NEWS: COMPUTER WORLD SECURITY NEWS
Setup News Ticker
   NEWS: COMPUTER WORLD SECURITY NEWS
Computer World Security News
Nov 23, 2020

A pre-Thanksgiving all-clear to install patches
In the U.S., we're quickly coming up to the start of holiday season, meaning it's time for, well, time off. I typically add technology maintenance jobs to the monthly mix of patching and maintaining servers and workstations. This month, I'm also taking time to better understand the impact of one specific security bulletin — I honestly can't figure out exactly what I'm supposed to do to keep my network secure. 

The good news: for most readers, none of these concerns apply to you. I'm ready to give the all-clear to go ahead and install Microsoft's November updates on laptops, desktops and workstations — especially if you are running the Windows 10 1909 feature release. That said, do your Thanksgiving Zoom get-together first and then install any updates. I'd hate to have you see nothing but the spinning wheel of Windows updates instead of your family and friends.

To read this article in full, please click here



Computer World Security News
Nov 23, 2020

How to stay as private as possible on the Mac
Apple believes in your right to privacy. Here is some advice on how to use the privacy tools it provides on your Mac. We have a guide for iPhones and iPads here.

Use a strong passcode To secure your Mac, all your data, and your privacy it is essential to create a strong alphanumeric login password.

The temptation to use something short or easy to remember is completely understandable, but if your Mac goes missing your life is on show, so visit Security & PrivacyGeneral and tap Change Password to pick something more challenging.

To read this article in full, please click here



Computer World Security News
Nov 19, 2020

Deciphering (and understanding) Microsoft's patch management options
If you asked a normal user what they dislike most about Windows 10, the answer would likely be related to patching, rebooting and the generally confusing update process. Entire web sites have sections devoted to explaining the updating process and how to manage it — and I've written my fair share about the topic. 

In addition to writing about Microsoft patches here (and about Windows security for CSO), I'm also a moderator on the Patchmanagement.org listserve. We have many people who rely on various patching tools to deploy updates and maintain workstations.  There are a number of options, so it's important to understand how they work (and how they vary) so you can get the most out of them.

To read this article in full, please click here



Computer World Security News
Nov 16, 2020

Microsoft exhorts enterprises to quit text, voice multi-factor authentication passcodes
A Microsoft executive is urging enterprises to abandon the most popular multi-factor authentication (MFA) method — one-time passcodes sent to mobile devices via text or voice — for different approaches, including app authenticators, that he claims are more secure.

"It's time to start your move away from the SMS and voice Multi-Factor Authentication (MFA) mechanisms," asserted Alex Weinert, director of identity security, in a Nov. 10 post to a Microsoft blog. "These mechanisms are based on publicly switched telephone networks (PSTN), and I believe they're the least secure of the MFA methods available today."

To read this article in full, please click here



Computer World Security News
Nov 13, 2020

Browser updates are back for Update Tuesday; testing may be needed for Windows patches
Though we return to monthly browser updates after last month's brief respite — none of this November's browser security issues are worm-able, and we have not seen anything that would require a return to an urgent browser update cycle. The Windows platform gets the most attention this time, but no single issue requires immediate deployment — though some legacy systems may require full testing for graphically intensive applications that rely on older graphic/media conversion technology. And the Microsoft Office and associated development platforms receive some lower-rated patches, with recommendations for a standard roll-out regime. 

To read this article in full, please click here



Computer World Security News
Nov 12, 2020

The November Patch Tuesday aftermath
November's updates held a few surprises. 

First, for those still running Office 2010 last month was supposed to be the drop-dead date for support.  No more security updates at all.  None.  Zilch.  Zippo.  

And yet, we week received updates for Excel (KB4486743), Office (KB4486737, KB4486738, KB4484534, KB4484455), and for Word (KB4486740) — all of which patch for remote code executions.  (I remember when Office 2007 had its swan song, we received updates after its end-of-life notice as well.) My guess is that these updates were probably still in testing and had not yet been completed, hence the late release. So, if you are still running Office 2010, you get one more month's worth of updates.  I don't expect another set next month. But then again, I didn't expect this month's either.

To read this article in full, please click here



Computer World Security News
Nov 12, 2020

Online privacy: Best browsers, settings, and tips
"You have zero privacy anyway. Get over it," Scott McNealy said of online privacy back in 1999, a view the former CEO of the now-defunct Sun Microsystems reiterated in 2015. Despite the hue and cry his initial remarks caused, he's been proven largely correct.

Where mainstream mobile browsers differ in privacy settingsTo read this article in full, please click here

(Insider Story)

Computer World Security News
Nov 10, 2020

11 Android settings that'll strengthen your security
You might not know it from all the panic-inducing headlines out there, but Android is actually packed with powerful and practical security features. Some are activated by default and protecting you whether you realize it or not, while others are more out of the way but equally deserving of your attention.

So stop wasting your time worrying about the Android malware monster du jour and which security company is using it to scare you into an unnecessary subscription, and take a moment instead to look through these far more impactful Android security settings — ranging from core system-level elements to some more advanced and easily overlooked options.

To read this article in full, please click here



Computer World Security News
Nov 09, 2020

For Patch Tuesday, it's time to pause those Windows 10 updates
First a bit of an introduction.  Recently, Woody Leonhard decided to take a much deserved "retirement" from both AskWoody.com and Computerworld. I put "retirement" in quotes because I find that in IT, you never really retire. You're often called on to fix anything that has a motherboard or boots up, no matter what operating system is under the hood — especially when visiting family members and even in a pandemic.  Woody is back in Thailand on what he calls an extended vacation.

To read this article in full, please click here



Computer World Security News
Nov 09, 2020

On a personal note...
A combination of medical concerns, family obligations … and a screaming desire to turn my attention to interests outside the computer industry have nudged me into retirement.

And it's my great pleasure to announce that "Patch Lady" Susan Bradley will be taking up the cause here at Computerworld  with a new blog: Microsoft Patch Lady. She will also be major-domo of AskWoody.com, managing editor of the AskWoody Newsletters, as guiding light of the @AskWoody twitter charge — and, most importantly, as a spiritual advisor to gazillions of disenfranchised Microsoft customers.

To read this article in full, please click here



Computer World Security News
Nov 03, 2020

How to give Chrome a super-simple security upgrade
Smart security, just like autumn attire, is all about layers. The more effective pieces you have working to protect you, the less likely you'll be to let a burst of cold air — whether a metaphorical one or a literal one — catch you off-guard. (Also, the more flannel, the better. I'm not entirely sure how that applies to the tech side of things, but I'm stickin' with it.)

When it comes to browsing this wild ol' web of ours, after all, potential threats are a-plenty. Shady sites sit in wait to try to trick you into doing something dangerous, passwords are compromised constantly, and ghoulish virtual boogeymen who look curiously like Gary Busey crouch behind dark corners and prepare to pounce.

To read this article in full, please click here



Computer World Security News
Oct 30, 2020

Get Microsoft's October patches installed — and seriously consider Win10 2004
It was yet another patch roller coaster ride this month with the usual crop of one-off bugs, a  Malwarebytes-associated assault on networking, a promised Flash killer that doesn't — and that announced Dynamics 365 Commerce patch, CVE-2020-16943, still isn't out. 

To read this article in full, please click here



Computer World Security News
Oct 30, 2020

Get the October patches installed — and seriously consider Win10 2004
It was yet another patch roller coaster ride this month with the usual crop of one-off bugs, a  Malwarebytes-associated assault on networking, a promised Flash killer that doesn't — and that announced Dynamics 365 Commerce patch, CVE-2020-16943, still isn't out. 

