could make a clean getaway.

To read this article in full, please click here



Computer World Security News
May 14, 2019

Why Microsoft is building a Bitcoin-based ID verification system
After more than a year in development, Microsoft has chosen Bitcoin as the blockchain platform for a decentralized identification (DID) verification system that will allow users to have secure access to an online persona via an encrypted database hub.

The implications of the new ID network could include the elimination of passwords. A company would be able to verify the background of a new employee and onboard them with the click of a single virtual button, or a banking customer could verify their identity for a loan without exposing personally identifiable information - again with a click of a button.

To read this article in full, please click here



Computer World Security News
May 09, 2019

No, Google, Apple's privacy is not a luxury item
Why is privacy a luxury? Possibly because surveillance capitalist firms have subsidized product prices by collecting and trading in the personal data of the people that use their products, enabling them to sell hardware cheap.

The consequences of convenience The crux of Google CEO Sundar Pichai's argument against firms such as (obviously including but never named) Apple is that his company offers convenience in exchange for personal secrets, makes its services available for free, and has a "profound commitment" to protecting user privacy.

To read this article in full, please click here



Computer World Security News
May 08, 2019

The SAP/Apple partnership changes everything
SAP and Apple are working together to help businesses build applications that use Apple's machine learning and augmented reality technologies.

Apple is the enterprise Apple CEO Tim Cook joined SAP CEO Bill McDermott at the latter company's SAPPHIRE conference to announce the news.

"A man who is the last to accept the status quo, and the first to change it," said McDermott introducing Cook.

Since entering into a business app development partnership with Apple in 2016, SAP itself has become an increasingly Apple-based business with around 100,000 Apple devices in use across the company.

That's a revealing statistic, given Cook's admission:

To read this article in full, please click here



Computer World Security News
May 06, 2019

Mozilla issues fix after it lets cert expire and Firefox add-ons go belly-up
Mozilla over the weekend scrambled to come up with a fix for a bug that crippled most Firefox add-ons.

Engineers issued an update for the desktop browser Sunday afternoon that addressed the issue. That update followed a Saturday hotfix released via a little-known component that lets Mozilla feed pre-release code to Firefox users and then collect data from the browser.

[ Further reading: 14 must-have Firefox add-ons ] The problem was traced to the certificate used by Mozilla to digitally sign Firefox extensions. When the organization neglected to renew the certificate, Firefox assumed the add-ons could not be trusted - that they were, in other words, illegitimate at best, potentially malicious at worst - and then disabled any already installed. Add-ons could not be added to the browser for the same reason.

To read this article in full, please click here



Computer World Security News
May 03, 2019

Now's the time to install the April Windows and Office patches
April was a tough month for Win 7, 8.1, Server 2008 R2, 2012 and 2012 R2 customers who ran specific antivirus products. Blue screens, freezes, slow-as-sludge drippings all bedeviled a large number of Sophos, Avira, Avast, AVG and even McAfee users.

Looks like we're over that hump, with the AV manufacturers scurrying to fix their wares.

To read this article in full, please click here



Computer World Security News
May 01, 2019

Wayback Wednesday: At least he asked
Malware from the web is slowly becoming a problem where this support pilot fish works.

"We have about two tickets a week with users saying they have thousands of viruses and they need to download software," says fish.

"Now, every machine has virus protection, and everyone runs locked-down in user-only mode to prevent the rogue installation of software. But we have decided we need to increase our user awareness after the following ticket was received at the help desk:

"‘I just received an ominous warning that my computer was infected with several viruses. I tried running the program to remove these viruses (as it indicated for me to do), but I'm not sure it worked.

To read this article in full, please click here



Computer World Security News
Apr 30, 2019

Microsoft tells IT admins to nix 'obsolete' password reset practice
Microsoft last week recommended that organizations no longer force employees to come up with new passwords every 60 days.

The company called the practice - once a cornerstone of enterprise identity management - "ancient and obsolete" as it told IT administrators that other approaches are much more effective in keeping users safe.

[ Related: The best places to find Windows 10 ISOs ] "Periodic password expiration is an ancient and obsolete mitigation of very low value, and we don't believe it's worthwhile for our baseline to enforce any specific value," Aaron Margosis, a principal consultant for Microsoft, wrote in a post to a company blog.

To read this article in full, please click here



Computer World Security News
Apr 29, 2019

Microsoft Patch Alert: April patches have sharp edges, with several missing, others reappearing
You have to wonder who's testing this stuff.

Admins, in particular, have had a tough month. April brought widespread breakdowns - bluescreens, hangs, very sluggish behavior - to hundreds of thousands of Win7 and 8.1 machines. This wasn't a "small percentage" kind of event. For some companies, rebooting overnight on Tuesday brought seas of blue screens on Wednesday morning.

The first round of cumulative updates and Monthly Rollups arrived on Patch Tuesday, but the now-ubiquitous second round didn't show up until late Thursday afternoon, two and a half weeks later. Talk about admins taking a beating.

