|
Mar 27, 2023
In April, 2021, Cisco CEO Chuck Robbins announced he would let all 75,000 employees work remotely indefinitely, even after the COVID-19 pandemic ended. The company had seen no drop in productivity by allowing employees to work from home and expected to save money by not fully staffing offices. When and how often employees should come into the office would be up to their managers, who abide by a flexible hybrid policy.
But that shift brought technology challenges most companies are by now familiar with: how do you secure networks when the employee's home is essentially a branch office? How do you create company culture from afar? And, how do you retain employees at a time when IT talent is in historically high demand.
To read this article in full, please click here
|
|
Mar 20, 2023
Russia's Kremlin ordered officials to stop using iPhones, apparently over concerns the devices could be vulnerable to Western intelligence agencies, Reuters reports. When surveillance-as-a-service firms sit exposed for brazenly undermining device security, it's hard to think there isn't an argument there. But the bigger story isn't the harm to Apple's small business in Russia, it's the threat to digital supply chains it shows.
To read this article in full, please click here
|
|
Mar 17, 2023
Microsoft has resolved 80 new CVEs this month in addition to four earlier CVEs, bringing the number of security issues addressed in this month's Patch Tuesday release to 84.
Unfortunately, we have two zero-day flaws in Outlook (CVE-2023-23397) and Windows (CVE-2023-24880) that require a "Patch Now" release requirement for both Windows and Microsoft Office updates. As it was last month, there were no further updates for Microsoft Exchange Server or Adobe Reader. This month the team at Application Readiness has provided a helpful infographic that outlines the risks associated with each of the updates for this cycle.
To read this article in full, please click here
|
|
Mar 15, 2023
The US government, worried about the continuing growth of cybercrime, ransomware, and countries including Russia, Iran, and North Korea hacking into government and private networks, is in the middle of drastically changing its cybersecurity strategy. No longer will it rely largely on prodding businesses and tech companies to voluntarily take basic security measures such as patching vulnerable systems to keep them updated.
Instead, it now wants to establish baseline security requirements for businesses and tech companies and to fine those that don't comply.
It's not just companies that use the systems who might eventually need to abide by the regulations. Companies that make and sell them, such as Microsoft, Apple, and others could be held accountable as well. Early indications are that the feds already have Microsoft in their crosshairs — they've warned the company that, at the moment, it doesn't appear to be up to the task.
To read this article in full, please click here
|
|
Mar 08, 2023
Mac, iPad, and iPhone users can choose to automatically install system security patches as they are released with a new Apple feature called Rapid Security Response.
Rapid Security Response aims to secure Apple's platforms with automated security updates. The idea is that if every user automatically installs such patches, the entire ecosystem becomes inherently more secure.
Announced last year at WWDC 2022, Apple began testing the feature in October. During beta testing, it shared four content-free downloads to test its distribution system, including one recent test in March. While the feature can be enabled on devices running the latest operating system, as of this month Apple had not yet begun to ship genuine security patches.
To read this article in full, please click here
|
|
Mar 07, 2023
Apple-focused device management and security vendor Jamf today published its Security 360: Annual Trends report, which reveals the five security tends impacting organizations running hybrid work environments. As it is every year, the report is interesting, so I spoke to Michael Covington, vice president of portfolio strategy, for more details about what the company found this year.
First, here's a brief rundown of some of the salient points in the report:
To read this article in full, please click here
|
|
Mar 06, 2023
A look at the Biden Administration's recently updated National Cybersecurity Strategy document seems to reflect some of the approaches to cybercrime Apple already employs.
Take privacy, for example. The proposal suggests that privacy protection will no longer be something big tech can argue against - companies will be required to prioritize privacy. That's fine if you run a business that does not require wholesale collection and analysis of user information, which has always been Apple's approach. The best way to keep information private, the company argues, is not to collect it at all.
To read this article in full, please click here
|
|
Mar 02, 2023
Yet more data shows the acceleration of Mac adoption in the business world.
Okta's recent Businesses at Work 2023 report shared numerous insights into the state of enterprise IT. One in particular grabbed my attention: endpoint management and security tools have become the most popular category of security product across the enterprise, with some players achieving really significant growth, partly on the back of their Mac support.