To read this article in full, please click here



Computer World Security News
Oct 29, 2020

The New Normal: When work-from-home means the boss is watching
In the midst of a pandemic that's led to unprecedented levels of remote working, digital tools to monitor employees in real time are gaining popularity among companies looking for new ways to track employee productivity. At the same time, the trend raises concerns about employee privacy and how far companies should be allowed to go to keep tabs on their workers.

Applications such as StaffCop, Teramind, Hubstaff, CleverControl, and Time Doctor include real-time activity tracking, can take screenshots of workers' computers at regular intervals, do keystroke logging, and record screens. In some cases, the tracking tools can be installed without the knowledge of employees. Companies say they're focused on transparency and productivity, but privacy groups decry draconian "Big Brother" moves made possible by technology. (Computerworld reached out to several of the vendors for comment; they either did not return messages or could not provide someone to discuss their software.)

To read this article in full, please click here



Computer World Security News
Oct 22, 2020

Microsoft Patch Alert: October 2020
October 2020 brought a lighter-than-usual crop of patches. For the first time in recent memory, there were none at all for Internet Explorer or the (Chromium-based) Edge browser. The cumulative updates went in with few reports of problems, although there were many complaints about printers not working after the update.

Strange things happened, though, outside the usual monthly patching schedule. The day after Patch Tuesday, Microsoft announced a(nother) fix for a security hole in the HEVC codec — CVE-2020-17022 — distributed, once again, only through the Microsoft Store.

To read this article in full, please click here



Computer World Security News
Oct 20, 2020

Warning: Multiple Windows 10 retirements ahead
Two Windows 10 feature upgrades will reach end of support in the next seven weeks, the congestion caused by decisions Microsoft made earlier this year as the coronavirus pandemic began.To read this article in full, please click here

(Insider Story)

Computer World Security News
Oct 20, 2020

A phenomenal Android privacy feature you probably forget to use
It's amazing how many useful Android features get buried in the operating system and then forgotten over time.

When you stop and think about it, it's also kind of inevitable: With every passing year, Android grows increasingly robust and complex, as more advanced options make their way into the software. So it's only logical that certain elements will become out of sight and out of mind and get lost in the shuffle somewhere along the way.

One such item jumped out at me the other day, triggering an immediate "AHAH!" in this rusty ol' noggin of mine as I remembered its existence and then scolded myself for forgetting to use it all this time. It's a little somethin' called Android Guest Mode, and it first showed up way back in the Android 5.0 (Lollipop) era of 2014.

To read this article in full, please click here



Computer World Security News
Oct 19, 2020

Zoom's new encryption approach is incremental, but better
Just like their consumer counterparts, enterprise IT execs have flocked to Zoom for all manner of meetings. But security has invariably taken a backseat to convenience and availability, as anyone who has endured a Zoom intruder knows all too well.

Zoom this week (it hasn't yet said exactly when) will roll out its upgraded encryption option. But it comes at the cost of surrendering various popular features. And it also does not come with improved authentication and identification of users, a capability Zoom now is promising to deliver sometime in 2021.

Zoom describes its current encryption offering as adequate, but not ideal:

To read this article in full, please click here



Computer World Security News
Oct 19, 2020

Microsoft focuses on Office, less so on Windows, and offers nothing for browsers on Patch Tuesday
This posting is a little later than usual due to a number of late-in-the-week updates from Microsoft last week. We started off with no publicly reported zero-days or active exploits in the wild. (As we were working with Microsoft, we felt that an out-of-bound patch was imminent that would change our advice on patch cycles for October. But it appears the final "change" for this release was a relatively minor update to Visual Studio - leading to no change in our recommendations in this benign update.)To read this article in full, please click here

(Insider Story)

Computer World Security News
Oct 15, 2020

Is Windows the greatest cyberthreat to the 2020 US election?
If there's going to be a successful cyberattack on the 2020 U.S election, you can be sure Windows will be involved. It's the world's biggest exposed attack vector and the weapon of choice of cybercriminals and intelligence agencies the world over. In addition, the world's biggest botnets are made up of millions of infected Windows PCs used to launch cyberattacks.To read this article in full, please click here

(Insider Story)

Computer World Security News
Oct 12, 2020

As Patch Tuesday nears, be sure Windows Update is paused
Some people believe that you need to get new Windows and Office patches installed the minute they roll out the Windows Update chute. Those who snooze get bit by malware, or so the theory goes.

In fact, we've seen very few instances in the past years where a newly patched security hole has turned into a widespread security threat in less than a few weeks. If you're protecting uranium enrichment centrifuges from deep-pocket adversaries, all bets are off, of course. But for normal, everyday Windows users, the chance of getting bit by a bad patch far outweighs the immediate threat to your trusty ol' PC.

To read this article in full, please click here



Computer World Security News
Oct 12, 2020

With Patch Tuesday here, be sure Windows Update is paused
Some people believe that you need to get new Windows and Office patches installed the minute they roll out the Windows Update chute. Those who snooze get bit by malware, or so the theory goes.

In fact, we've seen very few instances in the past years where a newly patched security hole has turned into a widespread security threat in less than a few weeks. If you're protecting uranium enrichment centrifuges from deep-pocket adversaries, all bets are off, of course. But for normal, everyday Windows users, the chance of getting bit by a bad patch far outweighs the immediate threat to your trusty ol' PC.

To read this article in full, please click here



Computer World Security News
Oct 06, 2020

Apple's T2 Mac security chip may be vulnerable, researcher claims
A security researcher claims to have figured out how to break the T2 security chip on modern Intel-based Macs using a pair of exploits developed to jailbreak older phones. Apple has not commented on these claims.

What the research claims The claim seems to be that because the T2 chip is based on the older A10 series Apple processor, it is possible to use two jailbreak tools (Checkm8 and Blackbird) to modify the behavior of T2, or even install malware to the chip.

It's not an easy hack: Not only must an attacker have local access to the Mac, but they must connect to the target Mac using a non-standard "debugging" USB-C cable and run a version of a jailbreaking software package during startup.

To read this article in full, please click here



Computer World Security News
Oct 06, 2020

Wire targets Zoom, Teams and others with secure video upgrades
Secure communication platform Wire has overhauled its video conferencing capabilities and now allows more users to simultaneously have fully encrypted video calls.

Beginning today, Wire users will be able to video chat with up to 12 people and voice call with up to 25. While video conferencing rivals Zoom and Webex already offer end-to-end encryption on some plans, Wire's latest move will provide that high level of security to all its users. Wire now boasts that it offers "the world's first completely end-to-end encrypted video environment."

As many companies enter their seventh month of employees working from home, the demand for video conferencing services has not had any let up. That has led to something of an arms race as Microsoft, Zoom and a variety of other services have in recent months announced upgrades and feature tweaks of their own.

To read this article in full, please click here



Computer World Security News
Oct 05, 2020

Current trends in Mac security threats
Current trends involving Mac threats indicate that while attempts are on the rise, users remain the first line of defense — particularly as "show up when you want to" (SUWYWT) becomes the future of work.

The security risk remains In the first few weeks of the pandemic, we saw multiple businesses invest in VPN software and new hardware as they equipped employees to work from home. In the UK, for example, Starling Bank claimed it purchased every available MacBook as the pandemic struck.

Now that working from home (WFH) is normalized, there's a need to take stock of security concerns and remind employees of good security procedure on all platforms, including Macs. Apple's platform seems to have enjoyed incredibly strong sales as companies upgraded for WFH, but even with better inherent security those Macs must also be protected.

