• Quotes
  • Shortcuts
The Executive's Internet
Thurs, Dec 9th
US National News icon US NATIONAL NEWS | disclaimer | more news
CNN.com delivers up-to-the-minute news and information on the latest top stories, weather, entertainment, politics and more.: China and Russia attack Biden's 'so-called' Summit of Democracy
icon
GoogleAmazonWikipedia


spacerspacer

 

 NEWS: COMPUTER WORLD SECURITY NEWS
Setup News Ticker
   NEWS: COMPUTER WORLD SECURITY NEWS
Computer World Security News
Dec 08, 2021

Designer smartphone hacks will trickle down in 2022
What happens to state-sponsored smartphone hacks when they're uncovered? They get reverse-engineered and enter the cybercrime underworld, of course.

There is no ‘safe' back door The inconvenient truth is there is no such thing as a safe back door into smartphone security. Authoritarian governments may force smartphone platform developers to create them, but they make everyone less safe as those exploits will be identified and criminals - who are just as smart as government developers and (sometimes) the same people - will eventually find and exploit them.

To read this article in full, please click here



Computer World Security News
Dec 07, 2021

A look at Microsoft's patches and fixes in 2021 — the year of change
As we near the end of another year, I like to look back at the past 12 months in patching from MIcrosoft. What changed (a lot), what didn't (patch-related problems). We began 2021 thinking Windows 10 would continue to be serviced and updated as usual, for instance. We end the year knowing different. (I'll have some predictions for 2022 next week.)

We now know that Windows 10 will not receive updates indefinitely. Earlier this year, Microsoft unveiled Windows 11 and announced it would need certain hardware and Trusted Platform Module installed before machines would receive new OS. Given that most users only have hardware that will support Windows 10, many will be running the older OS until 2025. Microsoft already announced it will be providing security updates for Windows 10 until then and will move to an annual feature release model — matching the cadence for Windows 11. (My prediction for 2025: Microsoft will offer extended security patches for even consumer versions of Windows 10 because so many of us will have still usable machines unable to update to Windows 11. Come back in 2025 and we'll see if I'm right.)

To read this article in full, please click here



Computer World Security News
Dec 02, 2021

Podcast: What Apple's lawsuit against NSO Group means for digital rights
Last week, Apple filed a lawsuit against NSO Group, the technology firm behind the Pegasus spyware. In its lawsuit, Apple seeks to hold NSO Group accountable for alleged surveillance of select iPhone users, as well as ban the firm from using any Apple products. While digital rights activists commend Apple for standing up for privacy rights, they say they want to ensure that the precedent set by the case applies only to bad actors and not organizations in support of user privacy. Computerworld executive editor Ken Mingis and senior reporter Lucas Mearian join Juliet to discuss what the lawsuit means for Apple, those affected by the spyware and digital rights overall.

To read this article in full, please click here



Computer World Security News
Dec 02, 2021

How to use FileVault to protect business data on Macs
If you run a business on Macs (and many companies do) then you should become familiar with FileVault, the disk encryption system that's built into macOS. When used properly, it makes it extremely hard for any malicious person to access your company's confidential data in the event your Mac is lost or stolen.

What's the problem FileVault tries to solve? Most businesses possess various forms of sensitive data. This might include corporate  or supplier data, confidential order books, financial records, contact names and addresses, and more. That information has business value, but if compromised could also place you, your employees, or your customers at risk. In many industries, protection of such information is mandatory and legally required.

To read this article in full, please click here



Computer World Security News
Nov 30, 2021

Rise in employee monitoring prompts calls for new rules to protect workers
As remote work rose sharply during the COVID-19 pandemic, many businesses sought ways to keep track of workers no longer in the direct sight of managers. Now, with remote work strategies still in place — and office re-openings being pushed back —, the use of monitoring tools continues to grow.

In fact, the use of new and increasingly powerful technologies to manage and monitor workers has become so common that there are growing calls for regulators in the U.K. and U.S to update rules to protect employees.

"We have seen a significant increase of interest in employee monitoring technology through the pandemic," said Helen Poitevin, VP analyst at Gartner focusing on human capital management technologies. "This continues as organizations plan for hybrid work environments, with employees working more flexibly from home and at the office." 

To read this article in full, please click here



Computer World Security News
Nov 29, 2021

How to get more out of Edge (and bolster its security)
I use Edge, the built-in browser in Windows, though I'm very much in the minority. I even think it has the potential to be a better browser than Firefox or Chrome. Case in point: the recent "Super Duper Secure Mode" that has rolled out to the default Edge version after being in beta channels for several weeks. (Let's call it the "SDSM" setting.)

As noted in a past Edge blog post, SDSM provides additional security features that allows you to disable just-in-time Javascript and then enable Controlflow-Enforcement Technology (CET) instead. Just-in-time Javascript has been used in many zero-day browser attacks in the past — thus, blocking it will help protect our systems and platforms going forward. In my testing so far, I have not seen any side effects running Edge in this mode ,even when doing online shopping or banking.

To read this article in full, please click here



Computer World Security News
Nov 26, 2021

Apple's NSO lawsuit targets illegal spying by oppressive regimes
Apple says its lawsuit against NSO Group this week is an attempt to hold the surveillance firm "accountable for ... the surveillance and targeting of Apple users." And it spared no ire in accusing the Israeli spyware company of its selling surveillance software to authoritarian governments — regardless of whether those governments use it to target dissidents, journalists, and activists.

NSO Group was already facing legal problems after messenger platform provider WhatsApp filed suit in 2019 for similar reasons. Earlier this month, the US Ninth Circuit Court of Appeals rejected the spyware company's claim that it should be protected under sovereign immunity laws. In the high-profile case, WhatsApp alleged NSO's spyware was used to hack 1,400 users of the messaging app.

To read this article in full, please click here



Computer World Security News
Nov 24, 2021

Apple pulls no punches in lawsuit against 'amoral' NSO Group
Apple has punched back against the "amoral" surveillance as a service industry of smartphone snoopers, filing suit against the NSO Group and its owner, Q Cyber Technologies, and taking steps to further secure digital lives.

Why this should matter to your business Israeli firm NSO Group is a spyware firm that provides surveillance services to governments. It effectively privatizes state-sponsored snooping and enables even the most repressive government to outsource such tasks. It has been widely reported that software from NSO Group was used to target family members of murdered Saudi journalist Jamal Khashoggi.

To read this article in full, please click here



Computer World Security News
Nov 23, 2021

Ransomware is a threat, even for the smallest of businesses
If I've heard it once, I've heard it a million times: "My business is too small for a cyber crook to bother with me." Oh, my friend you are so, so wrong. No company is too big or too small for a ransomware dealer to come knocking at your virtual door.

A recent report from Webroot, The Hidden Costs of Ransomware, found the vast majority—85%—of managed service providers (MSPs) have reported attacks against small and midsized businesses (SMBs). Despite that appallingly high number, just 28% of SMBs consider ransomware a worry.

To read this article in full, please click here



Computer World Security News
Nov 17, 2021

A 20-second tweak for smarter, simpler Android security
Security is important. That much is obvious, right?

And despite all the over-the-top, hilariously sensational headlines suggesting the contrary, the most realistic security threats on Android aren't from the big, bad malware monster lurking in the shadows and waiting to steal your darkest secrets whilst drinking all of your cocoa.

Nope — the biggest risk to your security on Android is (drumroll, please...) you. The likelihood that you'll at some point provide personal information to an ill-intending person or fail to properly secure an account in some way is without a doubt the most realistic threat to your virtual wellbeing. Malware? Meh. That's rarely scary in anything more than a theoretical sense.

To read this article in full, please click here



Computer World Security News
Nov 16, 2021

Microsoft releases its Windows 10 November 2021 update
Microsoft today announced the general availability of Windows 10 November 2021, also known as version 21H2, which includes new security, management, and virtualization features.

