NEWS: COMPUTER WORLD SECURITY NEWS
Setup News Ticker
   NEWS: COMPUTER WORLD SECURITY NEWS
Computer World Security News
Oct 16, 2021

Four zero-day exploits add urgency to October's Patch Tuesday
October brings four zero-day exploits and 74 updates to the Windows ecosystem, including a hard-to-test kernel update (CVE-2021-40449) that requires immediate attention and an Exchange Server update that requires technical skill and due diligence (and a reboot). The testing profile for the October Patch Tuesday covers Windows error handling, AppX, Hyper-V and Microsoft Word. We recommend a Patch Now schedule for Windows and then staging the remaining patch groups according to your normal release pattern.

To read this article in full, please click here



Computer World Security News
Oct 15, 2021

Experts call Apple's CSAM scheme 'a dangerous technology'
Apple's decision to postpone introduction of its controversial client-side scanning (CSS) CSAM-detection system looks like an even better idea amid news governments already want to use the controversial tools for other forms of surveillance.

A 'dangerous technology' In a new report, an influential group of 14 internationally reputed security researchers have said such plans represent a "dangerous technology" that expands state surveillance powers. They warn the client-side scanning system, if used "would be much more privacy invasive than previous proposals to weaken encryption. Rather than reading the content of encrypted communications, CSS gives law enforcement the ability to remotely search not just communications, but information stored on user devices."

To read this article in full, please click here



Computer World Security News
Oct 15, 2021

Windows 11 and the need for better BIOS integration
Disclosure:  The vendors listed are clients of the author.

Microsoft DOS and then Windows have gone through several evolutions over the years. When Windows first arrived, it was a User Interface (UI) shell on top of DOS. Then Windows 95 absorbed DOS to create something new — but didn't include security. Windows 8 tried to absorb the smartphone experience, failed, but essentially made third-party anti-virus software obsolete.  

Windows 10 took security a few steps farther (and integrated a better digital assistant, Cortana, that few people ever used). And now, with  Windows 11, Microsoft has begun to integrate hardware security without integrating PC firmware (BIOS). Due to issues with the move to Windows 11, I think the next integration will be BIOS.

To read this article in full, please click here



Computer World Security News
Oct 14, 2021

How to choose the right UEM platform
Endpoint devices have become so ubiquitous, connected, and data-intensive that they are among the most valuable technology assets an organization has today. They're also some of the biggest security risks. It's no surprise, then, that managing the large and growing number of smartphones, laptops, tablets, desktops, and other end-user products is a high priority for IT.

For a growing number of enterprises, unified endpoint management (UEM) is the method of choice for keeping management of endpoints from descending into chaos. UEM platforms are designed to simplify the management of devices and enhance the security of heterogeneous environments.

To read this article in full, please click here



Computer World Security News
Oct 13, 2021

Apple warns: Sideloading apps threatens an iCrime wave
Apple is fighting back against growing pressure to support sideloading on its App Stores with an extensive 28-page white paper in which it offers stark security and privacy warnings.

The risks of sideloading The white paper, "Building a Trusted Ecosystem for Millions of Apps - a Threat analysis of Sideloading" argues that because iPhones and other devices capture so much personal information about people, maintaining privacy and security is critical."Supporting sideloading through direct downloads and third-party app stores would cripple the privacy and security protections that have made iPhone so secure, and expose users to serious security risks," the company said.

To read this article in full, please click here



Computer World Security News
Oct 07, 2021

HP Wolf Security: A New Breed of Endpoint Security
As technology evolves, cybercriminals are more sophisticated, organised, and determined than ever. With constant changes in the workplace, how can you safeguard your PCs, printers and people from circling cyber predators?

To read this article in full, please click here



Computer World Security News
Oct 07, 2021

Google now tells criminals when Chrome users are 'idle.' What could go wrong?
When Google released Chrome 94 for Android (and desktop), it slipped in some naughty capabilities via an API called Idle Detection.  

"The Idle Detection API notifies developers when a user is idle, indicating such things as lack of interaction with the keyboard, mouse, screen, activation of a screensaver, locking of the screen, or moving to a different screen. A developer-defined threshold triggers the notification," Google said in a blog post. "Applications that facilitate collaboration require more global signals about whether the user is idle than are provided by existing mechanisms that only consider a user's interaction with the application's own tab."

To read this article in full, please click here



Computer World Security News
Oct 04, 2021

How one coding error turned AirTags into perfect malware distributors
One of the more frightening facts about mobile IT in 2021 is that simplicity and convenience are far too tempting in small devices (think AppleWatch, AirTags, even rings that track health conditions, smart headphones, etc.). 

Compared with their laptop and desktop ancestors, they make it far more difficult to check that URLs are proper, that SPAM/malware texts/emails don't get opened and that emlpoyees follow the minimal cybersecurity precautions IT asks. In short, as convenience ramps up, so do security risks. (Confession: Even though I try to be ultra-vigilant with desktop emails, I do periodically — far more often than I should — drop my guard on a message coming through my AppleWatch.)

To read this article in full, please click here



Computer World Security News
Oct 04, 2021

How to make sense of Microsoft's upcoming mail security changes
With Microsoft about to shut off some versions of Outlook from access to Microsoft 365 and Outlook 365 services — that happens Nov. 1 — it's important to remember this isn't the only change coming for Outlook. A second change scheduled for next year may have a bigger impact on how you connect your email client — and may affect other email apps, too.

Because it could affect many users and businesses, Microsoft is giving everyone fair warning — a year in advance. On Oct. 1, 2022, Microsoft will be disabling basic authentication for its online mail services. This isn't the first time the company has warned us about this. It had planned to disable authentication earlier this year before realizing it couldn't do so without impacting businesses and users still struggling amid the pandemic. Hence, the delay.

To read this article in full, please click here



Computer World Security News
Oct 01, 2021

Apple deepens its engagement in enterprise security
The switch to mobile and remote work exposed grim security realities for many companies during the pandemic, and this seems to be driving change at the very top of the tech tree. For example, Apple has joined the Cyber Readiness Institute (CRI) as a co-chair.

Apple takes a seat The Institute focuses on helping SMBs (small and mid-sized businesses) improve security practices by developing free resources to help them. This builds on the work platform providers already do to secure their platforms by educating and preparing enterprise customers with enhanced security awareness.

To read this article in full, please click here



Computer World Security News
Sep 28, 2021

Chrome, Edge kick off faster release cadence; enterprises can skip versions
Google's Chrome and Microsoft's Edge began their every-four-weeks release cadence with the launch last week of version 94 of each browser.

Google released Chrome 94 on Sept. 21, while Microsoft issued Edge 94 three days later, on Sept. 24.

From those dates, Chrome and Edge will upgrade every four weeks. Chrome 95 and Edge 95, for example, will debut Oct. 19 and Oct. 21, respectively. There will be exceptions to that pace for holidays, however. For instance, Chrome 96, the final version of 2021, will release Nov. 16, and be followed by Chrome 97 on Jan. 4, 2022, a seven-week interval.

Google announced the then-upcoming change to a more frequent release schedule in early March; Microsoft quickly followed with news of its own several days later.

To read this article in full, please click here



Computer World Security News
Sep 28, 2021

Apple, 1Password, and Cloudflare all move to protect email
Apple's new Hide My Email feature, designed to protect users against phishing attacks and unwanted marketing spam, has swiftly become but one of a variety of options now available.

The river becomes a flood For a very long time, the daily ritual of checking email accounts has been one in which many of us must first delete the majority of messages received because our addresses have been sold all over the place. Spam filters help, but in my experience plenty gets through — and you can't easily tell who shared your address(es) in the first place.

Everyone is at it. Capturing and selling email addresses and data about people is a big business. Not only that, but most privacy and security breaches begin with phishing emails carrying suspect links and fraudulent requests for personal information.