To read this article in full, please click here



Computer World Security News
Oct 05, 2020

Working from home? Slow broadband, remote security remain top issues
Unreliable home broadband connectivity is the primary technical challenge businesses are having to deal with as remote working continues during the COVID-19 pandemic.

That's one takeaway from a survey of 100 C-level executives and IT professionals in the US by Navisite designed to highlight the biggest headaches for organizations providing IT services to workers since offices began to close in March.

[ Related: Remote working, now and forevermore? ] Around half (51%) of those surveyed said they experienced some "IT pains" during the rapid shift to support home workers, while almost a third (29%) continue to face technical challenges.

To read this article in full, please click here



Computer World Security News
Oct 02, 2020

The coast is clear to install September's Windows and Office patches
There are a few odd problems with the September Microsoft patches, but they're relatively sporadic and reasonably-well understood. That makes it's a good time to get the outstanding updates installed, though you should avoid the "optional" patches.

I'm still not ready to put Windows 10 version 2004 on my main machines. The "E Week" optional, non-security patch, KB 4577063, fixes two well-known bugs and many dozens of lesser bugs (none of which were officially documented, by the way) in the latest released version of Windows 10. @mikemeinz has hit several replicated bugs in Win10 version 2004, and bug reports continue to hit my inbox.

To read this article in full, please click here



Computer World Security News
Oct 01, 2020

Microsoft on Apple in the enterprise
When it comes to Apple in the enterprise, Microsoft wants to make the experience as smooth as possible. At JNUC2020 event I (virtually) spoke with Microsoft's Corporate Vice President of the Enterprise Client & Mobility (ECM) team, Brad Anderson, who shared insights on his company's work with Jamf and the emerging new normal of remote work.

Securing the remote enterprise The COVID-19 pandemic has accelerated the rate of digital transformation, underlining the need for Microsoft to support device choice and improve cloud-based collaboration.

To read this article in full, please click here



Computer World Security News
Oct 01, 2020

Microsoft's Brad Anderson on Apple in the enterprise
When it comes to Apple in the enterprise, Microsoft wants to make the experience as smooth as possible. At this weeks JNUC2020 event I (virtually) spoke with Microsoft's Corporate Vice President of the Enterprise Client & Mobility (ECM) team, Brad Anderson, who shared insights on his company's work with Jamf and the emerging new normal of remote work.

Securing the remote enterprise The COVID-19 pandemic has accelerated the rate of digital transformation, underlining the need for Microsoft to support device choice and improve cloud-based collaboration.

To read this article in full, please click here



Computer World Security News
Sep 30, 2020

Lessons learned: Provisioning new employees during a pandemic
COVID-19 means just about everyone who can do so now works from home. But the rapid pace at which this happened put IT under a great deal of pressure, so, what have we learned that may help in future?

The digital transformation continues The JNUC conference this week sees 15,000 Apple-in-the-enterprise IT staff come together, and a lot of the focus is on the challenges of rapid migration to remote work. The scale of this migration is vast, and it seems to be continuing at pace.

Microsoft Vice President Brad Anderson shared a little data to illustrate this: "We're seeing 1.5 million new devices every seven days coming into the cloud to be managed (by Microsoft Endpoint Manager) and that's Windows, iOS, Mac and Android." (Italics mine.)

To read this article in full, please click here



Computer World Security News
Sep 29, 2020

JNUC 2020 opens with big news for Apple and Azure
Apple in the enterprise focused company, Jamf, kicked off its virtual JNUC conference today with a deluge of news and information for Mac, iPhone and iPad using enterprises.

Apple and Microsoft together for work The show comes at a pivotal moment in the transformation of enterprise IT. Not only is work becoming virtual, but Apple's presence in the space continues to grow.

The move to virtual conferences means the event has more attendees than ever before, with around 15,000 people attending, the company said.

To read this article in full, please click here



Computer World Security News
Sep 29, 2020

How to fix Android's Smart Lock Trusted Places feature
Android's Smart Lock feature is spectacular — that is, when it actually works.

Smart Lock has been around since 2014's Android 5.0 era (which, according to my calculations, was approximately "an eternity" ago by 2020 standards). The basic idea behind it is to make securing your smartphone less inconvenient, thus making it more likely that you'll actually use a pattern, PIN, passcode, or person-paw press (also known as a fingerprint) to keep your data safe. The sensational headlines about big, bad malware monsters lurking in the dark and waiting to pounce on unsuspecting victims may be scary, after all, but here in the real world, you're far more likely to suffer from your own self-made security shortcomings than from any sort of theoretical threat.

To read this article in full, please click here



Computer World Security News
Sep 28, 2020

Microsoft Patch Alert: September 2020
What September's patching frenzy lacked in fireworks, it more than compensated for in volume - and belligerence. Server 2016 hiccups on Security Options. Win10 version 2004 surprises - Lenovo still hasn't fixed its Blue Screen-inducing Biometric Security setting; the TRIM function still tries to trim spinning hard disks; for some, Start goes wonky, Action Center disappears, and there's the usual litany of odd, one-off bug reports.

As of early today, we're still waiting for the Win10 version 2004 "optional, non-security, C/D/E Week" patch, but all of the other expected September patches are in.

Defrag woes in Win10 version 2004 largely fixed, but TRIM still nips As I've mentioned many times, Windows 10 version 2004 shipped with a bug that causes the Windows Optimizer Drives defrag tool to skip updating the completion date on defrag runs. As a result, defrags occur much more frequently than necessary. Microsoft has known about the bug since January - months before 2004 shipped -- but didn't bother to acknowledge it until a fix appeared this month.

To read this article in full, please click here

(Insider Story)

Computer World Security News
Sep 28, 2020

Dual biometrics for banking: Double trouble or super-secure?
In an unusual experiment, two European banks (one in Hungary, the other in Spain) are trying to boost security and - nonintuitively - convenience by layering one biometric authentication method on top of another.

The two biometrics are facial recognition and palm recognition - both performed via a mobile device - and the banks are Hungary's OTP Bank and Spain's Liberbank; the vendor behind the effort promises imminent deployments in Slovenia and the UK. It's clear that such an approach would theoretically be more secure, but is such a combo going to mean too much friction for the typical customer? Or will users accept a minute amount of additional effort to better safeguard their money?

To read this article in full, please click here



Computer World Security News
Sep 23, 2020

Pandemic gives VDI a new lease on life
The COVID-19 pandemic and subsequent shift to working from home have brought about numerous technological disruptions, many centered around how organizations deliver IT services to their workforce. Technologies that were dabbled in before, like videoconferencing, have suddenly become standard practice.

Such is the case with Virtual Desktop Infrastructure (VDI), also known as desktop virtualization or thin-client computing. Led by vendors such as Citrix, Microsoft, Cisco, and VMware, it has been around for decades and hasn't changed much in that time. But with companies' entire workforces now connecting to corporate networks from home, sometimes without a company-issued laptop with a VPN and all the necessary settings for secure access, VDI is getting a second look.

To read this article in full, please click here

(Insider Story)

Computer World Security News
Sep 22, 2020

How IT can keep remote workers' Windows 7 PCs safe
In the time of COVID-19, with so many people working from home, it's inevitable that many will be using Windows 7 devices. And that's a big security problem for IT. As of January 2020, Windows 7 is no longer supported by Microsoft. That means no security patches — particularly dangerous at a time when many people are connecting to enterprise networks from their Windows 7 PCs.