The data: Jamf Pro has seen 428% customer growth across the last four years, while smaller vendor Kandji experienced a 172% increase in its customer base in just the last year.
To read this article in full, please click here
|
|
Mar 02, 2023
Microsoft has launched the general availability of Microsoft Intune Suite, a consolidation of its endpoint management and security solutions to streamline protection for cloud-connected and on-premises endpoints.
The consolidation is aimed to serve as a single vendor for all endpoint security needs for the customers to have single analytics, rather than multiple disparate datasets, with a consistent visibility to potential vulnerabilities and anomalies, according to a company blog post.
To read this article in full, please click here
|
|
Mar 01, 2023
Apple appears poised to make it more difficult to use cheap USB-C cables with its devices, and while it may well make a few dollars more from the purported plan, there are also good reasons to put the system in place.
Apple got to make a dollar or two
The claim is that Apple plans to replace Lightning ports and cables with USB-C in the iPhone 15, and when it does it will introduce a Made For iPhone (MFi) scheme for such products. The idea is that consumers will be able to purchase cables and other devices in full confidence that they will be compatible with their iPhone.
To read this article in full, please click here
|
|
Feb 27, 2023
Nearly every day, software updates of some kind roll out for our systems. From operating systems to antivirus software, to cloud services, to hardware devices, virtually none of the technology we use is static. And with these updates come side effects and problems that sometimes take a while to get fixed.
I recently found an interesting bug that hasn't gotten a lot of attention when I purchased a Lexmark multi-function printer. As part of the installation process, I went online to download the latest printer driver. (I always recommend going to a vendor website to grab the latest drivers because, after all, the latest software should have the latest fixes, right?) I was able to set up the printer to print, scan, and electronically fax and figured I was done for the day.
To read this article in full, please click here
|
|
Feb 23, 2023
A new family of Mac malware that spreads through pirated versions of Final Cut Pro, Photoshop, and other key creative apps has been identified by the Threat Labs team at Jamf.
The new XMRig threat is a subtle cryptocurrency mining attack that has evaded detection for months.
Piracy is bad karma, but good crypto
XMRig proliferates by attaching itself to pirated copies of creative applications, including versions of Final Cut Pro, Logic Pro X, and Adobe Photoshop. That's the kind of "knock-off" Mac application you frequently find being distributed across peer to peer networks.
To read this article in full, please click here
|
|
Feb 17, 2023
The European Parliament's Committee on Civil Liberties, Justice and Home Affairs has recommended that the European Commission reject the proposed EU-US Data Privacy Framework, which would govern the way in which the personal information of EU citizens is handled by US companies.
The committee's decision — formally, a draft motion for a resolution— represents a rejection of the European Commission's recommendation, announced in December, that the data privacy framework should be adopted. The recommendation stated that US law now offers an "adequate" level of protection for the personal data of EU users of US companies' services.
To read this article in full, please click here
|
|
Feb 17, 2023
Microsoft's February Patch Tuesday update deals with 76 vulnerabilities that affect Windows, Exchange, Office, and Microsoft development tools — and three Windows vulnerabilities (CVE-2023-21823, CVE-2023-21715 and CVE-2023-23376) have been reported as exploited in the wild and require immediate attention.
To read this article in full, please click here
|
|
Feb 15, 2023
Identity and access management (IAM) vendor Okta today released a report detailing app use and security trends among its broad user base. Among other trends it identified, the report found that zero trust security policies have become more common, and uptake of a wide range of security tools has been sharply on the rise.
Okta survyed 17,000 customers globally, and found that zero trust usage among its clients has increased from 10% two years ago to 22% today, indicating both that the philosophy is more popular than ever, and that a wide swathe of the market is still there to be captured, according to the report.
To read this article in full, please click here
|
|
Feb 15, 2023
If there was ever any doubt about the future of unified endpoint management (UEM) as a key component of enterprise mobility strategies, the now-permanent shift to hybrid and remote work models has sealed the deal. UEM has become a critical part of enterprise efforts to manage this complex environment.