To read this article in full, please click here



Computer World Security News
Sep 28, 2021

On app tracking, both Android and iOS have to do better
Mobile app use continues to climb in enterprises worldwide, and it won't be long before almost all employee/contractor communications take place over mobile devices. That's why it's such a threat to security and compliance that mobile apps have extensive access to everything on a device — and few limitations on what those apps can share.

Apple argues that it's already doing something about this in iOS with its app tracking transparency push. But a report in The Washington Post last week undermines the company's promises. Why? Because Apple has been trusting app vendors to actually do what they agree to do. (No one could have foreseen that blowing up.)

To read this article in full, please click here



Computer World Security News
Sep 27, 2021

Survey says! What my informal survey shows about Windows
Several weeks ago, I asked readers to answer 11 questions about Windows. More than 1,000 people submitted responses, and while the results aren't statistically valid, they do shed light on attitudes to Microsoft's operating system

What do users run? Not surprisingly, most respondents (74.75%) run some variation of Windows 10, with another 9.7% still on Windows 7. Linux was third, with 5.94%; "other" — a mixture of Windows 11, Windows XP, Chromebook, and even one Windows 98 user — had 4.55%. (I'm just hoping Windows 98 wasn't used to answer the online survey questions.) The Mac was next, with 1.98%, followed by a smattering of phone platforms.

To read this article in full, please click here



Computer World Security News
Sep 24, 2021

Apple needs to act against fake app-privacy promises
Apple will need to become more aggressive in how it polices the privacy promises developers make when selling apps in the App Store. What can enterprise users do to protect themselves and their users in the meantime?

What's the problem? Some developers continue to abuse the spirit of Apple's App Store Privacy rules. This extends to posting misleading information on App Privacy Labels, along with outright violation of promises not to track devices. Some developers continue to ignore do-not-track requests to exfiltrate device-tracking information.

To read this article in full, please click here



Computer World Security News
Sep 22, 2021

MSRT vs. MSERT: When to use each Windows malware tool
Microsoft provides Windows users with two tools that offer malware scanning and repair services, should those scans turn up anything in need of fixing. One is named MSRT; the other runs an executable called MSERT.To read this article in full, please click here

(Insider Story)

Computer World Security News
Sep 20, 2021

A penchant for patching: After 20 years, the system's still a mess
As a Microsoft Patch Lady, I've been patching computers and servers for more than 20 years. We started with a process that wasn't well planned. We had no set day or time for when patches were released, and no way to centrally manage and deploy updates. Over the years Microsoft has moved to a more dependable deployment plan and the ability to manage updates through platforms ranging from Windows Update to Windows Software Update Services to Cloud services.

So things should be better now, right? We've had 20 years to get this right.

And yet, here's what I've seen regarding patching in just the last week.

We are now on three months and counting of continuing issues with printing caused by patches. (This month included yet another fix for another print spooler vulnerability.) I've seen businesses dealing with new side effects directly impacting printing and, interestingly enough, these are businesses that didn't have problems with earlier updates. This month, Windows 10 peer-to-peer networks appear to be the most affected. (FYI: The trigger for all of these printer issues seems to be older Type 3 printer drivers. Moving to type 4 drivers might help if that's an option for you.)

To read this article in full, please click here



Computer World Security News
Sep 17, 2021

Legacy apps are at risk with the September Patch Tuesday update
This week's Patch Tuesday was an unusual update from Microsoft and we have added Windows, the Microsoft development platform, and Adobe Reader to our "Patch Now" schedule.

These updates are driven by the zero-day patch (CVE-2021-40444) to the core Microsoft browser library MSHTML. In addition to leading to significant remote code execution worries, this update may also lead to unexpected behaviours in legacy applications that depend on or include this browser component. Be sure to assess your portfolio for key apps that have these dependencies and perform a full functionality test before deployment. (We have identified some key mitigation strategies for handling ActiveX controls and for protecting your system during your testing and deployment phases.)

To read this article in full, please click here



Computer World Security News
Sep 16, 2021

It's been a big week for patches
This week brought updates that I consider critical for the "Big Three" — my operating system (Windows), my browser (Google Chrome) and my phone (from Apple). All three releases patch major zero-day vulnerabilities on all three platforms.

While I strongly recommend that you patch Chrome and your iPhone as soon as possible, I always recommend that you hold back on updating Windows. That remains true — at least until we see whether there are any trending side effects from the Patch Tuesday updates.

Let's break down the patching to do right away.

First, prioritize patching Apple devices. Among this week's patches is one for Pegasus spyware, which can open up access to the camera and microphone as well as text messages, phone calls, and emails.  iPhones, in particular, have been targeted. Apple typically pushes these updates overnight if your phone is plugged in and charging (and connected to the Internet). If you want to make sure your iPhone has received the update, click on Settings, then General, then tap Software Update. Typically, after my iPhone updates, some apps may need passwords again. I personally try to save critical ones in the iCloud keychain. Look for patches for iOS 14.8 and iPad OS 14.8, and Security Update 2021-005 for macOS Catalina and Big Sur 11.6.

To read this article in full, please click here



Computer World Security News
Sep 16, 2021

Windows 11: Just say no
It will be one thing, say, later this year or in 2022, to buy a new PC with Windows 11. We can be reasonably certain that Windows 11 will run on your new Dell, HP, or Lenovo PC. Maybe some of your drivers and programs won't run, but Windows 11 itself? No problem.

But, if you want to update your existing computers, especially those that have a few years on them — that's another story. It's difficult to know whether any given computer will run Windows 11, which arrives Oct. 5. Yes, there's Microsoft's PC Health Check app and other programs to determine whether you can run Windows 11. But Microsoft pulled it the first time around and I'm none too sure how reliable it is this time around.

To read this article in full, please click here



Computer World Security News
Sep 14, 2021

Apple hits the alarm with multi-OS emergency update to patch zero-click flaw
Apple on Monday issued emergency security updates for iOS, macOS and its other operating systems to plug a hole that Canadian researchers claimed had been planted on a Saudi political activist's device by NSO Group, an Israeli seller of spyware and surveillance software to governments and their security agencies.

Updates to patch the under-active-exploit vulnerability were released for iOS 14; macOS 11 and 10, aka Big Sur and Catalina, respectively; iPad OS 14; and watchOS 7.

According to Apple, the vulnerability can be exploited by "processing a maliciously crafted PDF," which "may lead to arbitrary code execution." The phrase "arbitrary code execution" is Apple's way of saying that the bug was of the most serious nature; Apple does not rank threat level of vulnerabilities, unlike operating system rivals such as Microsoft and Google.

To read this article in full, please click here



Computer World Security News
Sep 03, 2021

Apple backs off controversial child-safety plans
In a surprise Friday announcement, Apple said it will take more time to improve its controversial child safety tools before it introduces them.

More feedback sought The company says it plans to get more feedback and improve the system, which had three key components: iCloud photos scanning for CSAM material, on-device message scanning to protect kids, and search suggestions designed to protect children.

To read this article in full, please click here



Computer World Security News
Sep 02, 2021

Podcast: Windows 11 overview: Hardware requirements, security updates and upgrade confusion
Microsoft will launch Windows 11 on October 5, but not every PC will be eligible for an immediate upgrade. Rollout will last well into 2022 for machines that meet the necessary hardware requirements, and Windows 10 will be supported through October 2025. But, there's still some confusion about what hardware is required to support Windows 11's beefed up security measures. Computerworld executive editor Ken Mingis and contributing editor Preston Gralla join Juliet to discuss Windows 11 security, whether it will require new hardware and what IT needs to know before upgrading. 