Microsoft reiterated that Windows 10 will continue to receive support until October 2025 and said the Windows 10 release cadence will join Windows 11 in returning to just one feature update a year from here on out.

The company also posted an online comparison of the features between the latest version of Windows 10 21H2 and Windows 11.

To read this article in full, please click here



Computer World Security News
Nov 16, 2021

Stop looking over my shoulder!
Prospect, a 150,000-member U.K. trade union for technology professionals, recently reported that nearly one in three U.K. workers is now being monitored by their employer both at the job site and in their own homes. This is not acceptable. And it never has been.

As Prospect General Secretary Mike Clancy said, "We are used to the idea of employers checking up on workers, but when people are working in their own homes, this assumes a whole new dimension. New technology allows employers to have a constant window into their employees' homes, and the use of the technology is largely unregulated by the government. We think that we need to upgrade the law to protect the privacy of workers and set reasonable limits on the use of this snooping technology, and the public overwhelmingly agrees with us."

To read this article in full, please click here



Computer World Security News
Nov 15, 2021

Store your corporate card on an iPhone? Uh-oh
Apple and Google (and especially Visa) last week gave us yet another example of how security and  convenience are often at odds with each. And it looks like they opted for convenience.

The latest issues speaks to only a subset of iPhone and Android users — specifically, those who use their phones for mass transit payments. If you think of how subways work in a major city (I'll use New York City as an example), they require extreme speed. Using facial recognition or entering a PIN right before paying to get on the subway would dramatically slow down the line. 

Instead of allowing authentication to happen earlier — say, perhaps within five minutes of a transaction — or by accelerating the process to a split second, Apple, Google, and Visa apparently chose to forego any meaningful authentication. (Note: I am focusing on Visa because the hole still exists for it. MasterCard and others have already patched the flaw.)

To read this article in full, please click here



Computer World Security News
Nov 12, 2021

Updates to Exchange and Microsoft Installer drive Patch Tuesday testing
This is a relatively light Patch Tuesday update from Microsoft, though wo significant vulnerabilities in the Windows platform (CVE-2021-38631 and CVE-2021-41371), both relating to Remote Desktop Protocol handling, have been disclosed and are lending some urgency to applying Windows updates. And we have another technically challenging update to Microsoft Exchange Server to manage as well.

To read this article in full, please click here



Computer World Security News
Nov 11, 2021

No, sideloading is not good for you
Apple is continuing its campaign to explain why sideloading on Apple's devices is a bad idea.

Apple Software Vice President Craig Federighi appeared at Web Summit 2021 to passionately defend his company's approach to platform security on iPhones. He was speaking against a clause in the EU's Digital Markets Act that would force the company to support app sideloading on iPhones.

To read this article in full, please click here



Computer World Security News
Nov 08, 2021

What's past is prologue: When code-signing in Windows 11 goes bad
Once upon a time in technology, many years ago, Microsoft previewed server software to great fanfare at a meeting of IT pros. The company demonstrated how easy it was to use the software, which would automatically install the server, email server, and Sharepoint server — all in less than 30 minutes.

There was one problem: every time Microsoft went to demonstrate the server software, it would fail with an unclear error message.

Back then, I would sometimes post and answer questions in a Microsoft newsgroup. Just before Thanksgiving, I started seeing consultants trying to install the software see the same failure. One person in the forum thread figured out the issue: a specific SharePoint dll file used during the installation had a Nov. 23 expiration date. If you installed the server software before that date, you had no issues. If you tried to do it after, the installation would fail. The workaround? Go into the bios of the server, set the date back to before Nov. 23, install the software, then set the clock back to the correct time.

To read this article in full, please click here



Computer World Security News
Nov 05, 2021

5 Android 12 features you can bring to any phone today
Google's Android 12 software is packed with interesting treasures — but unless you're using one of Google's own Pixel phones, it's still a ways off from actually landing in your hands.

The tortoise-like pace of most Android updates is another subject for another day (as is the tortoise named Rupert who I'm pretty sure is responsible — that slimy-shelled rascal). Today, I want to explore some creative solutions for bringing a small but significant smidgeon of Android 12's goodness onto any device this minute.

To read this article in full, please click here



Computer World Security News
Oct 28, 2021

How Apple's iCloud Private Relay creates a shadow IT nightmare
One can make the argument that Apple created the phenomenon of shadow IT when it introduced the iPhone and the App Store. Suddenly managers and individual users had the ability to source their own business software and services, bypassing IT departments completely. And they could do so with devices not connected to a corporate network, preventing IT from even realizing shadow IT was happening in their organizations.To read this article in full, please click here

]](Insider Story)

Computer World Security News
Oct 27, 2021

Computerworld Security


Computer World Security News
Oct 22, 2021

Acronis gets deeper into the Apple enterprise with Addigy partnership
The burgeoning enterprise Apple space saw thousands of IT admins virtually attend this week's JNUC event, and the week tails off with news from Addigy and cybersecurity firm Acronis.

Securing the Apple enterprise Addigy has confirmed that its cloud-based Apple device management tools now integrate with Acronis. This integration means IT can use Addigy to extend Acronis security tools to Mac and iOS systems via Acronis Cyber Protect Cloud. The idea is to bring all this control inside one management tool.

To read this article in full, please click here



Computer World Security News
Oct 20, 2021

Asana takes aim at the enterprise with new workflow features
Asana, a work management platform for teams, today announced the Enterprise Work Graph, a suite of features designed to give greater clarity and flexibility to enterprise workflows. The new capabilities aim to align teams around goals, coordinate workflows across teams and time zones, and provide visibility into where work stands in real time. 

Alongside the new Work Graph data model, Asana is introducing enterprise-grade security and controls to its platform.

To read this article in full, please click here



Computer World Security News
Oct 19, 2021

Just who is Windows 11 for, anyway?
Seriously, who did Microsoft develop Windows 11 for? Only people who like centered taskbars? Only people who don't mind "unlearning" how to get into task manager?

Maybe not, but I'd argue that Windows 11 wasn't designed for you and me. Rather, it was designed for the businesses, governments, schools, and other entities that we interact with. It's built to ensure that sensitive information can be secured.

[ Related: Windows 11 in-depth review: Windows 10 gets a nip and tuck ] Baked-in security For starters, Windows 11 has allowed Microsoft to cut the cord on the 32-bit platform. Windows 11 will be first Windows OS that is 64-bit only. This allows Microsoft to build in more virtualization and containerization security features that cannot be done in the 32-bit platform.

To read this article in full, please click here



Computer World Security News
Oct 16, 2021

Four zero-day exploits add urgency to October's Patch Tuesday
October brings four zero-day exploits and 74 updates to the Windows ecosystem, including a hard-to-test kernel update (CVE-2021-40449) that requires immediate attention and an Exchange Server update that requires technical skill and due diligence (and a reboot). The testing profile for the October Patch Tuesday covers Windows error handling, AppX, Hyper-V and Microsoft Word. We recommend a Patch Now schedule for Windows and then staging the remaining patch groups according to your normal release pattern.

To read this article in full, please click here



Computer World Security News
Oct 15, 2021

Experts call Apple's CSAM scheme 'a dangerous technology'
Apple's decision to postpone introduction of its controversial client-side scanning (CSS) CSAM-detection system looks like an even better idea amid news governments already want to use the controversial tools for other forms of surveillance.

A 'dangerous technology' In a new report, an influential group of 14 internationally reputed security researchers have said such plans represent a "dangerous technology" that expands state surveillance powers. They warn the client-side scanning system, if used "would be much more privacy invasive than previous proposals to weaken encryption. Rather than reading the content of encrypted communications, CSS gives law enforcement the ability to remotely search not just communications, but information stored on user devices."

To read this article in full, please click here



Computer World Security News
Oct 15, 2021

Windows 11 and the need for better BIOS integration
Disclosure:  The vendors listed are clients of the author.

