• Quotes
  • Shortcuts
The Executive's Internet
Fri, May 27th
icon
GoogleAmazonWikipedia


spacerspacer

 

 NEWS: COMPUTER WORLD SECURITY NEWS
Setup News Ticker
   NEWS: COMPUTER WORLD SECURITY NEWS
Computer World Security News
May 26, 2022

DOJ reverses itself, says good-faith security researchers should be left alone
In a move that could have a major impact on enterprise penetration testing and other cybersecurity tactics, the US Department of Justice last Thursday reversed one of its own policies by telling prosecutors not to prosecute anyone involved in "good-faith security research."

This is one of those common-sense decisions that makes me far more interested in exploring the original DOJ policy (set in 2014, during the Obama era). 

The underlying law at issue is the Computer Fraud and Abuse Act, which made it illegal to access a computer without proper authorization. It was passed in 1986 and has been updated several times since then.

To read this article in full, please click here



Computer World Security News
May 26, 2022

IT salaries aren't keeping up with inflation — but that may soon change
Pay for some IT professionals is failing to keep up with inflation, according to a salary survey by IT employment consultancy Janco Associates for calendar year 2021. But preliminary data indicates pay for tech workers could soon change drastically with job market in IT tight, and many companies eyeing major tech projects in the year ahead.

With inflation in the US running at about 8% over the past year, salary increases — even for IT execs — have failed to keep pace.

The mean compensation for all IT pros last year rose only 2.05%, with the median salary at $100,022 for those at large enterprises and at $95,681 for IT workers at mid-sized firms, according to Janco.

To read this article in full, please click here



Computer World Security News
May 25, 2022

Microsoft security vulnerabilities drop after five-year rise
While elevated privilege attacks remain a critical security concern when using Microsoft products, a new report says that the raw number of vulnerabilities is dropping.

Computer World Security News
May 16, 2022

Not all patching problems are created equal
It's the third week of the month — the week we find out whether Microsoft acknowledges any side effects it's investigating as part of the monthly patch-release process.

First, a bit of background. Microsoft has released patches for years. But they haven't always been released on a schedule. In the early days, Microsoft would release updates any day of the week. Then in October 2003, Microsoft formalized the release of normal security updates on the second Tuesday of the month. Thus was born Patch Tuesday. (Note: depending on where you are in the world, Patch Tuesday may be a Patch Wednesday.) The following day, or in some cases, over the next week, users and admins report issues with updates — and Microsoft finally acknowledges that, yes, there are issues.

To read this article in full, please click here



Computer World Security News
May 14, 2022

May's Patch Tuesday updates make urgent patching a must
This past week's Patch Tuesday started with 73 updates, but ended up (so far) with three revisions and a late addition (CVE-2022-30138) for a total of 77 vulnerabilities addressed this month. Compared with the broad set of updates released in April, we see a greater urgency in patching Windows — especially wiith three zero-days and several very serious flaws in key server and authentication areas. Exchange will require attention, too, due to new server update technology.

To read this article in full, please click here



Computer World Security News
May 12, 2022

Europe puts Apple's CSAM plans back in the spotlight
Apple may have put some of its plans to scan devices for CSAM material on hold, but the European Commission has put them right back in the spotlight with a move to force messaging services to begin monitoring for such material.

CSAM is emerging as a privacy test In terms of child protection, it's a good thing. Child Sexual Abuse Material (CSAM) is a far bigger problem than many people realize; victims of this appalling trade end up with shattered lives.

To read this article in full, please click here



Computer World Security News
May 09, 2022

Just what does Windows 11 bring to the table?
The other day, my Dad — my bellwether for technology — mentioned in passing that he'd read online that Windows 11 shouldn't be used and that the operating system wasn't being adopted.

Dad had a point. He's more of an Apple user now — I have him on my phone plan to support his tech needs, he uses an iPhone and has an iPad. As his needs have changed, his reliance on Windows devices has decreased. In fact, his current Windows needs involve applications not on the Apple platform. (And because he's a standalone user, not a domain user, many of the advances in Windows 11 having to do with authentication won't be available to him.)

To read this article in full, please click here



Computer World Security News
May 04, 2022

Google responds to EU data rulings with new Workspace controls
Google Cloud has announced a new set of Sovereign Controls for users of its Workspace productivity software, aimed at allowing organizations in both the public and private sector to better control, limit, and monitor data transfers to and from the European Union.

The changes look to have come in response to a range of recent European Union efforts to better protect the personal data of members when using cloud services, following the collapse of Privacy Shield.

To read this article in full, please click here



Computer World Security News
May 03, 2022

Enterprise mobility 2022: UEM adds user experience, AI, automation
The past two years have seen mobility management take on a greater importance than ever in the enterprise. As remote and hybrid work models take hold at many organizations, "mobility management" has expanded its meaning from management of mobile devices to management of all devices used by mobile employees, wherever they happen to be working from.

Unified endpoint management (UEM) has become a strategic technology at the center of companies' efforts to control this increasingly complex environment. Essentially combining enterprise mobility management (EMM) tools with PC management tools, UEM platforms help companies manage and protect a range of devices including smartphones, tablets, laptops, and desktop computers across multiple operating systems — all from a unified interface.

To read this article in full, please click here



Computer World Security News
May 03, 2022

Download: UEM vendor comparison chart 2022
Unified endpoint management (UEM) is a strategic IT approach that consolidates how enterprises secure and manage an array of deployed devices including phones, tablets, PCs, and even IoT devices.To read this article in full, please click here

(Insider Story)

Computer World Security News
May 02, 2022

Russia is losing the cyberwar against Ukraine, too
When Russia launched its all-out attack against Ukraine in February, the world expected the invaders to roll over the country quickly. That didn't happen, and Ukraine today, though still under assault, has so far thwarted Russia's ambitions to conquer it.

Russia has also been fighting a quieter war against Ukraine, a cyberwar, deploying what had been considered the most feared state-sponsored hackers in the world. And in the same way that Ukraine has fended off Russia's military might, it's been winning the cyberwar as well.

[ Ukrainian IT industry says it's still open for business ] In that cyberwar, as always, the terrain is primarily Windows, because it represents the largest and most vulnerable attack surface in the world. The facts about what exactly is going on have been shadowy. But there's plenty of evidence that Ukraine may keep the upper hand.

To read this article in full, please click here



Computer World Security News
Apr 28, 2022

Think the video call mute button keeps you safe? Think again
Have you recently been on a video confefence call, hit the "mute" button and then offered up some nasty comments about a client or a colleague — or even the boss?

Or maybe while in a conference room with colleagues — muted — and pointed out that some proposed action would violate the terms of a secret acquisition in its final stages?

If you were comfortable that the mute button was actively protecting your secret, you shouldn't have been.

Thanks to some impressive experimentation and research from a group of academics at the University of Wisconsin-Madison and Loyola University Chicago, utterances made while the app is in mute are still captured and saved into RAM.

To read this article in full, please click here



Computer World Security News
Apr 26, 2022

Jamf adds network and endpoint security tools for enterprise Macs
Jamf has announced a series of significant updates to Jamf Protect, introducing a unique set of technologies designed to make enterprise devices more secure while also identifying and responding to incoming endpoint threats. The company also introduced, Jamf Trust, which aims to make this kind of security simple to use. (The latter is also available for Android and Windows.)

What's new in Jamf Protect? The big news for Mac security, Jamf Protect, now offers a comprehensive endpoint and network security solution, supplementing its existing protections with new tools for:

To read this article in full, please click here



Computer World Security News
Apr 22, 2022

When it comes to data, resist your inner packrat
Human beings are natural pack rats, as evidenced by the 2.3 billion square feet of self-storage space that's in use in the U.S. Fear of getting rid of stuff even has a name: disposophobia.

Keeping every pair of shoes your kids have ever worn isn't a problem for anyone except those with whom you share living space.