To read this article in full, please click here



Computer World Security News
Sep 02, 2021

Windows 11 overview: Hardware requirements, security updates and upgrade confusion
Microsoft will launch Windows 11 on October 5, but not every PC will be eligible for an immediate upgrade. Rollout will last well into 2022 for machines that meet the necessary hardware requirements, and Windows 10 will be supported through October 2025. But, there's still some confusion about what hardware is required to support Windows 11's beefed up security measures. Computerworld executive editor Ken Mingis and contributing editor Preston Gralla join Juliet to discuss Windows 11 security, whether it will require new hardware and what IT needs to know before upgrading.

Computer World Security News
Sep 02, 2021

How to go incognito in Chrome, Edge, Firefox and Safari
Private browsing. Incognito. Privacy mode.

Web browser functions like those trace their roots back more than a decade, and the feature — first found in a top browser in 2005 — spread quickly as one copied another, made tweaks and minor improvements.

Protect Your Privacy Online privacy: Best browsers, settings, and tips How to protect your privacy in Windows 10 How to stay as private as possible on the Mac The ultimate guide to privacy on Android How to stay as private as possible on Apple's iPad and iPhone But privacy-promising labels can be treacherous. Simply put, going "incognito" is as effective in guarding online privacy as witchcraft is in warding off a common cold.

To read this article in full, please click here



Computer World Security News
Sep 02, 2021

How to go incognito in Chrome, Edge, Firefox, and Safari
Private browsing. Incognito. Privacy mode.

Web browser functions like those trace their roots back more than a decade, and the feature — first found in a top browser in 2005 — spread quickly as one copied another, made tweaks and minor improvements.

Protect Your Privacy Online privacy: Best browsers, settings, and tips How to protect your privacy in Windows 10 How to stay as private as possible on the Mac The ultimate guide to privacy on Android How to stay as private as possible on Apple's iPad and iPhone But privacy-promising labels can be treacherous. Simply put, going "incognito" is as effective in guarding online privacy as witchcraft is in warding off a common cold.

To read this article in full, please click here



Computer World Security News
Aug 30, 2021

Triggered by email? Some thoughts on how to stay safe
I got an email the other day, and it was nearly impossible for me to tell at first whether it was legitimate. Given that some vulnerabilities can gain access to your system if you merely preview an email in Outlook, I get nervous. But I do need to determine when an email is safe.

First and foremost, a healthy dose of skepticism is important. Always ask yourself whether the platform you're using is patched and ready to fend off attacks. If, for instance, you're still using a version of Outlook that's no longer supported, you are at risk; never open an unexpected email in an unpatched Office suite. You're better off migrating to a newer email client that offers better protection. There are many third-party email clients that can be useful alternatives to Outlook. Thunderbird, eM Client, and Mailbird are three options I've found to be good — if you simply need light email and calendaring.

To read this article in full, please click here



Computer World Security News
Aug 30, 2021

What is Windows Hello? Microsoft's biometrics security system explained
Windows Hello is a biometrics-based technology that enables Windows 10 users (and those who update to Windows 11) to authenticate secure access to their devices, apps, online services and networks with just a fingerprint, iris scan or facial recognition. The sign-in mechanism is essentially an alternative to passwords and is widely considered to be a more user friendly, secure and reliable method to access critical devices, services and data than traditional logins using passwords.

"Windows Hello solves a few problems: security and inconvenience," said Patrick Moorhead, president and principal analyst at Moor Insights & Strategy. "Traditional passwords are unsafe as they are hard to remember, and therefore people either choose easy-to-guess passwords or write down their passwords."

To read this article in full, please click here



Computer World Security News
Aug 26, 2021

Apple: It's time to bolster supply chain security
Supply chains are vulnerable to cyberattack and for the good of your business, it's time to move to secure them as best you can, according to Apple and the White House.

Apple to secure the tech supply chain That's one item of news to emerge following a high-level cybersecurity meeting between US President Joseph Biden and big tech firms, including Apple, IBM, Microsoft, Google, Amazon, and others. Most of the companies who attended the meeting have since announced plans to beef-up security resilience and awareness, with a focus on training and security awareness.

To read this article in full, please click here



Computer World Security News
Aug 20, 2021

The Windows print nightmare continues for the enterprise
Okay, Microsoft, we need to talk. Or rather, we need to print. We really do. We aren't all paperless out here in the business world — many of us still need to click the Print button inside our business applications and print things out on an actual sheet of paper, or send something to a PDF printer. But over the last several months you've made it near impossible to stay fully patched and keep printing.

Case in point: the August security updates.

Microsoft made a change in how Group Policy printers are handled when it changed the default Point and Print behavior to address "PrintNightmare" vulnerabilities affecting the Windows Print Spooler service. As noted in KB5005652, "by default, non-administrator users will no longer be able to do the following using Point and Print without an elevation of privilege to administrator:

To read this article in full, please click here



Computer World Security News
Aug 18, 2021

How to protect your privacy in Windows 10
There has been some concern that Windows 10 gathers too much private information from users. Whether you think Microsoft's operating system crosses the privacy line or just want to make sure you protect as much of your personal life as possible, we're here to help. Here's how to protect your privacy in just a few minutes.

Note: This story has been updated for the Windows 10 May 2021 Update, version 21H1. If you have an earlier release of Windows 10, some things may be different.

[ Further reading: 15 ways to speed up Windows 10 ] Turn off ad tracking At the top of many people's privacy concerns is what data is being gathered about them as they browse the web. That information creates a profile of a person's interests that is used by a variety of companies to target ads. Windows 10 does this with the use of an advertising ID. The ID doesn't just gather information about you when you browse the web, but also when you use Windows 10 apps.

To read this article in full, please click here



Computer World Security News
Aug 16, 2021

How to use iCloud Keychain to audit your passwords
Reports of a massive 100 million account data leak at T-Mobile should encourage any Apple user to double-check password and account security. Here's how to do that using Keychain.

iCloud Keychain to the rescue Apple's built-in password manager is called iCloud Keychain. It securely stores your saved account information such as account names and passwords across all your signed-in devices. It will automatically enter this information for you when you access an app or service.

To read this article in full, please click here



Computer World Security News
Aug 13, 2021

The focus for August's Patch Tuesday? Printing
This month Microsoft offered up a relatively light Patch Tuesday, rolling out 44 patches for its Windows, Office, and development platforms. To read this article in full, please click here

(Insider Story)

Computer World Security News
Aug 13, 2021

Apple's botched CSAM plan shows need for digital rights
From the NSO Group's ghastly iPhone hack to Apple's recently revealed system to scan user devices, it's time to put an end to the endless mission creep from tech convenience to surveillance.

Apple fixes one problem, creates another Take Apple, for example. The brouhaha surrounding its decision to invent a technology to scan user images for CSAM material has apparently "surprised" the company.

To read this article in full, please click here



Computer World Security News
Aug 10, 2021

Apple's anti-porn overreach — good intent, bad execution
Oh, Apple. Can't you weigh into anything without making a mess?

The latest: Apple wants to use its extensive powers to fight child pornography. As is typical, the company  has good intentions, wants to advance a great goal — and then uses such overreach as to give people dozens of reasons to oppose them. To paraphrase the old adage, the road to hell in this case starts at One Apple Park Way. Alternatively, think of Cupertino as where good ideas go to become monstrous executions.

This started last week with Apple announcing plans to do something to slow down child pornography and children being taken advantage of. Fine, so far. Its tactics include telling parents when their offspring download nude or otherwise erotic imagery. Before we get into the technology aspects of all of this, let's briefly consider the almost infinite number of ways that this could go bad. (Maybe that's where the old Apple headquarters got its Infinity Loop name.)

To read this article in full, please click here



Computer World Security News
Aug 09, 2021

Apple says it won't expand controversial CSAM technology
Apple has tried to deflect criticism of its controversial CSAM protection system, but in doing so has illustrated just what's at stake.

The big conversation Apple last week announced it would introduce a collection of child protection measures inside iOS 15, iPad OS 15 and macOS Monterey when the operating systems ship this fall.