Microsoft DOS and then Windows have gone through several evolutions over the years. When Windows first arrived, it was a User Interface (UI) shell on top of DOS. Then Windows 95 absorbed DOS to create something new — but didn't include security. Windows 8 tried to absorb the smartphone experience, failed, but essentially made third-party anti-virus software obsolete.  

Windows 10 took security a few steps farther (and integrated a better digital assistant, Cortana, that few people ever used). And now, with  Windows 11, Microsoft has begun to integrate hardware security without integrating PC firmware (BIOS). Due to issues with the move to Windows 11, I think the next integration will be BIOS.

To read this article in full, please click here



Computer World Security News
Oct 14, 2021

How to choose the right UEM platform
Endpoint devices have become so ubiquitous, connected, and data-intensive that they are among the most valuable technology assets an organization has today. They're also some of the biggest security risks. It's no surprise, then, that managing the large and growing number of smartphones, laptops, tablets, desktops, and other end-user products is a high priority for IT.

For a growing number of enterprises, unified endpoint management (UEM) is the method of choice for keeping management of endpoints from descending into chaos. UEM platforms are designed to simplify the management of devices and enhance the security of heterogeneous environments.

To read this article in full, please click here



Computer World Security News
Oct 13, 2021

Apple warns: Sideloading apps threatens an iCrime wave
Apple is fighting back against growing pressure to support sideloading on its App Stores with an extensive 28-page white paper in which it offers stark security and privacy warnings.

The risks of sideloading The white paper, "Building a Trusted Ecosystem for Millions of Apps - a Threat analysis of Sideloading" argues that because iPhones and other devices capture so much personal information about people, maintaining privacy and security is critical."Supporting sideloading through direct downloads and third-party app stores would cripple the privacy and security protections that have made iPhone so secure, and expose users to serious security risks," the company said.

To read this article in full, please click here



Computer World Security News
Oct 07, 2021

HP Wolf Security: A New Breed of Endpoint Security
As technology evolves, cybercriminals are more sophisticated, organised, and determined than ever. With constant changes in the workplace, how can you safeguard your PCs, printers and people from circling cyber predators?

To read this article in full, please click here



Computer World Security News
Oct 07, 2021

Google now tells criminals when Chrome users are 'idle.' What could go wrong?
When Google released Chrome 94 for Android (and desktop), it slipped in some naughty capabilities via an API called Idle Detection.  

"The Idle Detection API notifies developers when a user is idle, indicating such things as lack of interaction with the keyboard, mouse, screen, activation of a screensaver, locking of the screen, or moving to a different screen. A developer-defined threshold triggers the notification," Google said in a blog post. "Applications that facilitate collaboration require more global signals about whether the user is idle than are provided by existing mechanisms that only consider a user's interaction with the application's own tab."

To read this article in full, please click here



Computer World Security News
Oct 04, 2021

How one coding error turned AirTags into perfect malware distributors
One of the more frightening facts about mobile IT in 2021 is that simplicity and convenience are far too tempting in small devices (think AppleWatch, AirTags, even rings that track health conditions, smart headphones, etc.). 

Compared with their laptop and desktop ancestors, they make it far more difficult to check that URLs are proper, that SPAM/malware texts/emails don't get opened and that emlpoyees follow the minimal cybersecurity precautions IT asks. In short, as convenience ramps up, so do security risks. (Confession: Even though I try to be ultra-vigilant with desktop emails, I do periodically — far more often than I should — drop my guard on a message coming through my AppleWatch.)

To read this article in full, please click here



Computer World Security News
Oct 04, 2021

How to make sense of Microsoft's upcoming mail security changes
With Microsoft about to shut off some versions of Outlook from access to Microsoft 365 and Outlook 365 services — that happens Nov. 1 — it's important to remember this isn't the only change coming for Outlook. A second change scheduled for next year may have a bigger impact on how you connect your email client — and may affect other email apps, too.

Because it could affect many users and businesses, Microsoft is giving everyone fair warning — a year in advance. On Oct. 1, 2022, Microsoft will be disabling basic authentication for its online mail services. This isn't the first time the company has warned us about this. It had planned to disable authentication earlier this year before realizing it couldn't do so without impacting businesses and users still struggling amid the pandemic. Hence, the delay.

To read this article in full, please click here



Computer World Security News
Oct 01, 2021

Apple deepens its engagement in enterprise security
The switch to mobile and remote work exposed grim security realities for many companies during the pandemic, and this seems to be driving change at the very top of the tech tree. For example, Apple has joined the Cyber Readiness Institute (CRI) as a co-chair.

Apple takes a seat The Institute focuses on helping SMBs (small and mid-sized businesses) improve security practices by developing free resources to help them. This builds on the work platform providers already do to secure their platforms by educating and preparing enterprise customers with enhanced security awareness.

To read this article in full, please click here



Computer World Security News
Sep 28, 2021

Chrome, Edge kick off faster release cadence; enterprises can skip versions
Google's Chrome and Microsoft's Edge began their every-four-weeks release cadence with the launch last week of version 94 of each browser.

Google released Chrome 94 on Sept. 21, while Microsoft issued Edge 94 three days later, on Sept. 24.

From those dates, Chrome and Edge will upgrade every four weeks. Chrome 95 and Edge 95, for example, will debut Oct. 19 and Oct. 21, respectively. There will be exceptions to that pace for holidays, however. For instance, Chrome 96, the final version of 2021, will release Nov. 16, and be followed by Chrome 97 on Jan. 4, 2022, a seven-week interval.

Google announced the then-upcoming change to a more frequent release schedule in early March; Microsoft quickly followed with news of its own several days later.

To read this article in full, please click here



Computer World Security News
Sep 28, 2021

Apple, 1Password, and Cloudflare all move to protect email
Apple's new Hide My Email feature, designed to protect users against phishing attacks and unwanted marketing spam, has swiftly become but one of a variety of options now available.

The river becomes a flood For a very long time, the daily ritual of checking email accounts has been one in which many of us must first delete the majority of messages received because our addresses have been sold all over the place. Spam filters help, but in my experience plenty gets through — and you can't easily tell who shared your address(es) in the first place.

Everyone is at it. Capturing and selling email addresses and data about people is a big business. Not only that, but most privacy and security breaches begin with phishing emails carrying suspect links and fraudulent requests for personal information.

To read this article in full, please click here



Computer World Security News
Sep 28, 2021

On app tracking, both Android and iOS have to do better
Mobile app use continues to climb in enterprises worldwide, and it won't be long before almost all employee/contractor communications take place over mobile devices. That's why it's such a threat to security and compliance that mobile apps have extensive access to everything on a device — and few limitations on what those apps can share.

Apple argues that it's already doing something about this in iOS with its app tracking transparency push. But a report in The Washington Post last week undermines the company's promises. Why? Because Apple has been trusting app vendors to actually do what they agree to do. (No one could have foreseen that blowing up.)

To read this article in full, please click here



Computer World Security News
Sep 27, 2021

Survey says! What my informal survey shows about Windows
Several weeks ago, I asked readers to answer 11 questions about Windows. More than 1,000 people submitted responses, and while the results aren't statistically valid, they do shed light on attitudes to Microsoft's operating system

What do users run? Not surprisingly, most respondents (74.75%) run some variation of Windows 10, with another 9.7% still on Windows 7. Linux was third, with 5.94%; "other" — a mixture of Windows 11, Windows XP, Chromebook, and even one Windows 98 user — had 4.55%. (I'm just hoping Windows 98 wasn't used to answer the online survey questions.) The Mac was next, with 1.98%, followed by a smattering of phone platforms.

To read this article in full, please click here



Computer World Security News
Sep 24, 2021

Apple needs to act against fake app-privacy promises
Apple will need to become more aggressive in how it polices the privacy promises developers make when selling apps in the App Store. What can enterprise users do to protect themselves and their users in the meantime?