It adds up to one of the biggest security risks many companies have seen for some time. Unpatched systems can be more easily hacked than ones that regularly receive security patches. Hackers go after low-hanging fruit — and right now Windows 7 is the lowest fruit there is. As the FBI stated in an August 2020 warning to businesses:

To read this article in full, please click here

(Insider Story)

Computer World Security News
Sep 17, 2020

Why you need Apple support to secure the C-suite
I get it. You're one of those enterprises that doesn't (yet) support Apple products among employees, but does that moratorium extend to the C-suite? I'm willing to bet it does not, and that's why even Windows-only IT must learn how to secure Apple's products.

Ignore the fantasy, this is reality The reality is that Apple's products are popular in the enterprise. And while there are many businesses that don't officially support them, one section of civic society that pretty much always do their own thing no matter what they ask others to do are the boys and girls in the C-suite. I can still recall the number of CFO's I spoke with early on in the iPad days who were deeply interested in trying the Apple tablet. Many did.

To read this article in full, please click here



Computer World Security News
Sep 17, 2020

Windows 10 upgrades are rarely useful, say IT admins
A majority of IT administrators polled this summer said that the twice-a-year Windows 10 feature upgrades are not useful - or rarely so - a stunning stance considering how much effort Microsoft puts into building the updates.

About 58% of nearly 500 business professionals who are responsible for servicing Windows at their workplaces said that Windows 10 feature upgrades - two annually, one each in the spring and fall - were either not useful (24%) or rarely useful (34%).

[ Related: Windows 10 version 2004: Key enterprise features ] Only 20% contended that the upgrades were useful in some fashion, while a slightly larger chunk - 22% - choose a noncommittal neutral as a response, claiming that the operating system's updates were neither useful nor not useful. (It might be best to consider this answer as undecided since in this binary world if something is not not useful, that must mean it is useful.)

To read this article in full, please click here



Computer World Security News
Sep 15, 2020

How COVID-19 has changed IT's focus and plans for 2021
The COVID-19 pandemic - and the lockdowns that followed last spring - wrought changes across IT operations and strategy as businesses and employees adjusted to a new environment. But what changes were made, and which ones are likely to last?

Spiceworks Ziff Davis, a B2B tech marketplace, polled 1,073 IT buyers in North America and Europe in June and July 2020 to find out. The results in its 2021 State of IT report, released today, show that the pandemic-fueled transformation will continue, affecting both planning and budgets for the long term.

[ Keep up on the latest thought leadership, insights, how-to, and analysis on IT through Computerworld's newsletters. ] The survey shows that 76% of businesses envision long-term IT changes, with more than half planning to retain flexible work policies (such as remote work); 64% of companies enabled remote work in 2020 due to the pandemic.

To read this article in full, please click here



Computer World Security News
Sep 11, 2020

A fat Windows Update for September's Patch Tuesday
Microsoft has released 129 updates to its Windows ecosystem, but the good news  this month is that we are not responding to any zero-days or publicly reported vulnerabilities. Microsoft appears to be getting serious about removing Adobe Flash Player (a good thing) and we see a very broad update to Windows desktops and servers. Unusually, Microsoft's browsers are not a huge focus this month, and both the Microsoft Office (excluding SharePoint) and development platform have received only a few, lower profile patches.

[ Related: Microsoft revamps Windows Insider release vernacular ] We have included a helpful infographic, which this month looks a little lopsided as all of the attention should be on Windows components.

To read this article in full, please click here



Computer World Security News
Sep 10, 2020

Beaucoup bugs beset this month's Windows patches
Someday, you'll tell your grandkids about the halcyon days of July and August 2020, when Microsoft took pity on us poor patching souls and introduced few bugs in its stew of Patch Tuesday patches.

Now, it looks like we're well on our way to another mess.

[ Related: Microsoft makes 'major-minor' Windows 10 release cadence the new normal ] Although it's still too early to throw up your hands and peremptorily pass on the September crop, I assure you that there is no joy in Patchville.

To read this article in full, please click here



Computer World Security News
Sep 09, 2020

Microsoft puts Application Guard for Office into public preview
Microsoft has launched a public preview of "Microsoft Defender Application Guard for Office," a defensive technology that quarantines untrusted Office documents so that attack code carried by malicious files can't reach the operating system or its applications.

On Monday, a senior cybersecurity engineer with the Redmond, Wash. company explained how Application Guard for Office worked and more importantly, walked customers through its operationm - something that existing documentation omitted when the public preview was launched late last month.

[ Related: 10 productivity-boosting apps for Microsoft Teams ] "Microsoft Office will open files from potentially unsafe locations in?Microsoft Defender Application Guard, a secure container, that is isolated from the device through hardware-based virtualization," John Barbare wrote in a post to a Microsoft blog. "When Microsoft Office opens files in Microsoft Defender Application Guard, a user can then securely read,?edit,?print, and?save?the files without having to re-open files outside of the container."

To read this article in full, please click here



Computer World Security News
Sep 07, 2020

With Patch Tuesday here, get Windows Update locked down
Every month we see the same pattern: Microsoft releases its Patch Tuesday regimen; the blogosphere flies into a frenzy about security holes that have to be patched right this minute; some patches have bugs; Microsoft fixes many of them in a week or two, warns about others, and stays mum on far too many.

Normal Windows users are left in the lurch. On the one hand, you have the threat of imminent malware mayhem. On the other, you have the threat of poorly tested patches. Wash. Rinse. Repeat.

[ Related: Windows 10 version 2004: Key enterprise features ] It's been like that for years. Don't believe it? Computerworld has month-by-month details for the past three years here.

To read this article in full, please click here



Computer World Security News
Sep 07, 2020

With Patch Tuesday near, get Windows Update locked down
Every month we see the same pattern: Microsoft releases its Patch Tuesday regimen; the blogosphere flies into a frenzy about security holes that have to be patched right this minute; some patches have bugs; Microsoft fixes many of them in a week or two, warns about others, and stays mum on far too many.

Normal Windows users are left in the lurch. On the one hand, you have the threat of imminent malware mayhem. On the other, you have the threat of poorly tested patches. Wash. Rinse. Repeat.

[ Related: Windows 10 version 2004: Key enterprise features ] It's been like that for years. Don't believe it? Computerworld has month-by-month details for the past three years here.

To read this article in full, please click here



Computer World Security News
Sep 04, 2020

Yes, you can install the August Windows and Office patches now
It looks like we're good to go with Microsoft's August Windows and Office patches. The second cumulative update for Windows 8.1, KB 4578013, throws some Virtual Private Networks out of kilter, and the Win7 patches may knock out your printers (for those of you paying for Win7 Extended Security Updates). But most of the other bugs appear to be squashed.

To read this article in full, please click here



Computer World Security News
Sep 04, 2020

Apple strengthens commitment to human rights with new policy
Apple has once again responded to critics with the publication of a human rights policy it says commits the company to "freedom of information and expression."

Freedom of expression "At Apple, we are optimistic about technology's awesome potential for good," says CEO Tim Cook. "But we know that it won't happen on its own. Every day, we work to infuse the devices we make with the humanity that makes us."

However, the document also points out that Apple is required to obey the law.

To read this article in full, please click here



Computer World Security News
Aug 31, 2020

Microsoft Patch Alert: August 2020
With Windows 10 2004 gradually creeping (I use the term intentionally) onto more machines, faults and foibles are coming out of the woodwork. It looks like a fix for the long-lamented version 2004 defrag bugs is on the way, but we aren't there yet. Lenovo isn't too happy with the August version 2004 cumulative update. It's still too early to move to 2004, in my opinion — and those problems ensure I'll keep 2004 off my machines for a while.

Meanwhile, Microsoft extended the end of support date for Win10 version 1803 — a move that'll interest exactly nobody except for admins with aging Win10 machines. Windows 8.1 patchers got left out in the Remote Access cold for a week. The .NET security updates have an odd, acknowledged bug with a manual registry workaround.