But the same rules don't apply to data.

All industries have records retention guidelines spelled out in compliance rules. They are usually strictly enforced for regulated companies, and firms that run afoul of them can be punished.

To read this article in full, please click here



Computer World Security News
Apr 22, 2022

In a remote-work world, a zero-trust revolution is necessary
Last summer, law enforcement officials contacted both Apple and Meta, demanding customer data in "emergency data requests." The companies complied. Unfortunately, the "officials" turned out to be hackers affiliated with a cyber-gang called "Recursion Team."

Roughly three years ago, the CEO of a UK-based energy company got a call from the CEO of the company's German parent company instructing him to wire a quarter of a million dollars to a Hungarian "supplier." He complied. Sadly, the German "CEO" was in fact a cybercriminal using deepfake audio technology to spoof the other man's voice.

To read this article in full, please click here



Computer World Security News
Apr 22, 2022

12 Android settings that'll strengthen your security
You might not know it from all the panic-inducing headlines out there, but Android is actually packed with practical and powerful security options. Some are activated by default and protecting you whether you realize it or not, while others are more out of the way but equally deserving of your attention.

So stop wasting your time worrying about the Android malware monster du jour and which security company is using it to scare you into an unnecessary subscription, and take a moment instead to look through these far more impactful Android settings — ranging from core system-level elements to some more advanced and easily overlooked options.

To read this article in full, please click here



Computer World Security News
Apr 21, 2022

California eyes law to protect workers from digital surveillance
The California State Assembly is considering new rules that would offer workers greater protection from the use of digital monitoring tools by employers.

The "Workplace Technology Accountability Act" (AB 1651), introduced by Assemblymember Ash Kalra, would create a way to protect workers against the use of technologies that can negatively affect privacy and wellbeing.

The bill would "establish much needed, yet reasonable, limitations on how employers use data-driven technology at work," Kalra told the Assembly Labor and Employment Committee on Wednesday. "The time is now to address the increasing use of unregulated data-driven technologies in the workplace and give workers — and the state — the necessary tools to mitigate any insidious impacts caused by them."

To read this article in full, please click here



Computer World Security News
Apr 20, 2022

Top 6 e-signature software tools
The COVID-19 pandemic did not just disrupt physical meetings and physical office spaces; workflows that relied on in-person interaction, such as signing documents and contracts, were also highly impacted. Electronic signature (e-signature) software has surged in popularity over the past two years as enterprises looked to modify their signature workflows to support a remote workforce, said Holly Muscolino, group vice president for content strategies and future of work at IDC.

With many companies returning to an in-person office environment or adopting a hybrid workforce approach, where employees work some days in the office and some at home, e-signature vendors are working to convince businesses that they are still relevant. Although the market has slowed down, Muscolino said, "it's still showing healthy growth, because there are still companies who have not adopted this technology. There is still significant room for adoption."

To read this article in full, please click here



Computer World Security News
Apr 18, 2022

When humans make tech mistakes
We often think vendors are perfect. They have backups. They have redundancy. They have experts that know exactly how to deploy solutions without fail. And then we see they aren't any better than we are.

Let's look at a few recent examples.

In the small to mid-sized business (SMB) space, StorageCraft has long been a trusted backup software vendor. One of the first to make image backups easy to do, it was used and recommended by many managed service providers. After StorageCraft was acquired by Arcserve in March 2021, there were no immediate major changes in how the company ran.

To read this article in full, please click here



Computer World Security News
Apr 15, 2022

April's Patch Tuesday: a lot of large, diverse and urgent updates
This week's Patch Tuesday release was huge, diverse, risky, and urgent, with late update arrivals for Microsoft browsers (CVE-2022-1364) and two zero-day vulnerabilities affecting Windows (CVE-2022-26809 and CVE-2022-24500). Fortunately, Microsoft has not released any patches for Microsoft Exchange, but this month we do have to deal with more Adobe (PDF) printing related vulnerabilities and associated testing efforts. We have added the Windows and Adobe updates to our "Patch Now" schedule, and will be watching closely to see what happens with any further Microsoft Office updates. 

To read this article in full, please click here



Computer World Security News
Apr 13, 2022

Apple has good privacy arguments, but critics aren't listening
Apple CEO Tim Cook this week warned that regulators are on the edge of making poor decisions that will impact our future during a passionate speech in defense of personal privacy and his company's business models at the Global Privacy Summit in Washington DC.

Neither good nor evil The thrust of Cook's argument is that privacy and security are essential building blocks of trust for a technologically advanced society. But that huge potential is being constrained by surveillance and insecurity.

To read this article in full, please click here



Computer World Security News
Apr 12, 2022

Duckduckgo launches privacy browser beta for macOS
Privacy-centered search engine DuckDuckGo today launched the beta of its desktop browser for macOS.

The browser is designed from the ground up to maintain privacy, the company said, meaning it will not collect information about users and will not install cookies or tracking codes on devices. DuckDuckGo also said it can block "hidden trackers" before they load.

Duckduckgo first announced plans for a macOS desktop browser in December 2021. (The browser is already available as a download for mobile devices). In 2019, DuckDuckGo added Apple Maps support and has since made  other improvements to how it works on Apple devices.

To read this article in full, please click here



Computer World Security News
Apr 06, 2022

Windows 11 — we haven't seen anything, yet
Disclosure: Microsoft is a client of the author.

Microsoft this week had an analyst event about Windows 11 and a variety of productivity, management, and security features the company has planned. Over the last couple of years, Microsoft has aggressively improved both Windows and Office 365, but the big change ahead is the potential blend of Windows with Windows 365. We'll see that start by the end of the year. The end game should be what appears to be a Windows desktop that integrates so well with the cloud that it can, when necessary, seamlessly switch between instances to comply with company policy, assure security, and provide recourse on automatic demand from Azure Cloud. 

To read this article in full, please click here



Computer World Security News
Apr 05, 2022

Apple quietly stops meaningful auto-updates in iOS
In the mobile world pitting Apple's iOS devices against Google's Android devices, Apple has historically had one distinct advantage: patches and updates.

Given the fragmented nature of Android (hundreds of handset manufacturers versus just one for iOS), it is simply far easier for Apple to quickly and efficiently push out updates in a way that allows a large percentage of users get updates quickly. That has been true regardless of whether its new functionality or a critical security patch.

So what's the problem? Craig Federighi, Apple's senior vice president of software engineering, has quietly said that Apple has dramatically slowed down auto updates — by as much as a month.

To read this article in full, please click here



Computer World Security News
Apr 05, 2022

Android 12 Upgrade Report Card: What a weird year
In the world of software, six months is an eternity.

Heck, look at how much has happened over the past six months since Android 12 came into the universe. Google started and then finished a hefty 0.1-style update that lays the groundwork for significant large-screen improvements to the Android experience. And it's now well into the public development phase of its next big Android version, Android 13 — which is the rapidly forming release on most folks' minds at this point.

To read this article in full, please click here



Computer World Security News
Apr 04, 2022

The Russian cyberattack threat might force a new IT stance
There's a lot of fear of possible Russian cyberattacks stemming from Russia's attempted takeover of Ukraine. Perhaps the biggest worry —and quite possibly the most likely to materialize — is that these cyberattacks will likely be finely tuned as retaliation for US financial moves against the Russian economy. 

The cyberattacks would be designed not to steal money or data per se, but to harm the US economy by strategically hitting major players in key verticals. In other words, the Russian government might say, "You hurt our economy and our people? We'll do the same to you."

Thus far, there's no evidence of any large-scale attack, but one could be launched at any time. 

To read this article in full, please click here



Computer World Security News
Apr 01, 2022

When should the data breach clock start?
One of the most difficult issues in enterprise cybersecurity — something the US Securities and Exchange Commission is now openly struggling with — is when should an enterprise report a data breach?