What's the problem? Some developers continue to abuse the spirit of Apple's App Store Privacy rules. This extends to posting misleading information on App Privacy Labels, along with outright violation of promises not to track devices. Some developers continue to ignore do-not-track requests to exfiltrate device-tracking information.

To read this article in full, please click here



Computer World Security News
Sep 22, 2021

MSRT vs. MSERT: When to use each Windows malware tool
Microsoft provides Windows users with two tools that offer malware scanning and repair services, should those scans turn up anything in need of fixing. One is named MSRT; the other runs an executable called MSERT.To read this article in full, please click here

(Insider Story)

Computer World Security News
Sep 20, 2021

A penchant for patching: After 20 years, the system's still a mess
As a Microsoft Patch Lady, I've been patching computers and servers for more than 20 years. We started with a process that wasn't well planned. We had no set day or time for when patches were released, and no way to centrally manage and deploy updates. Over the years Microsoft has moved to a more dependable deployment plan and the ability to manage updates through platforms ranging from Windows Update to Windows Software Update Services to Cloud services.

So things should be better now, right? We've had 20 years to get this right.

And yet, here's what I've seen regarding patching in just the last week.

We are now on three months and counting of continuing issues with printing caused by patches. (This month included yet another fix for another print spooler vulnerability.) I've seen businesses dealing with new side effects directly impacting printing and, interestingly enough, these are businesses that didn't have problems with earlier updates. This month, Windows 10 peer-to-peer networks appear to be the most affected. (FYI: The trigger for all of these printer issues seems to be older Type 3 printer drivers. Moving to type 4 drivers might help if that's an option for you.)

To read this article in full, please click here



Computer World Security News
Sep 17, 2021

Legacy apps are at risk with the September Patch Tuesday update
This week's Patch Tuesday was an unusual update from Microsoft and we have added Windows, the Microsoft development platform, and Adobe Reader to our "Patch Now" schedule.

These updates are driven by the zero-day patch (CVE-2021-40444) to the core Microsoft browser library MSHTML. In addition to leading to significant remote code execution worries, this update may also lead to unexpected behaviours in legacy applications that depend on or include this browser component. Be sure to assess your portfolio for key apps that have these dependencies and perform a full functionality test before deployment. (We have identified some key mitigation strategies for handling ActiveX controls and for protecting your system during your testing and deployment phases.)

To read this article in full, please click here



Computer World Security News
Sep 16, 2021

It's been a big week for patches
This week brought updates that I consider critical for the "Big Three" — my operating system (Windows), my browser (Google Chrome) and my phone (from Apple). All three releases patch major zero-day vulnerabilities on all three platforms.

While I strongly recommend that you patch Chrome and your iPhone as soon as possible, I always recommend that you hold back on updating Windows. That remains true — at least until we see whether there are any trending side effects from the Patch Tuesday updates.

Let's break down the patching to do right away.

First, prioritize patching Apple devices. Among this week's patches is one for Pegasus spyware, which can open up access to the camera and microphone as well as text messages, phone calls, and emails.  iPhones, in particular, have been targeted. Apple typically pushes these updates overnight if your phone is plugged in and charging (and connected to the Internet). If you want to make sure your iPhone has received the update, click on Settings, then General, then tap Software Update. Typically, after my iPhone updates, some apps may need passwords again. I personally try to save critical ones in the iCloud keychain. Look for patches for iOS 14.8 and iPad OS 14.8, and Security Update 2021-005 for macOS Catalina and Big Sur 11.6.

To read this article in full, please click here



Computer World Security News
Sep 16, 2021

Windows 11: Just say no
It will be one thing, say, later this year or in 2022, to buy a new PC with Windows 11. We can be reasonably certain that Windows 11 will run on your new Dell, HP, or Lenovo PC. Maybe some of your drivers and programs won't run, but Windows 11 itself? No problem.

But, if you want to update your existing computers, especially those that have a few years on them — that's another story. It's difficult to know whether any given computer will run Windows 11, which arrives Oct. 5. Yes, there's Microsoft's PC Health Check app and other programs to determine whether you can run Windows 11. But Microsoft pulled it the first time around and I'm none too sure how reliable it is this time around.

To read this article in full, please click here



Computer World Security News
Sep 14, 2021

Apple hits the alarm with multi-OS emergency update to patch zero-click flaw
Apple on Monday issued emergency security updates for iOS, macOS and its other operating systems to plug a hole that Canadian researchers claimed had been planted on a Saudi political activist's device by NSO Group, an Israeli seller of spyware and surveillance software to governments and their security agencies.

Updates to patch the under-active-exploit vulnerability were released for iOS 14; macOS 11 and 10, aka Big Sur and Catalina, respectively; iPad OS 14; and watchOS 7.

According to Apple, the vulnerability can be exploited by "processing a maliciously crafted PDF," which "may lead to arbitrary code execution." The phrase "arbitrary code execution" is Apple's way of saying that the bug was of the most serious nature; Apple does not rank threat level of vulnerabilities, unlike operating system rivals such as Microsoft and Google.

To read this article in full, please click here



Computer World Security News
Sep 03, 2021

Apple backs off controversial child-safety plans
In a surprise Friday announcement, Apple said it will take more time to improve its controversial child safety tools before it introduces them.

More feedback sought The company says it plans to get more feedback and improve the system, which had three key components: iCloud photos scanning for CSAM material, on-device message scanning to protect kids, and search suggestions designed to protect children.

To read this article in full, please click here



Computer World Security News
Sep 02, 2021

Podcast: Windows 11 overview: Hardware requirements, security updates and upgrade confusion
Microsoft will launch Windows 11 on October 5, but not every PC will be eligible for an immediate upgrade. Rollout will last well into 2022 for machines that meet the necessary hardware requirements, and Windows 10 will be supported through October 2025. But, there's still some confusion about what hardware is required to support Windows 11's beefed up security measures. Computerworld executive editor Ken Mingis and contributing editor Preston Gralla join Juliet to discuss Windows 11 security, whether it will require new hardware and what IT needs to know before upgrading. 

To read this article in full, please click here



Computer World Security News
Sep 02, 2021

Windows 11 overview: Hardware requirements, security updates and upgrade confusion
Microsoft will launch Windows 11 on October 5, but not every PC will be eligible for an immediate upgrade. Rollout will last well into 2022 for machines that meet the necessary hardware requirements, and Windows 10 will be supported through October 2025. But, there's still some confusion about what hardware is required to support Windows 11's beefed up security measures. Computerworld executive editor Ken Mingis and contributing editor Preston Gralla join Juliet to discuss Windows 11 security, whether it will require new hardware and what IT needs to know before upgrading.

Computer World Security News
Sep 02, 2021

How to go incognito in Chrome, Edge, Firefox and Safari
Private browsing. Incognito. Privacy mode.

Web browser functions like those trace their roots back more than a decade, and the feature — first found in a top browser in 2005 — spread quickly as one copied another, made tweaks and minor improvements.

Protect Your Privacy Online privacy: Best browsers, settings, and tips How to protect your privacy in Windows 10 How to stay as private as possible on the Mac The ultimate guide to privacy on Android How to stay as private as possible on Apple's iPad and iPhone But privacy-promising labels can be treacherous. Simply put, going "incognito" is as effective in guarding online privacy as witchcraft is in warding off a common cold.

To read this article in full, please click here



Computer World Security News
Sep 02, 2021

How to go incognito in Chrome, Edge, Firefox, and Safari
Private browsing. Incognito. Privacy mode.

Web browser functions like those trace their roots back more than a decade, and the feature — first found in a top browser in 2005 — spread quickly as one copied another, made tweaks and minor improvements.

Protect Your Privacy Online privacy: Best browsers, settings, and tips How to protect your privacy in Windows 10 How to stay as private as possible on the Mac The ultimate guide to privacy on Android How to stay as private as possible on Apple's iPad and iPhone But privacy-promising labels can be treacherous. Simply put, going "incognito" is as effective in guarding online privacy as witchcraft is in warding off a common cold.