To read this article in full, please click here



Computer World Security News
Aug 27, 2020

TikTok sues the Trump administration, responding to potential U.S. ban
TikTok, the popular short form video app, has filed a lawsuit against the U.S. government, calling the potential U.S. ban an extreme action. At first glance, this lawsuit may mirror another one filed by a different tech company, Huawei. While both Huawei and ByteDance, the owner of TikTok, are Chinese tech companies, the proposed U.S. bans of each of these companies are different. Juliet breaks down why TikTok may fare better in the face of a potential ban than Huawei. More on TikTok's alleged security threats: https://youtu.be/LzeIOH2U8-8 Check out my latest video about the Huawei ban: https://youtu.be/bDXc7xeS5OE Sources-- https://www.nytimes.com/2020/08/24/technology/tiktok-sues-trump-administration.html https://newsroom.tiktok.com/en-us/tiktok-files-lawsuit Follow Juliet on Twitter: https://twitter.com/julietbeauchamp

Computer World Security News
Aug 26, 2020

Microsoft adds 6 months support to Windows 10 1803, again cites pandemic
Microsoft on Wednesday stretched support for a third version of Windows 10, again citing the coronavirus pandemic and its impact on business.

The Redmond, Wash. developer extended security support for Windows 10 Enterprise 1803 and Windows 10 Education 1803 by six months, to May 11, 2021. The original end-of-support date was to be Nov. 10.

[ Related: Microsoft makes 'major-minor' Windows 10 release cadence the new normal ] "We have heard your feedback and understand your need to focus on business continuity in the midst of the global pandemic," Chris Morrissey, who leads the communications team for Windows' servicing group, wrote in a post to a company blog. "As a result, we have decided to delay the scheduled end-of-service date for the Enterprise, Education, and IoT Enterprise editions of Windows 10, version 1803."

To read this article in full, please click here



Computer World Security News
Aug 21, 2020

Did Microsoft just solve a big business iPad problem
One of the most disappointing things about iOS devices as business devices, and one of the things that keeps the iPad from being a true computing solution, is that there is no support for multiple-user accounts. An unlikely ally is determined to solve the problem for Apple. A future version of Microsoft Authenticator will allow for a multi-user iPad experience.

Computer World Security News
Aug 20, 2020

Google to trial drastically truncated URLs in Chrome in anti-phishing move
Google will run a trial with Chrome 86, the browser set to release in October, that will hide much of a site's URL as a way to foil phishing attacks.

"We're ... going to experiment with how URLs are shown in the address bar on desktop platforms," Emily Stark, Eric Mill and Shweta Panditrao, all members of Chrome's security team, wrote in an Aug. 12 post to a company blog. "Our goal is to understand -- through real-world usage -- whether showing URLs this way helps users realize they're visiting a malicious website, and protects them from phishing and social engineering attacks."

To read this article in full, please click here



Computer World Security News
Aug 17, 2020

Xcode becomes vector for new Mac malware attack
Trend Micro has identified an insidious new form of Mac malware that is propagated by injecting itself into Xcode projects before they are compiled as apps.

So good they tried it twice We've seen a similar attack before. The so-called ‘XCode Ghost' was a malware infested version of Apple's developer environment that was distributed outside of Apple's channels. Apps built using the software were preinstalled with malware.

To read this article in full, please click here



Computer World Security News
Aug 14, 2020

A zero-day and testing of key printing features will drive August Windows updates
Though a DNS spoofing vulnerability in Windows (CVE-2020-1464) has been rated as a zero-day due to reports of exploitation in the wild, the focus for this month's updates should be on testing key Windows features prior to deployment. Primarily, printing and back-up scenarios will require your attention. You will also need to work with multiple and potentially overlapping updates to Window and the .NET development platform and, in some cases, Windows Store updates to your application portfolio.

Given the number and nature of changes we have seen in the update testing cycle during the past month, we advise a "Patch Now" approach to Windows 10, but with an extended test cycle on printing and more attention to the Windows 8.x platforms.

To read this article in full, please click here



Computer World Security News
Aug 13, 2020

Managing Windows 7 security risks
We've heard security experts warn that remote employees working on personal devices running old operating systems, like Windows 7, pose a huge security risk to enterprises. With some work from home regulations extending into 2021, IT teams will continue to manage employee devices and mitigate security risks remotely. Computerworld contributing editor and Windows expert Preston Gralla joins Juliet to discuss why Windows 7 is a security risk and what IT teams can do to manage that risk as employees continue to work off of unsecure personal and company devices.

Computer World Security News
Aug 12, 2020

Slack talks up security with new encryption options, FedRAMP certification
As Slack works to entice large organizations to deploy its channel-based collaboration app, the company is touting a variety of security upgrades, including an expanded enterprise key management (EKM) system and stronger compliance capabilities.

Among the updates announced Tuesday is the extension of EKM to give admins greater flexibility over the encryption of message data. Slack's EKM, introduced in 2018 for Enterprise Grid customers, can now cover data sent by users accessing the Workflow Builder automation tool. The company also plans to expand EKM to messages sent in Slack Connect - the company's  recently announced platform for multi-company conversations - when it launches later this year. 

To read this article in full, please click here



Computer World Security News
Aug 10, 2020

It's Patch Tuesday time. Make sure to have auto updates paused.
If you want to join the ranks of the unpaid beta testers, please go right ahead. Don't do anything and Patch Tuesday will find you. Make sure you tell us about any problems on AskWoody.com.

Every month we see the same pattern: Microsoft releases its Patch Tuesday regimen; the blogosphere flies into a frenzy about security holes that have to be patched right away; the patches bring bugs; the screams of imminent doom disappear as folks realize it takes a while - sometimes quite a while - for the security holes to turn into real, live exploits.

To read this article in full, please click here



Computer World Security News
Aug 04, 2020

Firefox gets next-gen anti-tracking defense, stymies 'bounce' trackers
Mozilla today announced a new defense against advanced tracking tactics that it will be switching on in Firefox 79 starting immediately and pushing out to the remaining user base during the next few weeks.

Calling the improved technologies and techniques Enhanced Tracking Protection 2.0 - Mozilla said that ETP 2.0's primary job is to block redirect tracking, also known as bounce tracking.

[ Related: 9 steps to lock down corporate browsers ] Trackers have been exploiting a loophole of sorts to continue following users browsing with Firefox, which enabled its first-generation ETP by default in June 2019. ETP takes a hands-off approach for first-party cookies - those tied to the site being browsed - because to do otherwise would break many of those websites or require users to, say, log in each time they returned.

To read this article in full, please click here



Computer World Security News
Jul 31, 2020

Despite an unexpected monkey wrench, now is the time to install the July Windows and Office patches
The folks at Microsoft have pretty much exterminated the bugs they introduced in July's patches. The Outlook-killing bug got fixed by an emergency update to Microsoft's own servers. The Win7 .NET patch was fixed and re-released nine days after paying Win7 Extended Security customers started bellyaching.  

To read this article in full, please click here



Computer World Security News
Jul 30, 2020

Microsoft Patch Alert: July 2020
July tends to be a leisurely month in Windows and Office patch land, and this one's no exception.

We had a bit of a thrill July 15 when Outlook stopped working on millions of PCs all over the world, but Microsoft fixed the bug four hours later by updating its servers.

Folks who pay for Windows 7 Extended Security Updates felt rightfully miffed when the new .NET Framework 4.8 patch, KB 4565636, refused to install. Microsoft took nine days to fix the bug and re-ship the patch.