To read this article in full, please click here



Computer World Security News
Aug 06, 2021

Apple's plan to scan US iPhones raises privacy red flags
Apple has announced plans to scan iPhones for images of child abuse, raising immediate concerns regarding user privacy and surveillance with the move.

Has Apple's iPhone become an iSpy? Apple says its system is automated, doesn't scan the actual images themselves, uses some form of hash data system to identify known instances of child sexual abuse materials (CSAM) and says it has some fail-safes in place to protect privacy.

To read this article in full, please click here



Computer World Security News
Aug 04, 2021

This Vultur app takes malicious to the next level
A Netherlands security research firm has uncovered a new Android dropper app, dubbed Vultur, that delivers legitimate functionality, then silently shifts into malicious mode when it detects banking and other financial activities.

Vultur, found by ThreatFabric, is a keylogger that captures financial institution credentials by piggybacking  on the current banking session and stealing funds right away — invisibly. And just in case the victim realizes what is happening, it locks down the screen.

(Note: Always have your bank's phone number so that a direct call to a local branch might save your money — and keep the number on paper. If it's on your phone and the phone is locked, you're out of luck.)

To read this article in full, please click here



Computer World Security News
Aug 02, 2021

For Windows security, what we have is a failure to communicate
Microsoft last week reported $60 billion in profit and $165 billion in sales for its most recent quarter — with a staggering increase in cloud revenues. But that good news comes in a year when not a day goes by without reports of another security issue, another ransomware attack. Yes, Windows 11 will require hardware that should bring with it better security, but it comes at a price. Most users have systems that won't support Windows 11, so we'll be stuck using Windows 10.

There seems to be a big disconnect between the reality (and financial success) of the Windows ecosystem and the reality for its users. We need more security now, not later.

[ Related: What enterprise needs to know about Windows 11 ] For many people, malware often infiltrates systems via phishing lures and enticing links. Microsoft could serve users better by recommending security solutions we have on our systems now that aren't enabled. Some of these settings don't require additional licensing, while others are gated behind the holy grail of Windows licensing — the Microsoft 365 E5 license. While a user can purchase a single E5 license to get the included security enhancements, it raises a concern that Microsoft is starting to make security an add-on to the OS rather than built in. I remember when Microsoft talked up "Secure by Design," "Secure by Default," and "Secure in Deployment and Communication" (also known as SD3 C). Now, instead, it is touting security solutions

Computer World Security News
Jul 30, 2021

Online privacy: Best browsers, settings, and tips
"You have zero privacy anyway. Get over it," Scott McNealy said of online privacy back in 1999, a view the former CEO of the now-defunct Sun Microsystems reiterated in 2015. Despite the hue and cry his initial remarks caused, he's been proven largely correct.

Other ways to protect yourself on the web: GDPR, CCPA, and AdChoicesTo read this article in full, please click here

(Insider Story)

Computer World Security News
Jul 29, 2021

How to give your phone an Android-12-inspired privacy upgrade
Android 12 sure is an onion of an update, wouldn't ya say?

Now, don't get me wrong: I'm not suggesting it's fragrant, likely to make you cry, or positively delicious when cooked in a stir-fry. (That'd be one heck of a piece of software!) I just mean that it has lots of layers to it, including some that are beneath the surface and impossible to see when you're only glancing from afar.

Android 12 is full of changes both big and small, in fact — and while many of its most noticeable external elements will be limited to Google's own Pixel phones, some of the improvements tucked away in those sticky lower layers are arguably the most important changes of all.

To read this article in full, please click here



Computer World Security News
Jul 26, 2021

Acronis teams with Jamf to secure the Apple-centric enterprise
As the Mac security journey becomes ever more challenging, there's fresh activity in the Mac security and enterprise infrastructure space: Acronis Cyber Protect Cloud now integrates with leading enterprise management platform Jamf.

Acronis and Jamf: Better together That's a significant step forward in terms of better native Mac support from Acronis, which has been working to widen its support for Apple's platform since at least 2014 when it introduced Mac support for Acronis Access. It's also a significant indicator that despite the existence of a few hold-outs, most enterprises now recognize that the future of work is remote.

To read this article in full, please click here



Computer World Security News
Jul 26, 2021

About the Pegasus spyware, Apple's telling the full truth
When it comes to security and privacy issues, Apple generally does a far better job than its rivals — though admittedly for selfish marketing reasons. When comparing Apple's iOS and Google's Android, it's hard to not see that at least Apple makes a good-faith attempt at being security- and privacy-oriented, compared to Google, which would prefer selling ads and anything else it can think of.

Still, Apple has been known to twist and shift the truth, omitting germane background info and context when it's convenient. Remember antenna-gate? The battery-gate brouhaha?

To read this article in full, please click here



Computer World Security News
Jul 22, 2021

Pegasus spyware and iPhone security
Amnesty International's Security Lab revealed that a handful of iPhones, mostly belonging to journalists and human rights activists, were successfully infected with Pegasus spyware. While the majority of iPhones users are not affected, the spyware, created by NSO Group, was found even on newer iPhone models equipped with the latest iOS update. Apple bills the iPhone as the most secure consumer cellular product on the market, so this wave of malware raises security concerns. Computerworld Executive Editor Ken Mingis and Macworld Executive Editor Michael Simon join Juliet to discuss iPhone security and more.

Computer World Security News
Jul 22, 2021

Scary ‘malware-as-a-service' Mac attack discovered
Another day, and it's time for another Apple security scare: malware that can harvest keystrokes and log-ins and is available on the Darknet for only $49.

Malware-as-a-service for Mac attacks Check Point Software's research team claims to have identified the hack, which it is calling XLoader. Enterprise security specialists managing Macs and Apple devices (of which there are many) need to be aware of the new attack, as we're told it can:

To read this article in full, please click here



Computer World Security News
Jul 19, 2021

iPhone spyware: It's a dirty job, but NSO's gonna do it
Amnesty International has revealed that NSO Group, an Israeli ‘surveillance as a service' company, has created and sold a nasty iMessage attack that can be used to spy on journalists, activists, and political representatives using their iPhones.

A zero-click hack attack What makes this latest attack particularly dangerous is its exploitation of zero-click vulnerabilities, meaning targets don't even need to read or open the iMessage carrying the hack. Amnesty says all iPhones and iOS updates are vulnerable to the exploit, which gives attackers "complete access to the device's messages, emails, media, microphone, camera, calls and contacts."

To read this article in full, please click here



Computer World Security News
Jul 19, 2021

In the fight against ransomware, Microsoft must do more
Not a day goes by that I don't hear about some business or consultant affected by ransomware. Often, the incident starts with a phishing attack or from a vulnerability introduced by delayed patching. Or it could be a consultant tool that should have been coded better. Regardless of how it began, if you attempt to recover from a backup (assuming you have a viable one on hand) or pay the ransom and attempt to unencrypt your data, recovery will take time.

That's time companies often don't have.

Last week, the US government set up the Stopransomware website to help businesses, schools, and other organizations deal with ransomware attacks. Included in the guidance are recommendations regarding backing up:

To read this article in full, please click here



Computer World Security News
Jul 17, 2021

A big July Patch Tuesday — and the ongoing print nightmare
This week's Patch Tuesday release from Microsoft is a big one for the Windows ecosystem; it includes 117 patches that handle four publicly reported and four exploited vulnerabilities. The good news: this month's Microsoft Office and development platform (Visual Studio) patches are relatively straightforward and can be added with minimal risk to your standard patch release schedules, and there are no browser updates. Alas, we have a really serious printer issue (CVE-2021-34527) that was released out of bounds (OOB) and has been updated at least twice in the past few days. That means you need to pay immediate attention to the Windows updates and that you add all of the Windows desktop patches to your "Patch Now" schedule. 