To read this article in full, please click here



Computer World Security News
Aug 30, 2021

Triggered by email? Some thoughts on how to stay safe
I got an email the other day, and it was nearly impossible for me to tell at first whether it was legitimate. Given that some vulnerabilities can gain access to your system if you merely preview an email in Outlook, I get nervous. But I do need to determine when an email is safe.

First and foremost, a healthy dose of skepticism is important. Always ask yourself whether the platform you're using is patched and ready to fend off attacks. If, for instance, you're still using a version of Outlook that's no longer supported, you are at risk; never open an unexpected email in an unpatched Office suite. You're better off migrating to a newer email client that offers better protection. There are many third-party email clients that can be useful alternatives to Outlook. Thunderbird, eM Client, and Mailbird are three options I've found to be good — if you simply need light email and calendaring.

To read this article in full, please click here



Computer World Security News
Aug 30, 2021

What is Windows Hello? Microsoft's biometrics security system explained
Windows Hello is a biometrics-based technology that enables Windows 10 users (and those who update to Windows 11) to authenticate secure access to their devices, apps, online services and networks with just a fingerprint, iris scan or facial recognition. The sign-in mechanism is essentially an alternative to passwords and is widely considered to be a more user friendly, secure and reliable method to access critical devices, services and data than traditional logins using passwords.

"Windows Hello solves a few problems: security and inconvenience," said Patrick Moorhead, president and principal analyst at Moor Insights & Strategy. "Traditional passwords are unsafe as they are hard to remember, and therefore people either choose easy-to-guess passwords or write down their passwords."

To read this article in full, please click here



Computer World Security News
Aug 26, 2021

Apple: It's time to bolster supply chain security
Supply chains are vulnerable to cyberattack and for the good of your business, it's time to move to secure them as best you can, according to Apple and the White House.

Apple to secure the tech supply chain That's one item of news to emerge following a high-level cybersecurity meeting between US President Joseph Biden and big tech firms, including Apple, IBM, Microsoft, Google, Amazon, and others. Most of the companies who attended the meeting have since announced plans to beef-up security resilience and awareness, with a focus on training and security awareness.

To read this article in full, please click here



Computer World Security News
Aug 20, 2021

The Windows print nightmare continues for the enterprise
Okay, Microsoft, we need to talk. Or rather, we need to print. We really do. We aren't all paperless out here in the business world — many of us still need to click the Print button inside our business applications and print things out on an actual sheet of paper, or send something to a PDF printer. But over the last several months you've made it near impossible to stay fully patched and keep printing.

Case in point: the August security updates.

Microsoft made a change in how Group Policy printers are handled when it changed the default Point and Print behavior to address "PrintNightmare" vulnerabilities affecting the Windows Print Spooler service. As noted in KB5005652, "by default, non-administrator users will no longer be able to do the following using Point and Print without an elevation of privilege to administrator:

To read this article in full, please click here



Computer World Security News
Aug 18, 2021

How to protect your privacy in Windows 10
There has been some concern that Windows 10 gathers too much private information from users. Whether you think Microsoft's operating system crosses the privacy line or just want to make sure you protect as much of your personal life as possible, we're here to help. Here's how to protect your privacy in just a few minutes.

Note: This story has been updated for the Windows 10 May 2021 Update, version 21H1. If you have an earlier release of Windows 10, some things may be different.

[ Further reading: 15 ways to speed up Windows 10 ] Turn off ad tracking At the top of many people's privacy concerns is what data is being gathered about them as they browse the web. That information creates a profile of a person's interests that is used by a variety of companies to target ads. Windows 10 does this with the use of an advertising ID. The ID doesn't just gather information about you when you browse the web, but also when you use Windows 10 apps.

To read this article in full, please click here



Computer World Security News
Aug 16, 2021

How to use iCloud Keychain to audit your passwords
Reports of a massive 100 million account data leak at T-Mobile should encourage any Apple user to double-check password and account security. Here's how to do that using Keychain.

iCloud Keychain to the rescue Apple's built-in password manager is called iCloud Keychain. It securely stores your saved account information such as account names and passwords across all your signed-in devices. It will automatically enter this information for you when you access an app or service.

To read this article in full, please click here



Computer World Security News
Aug 13, 2021

The focus for August's Patch Tuesday? Printing
This month Microsoft offered up a relatively light Patch Tuesday, rolling out 44 patches for its Windows, Office, and development platforms. To read this article in full, please click here

(Insider Story)

Computer World Security News
Aug 13, 2021

Apple's botched CSAM plan shows need for digital rights
From the NSO Group's ghastly iPhone hack to Apple's recently revealed system to scan user devices, it's time to put an end to the endless mission creep from tech convenience to surveillance.

Apple fixes one problem, creates another Take Apple, for example. The brouhaha surrounding its decision to invent a technology to scan user images for CSAM material has apparently "surprised" the company.

To read this article in full, please click here



Computer World Security News
Aug 10, 2021

Apple's anti-porn overreach — good intent, bad execution
Oh, Apple. Can't you weigh into anything without making a mess?

The latest: Apple wants to use its extensive powers to fight child pornography. As is typical, the company  has good intentions, wants to advance a great goal — and then uses such overreach as to give people dozens of reasons to oppose them. To paraphrase the old adage, the road to hell in this case starts at One Apple Park Way. Alternatively, think of Cupertino as where good ideas go to become monstrous executions.

This started last week with Apple announcing plans to do something to slow down child pornography and children being taken advantage of. Fine, so far. Its tactics include telling parents when their offspring download nude or otherwise erotic imagery. Before we get into the technology aspects of all of this, let's briefly consider the almost infinite number of ways that this could go bad. (Maybe that's where the old Apple headquarters got its Infinity Loop name.)

To read this article in full, please click here



Computer World Security News
Aug 09, 2021

Apple says it won't expand controversial CSAM technology
Apple has tried to deflect criticism of its controversial CSAM protection system, but in doing so has illustrated just what's at stake.

The big conversation Apple last week announced it would introduce a collection of child protection measures inside iOS 15, iPad OS 15 and macOS Monterey when the operating systems ship this fall.

To read this article in full, please click here



Computer World Security News
Aug 06, 2021

Apple's plan to scan US iPhones raises privacy red flags
Apple has announced plans to scan iPhones for images of child abuse, raising immediate concerns regarding user privacy and surveillance with the move.

Has Apple's iPhone become an iSpy? Apple says its system is automated, doesn't scan the actual images themselves, uses some form of hash data system to identify known instances of child sexual abuse materials (CSAM) and says it has some fail-safes in place to protect privacy.

To read this article in full, please click here



Computer World Security News
Aug 04, 2021

This Vultur app takes malicious to the next level
A Netherlands security research firm has uncovered a new Android dropper app, dubbed Vultur, that delivers legitimate functionality, then silently shifts into malicious mode when it detects banking and other financial activities.

Vultur, found by ThreatFabric, is a keylogger that captures financial institution credentials by piggybacking  on the current banking session and stealing funds right away — invisibly. And just in case the victim realizes what is happening, it locks down the screen.

(Note: Always have your bank's phone number so that a direct call to a local branch might save your money — and keep the number on paper. If it's on your phone and the phone is locked, you're out of luck.)

To read this article in full, please click here



Computer World Security News
Aug 02, 2021

For Windows security, what we have is a failure to communicate
Microsoft last week reported $60 billion in profit and $165 billion in sales for its most recent quarter — with a staggering increase in cloud revenues. But that good news comes in a year when not a day goes by without reports of another security issue, another ransomware attack. Yes, Windows 11 will require hardware that should bring with it better security, but it comes at a price. Most users have systems that won't support Windows 11, so we'll be stuck using Windows 10.