The easy part is, "how long after the enterprise knows of the breach should it disclose?" Different compliance regimes come to different numbers, but they are relatively close, from GDPR's 72 hours to the SEC's initial four days.

To read this article in full, please click here



Computer World Security News
Mar 31, 2022

How to stop worrying and love zero trust
Countless articles have been published in the past few years about zero trust, most of them explorations and expositions for security professionals.

But I want to write for remote workers on the other side of the so-called "trust" equation — the people who will deal with the changes and inconveniences as zero-trust strategies are implemented and refined over the next few years.

Welcome to this jargon-free explanation of zero trust.

To read this article in full, please click here



Computer World Security News
Mar 30, 2022

How Russia's invasion of Ukraine affected the cyber threat landscape
Since Russia's invasion of Ukraine last month and consequential sanctions against the Kremlin, the threat of cyberattacks in the U.S. and abroad has been looming. While the threat of attacks on critical infrastructure has increased, it hasn't escalated to the all-out cyberwar that some were expecting. CSO Online senior writer Lucian Constantin joins Juliet to discuss how the cyber threat landscape has evolved as a result of the war in Ukraine and what organizations can do to increase their cyber incident defenses. For more on this topic, check out this article from CSO Online: Conti gang says it's ready to hit critical infrastructure in support of Russian government: https://www.csoonline.com/article/3651498/conti-gang-says-its-ready-to-hit-critical-infrastructure-in-support-of-russian-government.html

Computer World Security News
Mar 28, 2022

On browsers and bugs
We're told that one of the best ways to stay secure is to make sure our computers are patched. But we need to always be aware that at any given time, there are several vulnerabilities probably known and in use by attackers. The good news is that the number of days between when a bug is identified and when it's patched is slowly going down, according to the Google Project Zero. It tracks how long it's taking vendors to patch bugs and found that "in 2021, vendors took an average of 52 days to fix security vulnerabilities reported from Project Zero. This is a significant acceleration from an average of about 80 days [three] years ago."

To read this article in full, please click here



Computer World Security News
Mar 25, 2022

U.S., EU reach preliminary data privacy agreement
U.S. President Biden and EU President von der Leyen say deal underscores shared values over data privacy and security surrounding trans-Atlantic information sharing.

Computer World Security News
Mar 25, 2022

US, EU reach preliminary data privacy agreement
US President Biden and EU President von der Leyen say deal underscores shared values over data privacy and security surrounding transatlantic information sharing.

Computer World Security News
Mar 24, 2022

10 easy steps to make Chrome faster and more secure
Gather 'round, kiddos — 'cause it's time for a story.

Once upon a time, Chrome was a lean, mean browsing machine. It was the scrappy lightweight kid in a block filled with clunky old blobs of blubber. People had never seen a browser so fast, so thoughtfully constructed! It stripped everything down to the essentials and made the act of browsing the web both pleasant and secure — qualities that were anything but standard back in that prehistoric era.

Chrome was "minimalist in the extreme," as The New York Times put it — with "extremely fast" page loads and a "snappy" user interface, in the words of Ars Technica. Its sandbox-centric setup and emphasis on supporting web-based applications made the program "the first true Web 2.0 browser," as some other tech website opined.

To read this article in full, please click here



Computer World Security News
Mar 22, 2022

iCloud goes down: Live by the service, die by the service
Each time we experience an Apple iCloud, Spotify, Slack, Verizon, Google, Peloton, or any other form of server-based outage, we're reminded that everyone should have multiple layers of backup to maintain data and work to ensure key services still work when servers go down.

To read this article in full, please click here



Computer World Security News
Mar 22, 2022

You can't keep quiet when you're hacked anymore
One of the dirty little secrets of many businesses, perhaps even most, is that far more of them than ever admit to it have been hacked. Still others end up paying ransomware, but they've never revealed this deep, dark secret. After all, who wants to admit to the world — and their customers — that they've been caught with their security pants down.

Well, things are about to change. In the recently signed $1.5 trillion government funding bill were new cybersecurity laws requiring companies to quickly report data breaches and ransomware payments. 

To read this article in full, please click here



Computer World Security News
Mar 18, 2022

Do svidaniya, Kaspersky — goodbye
Companies and governments have, shall we say, interesting relations. Just ask any Chinese tech company in recent days.  But, while they're losing billions, companies in war-mongering countries like Russia have an even harder row to hoe. How can Russian companies support Russia's unprovoked invasion of Ukraine?

You may say they can't, but that just shows you haven't studied history. When money and ethics are weighed against each other, money usually wins. For example, such American-as-apple-pie-and-baseball companies as General Motors, Ford, Coca-Cola, and IBM supported Nazi Germany during World War II.

To read this article in full, please click here



Computer World Security News
Mar 14, 2022

What are the best VPN services for conflict zones?
There has been a rapid spike in demand for VPN services in Russia and Ukraine since the invasion began almost three weeks ago. People in both nations seek online freedoms as offline misery intensifies, and want to see through the fog of conflict.

VPN services see rapid growth in Russia A VPN (virtual private network) service creates an encrypted tunnel between users and the servers they interact with. This helps secure the traffic to protect people from being identified, tracked, and surveilled.

Simon Migliano, Head of Research at Top10VPN, explained that Russians began seeking out VPN services before the conflict began. But demand has accelerated as it continues and authorities become more repressive there.

To read this article in full, please click here



Computer World Security News
Mar 14, 2022

Do you know where your software comes from?
Where does your software come from?

That's one of the questions online users at AskWoody.com have asked in recent weeks. Obviously, this comes up as the world sees what's going on in Ukraine. For many years, one security software vendor in particular was tagged as possibly having Russian ties — and as far back as 2017, the US Government banned the use of Kaspersky antivirus over fears the security software could spy on defense contractors for Russia.

To read this article in full, please click here



Computer World Security News
Mar 12, 2022

Microsoft delivers a solid, low-impact Patch Tuesday
March brings us a solid set of updates from Microsoft for Windows, Microsoft Office, Exchange, and Edge (Chromium), but no critical issues requiring a "Patch Now" release schedule (though Microsoft Exchange will require some technical effort this month). We have published some testing guidelines, with a focus on printing, remote desktop over VPN connections, and server-based networking changes. We also recommend testing your Windows installer packages with a specific focus on roll-back and uninstall functionality.

You can find more information about the risk of deploying these Patch Tuesday updates with this useful infographic. And, if you are looking for more information on .NET updates, there is a great post from Microsoft that highlights this month's changes.

To read this article in full, please click here



Computer World Security News
Mar 11, 2022

How to boost cybersecurity defenses using your router
COVID-19 has made us all more aware of the need to protect our computers at home from online evil. But when was the last time you pointed your browser at your router? The little box that connects your PC and all the other devices in your home to the internet has an array security features that many people are unaware of.

After speaking to Derek Manky, chief of security insights and global threat alliances at Fortinet's FortiGuard Labs, I logged into my Verizon FIOS router for the first time in years and discovered there were no less than 18 devices connected to it, including TVs, printers, thermostats and a half dozen Amazon Echoes. Each is a potential security vulnerability. "If you look at your home router, you'll be surprised what you find there," Manky said.

To read this article in full, please click here



Computer World Security News
Mar 08, 2022

Phishing e-mails are more prevalent (and dangerous) than ever
Phishing, those malicious e-mails that pretend to be legitimate messages, has been a problem since Canter and Siegel launched the first spam campaign in 1994. (Mea culpa — it seems they learned about this thing called the Internet from some of my articles.) Today, spam, while still annoying, is the least of our e-mail troubles. In addition to invading Ukraine, Russian agents are now doing their best to invade our IT systems via phishing e-mails.

To read this article in full, please click here



Computer World Security News
Mar 08, 2022

Google buys cybersecurity company Mandiant for $5.4B
In a move to offer an end-to-end security operations suite from its cloud platform, Google has announced it will acquire cyberdefense and response company Mandiant for $5.4 billion, in a deal expected to close later this year.