To read this article in full, please click here



Computer World Security News
Jul 14, 2021

What is UEM? Unified endpoint management explained
Unified endpoint management (UEM) describes a set of technologies used to secure and manage a wide range of employee devices and operating systems — all from a single console.

Seen as the next generation of mobility software, UEM tools incorporate several existing enterprise mobility management (EMM) technologies — including mobile device management (MDM) and mobile application management (MAM) — with some of the tools used to secure desktop PCs and laptops.

To read this article in full, please click here



Computer World Security News
Jul 13, 2021

To patch or not to patch: That is the question
Security is more important than ever—and ransomware is bigger and badder than ever.  Barely a week goes by without a major new ransomware attack.

One way you can slow down, if not stop, such attacks is by keeping your mission-critical applications and operating systems up to date. There's only one little problem with that. Those patches, especially Microsoft's Windows patches, can be more trouble than they're worth. What's a business to do?

To read this article in full, please click here



Computer World Security News
Jun 23, 2021

Apple: Sideloading apps will undermine iOS security
Following CEO Tim Cook's statements on security at a recent conference, Apple has come out fighting to protect the security of its App Store distribution model, publishing a white paper that argues enforced side-loading of apps would make the platform — and its users — far less secure.

To read this article in full, please click here



Computer World Security News
Jun 14, 2021

Google abandons URL shortening in Chrome
Google has called quits on the notion of truncating URLs in Chrome, according to a note from earlier this month in the Chromium project's bug database.

"This experiment didn't move relevant security metrics, so we're not going to launch it," Emily Stark, a staff software engineer on the Chrome team, wrote in the June 7 entry.

Android Police first reported on Stark's note June 10.

To read this article in full, please click here



Computer World Security News
Jun 14, 2021

Windows updates: The four basic patch personalities
If you ask most people what they dislike about Windows 10, they'd probably say it's the monthly updating process and the disruption it triggers. Depending on your personality type (and how risk averse you are), here's how to handle Windows updates, deal with the changes, and keep your sanity in the process.

Bleeding-edge patchers Are you a risk-taker who loves the bleeding edge? Do you look forward to trying out new technologies, dealing with green-colored blue screens of death (BSODs) and happen to have a spare computer that you can use to provide feedback and search for error messages? If so, the Insider version of Windows 10 is for you.

To read this article in full, please click here



Computer World Security News
Jun 14, 2021

The great cloud computing surge
Driven in part by the pandemic, cloud computing adoption has reached new heights. These five articles take a close look at the implications.

Computer World Security News
Jun 11, 2021

6 zero-days make this a 'Patch Now' Patch Tuesday
Microsoft this week pushed out 50 updates to fix vulnerabilities across both the Windows and Office ecosystems. The good news is that there are no Adobe or Exchange Server updates this month. The bad news is that there are fixes for six zero-day exploits, including a critical update to the core web rendering (MSHTML) component for Windows. We've added this month's Windows updates to our "Patch Now" schedule, while the Microsoft Office and development platform updates can be deployed under their standard release regimes. Updates also include changes to Microsoft Hyper-V, the cryptographic libraries and Windows DCOM, all of which require some testing before deployment.

To read this article in full, please click here



Computer World Security News
Jun 11, 2021

Securing the Apple mobile enterprise takes context
Apple's prescence has expanded from being the brand behind a few Macs in the creative department; it is now a key mobile and productivity provider across every top enterprise. But even Apple's platforms face security challenges as people work remotely. I caught up with Truce Software CEO Joe Boyle to discuss Apple in the workplace and his company's approach to managing the mobile enterprise.

To read this article in full, please click here



Computer World Security News
Jun 10, 2021

WWDC: Why iCloud will help secure the enterprise
One of the biggest surprises of WWDC 2021 was Apple's introduction of iCloud , an upgraded version of its existing service available at no additional charge that provides secure emailing and VPN-style security for users.

iCloud just became a useful business tool The introduction of these features will transform iCloud into a very useful remote business tool, though it will be interesting to see whether all these features will be available to enterprise folks making use of Managed Apple IDs for their business tools. For the present let's assume they will, given the deep value they promise to those in that sector.

To read this article in full, please click here



Computer World Security News
Jun 08, 2021

WWDC: Apple digs deep to secure its platforms
Apple's WWDC announcements included plenty for enterprise professionals. One area that deserves  particular attention relates to the variety of privacy improvements the copany is making, because they offer significant benefits for the security conscious.

Putting you in control of your data The main thrust of Apple's recent work on privacy is information. The argument is that everyone should know about data collection, what it means, and which apps collect what information — and have at least some understanding of how that data is used.

To read this article in full, please click here



Computer World Security News
Jun 08, 2021

Ransomware revisited: As attacks worsen, tried-and-true defenses falter
Beef? Beef?!

It's come to this: a ransomware attack has come between me and my Wendy's quarter pounder! As much as I'd like to say that there's nothing to this problem for my favorite fast food lunch, I can't. A ransomware attack on the world's largest meat processor, JBS, forced nine US beef plants to close their doors on June 1.

It's not a laughing matter. If major companies such as JBS and Colonial pipeline can get hammered by ransomware, there's nothing stopping a low-life hacker from using Ransomware-as-a-Service (RaaS) to take your business out.

To read this article in full, please click here



Computer World Security News
Jun 07, 2021

Patch Tuesday: The rules of updating Windows (and Microsoft apps)
Patch Tuesday week is that time of the month when I get verklempt, — excited,and in a tizzy over the release of this month's raft of security updates. Will we get fixes for remote code execution attacks? Fixes for privilege escalations? Will we get…? Oh, you don't get verklempt, excited, and in a tizzy? You actually dread Patch Tuesday?

Let me help you out. When you install updates from Microsoft there are some fundamental rules to keep in mind.

First, when patching you should never ever lose data. Several years ago, when Microsoft rolled out the feature release version of Windows 10 1809, some users reported losing files and folders during the process. The problem caused Microsoft to pause the feature update to investigate what was triggering the issue. As it turned out, the root cause was not the update — it was the timing and rollout of a feature in One Drive. As Microsoft noted in a blog post at the time, the culprits involved three different scenarios with Onedrive — in particular, a setting called known-folder redirection. Although the issues were not widespread, the damage and loss of trust in the Windows update process was immense; even now, users remember that issue when updates arrive. Microsoft revised the 1809 release to deal with the problem and loss of data did not recur afterwards.

To read this article in full, please click here



Computer World Security News
Jun 04, 2021

Note to IT: Google really wants its privacy settings left alone
The biggest difference in business models between mobile giants Google and Apple is that Google sells hardware and software whereas Google sells information. So when Apple makes a big play out of protecting privacy—such as pushing back against encryption backdoors and government subpoenas—it's relatively easy for them. That's not primarily how they make money.

Google, though, has a business model that truly hates privacy. To Google, enterprise data privacy, along with consumer data privacy, is just something that deprives them of raw material that they can sell. In short, Google has to publicly say that it protects its customers' privacy while privately doing whatever it can to keep leveraging that data.

To read this article in full, please click here



Computer World Security News
Jun 03, 2021

The missing context around Google's Android privacy fallout
If you've read much tech news lately, you might be feeling a slight sense of shock right now.

A series of newly publicized documents related to an Arizona lawsuit reveals that Google's had some complicated systems for collecting location data across Android over the years — and that, according to the info, the company at one point tried putting a catch-all location toggle into the software's Quick Settings panel but saw a substantial increase in the number of users who took advantage of it with that more prominent positioning in place.

To read this article in full, please click here



Computer World Security News
Jun 02, 2021

When is a cybersecurity hole not a hole? Never
In cybersecurity, one of the more challenging issues is deciding when a security hole is a big deal, requiring an immediate fix or workaround, and when it's trivial enough to ignore or at least deprioritize. The tricky part is that much of this involves the dreaded security by obscurity, where a vulnerability is left in place and those in the know hope no one finds it. (Classic example: leaving a sensitive web page unprotected, but hoping that its very long and non-intuitive URL isn't accidentally found.)