There seems to be a big disconnect between the reality (and financial success) of the Windows ecosystem and the reality for its users. We need more security now, not later.

[ Related: What enterprise needs to know about Windows 11 ] For many people, malware often infiltrates systems via phishing lures and enticing links. Microsoft could serve users better by recommending security solutions we have on our systems now that aren't enabled. Some of these settings don't require additional licensing, while others are gated behind the holy grail of Windows licensing — the Microsoft 365 E5 license. While a user can purchase a single E5 license to get the included security enhancements, it raises a concern that Microsoft is starting to make security an add-on to the OS rather than built in. I remember when Microsoft talked up "Secure by Design," "Secure by Default," and "Secure in Deployment and Communication" (also known as SD3 C). Now, instead, it is touting security solutions

Computer World Security News
Jul 30, 2021

Online privacy: Best browsers, settings, and tips
"You have zero privacy anyway. Get over it," Scott McNealy said of online privacy back in 1999, a view the former CEO of the now-defunct Sun Microsystems reiterated in 2015. Despite the hue and cry his initial remarks caused, he's been proven largely correct.

Other ways to protect yourself on the web: GDPR, CCPA, and AdChoicesTo read this article in full, please click here

(Insider Story)

Computer World Security News
Jul 29, 2021

How to give your phone an Android-12-inspired privacy upgrade
Android 12 sure is an onion of an update, wouldn't ya say?

Now, don't get me wrong: I'm not suggesting it's fragrant, likely to make you cry, or positively delicious when cooked in a stir-fry. (That'd be one heck of a piece of software!) I just mean that it has lots of layers to it, including some that are beneath the surface and impossible to see when you're only glancing from afar.

Android 12 is full of changes both big and small, in fact — and while many of its most noticeable external elements will be limited to Google's own Pixel phones, some of the improvements tucked away in those sticky lower layers are arguably the most important changes of all.

To read this article in full, please click here



Computer World Security News
Jul 26, 2021

Acronis teams with Jamf to secure the Apple-centric enterprise
As the Mac security journey becomes ever more challenging, there's fresh activity in the Mac security and enterprise infrastructure space: Acronis Cyber Protect Cloud now integrates with leading enterprise management platform Jamf.

Acronis and Jamf: Better together That's a significant step forward in terms of better native Mac support from Acronis, which has been working to widen its support for Apple's platform since at least 2014 when it introduced Mac support for Acronis Access. It's also a significant indicator that despite the existence of a few hold-outs, most enterprises now recognize that the future of work is remote.

To read this article in full, please click here



Computer World Security News
Jul 26, 2021

About the Pegasus spyware, Apple's telling the full truth
When it comes to security and privacy issues, Apple generally does a far better job than its rivals — though admittedly for selfish marketing reasons. When comparing Apple's iOS and Google's Android, it's hard to not see that at least Apple makes a good-faith attempt at being security- and privacy-oriented, compared to Google, which would prefer selling ads and anything else it can think of.

Still, Apple has been known to twist and shift the truth, omitting germane background info and context when it's convenient. Remember antenna-gate? The battery-gate brouhaha?

To read this article in full, please click here



Computer World Security News
Jul 22, 2021

Pegasus spyware and iPhone security
Amnesty International's Security Lab revealed that a handful of iPhones, mostly belonging to journalists and human rights activists, were successfully infected with Pegasus spyware. While the majority of iPhones users are not affected, the spyware, created by NSO Group, was found even on newer iPhone models equipped with the latest iOS update. Apple bills the iPhone as the most secure consumer cellular product on the market, so this wave of malware raises security concerns. Computerworld Executive Editor Ken Mingis and Macworld Executive Editor Michael Simon join Juliet to discuss iPhone security and more.

Computer World Security News
Jul 22, 2021

Scary ‘malware-as-a-service' Mac attack discovered
Another day, and it's time for another Apple security scare: malware that can harvest keystrokes and log-ins and is available on the Darknet for only $49.

Malware-as-a-service for Mac attacks Check Point Software's research team claims to have identified the hack, which it is calling XLoader. Enterprise security specialists managing Macs and Apple devices (of which there are many) need to be aware of the new attack, as we're told it can:

To read this article in full, please click here



Computer World Security News
Jul 19, 2021

iPhone spyware: It's a dirty job, but NSO's gonna do it
Amnesty International has revealed that NSO Group, an Israeli ‘surveillance as a service' company, has created and sold a nasty iMessage attack that can be used to spy on journalists, activists, and political representatives using their iPhones.

A zero-click hack attack What makes this latest attack particularly dangerous is its exploitation of zero-click vulnerabilities, meaning targets don't even need to read or open the iMessage carrying the hack. Amnesty says all iPhones and iOS updates are vulnerable to the exploit, which gives attackers "complete access to the device's messages, emails, media, microphone, camera, calls and contacts."

To read this article in full, please click here



Computer World Security News
Jul 19, 2021

In the fight against ransomware, Microsoft must do more
Not a day goes by that I don't hear about some business or consultant affected by ransomware. Often, the incident starts with a phishing attack or from a vulnerability introduced by delayed patching. Or it could be a consultant tool that should have been coded better. Regardless of how it began, if you attempt to recover from a backup (assuming you have a viable one on hand) or pay the ransom and attempt to unencrypt your data, recovery will take time.

That's time companies often don't have.

Last week, the US government set up the Stopransomware website to help businesses, schools, and other organizations deal with ransomware attacks. Included in the guidance are recommendations regarding backing up:

To read this article in full, please click here



Computer World Security News
Jul 17, 2021

A big July Patch Tuesday — and the ongoing print nightmare
This week's Patch Tuesday release from Microsoft is a big one for the Windows ecosystem; it includes 117 patches that handle four publicly reported and four exploited vulnerabilities. The good news: this month's Microsoft Office and development platform (Visual Studio) patches are relatively straightforward and can be added with minimal risk to your standard patch release schedules, and there are no browser updates. Alas, we have a really serious printer issue (CVE-2021-34527) that was released out of bounds (OOB) and has been updated at least twice in the past few days. That means you need to pay immediate attention to the Windows updates and that you add all of the Windows desktop patches to your "Patch Now" schedule. 

To read this article in full, please click here



Computer World Security News
Jul 14, 2021

What is UEM? Unified endpoint management explained
Unified endpoint management (UEM) describes a set of technologies used to secure and manage a wide range of employee devices and operating systems — all from a single console.

Seen as the next generation of mobility software, UEM tools incorporate several existing enterprise mobility management (EMM) technologies — including mobile device management (MDM) and mobile application management (MAM) — with some of the tools used to secure desktop PCs and laptops.

To read this article in full, please click here



Computer World Security News
Jul 13, 2021

To patch or not to patch: That is the question
Security is more important than ever—and ransomware is bigger and badder than ever.  Barely a week goes by without a major new ransomware attack.

One way you can slow down, if not stop, such attacks is by keeping your mission-critical applications and operating systems up to date. There's only one little problem with that. Those patches, especially Microsoft's Windows patches, can be more trouble than they're worth. What's a business to do?

To read this article in full, please click here



Computer World Security News
Jun 23, 2021

Apple: Sideloading apps will undermine iOS security
Following CEO Tim Cook's statements on security at a recent conference, Apple has come out fighting to protect the security of its App Store distribution model, publishing a white paper that argues enforced side-loading of apps would make the platform — and its users — far less secure.

To read this article in full, please click here



Computer World Security News
Jun 14, 2021

Google abandons URL shortening in Chrome
Google has called quits on the notion of truncating URLs in Chrome, according to a note from earlier this month in the Chromium project's bug database.

"This experiment didn't move relevant security metrics, so we're not going to launch it," Emily Stark, a staff software engineer on the Chrome team, wrote in the June 7 entry.

Android Police first reported on Stark's note June 10.