The acquisition will complement Google Cloud's existing security services and together, the companies will deliver a security operations suite as well as advisory services that help customers address critical security challenges and stay protected at every stage of the security lifecycle, Mandiant said in a press release.

The company recently announced a new Ransomware Defense Validation service for its SaaS-based XDR (extended detection and response) platform, Mandiant Advantage, to help enterprises gauge the ability of their security systems to guard against ransomware attacks. 

To read this article in full, please click here



Computer World Security News
Mar 07, 2022

Change my password? AGAIN?
Every year at this time, I have to fill out my firm's cyber insurance application — and every year they ask whether we encourage strong passwords and change them often. This question annoys me tremendously, because we really shouldn't be changing passwords often. We should instead be choosing authentication processes that appropriately match site risks; using a password should be the last thing you want to rely on.

First, think about the information and data a website is keeping on you. The sites we want to offer the most protections often have the weakest. Where you can, always add two-factor authentication to a site's access. (Not all multi-factor authentication is created equally, but some sort of multi-factor is better than none. If it encourages attackers to go elsewhere, it's done its job.

To read this article in full, please click here



Computer World Security News
Mar 04, 2022

Employee monitoring risks ‘spiraling out of control,' union group warns
An increase in workplace surveillance during the COVID-19 pandemic could lead to widespread discrimination, work intensification, and unfair treatment of workers unless regulatory safeguards are put in place, according to a prominent UK union group.

The Trade Union Congress (TUC), which represents most unions in the UK, published survey results this week  highlighting the use of surveillance technologies to monitor workers in a variety of job roles.

To read this article in full, please click here



Computer World Security News
Mar 03, 2022

After Russia's invasion of Ukraine, it's time to hunker down
Chances are you don't live in Ukraine's capital, Kyiv, so you don't need to worry about a missile landing on your office. But even if you're 6,000 miles away, you could still get smacked by Russia's or its Anonymous enemies' cyberwar fallout.

As the war grinds on, chances will only increase that everyone will be affected by the resulting and growing cyberattacks. So, what can you do to protect yourself?

To read this article in full, please click here



Computer World Security News
Mar 03, 2022

It's time to secure the Apple enterprise
It's not unreasonable to assume that war in Ukraine will generate a wave of cyberattacks. That means every business or personal computer user should audit their existing security protections, particularly for companies that have embraced the hybrid workplace.

While larger enterprises usually employ Chief Information Security Officers (CISOs) and security consultants to manage such tasks, what follows is useful advice for Mac, iPad, and iPhone users seeking to start such an audit.  

To read this article in full, please click here



Computer World Security News
Mar 03, 2022

Splunk appoints Gary Steele as new CEO
Splunk has named Gary Steele as its new CEO, three months after the surprise resignation of longtime CEO Doug Merritt.

"The board is focused on identifying a leader with a proven track record of scaling operations and growing multi-billion-dollar enterprises," Merritt said in a statement at the time.

We now know that leader is Gary Steele, who was the founding CEO of software-as-a-service (SaaS) security vendor Proofpoint, a company he led for nearly 20 years. During that time, Steele navigated both an IPO in 2012 and a private equity buyout from Thoma Bravo last year. He will start on April 11, when he will also take a seat on Splunk's board.

To read this article in full, please click here



Computer World Security News
Feb 28, 2022

In a time of war, it's important to stay secure
As Russia invaded Ukraine, seeing the disruption in the world occur in near real time on social media brought poignancy to what was happening. While I don't know anyone in Ukraine, I know many people who have friends or family members that have been impacted by the war. Ukraine has many technology ties around the world. It's also been a source of cyberattacks, which is why there's extra concern about what we can do to protect ourselves in case of attack. (Eastern Europe has often been the source of many of the ransomware attacks that occur around the world.)

So what can tech users do to ensure you protect yourself from possible cyberattacks arising from the conflict?

To read this article in full, please click here



Computer World Security News
Feb 28, 2022

Behavioral Analytics is getting trickier
Behavioral analytics is one of the best authentication methods around — especially when it's part of continuous authentication. Authentication as a "one-and-done" is something that simply shouldn't happen anymore. Then again, I've argued the same thing about using unencrypted SMS as a form of multi-factor authentication and I sadly still see that being used by lots of Fortune 1000 firms.

Oh well.

Although most enterprise CISOs are fine with behavioral analytics on paper (on a whiteboard? As a message within Microsoft Teams/GoogleMeet/Zoom?), they're resistant to rapid widespread deployment because it requires creating a profile for every user — including partners, distributors, suppliers, large customers and anyone else who needs system access. Those profiles can take more than a month to create to get an accurate, consistent picture of each person.

To read this article in full, please click here



Computer World Security News
Feb 25, 2022

Windows is in Moscow's crosshairs, too
Russia telegraphed its intentions to invade Ukraine well ahead of this week's attack by massing nearly 200,000 soldiers along Ukraine's borders, and by Vladimir Putin's increasingly belligerent threats.

Behind the scenes, Russia was doing more than that, including dangerous cyberattacks launched against Ukraine. And as is typically the case in such attacks, Windows was the attack vector.

"We've observed destructive malware in systems belonging to several Ukrainian government agencies and organizations that work closely with the Ukrainian government, Tom Burt, Microsoft corporate vice president for customer security and trust, wrote in a blog post in mid-January. "The malware is disguised as ransomware but, if activated by the attacker, would render the infected computer system inoperable." In a related technical post detailing how the malware works, Microsoft added: "These systems [under cyberattack] span multiple government, non-profit, and information technology organizations, all based in Ukraine."

To read this article in full, please click here



Computer World Security News
Feb 11, 2022

Take your time testing these February Patch Tuesday updates
There are (as of now) 51 patches to the Windows ecosystem for February, but no critical updates and no "Patch Now" recommendations from the Readiness team. I'm hoping that with this month's list of Patch Tuesday updates, we can enjoy the quiet after the storm. January was tough for a lot of folks. And, with this month's very light release from Microsoft, corporate security and systems administrators can take the time needed to test their applications and desktop/server builds. It's also important to invest in their testing methodologies, release practices, and how their applications may be affected by OS-level updates and patches.

To read this article in full, please click here



Computer World Security News
Feb 07, 2022

Addigy talks up Apple-in-the-enterprise tech show
Apple's continuing enterprise momentum means it's grabbing a growing slice of the business ecosystem, and the expansion is driving growth across the Apple device management ecosystem.

Addigy Innovate 2022 Reflecting this, Addigy recently announced plans to hold its annual Innovate 2022 conference later this month. I spoke with Jason Dettbarn, founder and CEO, who says the event will include keynotes and product presentations, including one hosted by The Ethical Hacker author Ralph Echemendia.

To read this article in full, please click here



Computer World Security News
Feb 04, 2022

Q&A: CISO sees 'enterprise' browser as easier way to monitor employee web use
Over the past several years, Ashland Specialty Chemicals, a global specialty materials and chemical company with about 4,200 employees, has been downsizing. It shuttered its physical datacenter and adopted more of a software-as-a-service strategy for business apps such as Salesforce and Workday. With the shift to the cloud, the company also had to address keeping web traffic secure as its hybrid workforce accessed sensitive data online.

While the company continues to use more traditional, and costly, firewalls such as Cloud Access Security Brokers (CASB) and Secure Access Service Edge (SASE) to secure web gateways, it has also been testing an enterprise-specific browser from a start-up company named Island. 

To read this article in full, please click here



Computer World Security News
Feb 03, 2022

Second Israeli firm accused of undermining iPhones, like NSO Group
As if recent revelations about NSO Group weren't bad enough, yet another Israeli firm — QuaDream — has now been accused of using the same hack to undermine iPhone security.