We still have one Tuesday left this month - the mythical "E week" that Microsoft never talks about - so the month may yet end with both a bang and whimper.

To read this article in full, please click here



Computer World Security News
Apr 29, 2019

Why wearables, health records and clinical trials need a blockchain injection
TORONTO - The opportunity exists in healthcare to hand over control of medical records to patients who can choose not only what info providers can see but what personal data gets added to records via wearables, genomics and even lifestyle choices.

And once patients begin accumulating more data about themselves in personal health records (PHRs), they can opt to anonymize that information and sell it to researchers, vastly expanding the pool of information available for clinical studies.

[ Further reading: Blockchain: The complete guide ] Because no data is as sensitive as a medical record, being able to assure its security and immutability through blockchain encryption represents a unique opportunity to "repatriate" and "monetize" that record for the patient, according to Dr. Eric Hoskins, chair of Canada's Federal Advisory Council on the Implementation of National Pharmacare.

To read this article in full, please click here



Computer World Security News
Apr 25, 2019

FedEx CIO: It's time to mandate blockchain for international shipping
TORONTO -- When railroad tracks were first laid across the western U.S., there were eight different gauges all competing to dominate the industry - making a nationwide, unified rail system impossible; it took an act of Congress in 1863 to force the adoption of an industry standard gauge of 4-ft., 8-1/2 inches.

FedEx CIO Rob Carter believes the same kind of thing needs to happen for blockchain to achieve widespread enterprise adoption.

[ Further reading: Blockchain: The complete guide ] While the promise of blockchain to create a more efficient, secure and open platform for ecommerce can be realized using a proprietary platform, it won't be a global solution for whole industries now hampered by a myriad of technical and regulatory hurdles. Instead, a platform based on open-source software and industry standards will be needed to ensure process transparency and no one entity profits from the technology over others.

To read this article in full, please click here



Computer World Security News
Apr 24, 2019

Apple edges closer to cursory code review for all Mac apps
Apple will soon make a code review mandatory for all applications distributed outside its own Mac App Store by new developers, a first step towards requiring all Mac software to pass similar reviews.

The Cupertino, Calif. company argued that the process, which it calls "notarization," would build a more secure macOS environment. "We're working with developers to create a safer Mac user experience through a process where all software, whether distributed on the [Mac] App Store or outside of it, is signed or notarized by Apple," the company stated in an April 10 message on its developer portal.

To read this article in full, please click here



Computer World Security News
Apr 23, 2019

Security theater, '80s style
It's the late 1980s and pilot fish is working on business application development for an aerospace and defense contractor where physical security is surprisingly lax. There's a guard on duty at the front desk during business hours, but that's about the extent of it. That changes with the announcement that all personal gear will be subject to inspection on leaving the building.

To read this article in full, please click here



Computer World Security News
Apr 18, 2019

Card skimming moves online | TECH(talk)
CSO staff writer Lucian Constantin offers advice on how online retailers can prevent online payment fraud.

Computer World Security News
Apr 18, 2019

Here's an easier way to block the IE XXE zero day security hole
The latest Internet Explorer XXE zero-day depends on you opening an infected MHT file. MHT is an old file format that's almost always opened by IE — no matter which browser you're using, no matter which version of Windows. Catalin Cimpanu has a good overview of this XXE vulnerability on ZDNet.

It's a doozy of a security hole as it affects every recent version of IE, and it infects whether you're actively browsing with IE or not.

To read this article in full, please click here



Computer World Security News
Apr 16, 2019

Win7/8.1/Server patch conflicts abated, somewhat, but it's still too early to install the April crop
A week ago, Microsoft released six patches that brought many machines to their knees. As I explained last Friday, when the dust cleared, it was apparent that all six of these April patches:

Win7 and Server 2008 R2 Monthly Rollup (KB 4493472) and Security-only (KB 4493448) patches Win8.1 and Server 2012 R2 Monthly Rollup (KB 4493446) and Security-only (KB 4493467) patches Server 2012 Monthly Rollup (KB 4493451) and Security-only (KB 4493450 ) patches would trigger blue screens on reboot on most systems running Sophos antivirus products, and many systems running AV products from Avast and Avira.

To read this article in full, please click here



Computer World Security News
Apr 15, 2019

Google, Hyperledger launch online identity management tools
In two separate announcements last week, Google and Linux's Hyperledger project launched tools aimed at enabling secure identity management for enterprises via mobile and other devices.

Google unveiled five upgrades to its BeyondCorp cloud enterprise security service that enables identity and access management for employees, corporate partners, and customers.

To read this article in full, please click here



Computer World Security News
Apr 10, 2019

You Can Now Get This Award-Winning VPN For Just $1/month
If you use the internet (which you clearly do), you likely know how important it is to protect your data in an increasingly dangerous cyber environment. But like other essential tasks that tend to be tedious (like filing taxes early and brushing your teeth for the full two minutes), most installing and running a VPN can sound unappealing to many: sure, they encrypt your internet traffic and hide your location — but they can also run frustratingly slowly, delaying the way you'd usually use the internet for entertainment and work.