To read this article in full, please click here



Computer World Security News
Jun 14, 2021

Windows updates: The four basic patch personalities
If you ask most people what they dislike about Windows 10, they'd probably say it's the monthly updating process and the disruption it triggers. Depending on your personality type (and how risk averse you are), here's how to handle Windows updates, deal with the changes, and keep your sanity in the process.

Bleeding-edge patchers Are you a risk-taker who loves the bleeding edge? Do you look forward to trying out new technologies, dealing with green-colored blue screens of death (BSODs) and happen to have a spare computer that you can use to provide feedback and search for error messages? If so, the Insider version of Windows 10 is for you.

To read this article in full, please click here



Computer World Security News
Jun 14, 2021

The great cloud computing surge
Driven in part by the pandemic, cloud computing adoption has reached new heights. These five articles take a close look at the implications.

Computer World Security News
Jun 11, 2021

6 zero-days make this a 'Patch Now' Patch Tuesday
Microsoft this week pushed out 50 updates to fix vulnerabilities across both the Windows and Office ecosystems. The good news is that there are no Adobe or Exchange Server updates this month. The bad news is that there are fixes for six zero-day exploits, including a critical update to the core web rendering (MSHTML) component for Windows. We've added this month's Windows updates to our "Patch Now" schedule, while the Microsoft Office and development platform updates can be deployed under their standard release regimes. Updates also include changes to Microsoft Hyper-V, the cryptographic libraries and Windows DCOM, all of which require some testing before deployment.

To read this article in full, please click here



Computer World Security News
Jun 11, 2021

Securing the Apple mobile enterprise takes context
Apple's prescence has expanded from being the brand behind a few Macs in the creative department; it is now a key mobile and productivity provider across every top enterprise. But even Apple's platforms face security challenges as people work remotely. I caught up with Truce Software CEO Joe Boyle to discuss Apple in the workplace and his company's approach to managing the mobile enterprise.

To read this article in full, please click here



Computer World Security News
Jun 10, 2021

WWDC: Why iCloud will help secure the enterprise
One of the biggest surprises of WWDC 2021 was Apple's introduction of iCloud , an upgraded version of its existing service available at no additional charge that provides secure emailing and VPN-style security for users.

iCloud just became a useful business tool The introduction of these features will transform iCloud into a very useful remote business tool, though it will be interesting to see whether all these features will be available to enterprise folks making use of Managed Apple IDs for their business tools. For the present let's assume they will, given the deep value they promise to those in that sector.

To read this article in full, please click here



Computer World Security News
Jun 08, 2021

WWDC: Apple digs deep to secure its platforms
Apple's WWDC announcements included plenty for enterprise professionals. One area that deserves  particular attention relates to the variety of privacy improvements the copany is making, because they offer significant benefits for the security conscious.

Putting you in control of your data The main thrust of Apple's recent work on privacy is information. The argument is that everyone should know about data collection, what it means, and which apps collect what information — and have at least some understanding of how that data is used.

To read this article in full, please click here



Computer World Security News
Jun 08, 2021

Ransomware revisited: As attacks worsen, tried-and-true defenses falter
Beef? Beef?!

It's come to this: a ransomware attack has come between me and my Wendy's quarter pounder! As much as I'd like to say that there's nothing to this problem for my favorite fast food lunch, I can't. A ransomware attack on the world's largest meat processor, JBS, forced nine US beef plants to close their doors on June 1.

It's not a laughing matter. If major companies such as JBS and Colonial pipeline can get hammered by ransomware, there's nothing stopping a low-life hacker from using Ransomware-as-a-Service (RaaS) to take your business out.

To read this article in full, please click here



Computer World Security News
Jun 07, 2021

Patch Tuesday: The rules of updating Windows (and Microsoft apps)
Patch Tuesday week is that time of the month when I get verklempt, — excited,and in a tizzy over the release of this month's raft of security updates. Will we get fixes for remote code execution attacks? Fixes for privilege escalations? Will we get…? Oh, you don't get verklempt, excited, and in a tizzy? You actually dread Patch Tuesday?

Let me help you out. When you install updates from Microsoft there are some fundamental rules to keep in mind.

First, when patching you should never ever lose data. Several years ago, when Microsoft rolled out the feature release version of Windows 10 1809, some users reported losing files and folders during the process. The problem caused Microsoft to pause the feature update to investigate what was triggering the issue. As it turned out, the root cause was not the update — it was the timing and rollout of a feature in One Drive. As Microsoft noted in a blog post at the time, the culprits involved three different scenarios with Onedrive — in particular, a setting called known-folder redirection. Although the issues were not widespread, the damage and loss of trust in the Windows update process was immense; even now, users remember that issue when updates arrive. Microsoft revised the 1809 release to deal with the problem and loss of data did not recur afterwards.

To read this article in full, please click here



Computer World Security News
Jun 04, 2021

Note to IT: Google really wants its privacy settings left alone
The biggest difference in business models between mobile giants Google and Apple is that Google sells hardware and software whereas Google sells information. So when Apple makes a big play out of protecting privacy—such as pushing back against encryption backdoors and government subpoenas—it's relatively easy for them. That's not primarily how they make money.

Google, though, has a business model that truly hates privacy. To Google, enterprise data privacy, along with consumer data privacy, is just something that deprives them of raw material that they can sell. In short, Google has to publicly say that it protects its customers' privacy while privately doing whatever it can to keep leveraging that data.

To read this article in full, please click here



Computer World Security News
Jun 03, 2021

The missing context around Google's Android privacy fallout
If you've read much tech news lately, you might be feeling a slight sense of shock right now.

A series of newly publicized documents related to an Arizona lawsuit reveals that Google's had some complicated systems for collecting location data across Android over the years — and that, according to the info, the company at one point tried putting a catch-all location toggle into the software's Quick Settings panel but saw a substantial increase in the number of users who took advantage of it with that more prominent positioning in place.

To read this article in full, please click here



Computer World Security News
Jun 02, 2021

When is a cybersecurity hole not a hole? Never
In cybersecurity, one of the more challenging issues is deciding when a security hole is a big deal, requiring an immediate fix or workaround, and when it's trivial enough to ignore or at least deprioritize. The tricky part is that much of this involves the dreaded security by obscurity, where a vulnerability is left in place and those in the know hope no one finds it. (Classic example: leaving a sensitive web page unprotected, but hoping that its very long and non-intuitive URL isn't accidentally found.)

And then there's the real problem: in the hands of a creative and well-resourced bad guy, almost any hole can be leveraged in non-traditional ways. But — there is always a but in cybersecurity — IT and security pros can't pragmatically fix every single hole anywhere in the environment.

To read this article in full, please click here



Computer World Security News
Jun 01, 2021

To secure your remote workforce, lock down ‘your' computers
I know some of you are still convinced you'll soon shepherd your flock of workers back into the comfortable cubicles of the corporate office. Not going to happen. I've been following the working from home revolution closely, and, trust me, your people like working from home. A lot.

According to a FlexJobs survey, 58% of workers currently working remotely said they'd "absolutely look for a new job" if they're not allowed to continue remote work. 

To read this article in full, please click here



Computer World Security News
May 25, 2021

Android 12's quietly important privacy progress
This year, for the first time in a long time, it's easy to glance at Google's latest Android effort and focus mostly on the surface.

Android 12's most striking element is without a doubt the overhauled look and feel it brings to the operating system (even if realistically, Pixel owners are the only ones who'll reap the full benefits of that change). We haven't seen such a dramatic reimagining of the Android interface in many a moon — since 2014's Android 5.0 (a.k.a. Lollipop) release — and this progression stretches past the core software itself, even, with effects set to reach the experience of using apps within Android and eventually also Google apps on the web. The same principles will apply to Chromebooks, Smart Displays, and Wear-based wearables before long as well, making this a true Google ecosystem evolution.

To read this article in full, please click here



Computer World Security News
May 25, 2021

5 free ways to get better business security
Ransomware to the left of you, malware to the right—what's a small business stuck in the middle to do?