QuaDream also used the hack, Reuters claims A Reuters report has the details:

QuaDream made use of the same flaw to commit similar attacks against iPhones. The company is smaller than NSO Group, but also sells smartphone hacking tools to governments. Both companies used the same highly sophisticated "zero-click" ForcedEntry attack, which enabled them to remotely break into iPhones without an owner needing to click a malicious link. Once deployed, attackers using the software could access messages, intercept calls, and use the device as a remote listening device. They also gained access to the camera and more. Apple closed this vulnerability in September 2021. It is believed NSO Group software was used to target the family of murdered Saudi journalist Jamal Khashoggi. The news follows the revelation that the FBI also obtained NSO's Pegasus spyware, b

Computer World Security News
Feb 02, 2022

Start-up emerges with an ‘enterprise browser'
A start-up has emerged from stealth mode to announce what it describes as one of the world's first enterprise-specific browsers, capable of governing how users interact with all SaaS and web applications.

The new Island web browser is based on the widely used Chromium open-source platform. Launched by a company with the same name, Island offers users a familiar online experience while governing what sites they can visit, the data they can view, and what files they can download or upload. Restrictions can be dialed up or down and can be specific to a user's role in an organization.

For example, a user could be surfing the web with the standard Chrome, Edge, or Safari browsers, but if they try to access a site that's off-limits based on the Island settings, they'd be blocked and told to use their secure browser. The Island browser can even stop an employee from taking screenshots of sensitive data, depending on the settings IT admins choose to implement.

To read this article in full, please click here



Computer World Security News
Feb 01, 2022

Why Apple's improved 2FA protection matters to business
Apple has introduced a new layer of protection to its existing two-factor authentication (2FA) system, making it a little harder for phishing attacks to successfully steal valuable authentication credentials.

Given that Apple, PayPal, and Amazon were the top three brands used for successful phishing attacks last year, according to a recent Jamf report, this matters.

Phishing costs billions and is bad for business Phishing is a huge problem. The scale of these attacks shot up during the pandemic. The FBI Internet Crime Report 2020 revealed that phishing attacks affected 241,342 victims in 2020, up from 114,702 in 2019, with adjusted losses of more than $54 billion. Verizon's 2021 Data Breach Investigations Report confirmed that 36% of data breaches that year involved phishing.

To read this article in full, please click here



Computer World Security News
Jan 27, 2022

Jamf CEO weighs in on Apple deployments and enterprise security
"Apple will become the number one device ecosystem in the enterprise by the end of this decade," Jamf CEO Dean Hager told me while introducing an in-depth enterprise security trends report that enterprises should look at.

Apple continues to see incredible growth The nature of enterprise IT is rapidly becoming multiplatform. Jamf recently shared some details concerning the rapid growth in Apple device deployments it is seeing in business. For example, it now has 60,000 active customers, up from 36,000 two years before that - and believes new services such as Apple Business Essentials will help maintain this growth.

To read this article in full, please click here



Computer World Security News
Jan 27, 2022

Test your outrage over Google's new Topics advertising system
Google sure has taken an awful lot of heat over its advertising practices lately.

But why, exactly? Today, I'd like to explore that. I've concocted a four-question quiz that'll gauge your rage and help determine whether it's aimed at the right source or perhaps misplaced. But first, we need to catch up on what exactly is happening right now and how we reached this point.

The whole recent Google advertising debacle started with the crumbling state of the digital cookie, y'see — the pressure for Google to move away from its age-old practice of using tiny (and rather tasty-sounding) tidbits of data provided by websites to see what sort of stuff you're interested in and then show you ads that match those subjects.

To read this article in full, please click here



Computer World Security News
Jan 25, 2022

Will World War III begin in cyberspace?
People die because of cyber wars, even if no bullets are ever fired. Instead, they die in emergency rooms that no longer have power, from broken medical communication networks, and from riots. All of this has happened before. It will happen again. And now, with Russia poised to invade Ukraine and Russian cyberattacks already in motion, we can only hope and pray that what promises to be the first major European war since World War II doesn't spark the next World War.

If it does, I fear the proximate cause won't be Russian T-90 main battle tanks trying to smash their way into Ukraine's capital, Kyiv. It will be the Russian GRU Sandworm hacking group launching a cyberattack that perhaps wrecks the European Union power grid; or knocks out major US internet sites such as Google, Facebook, and Microsoft; or stops 4G and 5G cellular services in their tracks.

To read this article in full, please click here



Computer World Security News
Jan 24, 2022

VPNs and browsers — staying secure while online
In business, we've used Virtual Private Networks (VPNs) for years. But I'm now seeing recommendations  that consumers VPN software to make your Internet connections more private so sites can't snoop on your surfing and other communications. As someone who runs a website that uses IP address reputation as a guide to know who is and is not reputable on my site, using a VPN often assigns you an IP address that's less than stellar. As a result, if you attempt to access sites that check for reputation, such as your bank, you may find yourself blocked.

I'm not against the concept of consumer-based VPN software, but I'm not convinced it's the security panacea many think it is. Users think it's keeping sites from tracking them, or keeping them safe when surfing on coffee shop Wi-Fi. They think it keeps prying eyes from reviewing our web traffic. But all VPN software is not created equal. I recently read new research from Consumer Reports that tested various VPN platforms; I was surprised to find that the top VPN providers included vendors I've not even heard of.

To read this article in full, please click here



Computer World Security News
Jan 20, 2022

Microsoft beefs up Edge's security against zero-day attacks
In the latest release of its Edge beta, Microsoft introduced a new way for IT admins to better secure the Chromium-based browser against web-based attacks.

The release notes for Microsoft Edge Beta Channel describe the new security features as employing several techniques to guard against so-called zero-day exploits; Zero-day exploits are software or network vulnerabilities developers are unaware of, and so they've not been patched.

Imagine if the keylock mechanism on your home's backdoor was faulty and jiggling the doorknob released the latch. Burglars could walk door to door looking for that particular vulnerability and jiggle doorknobs until one opened. Zero days are the same concept, but in cyberspace.

To read this article in full, please click here



Computer World Security News
Jan 19, 2022

How to keep your apps up to date in Windows 10 and 11
Look around a typical Windows desktop. Whether it's running Windows 10 or 11, chances are that it's running at least a couple of dozen Windows applications (.exe files), and at least four dozen Microsoft Store apps. On my local fleet of 10 PCs, the range for applications is from a low of 24 to a high of 120; for Store apps, it ranges from 49 to 81. Such numbers are quite typical, if my online research is at all accurate.

In general, it's considered good security practice to keep apps and applications up-to-date. Why? Because many updates involve security patches and fixes that block potential attacks and prevent unauthorized and unwanted access to applications and their data (and sometimes, the host OS and the PCs they run on). In this story, I will offer some tools to help you streamline this process, along with some instructions on how to put them to work to help you keep your apps and applications current and safe.

To read this article in full, please click here



Computer World Security News
Jan 17, 2022

UK government ignites debate over privacy vs. safety
Most technologists understand that end-to-end encryption in messaging keeps people safe and empowers commerce. But the UK government is launching a publicity blitz to have that layer of protection removed.

The decision will affect every nation the UK does business with, including those that still value the right to privacy and free speech.

Privacy versus safety Rolling Stone reports the UK has developed an emotive ad campaign around child safety to build support for its argument. Of course, this campaign comes nowhere near addressing the threat to free speech, commerce, or privacy in such a move. Naturally, the reaction across most of the tech industry has been a series of shared oaths as people who know about this stuff ask: "Do we have to explain this again?"

To read this article in full, please click here



Computer World Security News
Jan 17, 2022

20 years after Gates' call for trustworthy computing, we're still not there
Do you feel more secure? Is your computing experience more trustworthy these days?

Seriously — you're reading this article on a computer or phone, connecting to this site on an internet shared with your Grandma as well as Russian hackers, North Korean attackers, and lots of teenagers  looking at TikTok videos. It's been 20 years since then-Microsoft CEO Bill Gates wrote his Trustworthy Computing memo where he emphasized security in the company's products.