That's where Ivacy VPN is different: not only will the speedy service let you browse and stream lag-free, it also offers real-time threat detection technology, removing malware and viruses at the server level. It ensures that all your downloads and devices stay totally secure, so you can stay safe online without being inconvenienced.

To read this article in full, please click here



Computer World Security News
Apr 05, 2019

Massive bank app security holes: You might want to go back to that money under the mattress tactic
A new report from a well-regarded payments consulting firm has found a lengthy list of security insanity while examining several major fintech company mobile apps. Although the very nature of apps that manage and move money would suggest presumably strong security, banks and their cohorts tend to adopt new technology slower than almost any other vertical, which puts them in a bad place when it comes to security.

My favorite finding from the Aite Group report: "Several mobile banking apps hard-coded private certificates and API keys into their apps. [Thieves] could exploit this by copying the private certificates to their computers and running any number of free password-cracking programs against them," the report noted. "Should the [attackers] successfully crack the private key, they would be able to decrypt all communication between the back-end servers and mobile devices, among other things. The API keys allow an adversary to then begin targeting the [financial institution's] API servers, gaining them access to data in the back-end databases. This allows [attackers] to authenticate the device with the back-end servers of that app, since this is what APIs use for authentication and authorization."

To read this article in full, please click here



Computer World Security News
Apr 01, 2019

Microsoft Patch Alert: Most March patches look good
March was an unusually light patching month - all of Office only had one security patch - and there don't appear to be any immediate patching worries. Just as in the past few months, Microsoft's holding off on its second cumulative update for Windows 10 1809, raising hopes that it's taking Win10 quality more seriously.

Win10 1809 deployment proceeded at a positively lethargic rate, even though Microsoft declared the OS fit for business consumption last week, leading to all sorts of speculation about the next-next update, Win10 version 1903, ultimately overtaking its younger sibling.

To read this article in full, please click here



Computer World Security News
Mar 29, 2019

With its Apple Card, Apple edges further into financial services
Apple's Monday announcement of a credit card - the Apple Card - represented a natural progression of the company's journey into financial services that began with the Apple Wallet app and its contactless digital payment service, Apple Pay.

Apple The Apple Card, as described by the company this week, will offer users some attractive features: up to 3% cash back on daily purchases, no late or international transaction fees, and a physical chipped card make of titanium (sans any credit card numbers - just your name and an Apple symbol).

To read this article in full, please click here



Computer World Security News
Mar 26, 2019

Microsoft connects rival browsers to Windows 10's Application Guard
Microsoft earlier this month released a pair of add-ons for Google's Chrome and Mozilla's Firefox to cobble together an unwieldy connection between those browsers, Edge and Windows 10's advanced security technology, Windows Defender Application Guard (WDAG).

The debut of the browser extensions - separate add-ons for Chrome and Firefox - was quietly plugged at the end of a March 15 blog post relating a recent Windows Insider build. That build, 18358, will lead, presumably next month, to Windows 10's next feature upgrade, labeled 1903 and also Windows 10 April 2019 Update.

To read this article in full, please click here



Computer World Security News
Mar 25, 2019

ASUS Live Update Utility cracked, installs ShadowHammer backdoor on 1M PCs, but only 600 targeted
Great way to wake up on Monday morning, especially if you own an ASUS machine.

Kaspersky just published a teaser for a more thorough explanation to come in two weeks at the Kaspersky Security Analysts Summit in Singapore. It's quite an eye-opener.

Apparently somebody broke into the ASUS update servers, and swapped out a valid software/firmware update with one of their own. The bogus update looked like the genuine thing, with a valid certificate, and its size matched the original's size. As a result, the bad update stayed on ASUS's servers "for a long time."

To read this article in full, please click here



Computer World Security News
Mar 25, 2019

How blockchain is becomming the 5G of the payment industry
As more blockchain-based payment networks and fiat-backed digital currencies - including one from the largest U.S. bank - emerge, experts and analysts are predicting a sea change for the financial services industry.

"I think you're starting to see a growing consensus," said Matt Savare, a partner who works in the technology group of New Jersey-based law firm of Lowenstein Sandler LLP. "I do quite a bit of FinTech and I can tell you my clients... the banks, are inherently conservative - at least the large ones. But once they see other banks adopt new technologies, you see it snowball. Other banks will often join on in pretty quick fashion."

To read this article in full, please click here



  • CEOExpress
  • 1 Boston Place | Suite 2600
    Boston MA 02108
  • 617 482 1200
    617 299 8649 (fax)
  • Contact
  • As an Amazon Associate
    CEOExpress earns from
    qualifying purchases.

©1999-2019 CEOExpress Company LLC