To read this article in full, please click here



Computer World Security News
Jul 24, 2020

Windows Update is a bifurcated mess
This week's "Preview" patches led to some bizarre, unexplained, and self-contradictory behavior. Here's what we've been able to piece together, based on what actually happened - not on what Microsoft says is supposed to happen.

Two general sets of "Preview" patches arrived on Tuesday:

Optional, non-security, C/D Week Cumulative Updates for Win10 versions 1809, 1903, 1909, and various Servers, but not Win10 version 2004. Microsoft stopped distributing the C/D Week patches in March because of the "public health situation," but started pushing them again this week. July 21, 2020 Cumulative Update Previews for .NET Framework 3.5 and 4.8 on various versions of Win10. These are optional, non-security Preview patches released later in the month. Microsoft pushes Previews for .NET patches on Win10 infrequently; this year we've only seen two, one of them in January, the other in February. They're Previews,

Computer World Security News
Jul 24, 2020

At Microsoft Inspire, the new Edge browser took center stage
Disclosure:  Microsoft is a client of the author.

In the new Microsoft, Azure has - to a certain extent - taken over the center stage from the company's Windows Server platform, and the new Chromium Edge Browser has taken center stage from Windows. The ongoing COVID-19 pandemic has accelerated this result as the market rapidly turns from focusing on local hardware to using the Cloud as its primary place to do computing. 

As a result, each new browser update now feels a bit like what the old Windows refresh cycles used to feel like - but without the old compatibility drama. 

[ Related: FAQ: What the new Edge offers the enterprise ] Microsoft Inspire took place this week, so let's talk about the browser's new features, mostly focused on business users (now mostly working from home) that look compelling. 

To read this article in full, please click here



Computer World Security News
Jul 24, 2020

How to securely erase your Android device in 4 steps
It's an inevitable moment in the smartphone-owning cycle, the point at which a newer, shinier model comes along and your trusty old device is no longer needed.

Maybe your company bought you a new Android phone. Maybe your old one was getting too slow. Or maybe you just love electronics and couldn't resist the lure of whatever sexy new Android device your favorite manufacturer started selling.

Whatever the case, it's common nowadays to find yourself with an extra phone. And while there are plenty of practical uses for an old Android device, there's also a time when the best choice is to sell, donate, or otherwise pass it along.

To read this article in full, please click here



Computer World Security News
Jul 22, 2020

Microsoft releases some 'optional, non-security, C/D Week' Win10 patches. Avoid them.
I've always detested Microsoft's "optional, non-security, C/D Week" patches because they're confusing, easy to install accidentally, rarely solve any pressing problems, and potentially introduce yet more bugs. 

Guess what? They're back. 

As promised last month, Microsoft has started pushing them out again.

To read this article in full, please click here



Computer World Security News
Jul 21, 2020

Now let's guess what fish's new password is
It's COVID-19 days, and everyone at this tech company is practicing social distancing by working from home. All is fine for weeks for this pilot fish, but then his password expires.

An expired password cannot be replaced remotely, so he's going to have to go in to the office. Fish's boss says that the building is open, and once fish arrives, he finds it deserted and, he realizes, safer than the supermarket — no one has been inside there for weeks.

After he replaces his password, fish has an inspiration: He stops by the bathroom to grab some industrial-grade toilet paper, a product absent from store shelves for weeks.

To read this article in full, please click here



Computer World Security News
Jul 21, 2020

How to get one of iOS's best new privacy features on Android
Apple's latest iOS update may have taken plenty of inspiration from Android — to put it mildly — but iPhone owners will soon enjoy one important feature that isn't anywhere to be found here in the land o' Googley devices. And it's connected to a subject that's increasingly near and dear to many of our hearts: privacy.

The iOS 14 beta includes a new system that shows a visual alert anytime an app is using a device's microphone or camera, even in the background. It's a smart bit of added privacy protection, especially since traditionally — on iOS as well as on Android — once you've granted an app access to those parts of your phone, the app is technically able to tap into 'em anytime, with or without notifying you that it's doing it.

To read this article in full, please click here



Computer World Security News
Jul 20, 2020

Mozilla launches its first revenue-generating service, VPN for Firefox
Mozilla last week launched its virtual private network (VPN) in the U.S., Canada, the U.K. and three other countries, part of its strategy to expand revenue opportunities for its Firefox browser.

Dubbed Mozilla VPN, the service costs $4.99 per month and is available for devices running Windows and Android. Besides the U.S., Canada and the U.K., Mozilla VPN is also available in Singapore, Malaysia and New Zealand. The service will be offered on macOS and Linux devices "soon," while the iOS version is currently in beta, Mozilla said. For the monthly fee, users can access the VPN from up to five devices.

[ Related: 9 steps to lock down corporate browsers ] Mozilla kicked off a VPN preview - then tagged Firefox Private Network - nearly a year ago that relied on a browser extension and was free to users within the U.S. The Firefox Private Network was seen as the first of the paid services Mozilla would eventually introduce - another might be online storage - in an attempt to create new revenue streams to augment what the organization is paid to make specific search engines the Firefox default.

To read this article in full, please click here



Computer World Security News
Jul 17, 2020

Advisories and mitigations, oh my! Critical updates for Windows this July
This month's Patch Tuesday update from Microsoft attempts to address 123 unique security vulnerabilities including an urgent issue with Microsoft Outlook (CVE-2020-1349) and a very serious vulnerability in Windows (CVE-2020-1350). The big difference this month is that a "Patch Now" (as in right now-now) effort may not be enough. With average update cycles measured in weeks for most organizations, rapid mitigation strategies are required. Microsoft has offered registry-based fixes, some suggested code-based fixes, and a request to simply stop using certain features.

To read this article in full, please click here



Computer World Security News
Jul 13, 2020

It's Patch Tuesday time; make sure you pause Windows Updates
Yes, with Windows you have to get patched sooner or later. No, you don't have to do it right away.

Every month Microsoft releases buggy Patch Tuesday patches. Every. Single. Month. Every month we're admonished to get patched right now, lest the bad guys start mining PCs for juicy morsels. Every month we see the same hype, with the same results.

To read this article in full, please click here



Computer World Security News
Jul 13, 2020

It's Patch Tuesday; make sure you pause Windows Updates
Yes, with Windows you have to get patched sooner or later. No, you don't have to do it right away.

Every month Microsoft releases buggy Patch Tuesday patches. Every. Single. Month. Every month we're admonished to get patched right now, lest the bad guys start mining PCs for juicy morsels. Every month we see the same hype, with the same results.

To read this article in full, please click here



Computer World Security News
Jul 08, 2020

Most bugs in Microsoft's June patches have been fixed; go ahead and patch
The most obvious problem with June patches was a conflict between Microsoft's latest version of Windows and Microsoft's latest version of Office (er, Microsoft 365) Click-to-Run: If you installed patches as soon as they came out, Outlook wouldn't run. That bug got cleared up when Microsoft fixed Office a week later, even though Windows was to blame.

We also saw a bunch of belated patches for printers that didn't work after installing the June Windows updates.

To read this article in full, please click here



Computer World Security News
Jul 02, 2020

13 privacy improvements Apple announced at WWDC
Apple continues to focus on the challenge of providing technology-driven convenience while protecting customer privacy in its upcoming operating system releases. Here are all the privacy-related improvements to expect in iOS 14, macOS 11 and iPad.

Why privacy matters Fundamentally, the challenge with mobile technologies is the sheer quantity of personal data that can be collected and used against people.

A smartphone, for example, knows when it is picked up, how often, how high, who by, who it is in contact with, which websites you visit and much, much more.