So are we actually more secure now?

I'm going to keep in mind the side effects from last week's Patch Tuesday security updates and consider them in my answer. First, the good news: I don't see major side effects occurring on PCs not connected to active directory domains (and I haven't seen any showstoppers in testing my hardware at home). I can still print to my local HP and Brother printers. I can surf and access files. So, while I'm not ready yet to give an all-clear to install the January updates, when I do, I doubt you'll see side effects.

To read this article in full, please click here



Computer World Security News
Jan 14, 2022

Patch Tuesday gets off to a busy start for January
For this week's Patch Tuesday, the first of the year, Microsoft addressed 97 security issues, six of them rated critical. Though six vulnerabilities have been publicly reported, I do not classify them as zero-days. Microsoft has fixed a lot of security related issues and is aware of several known issues that may have inadvertently caused significant server issues including:

Hyper-V, which no longer starts with the message, "Virtual machine xxx could not be started because the hypervisor is not running." ReFS (Resilient) file systems that are no longer accessible (which is kind of ironic). And Windows domain controller boot loops. There are a variety of known issues this month, and I'm not sure whether we'll see more issues reported with the January server patches. You can find more information on the risk of deploying these latest updates with our helpful infographic.

To read this article in full, please click here



Computer World Security News
Jan 12, 2022

Cellular networks revolt against Apple privacy moves
Every time Apple attempts to inject a little more privacy into the digital world, it faces pushback - but the evidence suggests opponents would be better off going along for the ride.

A bigger business with more privacy Take Do Not Track for ads and the move to quash IDFA tracking in iOS 14. When Apple first announced its plan, critics across the ad industry complained it would damage their business.

Apple counter-argued that it would simply inspire advertisers to think more creatively about how to reach customers — while also providing more privacy to those customers.  

To read this article in full, please click here



Computer World Security News
Jan 12, 2022

Microsoft touts first PCs to ship natively with secure Pluton chip
As organizations continue to wrestle with how to manage a hybrid workforce, security outside the corporate firewall continues to play a huge role in day-to-day IT operations.

Following the October release of Windows 11, which boasted features aimed at enabling hybrid work, Microsoft last week announced the first PCs with its Pluton chip-to-cloud security technology. The technology is aimed at securing the computers of remote workers and others.

At CES, Microsoft announced that Lenovo and chipmaker AMD have launched the first laptops — the ThinkPad Z13 and ThankPad Z16 — that come natively with the Pluton security chips. Pricing for the ThinkPad Z13 starts at $1,549, pricing for the ThinkPad Z16 starts at $2,099. Both laptops will be available in May and Lenovo said there is no additional cost associated with the Pluton chip inside.

To read this article in full, please click here



Computer World Security News
Jan 11, 2022

Google finds a nation-state level of attacks on iPhone
When it comes to mobile security, users are routinely warned to be extremely careful, avoid suspicious links, emails, and attachments. But the growth of no-click attacks sidesteps these soft defenses.

Google recently drilled into one such attack, which happened to have hit an iPhone. "We assess this to be one of the most technically sophisticated exploits we've ever seen, further demonstrating that the capabilities (one vendor) provides rival those previously thought to be accessible to only a handful of nation states," said the Google advisory.

To read this article in full, please click here



Computer World Security News
Jan 10, 2022

Windows security in '22 — you need more than just antivirus software
Do you need antivirus in 2022 — especially when some options now come with a cryptominers built in?

Several antivirus vendors — some options free, others, paid — have begun bundling their antivirus products with software that generates virtual currency. Of all of the requirements for antivirus, using excess cycles on your computer to generate crypto-coins is not on my list of must-haves.

Recently, Krebs on Security noted that both Norton Antivirus and Avira have told users that versions of their respective software now include a cryptominer. While it's not enabled by default, it still gives me pause; antivirus is supposed to protect us from such potentially unwanted software, and these two vendors are now including it in their wares.

To read this article in full, please click here



Computer World Security News
Jan 10, 2022

How to choose a SaaS management platform
The flood of remote workers at the start of the global pandemic in early 2020 had companies scrambling to find new software for communicating and collaborating with remote workers. Many turned to software-as-a-service (SaaS) options.

Tech Spotlight:

To read this article in full, please click here



Computer World Security News
Jan 07, 2022

Apple is sneaking around its own privacy policy — and will regret it
Apple has a rather complicated relationship with privacy, which it always points to as a differentiator with Google. But delivering on it is a different tale. 

Much of this involves the definition of privacy. Fortunately for Apple's marketing people, "privacy" is the ultimate undefinable term because every user views it differently. If you ask a 60-year-old man in Chicago what he considers to be private, you'll get a very different answer than if you asked a 19-year-old woman in Los Angeles. Outside the US, privacy definitions vary even more. Germans and Canadians truly value privacy, but even they don't agree on what they personally consider private.

To read this article in full, please click here



Computer World Security News
Jan 06, 2022

Microsoft Defender for Endpoint brings remote deployment to iOS
With the latest Microsoft Defender for Endpoint (MDE) preview for iOS, Microsoft has taken another step that should make life easier for IT administrators who need to secure remote iOS devices at the endpoint.

Endpoint protection without the user friction The MDE preview includes a new capability to install Defender for Endpoint remotely and automatically on any devices enrolled in the service. The company first announced its intention to deliver the feature last month.

In practice, this seems relatively friction-free.

To read this article in full, please click here



Computer World Security News
Jan 05, 2022

7 smart steps to get your Android phone in tip-top shape for 2022
Happy New Year! I don't know about you, but I find the start of a fresh voyage around this shiny ol' sun of ours to be a fine time for tidying up, optimizing, and getting good and organized for the months ahead. And while I'd love to pretend I'm the type of person who has one of those disgustingly pristine, clutter-free desks you see on the internet, let me be brutally honest: The physical space around me tends to resemble a half-abandoned hog parlor.

But my Android phone? My Android phone is as orderly as can be, gosh darn it. And if you ask me, that makes far more of a difference than the state of the physical space around me.

Our mobile devices are where we do so much of our actual work and contemplation these days, after all — and yet it's all too easy to overlook the importance of maintaining an optimal arrangement for both productivity and security within 'em. So now, as we gaze ahead at the promise-filled 2022 calendar, join me in taking 10 minutes to get your own trusty Android phone fine-tuned and fully ready for the coming year.

To read this article in full, please click here



Computer World Security News
Jan 04, 2022

How to manually update Microsoft Defender
Microsoft Defender is the built-in anti-malware package that's included with modern Windows operating systems. It's alternatively known as Windows Security (it shows up under Settings as Windows Security) or Windows Defender (sometimes with Antivirus at the end of the name, as in this Microsoft Docs page). But whatever you want to call it, for many Windows users, this tool is the go-to default for handling security on their PCs.To read this article in full, please click here

(Insider Story)

Computer World Security News
Jan 03, 2022

When biometrics can be outsmarted this way, we need to talk
It's one of the sad facts of mobile authentication that the industry tends to initially support the least effective security options. Hence, phones initially supported authentication based on fingerprints (which can be impacted by prescriptions, cleaning products, hand injuries, and dozens of other factors) and then moved on to facial recognition. 

In theory, facial recognition is supposed to be more accurate. Mathematically, that's fair, as it is examining far more data points than scanning a fingerprint. But the reality in the real world is much more problematic. It requires a precise distance from the phone and yet offers no pre-scan markers for the user to know when they hit it correctly. That's one reason I see facial recognition reject a scan roughly 40% of the time — even though it will approve a positive scan two seconds later.

To read this article in full, please click here



Computer World Security News
Dec 29, 2021

Why are your IT people so miserable? Log4j2itis
Instead of holiday toasts, do you hear screams and moans from your server room? Are your IT people sobbing inconsolably even when Amazon Web Services (AWS) is running? Do you walk over sleeping system administrators and developers when you get to the office?