We all know that securing your company isn't easy or cheap. As Christopher Krebs, former director of the US Cybersecurity and Infrastructure Security Agency (CISA), and Matthew Masterson, former CISA Senior Cybersecurity Advisor, both recently pointed out: we're "now in the midst of a new normal of cyber-enabled malicious activity."

To read this article in full, please click here



Computer World Security News
May 21, 2021

Apple's Mac security warning shows that closed beats open
Apple's software engineering chief Craig Federighi recently told us that Macs aren't yet as secure as iOS devices, but does this mean Mac users need to worry?

What Federighi said Apple's software lead was appearing as part of the interminable Epic v Apple trial (which today involves Apple CEO Tim Cook taking the stand). Federighi was arguing that by maintaining a highly controlled third-party app environment on iOS, Apple has been able to build an extremely secure platform.

To read this article in full, please click here



Computer World Security News
May 19, 2021

Firefox previews site-isolation tech in move to catch up to Chrome
Mozilla on Tuesday announced that a years-long effort to harden Firefox's defenses can now be previewed in the browser's Nightly and Beta builds.

Debuting as "Project Fission" in February 2019, the project was also linked to the more descriptive "site isolation," a defensive technology in which a browser devotes separate processes to each domain or even each website, and in some cases, assigns different processes to site components, such as iframes, so they are rendered separately from the process handling the overall site.

To read this article in full, please click here



Computer World Security News
May 18, 2021

Here's what you can do about ransomware
Last week, people in my neck of the woods, North Carolina, went into a panic. You couldn't get gasoline for love or money. The root cause? Colonial Pipeline, a major oil and gas pipeline company, had been hit by a major ransomware attack. With four main fuel pipelines shut down, people throughout the southeast U.S. lined up at gas stations for every drop of gas they could get.

You may not believe that ransomware is a serious threat. But I and most everyone else in the southeast? We believe.

To read this article in full, please click here



Computer World Security News
May 17, 2021

For Windows users, tips on fighting ransomware attacks
Ransomware.

It's one word that strikes fear in the minds of many a computer user, especially given the near daily headlines about companies affected. It makes us wonder why this keeps happening to users and businesses, large and small.

But there's plenty you can do to protect yourself or your business.

Be wary of what you click on Most of the time, ransomware that affects an individual happens after someone clicks on something they shouldn't — maybe a phishing-related email or a web page that installs malicious files. In a business setting, the attacks often come from an attacker going after open remote access protocol, either using brute force or harvested credentials. Once inside the network, they can disable backups and lie in wait until the best time to attack.

To read this article in full, please click here



Computer World Security News
May 17, 2021

Google makes a big security change, but other companies must follow
In a wonderful cybersecurity move that should be replicated by all vendors, Google is slowly moving to make multi-factor authentication (MFA) default. To confuse matters, Google isn't calling MFA "MFA;' instead it calls it "two-step verification (2SV)."

The more interesting part is that Google is also pushing the use of FIDO-compliant software that is embedded within the phone. It even has an iOS version, so it can be in all Android as well as Apple phones.

To be clear, this internal key is not designed to authenticate the user, according to Jonathan Skelker, product manager with Google Account Security. Android and iOS phones are using biometrics for that (mostly facial recognition with a few fingerprint authentications) — and biometrics, in theory, provides sufficient authentication. The FIDO-compliant software is designed to authenticate the device for non-phone access, such as for Gmail or Google Drive.

To read this article in full, please click here



Computer World Security News
May 14, 2021

Browser updates are back for the May's Patch Tuesday
With 55 updates, three publicly reported vulnerabilities and reported public exploits for Adobe Reader, this week's Patch Tuesday update will require some time and testing before deployment. There are some tough testing scenarios (we're looking at you, OLE) and kernel updates make for risky deployments. Focus on the IE and Adobe Reader patches — and take your time with the (technically challenging) Exchange and Windows updates.

Speaking of taking your time, if you're still Windows 10 1909, this is your last month of security updates. 

The three publicly disclosed vulnerabilities this month include:

To read this article in full, please click here



Computer World Security News
May 13, 2021

Social engineering, fake App Stores, hit iOS, Sophos warns
I didn't entirely mean to focus on Apple device security for most of this week (see here and here), but new Sophos research should interest any enterprise working to enhance security awareness.

Breaking bad The research looks at 167 counterfeit apps used to scam iOS and Android users. Those that impact Apple's mobile OS particularly stood out, as they show the increasing sophistication of malware authors.

To read this article in full, please click here



Computer World Security News
May 12, 2021

Jamf adds zero trust security to the Apple enterprise
Apple enterprise management company Jamf has announced its pending $400 million acquisition of zero trust cloud-based security company, Wandera.

Apple security with zero trust Security remains of critical concern to the many enterprises deploying Apple equipment during the time of COVID-19, and as the mobile device management (MDM) services industry becomes more competitive, many providers are attempting to bolster services with security protection.

To read this article in full, please click here



Computer World Security News
May 11, 2021

Enterprises need to get smart about iOS security
The XcodeGhost malware attack that allegedly affected 128 million iOS users is an excellent illustration of the kind of sophisticated attack all users should get ready to defend against as platforms become inherently more secure.

Designer label malware XcodeGhost was an intelligent exploit that presented itself as a malware-infested copy of Xcode made available via websites targeting Chinese developers. Developers in the region downloaded it because it was easier to get than the real code because local networks wereunreliable.

To read this article in full, please click here



Computer World Security News
May 11, 2021

No matter the size of your business, you must take security seriously.
I recently wrote about using passwords correctly, and a reader replied: "I've been getting told this for years, but who's ever going to attack my 12-employee business?"

This isn't the first time I've heard remarks like that. The answer is: "Who won't attack you!?"

Hackers don't care whether your annual revenue is in five figures or nine. They will target you. Indeed, if you're on the smaller size, you're more likely to be vulnerable because, chances are, you're an easier target. After all, as BullGuard CEO Paul Lipman said: "Small businesses are not immune to cyberattacks and data breaches and are often targeted specifically because they often fail to prioritize security."

To read this article in full, please click here



Computer World Security News
May 10, 2021

Patch Tuesday preview: Time for a 'measured' approach to updates
It's time again: with Patch Tuesday in sight, I always recommend pausing or delaying updates, and this month is no different. But the second Tuesday of May also brings to an end support for Windows 10 1909. If you want to receive updates for Windows 10 after May 11, you'll need to make sure you're running Windows 10 2004 or 20H2.

So my first request on this Patch Tuesday week is that you check to see what exact version of Windows 10 you have installed, so you know you are still supported.

Typically, there is a window of time when we can safely defer or delay updates and when businesses can test patches before rolling them out. The days of worm attacks where we had to immediately patch systems have long since passed. These days, attacks are typically done using phishing lures to gain access to a system; the weakest link isn't necessarily software, it's us,opening Office docs or other files that harvest credentials. If you are even a slightly savvy user, give yourself time to ensure that there are no patching side effects.

To read this article in full, please click here



Computer World Security News
May 04, 2021

Getting passwords right for you and your business
Chances are you've never heard of the National Institute of Standards and Technology (NIST) Special Publication 800-63, Appendix A. But you've been using its contents from your first online account and password until today. That's because, within it, you'll find the first password rules such as requiring a combination of a lowercase and uppercase letter, a number, and a special character — and the recommendation of changing your password every 90 days.

There's only one problem. Bill Burr, who originally set up these rules, thinks he blew it. "Much of what I did I now regret," Burr told the The Wall Street Journal a few years ago.

To read this article in full, please click here



  • CEOExpress
  • 1 Boston Place | Suite 2600
    Boston MA 02108
  • Contact
  • As an Amazon Associate
    CEOExpress earns from
    qualifying purchases.

©1999-2021 CEOExpress Company LLC