And then there's the real problem: in the hands of a creative and well-resourced bad guy, almost any hole can be leveraged in non-traditional ways. But — there is always a but in cybersecurity — IT and security pros can't pragmatically fix every single hole anywhere in the environment.

To read this article in full, please click here



Computer World Security News
Jun 01, 2021

To secure your remote workforce, lock down ‘your' computers
I know some of you are still convinced you'll soon shepherd your flock of workers back into the comfortable cubicles of the corporate office. Not going to happen. I've been following the working from home revolution closely, and, trust me, your people like working from home. A lot.

According to a FlexJobs survey, 58% of workers currently working remotely said they'd "absolutely look for a new job" if they're not allowed to continue remote work. 

To read this article in full, please click here



Computer World Security News
May 25, 2021

Android 12's quietly important privacy progress
This year, for the first time in a long time, it's easy to glance at Google's latest Android effort and focus mostly on the surface.

Android 12's most striking element is without a doubt the overhauled look and feel it brings to the operating system (even if realistically, Pixel owners are the only ones who'll reap the full benefits of that change). We haven't seen such a dramatic reimagining of the Android interface in many a moon — since 2014's Android 5.0 (a.k.a. Lollipop) release — and this progression stretches past the core software itself, even, with effects set to reach the experience of using apps within Android and eventually also Google apps on the web. The same principles will apply to Chromebooks, Smart Displays, and Wear-based wearables before long as well, making this a true Google ecosystem evolution.

To read this article in full, please click here



Computer World Security News
May 25, 2021

5 free ways to get better business security
Ransomware to the left of you, malware to the right—what's a small business stuck in the middle to do?

We all know that securing your company isn't easy or cheap. As Christopher Krebs, former director of the US Cybersecurity and Infrastructure Security Agency (CISA), and Matthew Masterson, former CISA Senior Cybersecurity Advisor, both recently pointed out: we're "now in the midst of a new normal of cyber-enabled malicious activity."

To read this article in full, please click here



Computer World Security News
May 21, 2021

Apple's Mac security warning shows that closed beats open
Apple's software engineering chief Craig Federighi recently told us that Macs aren't yet as secure as iOS devices, but does this mean Mac users need to worry?

What Federighi said Apple's software lead was appearing as part of the interminable Epic v Apple trial (which today involves Apple CEO Tim Cook taking the stand). Federighi was arguing that by maintaining a highly controlled third-party app environment on iOS, Apple has been able to build an extremely secure platform.

To read this article in full, please click here



Computer World Security News
May 19, 2021

Firefox previews site-isolation tech in move to catch up to Chrome
Mozilla on Tuesday announced that a years-long effort to harden Firefox's defenses can now be previewed in the browser's Nightly and Beta builds.

Debuting as "Project Fission" in February 2019, the project was also linked to the more descriptive "site isolation," a defensive technology in which a browser devotes separate processes to each domain or even each website, and in some cases, assigns different processes to site components, such as iframes, so they are rendered separately from the process handling the overall site.

To read this article in full, please click here



Computer World Security News
May 18, 2021

Here's what you can do about ransomware
Last week, people in my neck of the woods, North Carolina, went into a panic. You couldn't get gasoline for love or money. The root cause? Colonial Pipeline, a major oil and gas pipeline company, had been hit by a major ransomware attack. With four main fuel pipelines shut down, people throughout the southeast U.S. lined up at gas stations for every drop of gas they could get.

You may not believe that ransomware is a serious threat. But I and most everyone else in the southeast? We believe.

To read this article in full, please click here



Computer World Security News
May 17, 2021

For Windows users, tips on fighting ransomware attacks
Ransomware.

It's one word that strikes fear in the minds of many a computer user, especially given the near daily headlines about companies affected. It makes us wonder why this keeps happening to users and businesses, large and small.

But there's plenty you can do to protect yourself or your business.

Be wary of what you click on Most of the time, ransomware that affects an individual happens after someone clicks on something they shouldn't — maybe a phishing-related email or a web page that installs malicious files. In a business setting, the attacks often come from an attacker going after open remote access protocol, either using brute force or harvested credentials. Once inside the network, they can disable backups and lie in wait until the best time to attack.

To read this article in full, please click here



Computer World Security News
May 17, 2021

Google makes a big security change, but other companies must follow
In a wonderful cybersecurity move that should be replicated by all vendors, Google is slowly moving to make multi-factor authentication (MFA) default. To confuse matters, Google isn't calling MFA "MFA;' instead it calls it "two-step verification (2SV)."

The more interesting part is that Google is also pushing the use of FIDO-compliant software that is embedded within the phone. It even has an iOS version, so it can be in all Android as well as Apple phones.

To be clear, this internal key is not designed to authenticate the user, according to Jonathan Skelker, product manager with Google Account Security. Android and iOS phones are using biometrics for that (mostly facial recognition with a few fingerprint authentications) — and biometrics, in theory, provides sufficient authentication. The FIDO-compliant software is designed to authenticate the device for non-phone access, such as for Gmail or Google Drive.

To read this article in full, please click here



Computer World Security News
May 14, 2021

Browser updates are back for the May's Patch Tuesday
With 55 updates, three publicly reported vulnerabilities and reported public exploits for Adobe Reader, this week's Patch Tuesday update will require some time and testing before deployment. There are some tough testing scenarios (we're looking at you, OLE) and kernel updates make for risky deployments. Focus on the IE and Adobe Reader patches — and take your time with the (technically challenging) Exchange and Windows updates.

Speaking of taking your time, if you're still Windows 10 1909, this is your last month of security updates. 

The three publicly disclosed vulnerabilities this month include:

To read this article in full, please click here



Computer World Security News
May 13, 2021

Social engineering, fake App Stores, hit iOS, Sophos warns
I didn't entirely mean to focus on Apple device security for most of this week (see here and here), but new Sophos research should interest any enterprise working to enhance security awareness.

Breaking bad The research looks at 167 counterfeit apps used to scam iOS and Android users. Those that impact Apple's mobile OS particularly stood out, as they show the increasing sophistication of malware authors.

To read this article in full, please click here



Computer World Security News
May 12, 2021

Jamf adds zero trust security to the Apple enterprise
Apple enterprise management company Jamf has announced its pending $400 million acquisition of zero trust cloud-based security company, Wandera.

Apple security with zero trust Security remains of critical concern to the many enterprises deploying Apple equipment during the time of COVID-19, and as the mobile device management (MDM) services industry becomes more competitive, many providers are attempting to bolster services with security protection.

To read this article in full, please click here



Computer World Security News
May 11, 2021

Enterprises need to get smart about iOS security
The XcodeGhost malware attack that allegedly affected 128 million iOS users is an excellent illustration of the kind of sophisticated attack all users should get ready to defend against as platforms become inherently more secure.

Designer label malware XcodeGhost was an intelligent exploit that presented itself as a malware-infested copy of Xcode made available via websites targeting Chinese developers. Developers in the region downloaded it because it was easier to get than the real code because local networks wereunreliable.

To read this article in full, please click here



Computer World Security News
May 11, 2021

No matter the size of your business, you must take security seriously.
I recently wrote about using passwords correctly, and a reader replied: "I've been getting told this for years, but who's ever going to attack my 12-employee business?"

This isn't the first time I've heard remarks like that. The answer is: "Who won't attack you!?"

Hackers don't care whether your annual revenue is in five figures or nine. They will target you. Indeed, if you're on the smaller size, you're more likely to be vulnerable because, chances are, you're an easier target. After all, as BullGuard CEO Paul Lipman said: "Small businesses are not immune to cyberattacks and data breaches and are often targeted specifically because they often fail to prioritize security."