To read this article in full, please click here



Computer World Security News
Jul 02, 2020

Microsoft Patch Alert: June 2020
There's never a dull moment for folks who try to keep Windows and Office patched.

Windows 10 version 2004 continues to make slow inroads among the "Go ahead and kick me" crowd, in spite of its (now documented) lack of update deferral settings, while those of us who are still trying to keep Win10 versions 2009, 2003 and 1809 afloat have our hands full.

June saw two truly innovative patching methods: A fix for a Windows bug delivered as an update to Office Click-to-Run and a fix for a different Windows bug delivered through the Microsoft Store.

If you can't fix things the normal way, I guess there's always the back door.

The two printer bugs All of the Win10 cumulative updates in June broke some printers, some of the time. The damage fell into two heaps:

To read this article in full, please click here



Computer World Security News
Jul 02, 2020

When shadow IT goes remote: How to keep workers in the fold
IT admins have a hard enough time keeping employees on the technology straight-and-narrow in the best of times. It's even harder when a pandemic hits and everyone in the office scatters to work from home.

Computer World Security News
Jul 01, 2020

Why coronavirus contact tracing apps are failing
Security, yes. But the biggest problem to adoption is staring us all in the mirror. Here's what that means for you and your organization.

Computer World Security News
Jun 30, 2020

Apple Watch's planned handwashing reminder feature? I don't trust it
When Apple rolled out its planned changes for iOS 14 and its companion WatchOS 7- both are expected to be available for download in mid-September - it included a variety of interesting tweaks. Two stood out as especially interesting: a COVID-friendly Watch handwashing app and an enterprise-IT-friendly facial recognition app for video cameras and doorbells.

The more straight-forward effort is positioned as a consumer feature, where video camera and doorbell apps within iOS will be able to identify visitors by name if they happen to appear within a user's photo library. It sounds rather cool for a consumer app, but I'm not sure how valuable it is. My doorbell app, for example, instantly shows me live video of the person at the door, so I can have a realtime conversation with whoever is there.

To read this article in full, please click here



Computer World Security News
Jun 26, 2020

WWDC: Apple brings Face & Touch ID authentication to Safari
It will soon be possible for enterprise workers, partners and customers to casually access web-based sites and services using biometric ID, with Apple set to enable Face ID and Touch ID authentication in Safari, the company told WWDC 2020.

Toughen up, just toughen up This is important because the scourge of online crime is not abating, and traditional passcode-based protection has proved itself insufficient.

As we move into a world of quantum computing, breaking password-protection will only get easier, which is why biometric protection adds another layer of access control. We need to toughen up every level of security.

To read this article in full, please click here



Computer World Security News
Jun 26, 2020

WWDC: Apple brings Face ID and Touch ID authentication to Safari
It will soon be possible for enterprise workers, partners and customers to casually access web-based sites and services using biometric ID, with Apple set to enable Face ID and Touch ID authentication in Safari, the company said at WWDC 2020.

Time to toughen up This move is important because the scourge of online crime is not abating, and traditional passcode-based protection has proved itself insufficient. As we move into a world of quantum computing, breaking password-protection will only get easier, which is why biometric protection adds another layer of access control. We need to toughen up every level of security.

To read this article in full, please click here



Computer World Security News
Jun 24, 2020

Mozilla takes first step in pulling Firefox plug on macOS Mavericks, Yosemite and El Capitan
Mozilla this week announced it would automatically move users running outdated versions of macOS to the Firefox Extended Support Release (ESR), an edition that provides security updates only.

The move, a first step towards dropping all support, will take place June 30, when Mozilla releases Firefox 78. On that date, users of Firefox still running OS X 10.9 (Mavericks), 10.10 (Yosemite) and 10.11 (El Capitan) on their Macs will instead be shunted to the extended channel and given 78.0 ESR. While that and Firefox 78 will be identical, when the latter shifts to version 79 four weeks later, ERS will remain at 78, increased to 78.1 to mark its first security update.

To read this article in full, please click here



Computer World Security News
Jun 24, 2020

Save big on popular VPNs & backup solutions today
Surf the web in complete anonymity and keep your file system safe from hardware failure as well as cybercrime.

Computer World Security News
Jun 22, 2020

Debilitating 'Outlook needs to close' bug linked to a bad Windows cumulative update
Internecine conflict seems to be a recurring theme at Microsoft, but this one takes it to new levels. Somehow, somebody forgot to test the latest patched version of Outlook with the latest patched version of Windows. The result is an error message that makes Outlook inoperable.

The official announcement appears on the Microsoft 365 support site:

To read this article in full, please click here



Computer World Security News
Jun 15, 2020

Memory-Lane Monday: As it was, no encryption was needed
Sysadmin pilot fish is checking out encryption for his company's backups.

"We have a mainframe that runs our core system," explains fish. "Each night we back up to an on-site tape and then make a copy of the tape to go off-site. Couriers shuttle the tape back and forth between the sites each day."

The obvious place to apply encryption is to those off-site tapes, so fish decides to create an encrypted copy of a tape to show how well the process works.

And the encryption process works fine every time. But when fish tries to decrypt the tape, no data comes out.

After fish spends several weeks experimenting, talking to vendors and growing more and more frustrated, one of his co-workers asks whether he has checked the script that generates the copy of the tape.

To read this article in full, please click here



Computer World Security News
Jun 12, 2020

Chrome to target abusive notification requests beginning in July
Chrome next month will begin to block notifications from sites that Google believes misuse or abuse the privilege of issuing the warnings.

Starting with Chrome 84 - scheduled to release July 14 - sites that Google thinks traffic in notifications meant to trick users will be blacklisted. Such sites' notifications will be scaled back to what Google earlier defined as its "Quiet UI" and a Chrome-produced warning will appear telling the user that the website may be trying to dupe him or her into accepting future notices.

To read this article in full, please click here



Computer World Security News
Jun 12, 2020

June cumulative updates cause multiple problems with network printers
Many admins report that installing the latest June cumulative updates knock out their networked printers. The problem seems to span all common versions of Windows and Server and many printers that have been installed and working in place for years. The bug appears to cause a conflict with older (but very common) PCL 5 and PCL 6 version 2 drivers on printers that are attached to networks, although the details aren't yet clear. 

Microsoft has acknowledged a bug in the June patches (it isn't clear precisely which ones) where the USB printer port disappears:

To read this article in full, please click here



Computer World Security News
Jun 12, 2020

Large in number, large in nature, this Patch Tuesday needs your attention
Despite Microsoft's announcement in May that all non-security releases (C and D updates) are paused until further notice, with 129 updates in June's Patch Tuesday release cycle, there is plenty to do - for your deployment team and your application testing team(s).

We see another critical update to Adobe Flash Player (see how to set your kill bits below) and critical updates to Microsoft's browsers that - depending on your legacy application portfolio - may require immediate action. The area to focus on this month is the number and nature of updates to the Windows platform.

To read this article in full, please click here



Computer World Security News
Jun 11, 2020

10 Signal tips for iPhone, Mac and iPad users
Enterprises, government officials or individuals - anyone who seriously wants to secure their communications - uses the cross-platform Signal service. Here are a dozen tips to help you get more from using this on your iPhone.

Secure by design Signal is built to be secure, so much so that the European Commission this year instructed staff to begin using the encrypted messaging app for public instant messaging. Encrypted emails and highly secure document exchange systems are also used.

To read this article in full, please click here



Computer World Security News
Jun 11, 2020

10 Signal tips for iPhone, Mac, iPad users
Enterprise, government or individuals, anyone who seriously wants to secure their communications uses the cross-platform Signal service. Here are a dozen tips to help you get more from using this on your iPhone.