If that's happening to you, let me explain what's happening. Your IT people — a lot of IT people — are suffering from Log4j2itis.

You may have seen some general news about it over the last couple of weeks, as even general news sources are picking up that it's bad news. As Jen Easterly, director of the the US Cybersecurity and Infrastructure Security Agency (CISA), said: "The Log4j vulnerability is the most serious vulnerability I have seen in my decades-long career."

To read this article in full, please click here



Computer World Security News
Dec 23, 2021

How Apple's iCloud Private Relay supports enterprise VPN
Apple's iCloud Private Relay service gives users privacy, security, and convenience. It is best seen as a limited form of virtual private network (VPN) that protects a user's Safari browsing activity from prying eyes. But, is it compatible with your enterprise's existing VPN systems?

(TL;DR: Yes).

To read this article in full, please click here



Computer World Security News
Dec 23, 2021

Privacy-centric DuckDuckGo to release Mac desktop browser
Popular, privacy-centered search engine DuckDuckGo plans to launch a desktop browser for macOS laptops and desktops.

The browser is designed from the ground up to maintain privacy; that means it will not collect information about users and will not install cookies or tracking codes on devices. The company also claims it can block "hidden trackers" before they load.

DuckDuckGo's search engine is already available as a download for mobile devices. In 2019, DuckDuckGo added Apple Maps support and has since added other improvements to how it works on Apple devices.  

To read this article in full, please click here



Computer World Security News
Dec 20, 2021

What's all the fuss with Log4j2?
If you're a Windows user tracking various tech and security websites, you've probably read about the Log4j2 vulnerability that's taken the internet by storm, literally and figuratively. While large firms have application developers that know what code they've used — and thus authoritatively know where their firm may be vulnerable — what if you are a smaller company without such resources? (Or what if you're a home user wondering whether you need to be concerned?)

To read this article in full, please click here



Computer World Security News
Dec 18, 2021

Patching isn't enough for December's Patch Tuesday
This month's Patch Tuesday update is important for several reasons. With 67 unique vulnerabilities addressed, six publicly-reported issues and one already exploited, this month's updates still pale in comparison to dealing with the Log4j issue. (Fortunately, there are no browser or Microsoft Exchange updates and minimal changes to Microsoft Office.)

We have added the Windows updates and Visual Studio updates to our "Patch Now" release cycle recommendations, while Office updates are relegated to a normal release cadence. You can find more information on the risk of deploying these Patch Tuesday updates in this infographic.

To read this article in full, please click here



Computer World Security News
Dec 16, 2021

EU ‘gig worker' rules look to rein in algorithmic management
Companies who employ "gig" workers would have to provide greater transparency about the use of algorithmic management and monitoring under rules proposed by the European Commission last week. The rules, if they go into effect, should be expanded to all workers subject to management by automated systems, according to workplace experts.

As with other European Union legislation, the rules would affect US companies with gig workers in the region.

To read this article in full, please click here



Computer World Security News
Dec 15, 2021

Did Apple send its controversial CSAM scanning back to the lab?
Apple appears to have stepped back on its least popular innovation since the Butterfly Keyboard, stealthily slicing mentions of its controversial CSAM scanning/surveillance tech from its website following widespread criticism of the idea.

Child protection tools The company in August announced plans to introduce ‘surveillance as a service' on iPhones.

At that time, it revealed new communication safety features now available in iOS 15.2 and another tool - including the capacity to scan a user's devices against a set of data to identify child sexual abuse material (CSAM). If such material was discovered, the system flagged that user up for investigation.

To read this article in full, please click here



Computer World Security News
Dec 15, 2021

Android security checkup: 16 steps to a safer phone
Android security is always a hot topic on these here Nets of Inter — and almost always for the wrong reason.

As we've discussed ad nauseam over the years, most of the missives you read about this-or-that super-scary malware/virus/brain-eating-boogie-monster are overly sensationalized accounts tied to theoretical threats with practically zero chance of actually affecting you in the real world. If you look closely, in fact, you'll start to notice that the vast majority of those stories stem from companies that — gasp! — make their money selling malware protection programs for Android phones. (Pure coincidence, right?)

To read this article in full, please click here



Computer World Security News
Dec 14, 2021

Why you should install the latest Apple updates
If you use a Mac and an iPad to get things done, the fact that Apple hasn't yet introduced Universal Control (now promised for spring), might put you off installing the latest Apple updates — iOS 15.2, iPadOS 15.2 and macOS 12.1.

But there are very good reasons to do so.

The update that fixed the internet Last week news arrived of a nasty vulnerability in Apache's Log4j software library that could easily be used to steal data and credentials from web services and install software onto servers running Log4j.

To read this article in full, please click here



Computer World Security News
Dec 13, 2021

After a rocky year for patching, a look ahead to ‘22
For Windows users, it's been a rough year for security vulnerabilities and patches. Now, my view about these kinds of problems is always a bit jaded. I pay attention to what people post about on the Askwoody forums, and they typically don't say much if they have no problems. All I see are people with issues, not those with systems that install patches and reboot just fine.

That said, Windows servicing still genuinely concerns me at times. Before I look ahead to 2022, I want to dwell a bit on where we are now.

To read this article in full, please click here



Computer World Security News
Dec 09, 2021

Apple should enforce the App Store privacy promise
A Financial Times report seems to argue that Apple has allowed app developers to collect customer data from iPhone users without their permission. This isn't a new story, but shows that those of us who have denied App Tracking permission may still be tracked, thanks to a loophole.

When privacy…isn't Apple's decision to introduce App Tracking Privacy controls generated lots of controversy and considerable pushback from Facebook. The latter even complained it would make life hard for small businesses. Apple took a little time, but introduced it all the same.

To read this article in full, please click here



Computer World Security News
Dec 08, 2021

Designer smartphone hacks will trickle down in 2022
What happens to state-sponsored smartphone hacks when they're uncovered? They get reverse-engineered and enter the cybercrime underworld, of course.

There is no ‘safe' back door The inconvenient truth is there is no such thing as a safe back door into smartphone security. Authoritarian governments may force smartphone platform developers to create them, but they make everyone less safe as those exploits will be identified and criminals - who are just as smart as government developers and (sometimes) the same people - will eventually find and exploit them.

To read this article in full, please click here



Computer World Security News
Dec 07, 2021

A look at Microsoft's patches and fixes in 2021 — the year of change
As we near the end of another year, I like to look back at the past 12 months in patching from MIcrosoft. What changed (a lot), what didn't (patch-related problems). We began 2021 thinking Windows 10 would continue to be serviced and updated as usual, for instance. We end the year knowing different. (I'll have some predictions for 2022 next week.)

We now know that Windows 10 will not receive updates indefinitely. Earlier this year, Microsoft unveiled Windows 11 and announced it would need certain hardware and Trusted Platform Module installed before machines would receive new OS. Given that most users only have hardware that will support Windows 10, many will be running the older OS until 2025. Microsoft already announced it will be providing security updates for Windows 10 until then and will move to an annual feature release model — matching the cadence for Windows 11. (My prediction for 2025: Microsoft will offer extended security patches for even consumer versions of Windows 10 because so many of us will have still usable machines unable to update to Windows 11. Come back in 2025 and we'll see if I'm right.)

To read this article in full, please click here



Computer World Security News
Dec 02, 2021

Podcast: What Apple's lawsuit against NSO Group means for digital rights
Last week, Apple filed a lawsuit against NSO Group, the technology firm behind the Pegasus spyware. In its lawsuit, Apple seeks to hold NSO Group accountable for alleged surveillance of select iPhone users, as well as ban the firm from using any Apple products. While digital rights activists commend Apple for standing up for privacy rights, they say they want to ensure that the precedent set by the case applies only to bad actors and not organizations in support of user privacy. Computerworld executive editor Ken Mingis and senior reporter Lucas Mearian join Juliet to discuss what the lawsuit means for Apple, those affected by the spyware and digital rights overall.