To read this article in full, please click here



Computer World Security News
May 10, 2021

Patch Tuesday preview: Time for a 'measured' approach to updates
It's time again: with Patch Tuesday in sight, I always recommend pausing or delaying updates, and this month is no different. But the second Tuesday of May also brings to an end support for Windows 10 1909. If you want to receive updates for Windows 10 after May 11, you'll need to make sure you're running Windows 10 2004 or 20H2.

So my first request on this Patch Tuesday week is that you check to see what exact version of Windows 10 you have installed, so you know you are still supported.

Typically, there is a window of time when we can safely defer or delay updates and when businesses can test patches before rolling them out. The days of worm attacks where we had to immediately patch systems have long since passed. These days, attacks are typically done using phishing lures to gain access to a system; the weakest link isn't necessarily software, it's us,opening Office docs or other files that harvest credentials. If you are even a slightly savvy user, give yourself time to ensure that there are no patching side effects.

To read this article in full, please click here



Computer World Security News
May 04, 2021

Getting passwords right for you and your business
Chances are you've never heard of the National Institute of Standards and Technology (NIST) Special Publication 800-63, Appendix A. But you've been using its contents from your first online account and password until today. That's because, within it, you'll find the first password rules such as requiring a combination of a lowercase and uppercase letter, a number, and a special character — and the recommendation of changing your password every 90 days.

There's only one problem. Bill Burr, who originally set up these rules, thinks he blew it. "Much of what I did I now regret," Burr told the The Wall Street Journal a few years ago.

To read this article in full, please click here



Computer World Security News
May 03, 2021

For Windows, it's ‘squirrel away time'
It's that semi-annual time of the year we in AskWoody land call "squirrel away time" — time to make sure you have a copy of the ISO currently installed on your computer in case you need to reinstall it. There are a number of ways to get older versions of Windows by using a trick publicized on the Thurrott.com site. But the easiest way to grab a copy of, say, 20H2 is to go to the software download site, download a copy and store it on a spare hard drive, flash drive or external USB drive.

To read this article in full, please click here



Computer World Security News
Apr 29, 2021

A highly sarcastic Android security warning
Holy floppin' hellfire, Henry! Have you heard? A terrifying new form of Android malware is running amok — stealing passwords, emptying bank accounts, and drinking all the grape soda from the refrigerators of unsuspecting Android phone owners.

We should all be quivering in our rainboots, according to almost all the information I've read on these here internets. Numerous adjective-filled news stories have warned me that the "scary new Android malware" is "spreading quickly," targeting "millions" (millions!) of users, and occasionally even "kicking people square in the groin." (All right, so I made that last part up. But you get the idea.)

To read this article in full, please click here



Computer World Security News
Apr 28, 2021

How long until Apple boots apps from its stores for privacy issues?
Apple will inevitably begin enforcing the privacy requirements it has put in place across its ecosystem, meaning developers who attempt to avoid or dissemble their way around these protections should expect action, including removal from the App Store.

What Apple is doing Everyone recognizes how seriously Apple takes privacy. Statement by statement and all through iterative software and product releases, the company is making it crystal clear that it believes privacy is essential to achieve the potential of digital transformation.

To read this article in full, please click here



Computer World Security News
Apr 28, 2021

Microsoft patents biometric 'wellness insights' tool for workers
Microsoft has patented an employee "wellbeing" recommendation feature that uses biometric data to detect a worker's stress levels when completing tasks such as sending emails, encouraging them to take a break when anxiety levels run high.

The "Emotion Detection From Contextual Signals For Surfacing Wellness Insights" patent, filed in October 2019 and published last week, describes a "wellness insights service" that collates data from a range of sources. This includes blood pressure and heartrate monitoring data that could be obtained from an employees' wearable devices, such as smart watches and fitness trackers.

To read this article in full, please click here



Computer World Security News
Apr 27, 2021

Why enterprises must install the latest macOS software patch
Enterprises should install Apple's latest macOS Big Sur 11.3 update to secure their Macs. I spoke with Jamf Mac security expert Jaron Bradley, who explained why.

Install macOS 11.3 immediately Enterprise users running fleets of Macs should get their IT support teams to approve the installation of Apple's macOS Big Sur 11.3 update as swiftly as possible; the update should protect Macs against a serious software vulnerability that places data at risk.

As first spotted by Cedric Owens (and subsequently heavily researched by Jamf), the malware — a new version of a known Shlayer vulnerability — spreads in the following ways:

To read this article in full, please click here



Computer World Security News
Apr 26, 2021

April patch recap: Mostly quiet on the Microsoft front
Unlike March, when patch updates caused issues with some printers, Microsoft's updates for April were relatively tame. Windows users lost the old pre-Chromium version of Edge; some users saw performance issues; and Microsoft started talking up "News and Interests."

In fact, its that last one that has some IT admins concerns. (More about that below.)

Old Edge out, new Edge in First off, Microsoft this month installed the new Chromium-based Edge browser and removed the old Edge. Now that the browser relies on the Chromium engine, it will receive updates on the same schedule as Google Chrome. Note: the rollout wasn't without some side effects. If you had some other application set to open up PDF files, the April release reset your default PDF reader to be Edge. So, you'll need to reset the default application back to whatever your preference was. (This can be easily done; check out this recent YouTube video for details.) Microsoft also moved the default download location from the bottom left of the browser window to the top right — in line with other browser download locations. If you're a long time Edge user like me, this takes a bit of getting used to.

To read this article in full, please click here



Computer World Security News
Apr 26, 2021

Rethinking mobile security in a post-COVID workplace
In the world of enterprise mobile security, sometimes horrible situations force security corner-cutting to preserve the company. And COVID-19 forcing companies to empty office buildings and move everything (and everyone) to remote locations and the cloud in March 2020 is the classic example. What led to the security shortcuts was not just the abrupt change to work from home, but the fact that companies typically had to make the transition in a few days.

Add to that increased problems with IoT security — especially as IoT devices in home environments accessed global systems via VPNs, sometimes spreading malware through the pipeline — and you have a mess. A recent Verizon mobile security report put it bluntly: "Almost half of respondents admitted that their company had knowingly cut corners on mobile device security. That's an increase from our 2020 report when the figure was 46%. The proportion rises to two-thirds [67%] in our IoT sample. And of those remaining, 38% (27% IoT) came under pressure to do so. Another way of looking at this is that 68% came under pressure to cut corners and 72% of those succumbed."

To read this article in full, please click here



Computer World Security News
Apr 20, 2021

VMware targets remote work security with Anywhere Workspace
Providing secure access to vital applications has been a key challenge for businesses forced to adapt to remote working during the pandemic. And with many businesses set to continue to support a distributed workforce even after offices reopen, it will remain a priority for IT for some time.

With this in mind, VMware has unveiled a suite of security and endpoint management tools to support remote workers. VMware Anywhere Workspace, announced on Tuesday, combines VMware's Workspace One, a "digital workspace platform" that delivers applications across a range of devices, with its Carbon Black Cloud endpoint security tools and SASE, which provides secure network access for distributed teams.

To read this article in full, please click here



Computer World Security News
Apr 19, 2021

Details of how the feds broke into iPhones should shake up enterprise IT
Apple has an awkward history with security researchers: it wants to tout that its security is excellent, which means trying to silence those who aim to prove otherwise. But those attempts to fight security researchers who sell their information to anyone other than Apple undercuts the company's security message.

A recent piece in The Washington Post spilled the details behind Apple's legendary fight with the U.S. government in 2016, when the Justice Department pushed Apple to create a security backdoor related to the iPhone used by a terrorist in the San Bernardino shooting. Apple refused; the government pursued it in court. Then when the government found a security researcher who offered a way to bypass Apple security, the government abandoned its legal fight. The exploit worked and, anticlimactically, nothing of value to the government was found on the device.