Secure by design Signal is built to be secure. So much so in fact that the European Commission this year instructed staff to begin using the encrypted Signal messaging app for public instant messaging. Encrypted emails and highly secure document exchange systems are also used.

To read this article in full, please click here



Computer World Security News
Jun 11, 2020

Android 11's most important additions
Well, that was certainly unexpected.

In the middle of the day yesterday, Google dropped a big honkin' surprise in our laps: the official Android 11 Beta release. No buildup, no fanfare, no virtual events — just a short 'n' sweet blog post, some additional info for developers, and a website to download the software to supported Pixel phones for anyone feeling adventurous.

To read this article in full, please click here



Computer World Security News
Jun 10, 2020

14 IT certifications that will survive and thrive in the pandemic
These tech certifications not only have high value now, but employers will continue to value them as the coronavirus continues.

Computer World Security News
Jun 08, 2020

Microsoft Patch Tuesday is nigh: Pause updates now.
I call it crowdsourced beta testing. Here's how it works.

Microsoft releases its monthly patches. Headlines from the usual suspects scream that you need to get patched right now because of a known exploit - a zero-day.  "Microsoft warns hundreds of millions of users that Windows is at risk. Get patched now!"

You know the tune.

Folks who have seen this drama play out time and again wait to see what problems emerge. They know that you have to get patched eventually, but there's little upside and lots of downside in knee-jerk patching.

To read this article in full, please click here



Computer World Security News
Jun 03, 2020

The ultimate guide to privacy on Android
On the surface, Android and privacy might not seem like the most natural of bedfellows. Google is known for its advertising business, after all — it's how the company makes the lion's share of its money — and it can be tough to square the notion of data collection with the concept of carefully controlled information.

In actuality, though, Google gives you a good amount of authority over how and when it taps into your Android-associated info. (And even at its worst, the company never shares your data with anyone or sells it to third parties, despite some broad misconceptions to the contrary.) Ultimately, it just comes down to a matter of educating yourself about the possibilities and then determining what balance of privacy and function makes the most sense for you.

To read this article in full, please click here



Computer World Security News
Jun 01, 2020

Get your May 2020 Windows and Office patches installed
Headlines scream that you should avoid the May patches. Pshaw. From what I've seen they're largely overblown. Not to say that all is well in patchland - it isn't. But the situation has stabilized, and I don't see any reason to hold back on May's patches.

Of course, I'm assuming that you don't voluntarily jump down the rabbit hole and join the unpaid beta testers working on Windows 10 version 2004 - the May 2020 Update. It's kicking up all sorts of problems - but that's no reason to hold off on the May patches.

To read this article in full, please click here



Computer World Security News
May 29, 2020

Microsoft Patch Alert: May 2020
With most of the fanatical Windows fan base now circling the trough on the just-released upgrade to Windows 10 version 2004, it's time for those of us who rely on stable PCs to consider installing the May patches.

While the general outlook now is good, we've been through some rough patches - which you may, or may not, have noticed.

Unannounced Intel microcode patch triggers reboots On May 20, Microsoft released another of its ongoing series of "Intel microcode updates," all named KB 4497165. Ostensibly intended to fix the Meltdown/Spectre security holes, many of them have a history of problems and hassles not commensurate with the amount of protection they provide (unless you're running a bank transaction system or decrypting top secret emails).

To read this article in full, please click here



Computer World Security News
May 29, 2020

Getting started with Google Password Manager
If you're still trying to remember all of your passwords and then type 'em into sites by hand, let me tell you: You're doing it wrong.

With all the credentials we have to keep track of these days, there's just no way the human brain can handle the task of storing the specifics — at least, not if you're using complex, unique passwords that aren't repeated (or almost repeated, even) from one site to the next. That's where a password manager comes into play: It securely stores all your sign-in info for you and then fills it in as needed.

While there's a case to be made for leaning on a dedicated app for that purpose (for reasons we'll discuss further in a moment), Google has its own password management system built right into Chrome. And it's far better to rely on that than to use nothing at all.

To read this article in full, please click here



Computer World Security News
May 28, 2020

Mobile security forces difficult questions
As governments consider COVID-19 contact tracing and its privacy implications, it's not a bad idea for companies to take the opportunity to look more closely at their mobile agreements with employees. (By the way, just this week, Apple rolled out its latest iOS update, which included two COVID-19 updates, according to Apple: "iOS 13.5 speeds up access to the passcode field on devices with Face ID when you are wearing a face mask and introduces the Exposure Notification API to support COVID-19 contact tracing apps from public health authorities.")

Today, IT has to deal with pretty much one of two mobile scenarios: BYOD. where the employee uses the employee's personally owned device to perform enterprise business; and company-owned phones, which is the opposite: A company-owned phone where the employee, even if told not to, will use the phone for personal matters as well as business.

To read this article in full, please click here



Computer World Security News
May 27, 2020

Apple rejects flawed claims about its contact tracing tech
Even as we consider revelations Facebook shelved internal research suggesting its algorithms generate divisiveness, Apple has been forced to reject damaging claims against its contact tracing tech currently spreading on Facebook.

Exposure Notification is not spying on you Numerous hysterical myths concerning the Apple/Google contact tracing technology are being circulated on Facebook. A series of posts claim the Exposure Notification feature inside iOS 13.5 will allow authorities to track people's locations and monitor who they meet - which is precisely what it tries not to do.

To read this article in full, please click here



Computer World Security News
May 27, 2020

Use of cloud collaboration tools surges and so do attacks
Some industries have seen increases in cloud-related threat events rise as much as 1,350% since the COVID-19 crisis began.

Computer World Security News
May 20, 2020

Amid the pandemic, using trust to fight shadow IT
Shadow IT, where workers sometimes go rogue in their efforts to solve business problems, can create challenges - and opportunities - for companies in the best of times. With the COVID-19 pandemic still unfolding, these are not the best of times. With most employees and executives still working from home, the big issue for administrators and IT pros still centers on how to make things work in today's trying circumstances.

Every major platform has controls IT can use, some of them as blunt as a hammer and others that offer surgical precision. At either end of that spectrum lie two common questions: How restrictive does IT need to be and is there a way to fully communicate areas of risk while making business more secure.

To read this article in full, please click here

(Insider Story)

Computer World Security News
May 14, 2020

A 'business-as-usual' Patch Tuesday update for Windows desktops
It really is saying a lot when Microsoft releases more than 100 updates each month and this is now considered "business as usual." Speaking of the "new normal," Microsoft has changed the release cadence of its optional updates (generally released later each month).

In a statement about the new update regularity, the company said: "We have been evaluating the public health situation, and we understand this is impacting our customers. In response to these challenges we are prioritizing our focus on security updates. Starting in May 2020, we are pausing all optional non-security releases (C and D updates) for all supported versions of Windows client and server products (Windows 10, version 1909 down through Windows Server 2008 SP2).

To read this article in full, please click here



Computer World Security News
May 12, 2020

10 tips for a secure browsing experience
Your browser is one of the easiest ways for malware to penetrate your network. Here are 10 ways to practice safe surfing in Google Chrome, Microsoft Edge and Mozilla Firefox.

Computer World Security News
May 11, 2020

The Internet of things in 2020: More vital than ever
Just when we needed it most, the internet of things is delivering gobs of data and remote device control across almost every industry, from healthcare to agriculture.

  • CEOExpress
  • 1 Boston Place | Suite 2600
    Boston MA 02108
  • 617 482 1200
    617 299 8649 (fax)
  • Contact
  • As an Amazon Associate
    CEOExpress earns from
    qualifying purchases.

©1999-2020 CEOExpress Company LLC