To read this article in full, please click here



Computer World Security News
Dec 02, 2021

How to use FileVault to protect business data on Macs
If you run a business on Macs (and many companies do) then you should become familiar with FileVault, the disk encryption system that's built into macOS. When used properly, it makes it extremely hard for any malicious person to access your company's confidential data in the event your Mac is lost or stolen.

What's the problem FileVault tries to solve? Most businesses possess various forms of sensitive data. This might include corporate  or supplier data, confidential order books, financial records, contact names and addresses, and more. That information has business value, but if compromised could also place you, your employees, or your customers at risk. In many industries, protection of such information is mandatory and legally required.

To read this article in full, please click here



Computer World Security News
Nov 30, 2021

Rise in employee monitoring prompts calls for new rules to protect workers
As remote work rose sharply during the COVID-19 pandemic, many businesses sought ways to keep track of workers no longer in the direct sight of managers. Now, with remote work strategies still in place — and office re-openings being pushed back —, the use of monitoring tools continues to grow.

In fact, the use of new and increasingly powerful technologies to manage and monitor workers has become so common that there are growing calls for regulators in the U.K. and U.S to update rules to protect employees.

"We have seen a significant increase of interest in employee monitoring technology through the pandemic," said Helen Poitevin, VP analyst at Gartner focusing on human capital management technologies. "This continues as organizations plan for hybrid work environments, with employees working more flexibly from home and at the office." 

To read this article in full, please click here



Computer World Security News
Nov 29, 2021

How to get more out of Edge (and bolster its security)
I use Edge, the built-in browser in Windows, though I'm very much in the minority. I even think it has the potential to be a better browser than Firefox or Chrome. Case in point: the recent "Super Duper Secure Mode" that has rolled out to the default Edge version after being in beta channels for several weeks. (Let's call it the "SDSM" setting.)

As noted in a past Edge blog post, SDSM provides additional security features that allows you to disable just-in-time Javascript and then enable Controlflow-Enforcement Technology (CET) instead. Just-in-time Javascript has been used in many zero-day browser attacks in the past — thus, blocking it will help protect our systems and platforms going forward. In my testing so far, I have not seen any side effects running Edge in this mode ,even when doing online shopping or banking.

To read this article in full, please click here



Computer World Security News
Nov 26, 2021

Apple's NSO lawsuit targets illegal spying by oppressive regimes
Apple says its lawsuit against NSO Group this week is an attempt to hold the surveillance firm "accountable for ... the surveillance and targeting of Apple users." And it spared no ire in accusing the Israeli spyware company of its selling surveillance software to authoritarian governments — regardless of whether those governments use it to target dissidents, journalists, and activists.

NSO Group was already facing legal problems after messenger platform provider WhatsApp filed suit in 2019 for similar reasons. Earlier this month, the US Ninth Circuit Court of Appeals rejected the spyware company's claim that it should be protected under sovereign immunity laws. In the high-profile case, WhatsApp alleged NSO's spyware was used to hack 1,400 users of the messaging app.

To read this article in full, please click here



Computer World Security News
Nov 24, 2021

Apple pulls no punches in lawsuit against 'amoral' NSO Group
Apple has punched back against the "amoral" surveillance as a service industry of smartphone snoopers, filing suit against the NSO Group and its owner, Q Cyber Technologies, and taking steps to further secure digital lives.

Why this should matter to your business Israeli firm NSO Group is a spyware firm that provides surveillance services to governments. It effectively privatizes state-sponsored snooping and enables even the most repressive government to outsource such tasks. It has been widely reported that software from NSO Group was used to target family members of murdered Saudi journalist Jamal Khashoggi.

To read this article in full, please click here



Computer World Security News
Nov 23, 2021

Ransomware is a threat, even for the smallest of businesses
If I've heard it once, I've heard it a million times: "My business is too small for a cyber crook to bother with me." Oh, my friend you are so, so wrong. No company is too big or too small for a ransomware dealer to come knocking at your virtual door.

A recent report from Webroot, The Hidden Costs of Ransomware, found the vast majority—85%—of managed service providers (MSPs) have reported attacks against small and midsized businesses (SMBs). Despite that appallingly high number, just 28% of SMBs consider ransomware a worry.

To read this article in full, please click here



Computer World Security News
Nov 17, 2021

A 20-second tweak for smarter, simpler Android security
Security is important. That much is obvious, right?

And despite all the over-the-top, hilariously sensational headlines suggesting the contrary, the most realistic security threats on Android aren't from the big, bad malware monster lurking in the shadows and waiting to steal your darkest secrets whilst drinking all of your cocoa.

Nope — the biggest risk to your security on Android is (drumroll, please...) you. The likelihood that you'll at some point provide personal information to an ill-intending person or fail to properly secure an account in some way is without a doubt the most realistic threat to your virtual wellbeing. Malware? Meh. That's rarely scary in anything more than a theoretical sense.

To read this article in full, please click here



Computer World Security News
Nov 16, 2021

Microsoft releases its Windows 10 November 2021 update
Microsoft today announced the general availability of Windows 10 November 2021, also known as version 21H2, which includes new security, management, and virtualization features.

Microsoft reiterated that Windows 10 will continue to receive support until October 2025 and said the Windows 10 release cadence will join Windows 11 in returning to just one feature update a year from here on out.

The company also posted an online comparison of the features between the latest version of Windows 10 21H2 and Windows 11.

To read this article in full, please click here



Computer World Security News
Nov 16, 2021

Stop looking over my shoulder!
Prospect, a 150,000-member U.K. trade union for technology professionals, recently reported that nearly one in three U.K. workers is now being monitored by their employer both at the job site and in their own homes. This is not acceptable. And it never has been.

As Prospect General Secretary Mike Clancy said, "We are used to the idea of employers checking up on workers, but when people are working in their own homes, this assumes a whole new dimension. New technology allows employers to have a constant window into their employees' homes, and the use of the technology is largely unregulated by the government. We think that we need to upgrade the law to protect the privacy of workers and set reasonable limits on the use of this snooping technology, and the public overwhelmingly agrees with us."

To read this article in full, please click here



Computer World Security News
Nov 15, 2021

Store your corporate card on an iPhone? Uh-oh
Apple and Google (and especially Visa) last week gave us yet another example of how security and  convenience are often at odds with each. And it looks like they opted for convenience.

The latest issues speaks to only a subset of iPhone and Android users — specifically, those who use their phones for mass transit payments. If you think of how subways work in a major city (I'll use New York City as an example), they require extreme speed. Using facial recognition or entering a PIN right before paying to get on the subway would dramatically slow down the line. 

Instead of allowing authentication to happen earlier — say, perhaps within five minutes of a transaction — or by accelerating the process to a split second, Apple, Google, and Visa apparently chose to forego any meaningful authentication. (Note: I am focusing on Visa because the hole still exists for it. MasterCard and others have already patched the flaw.)

To read this article in full, please click here



Computer World Security News
Nov 12, 2021

Updates to Exchange and Microsoft Installer drive Patch Tuesday testing
This is a relatively light Patch Tuesday update from Microsoft, though wo significant vulnerabilities in the Windows platform (CVE-2021-38631 and CVE-2021-41371), both relating to Remote Desktop Protocol handling, have been disclosed and are lending some urgency to applying Windows updates. And we have another technically challenging update to Microsoft Exchange Server to manage as well.

To read this article in full, please click here



  • CEOExpress
  • 1 Boston Place | Suite 2600
    Boston MA 02108
  • Contact
  • As an Amazon Associate
    CEOExpress earns from
    qualifying purchases.

©1999-2022 CEOExpress Company LLC