To read this article in full, please click here



Computer World Security News
Apr 16, 2021

The Patch Tuesday focus for April: Windows and Exchange (again)
On Tuesday, MIcrosoft rolled out another broad series of updates across its Windows ecosystems, including four vulnerabilities affecting Windows that have been publicly disclosed and one security flaw — reportedly exploited already — that affects the Windows kernel. That means the Windows updates get our highest "Patch Now" rating, and if you have to manage Exchange servers, be aware that the update requires additional privileges and extra steps to complete.

It also looks as if Microsoft has announced a new way to deploy updates to any device, wherever it is located, with the Windows Update for Business Service. For more information on this cloud-based management service, you can check out this Microsoft video or this Computerworld FAQ. I have included ahelpful infographic which this month looks a little lopsided (again) as all of the attention should be on the Windows and Exchange components.

To read this article in full, please click here



Computer World Security News
Apr 16, 2021

Appogee becomes one-stop shop for enterprise iOS deployment
The Apple-focused enterprise services market continues to evolve. Case in point: Apple-only value-added-reseller Appogee is now offering a fully-managed iOS hardware deployment thanks to an arrangement with TRUCE Software.

A one-stop enterprise mobile shop At its simplest, this means enterprises choosing to deploy iOS devices across their business can approach Appogee to purchase, deploy, and create contextually-aware management tools for these new fleets. The system integrates tools from both TRUCE and Jamf and means businesses can accelerate their mobile strategy, and do so while ensuring their own policies can be enforced on a device and user basis.

To read this article in full, please click here



Computer World Security News
Apr 15, 2021

2 big questions to ask about Google and privacy
I don't know if you've noticed, but it's become a teensy bit trendy to trash Google and its position on privacy these days.

This wiggly ol' web of ours has always spent a fair amount of energy focusing on how Google uses personal data, of course — and that's a good thing. We absolutely should be aware of how companies do and don't tap into our information.

Lately, though, the conversation has turned especially heated, with a growing chorus of virtual voices suggesting it's time to ditch this-or-that Google service because of how it handles privacy and (insert spooky horror music and/or Sting ballad here) watches every move you make.

To read this article in full, please click here



Computer World Security News
Apr 13, 2021

Apple and Google reject UK COVID-19 app
Apple and Google have been forced to reject the UK's latest COVID-19 Test and Trace app update because it failed to follow privacy rules the nation had already agreed to follow in order to use the frameworks the tech firms provide.

Keeping deals In line with World Health Organization (WHO) advice to test widely and act fast in the event of COVID-19 outbreaks, Apple and Google moved quickly at the beginning of the pandemic to develop a private-by-design Exposure Notifications system the world's health authorities could use to build digital track-and-trace systems.

To read this article in full, please click here



Computer World Security News
Apr 12, 2021

Collaboration analytics: Yes, you can track employees. Should you?
From email to video meetings and team chat, collaboration applications have become vital tools to connect workers. And by giving companies the tools to track employee use of these apps, software vendors can provide insights into working patterns and help organizations better understand how they operate.

Tech Spotlight: Analytics Analytics in the cloud: Key challenges and how to overcome them (CIO) Collaboration analytics: Yes, you can track employees. Should you? (Computerworld) How data poisoning attacks corrupt machine learning models (CSO) How to excel with data analytics (InfoWorld) Major League Baseball makes a run at network visibility (Network World) The ability to view analytics data in collaboration and productivity software is not new; such products have long provided admins with a snapshot of app utilization. Typically aimed at gauging user uptake and tracking deployment progress, these metrics were otherwise limited in their wider business use.

To read this article in full, please click here



Computer World Security News
Apr 09, 2021

Your iPhone could soon be your driver's license (in Utah)
Apple's iPhone has already replaced your wallet, keys, and flight tickets. Now in Utah, it is beginning to replace your driving license in a new pilot project.

What is happening? The state is working on a mobile driving license (mDL) using a combination of technologies including NFC and QR codes as digital proof of ID. Holders of the license will be able to choose what personal information is displayed when the QR code is read, or NFC terminal tapped. This can be used in any situation in which you might be expected to present your driving license, including restaurants and bars.

To read this article in full, please click here



Computer World Security News
Apr 08, 2021

The Brave browser basics: what it does, how it differs from rivals
Boutique browsers try to scratch out a living by finding a niche underserved by the usual suspects. Brave is one of those browsers.

Brave has gotten more attention than most alternate browsers, partly because a co-founder was one of those who kick-started Mozilla's Firefox, partly because of its very unusual — some say parasitical — business model.

That model, which relies on stripping every site of every ad, then substituting different ads, came under attack almost immediately from publishers that depended on online advertising for their livelihood. "Your plan to use our content to sell your advertising is indistinguishable from a plan to steal our content to publish on your own website ((emphasis in original," lawyers for 17 newspaper publishers wrote in a cease-and-desist letter to Brave Software in April 2016.

To read this article in full, please click here



Computer World Security News
Apr 07, 2021

Apple gets ready to launch its Find My ecosystem
While we're still waiting for Apple to introduce its own take on Tile, the company is opening its Find My service to businesses joining its MFi scheme, enabling manufacturers to build location sensing into devices out of the box.

Now in advanced testing Apple has published a new app called Find My Certification Asst. Compatible with devices running iOS 14.3 or later and iPadOS 14.3 or later, the app lets accessory makers check that their devices are correctly configured for use with Apple's Find My network.

To read this article in full, please click here



Computer World Security News
Apr 07, 2021

Apple gets ready to launch its Find My ecosystem (updated)
While we're still waiting for Apple to introduce its own take on Tile, the company is opening its Find My service to businesses joining its MFi scheme, enabling manufacturers to build location sensing into devices out of the box.

Update: Since publishing this, Apple has made the following announcement. Additional information will be woven in below.

To read this article in full, please click here



Computer World Security News
Apr 05, 2021

Windows Update for Business: details, details
Here's something many Windows 10 users may not know: If you select options to control your updates in the local group policy settings better known as "Windows Update for Business," you end up controlling optional updates. And what if you are not necessarily a "business" user? What options do you have?

Plenty.

The little secret about "Windows Update for Business" is that it's nothing more than a set of registry keys and local group policy settings that allow you to better control updates. And you don't have to work for a business to utilize these settings, though it helps if you're running Windows 10 Professional.

To read this article in full, please click here



Computer World Security News
Apr 05, 2021

Is it time to move to hosted Exchange? Considerations for IT
Have the recent widely publicized attacks on Microsoft Exchange made you realize that now is the time for someone else to run your organization's email?

Managing downtimeTo read this article in full, please click here

(Insider Story)

Computer World Security News
Apr 02, 2021

Apple switches off the ‘open web' by making it better
Apple has begun rejecting apps that ignore its new App Tracking Transparency policy as it moves ahead toward the launch of iOS 14.5.  

So, what's happening? Reports indicate Apple has started rejecting apps that ignore this new policy, which extends to iPhones, iPads, and tvOS. The policy requires that apps seek express permission to access the advertising identifier (IDFA) of a person's iPhone in order to track them for ad targeting purposes. The policy also forbids developers from using other methods to track users.

To read this article in full, please click here



Computer World Security News
Apr 02, 2021

Keeping a remote workforce secure: Lessons learned, tips for the future
CSO's Lucian Constantin joins Computerworld's Matthew Finnegan and Executive Editor Ken Mingis to explain what companies should do to keep their remote employees — and valuable corporate data and info — safe. Secure remote access is key, and it means more than getting everyone on a VPN. Zero-trust access gateways, network segmentation, user and device verification, and role-based access control policies are all part of today's security tool kit.

  • CEOExpress
  • 1 Boston Place | Suite 2600
    Boston MA 02108
  • Contact
  • As an Amazon Associate
    CEOExpress earns from
    qualifying purchases.

©1999-2021 CEOExpress Company LLC