Forrester Research's 2022 Business Technographics Infrastructure Hardware Survey shows that 28% of infrastructure hardware technology decision makers will be investing in UEM over the next 12 months. "This is in line with previous years, so we continue to see stable growth in the UEM market," says Andrew Hewitt, senior analyst at Forrester.
To read this article in full, please click here
|
|
Feb 15, 2023
Unified endpoint management (UEM) is a strategic IT approach that consolidates how enterprises secure and manage an array of deployed devices including phones, tablets, PCs, and even IoT devices.
As remote and hybrid work models have become the norm over the past two years, "mobility management" has come to mean management of not just mobile devices, but all devices used by mobile employees wherever they are. UEM tools incorporate existing enterprise mobility management (EMM) technologies, such as mobile device management (MDM) and mobile application management (MAM), with tools used to manage desktop PCs and laptops.
To read this article in full, please click here
|
|
Feb 14, 2023
Apple recently rolled out new iCloud security features that could help protect mobile professionals when they're on the road. The features include better iCloud data security, improved iMessage security, and more.
Here is how to use these new iCloud protections.
Secure your digital assets
No one should doubt that protecting personal or enterprise data has become more important than ever. Apple introduced Lockdown Mode for iCloud in 2022, following this up with even more protections in December and, most recently, introducing free privacy and security sessions in Apple retail stores in 2023.
To read this article in full, please click here
|
|
Feb 14, 2023
Let's get one thing out of the way right off the bat: If you're looking for recommendations about Android security suites or other malware-scanning software, you've come to the wrong place.
Why? Because, like most people who closely study Android, I don't recommend using those types of apps at all. Android malware isn't the massive real-world threat it's frequently made out to be, and Google Play Protect and other native Android settings are more than enough to keep most devices safe.
To read this article in full, please click here
|
|
Feb 13, 2023
Protecting your online accounts is more important now than ever — and in spite of some recent high-profile hacks, relying on a third-party password manager is still the easiest and most effective way to ensure your most important credentials remain secure.
Why? It's simple: Reusing passwords puts you at a heightened risk for hacking. If someone discovers your password at just one website — via any sort of breach, be it large-scale or targeted — they can then use that same password to crack into your accounts at countless other places. It happens all the time.
To read this article in full, please click here
|
|
Feb 07, 2023
Qualys, sometimes described as one of the pioneering SaaS vendors, has bent with the times to begin offering Mac support within its cloud security offering.
A pioneer in SaaS goes Mac
Since it launched in 1999, Qualys has traditionally offered its services to PCs, mobile devices, and cloud-native applications. The company's original 2000 product, QualysGuard, was distinguished as one of the first to market vulnerability management tools.
To read this article in full, please click here
|
|
Feb 03, 2023
From the moment Microsoft released Windows 10 in 2015, the new OS came under fire for the amount of private information it gathered from users by default. Over the years, the vendor gradually introduced changes to Windows 10 that alleviated some of those privacy concerns, but some remain — and most of those apply to Windows 11 as well.
Whether you think Windows 11 crosses the privacy line or just want to safeguard as much of your personal life as possible, we're here to help. Here's how to protect your privacy in just a few minutes.
To read this article in full, please click here
|
|
Feb 02, 2023
The ACLU and eight federal public defenders are asking the Fourth Circuit Court of Appeals to exclude mobile device location data obtained from Google via a so-called geofence warrant that helped law enforcement catch a bank robbery suspect.
The first geofence civil rights case to reach a federal court of appeals raises serious Fourth Amendment concerns against unreasonable search and seizure related to the location and personal information of mobile device users.
Geofence warrants have primarily been issued for Google to hand over data about every cell phone or other mobile device within a specific geographical region and timeframe. The problem: location data on every person carrying a mobile device in that area is scooped up in a wide net and their data is then handed over en masse to law enforcement.
To read this article in full, please click here
|
|
Feb 01, 2023
Apple appears to have been given yet another set of reasons to expand its legal team as the US National Telecommunications and Information Administration (NTIA) calls for antitrust action to force Apple and Google to make big changes to their mobile app store business models.
What's the problem?
NTIA is the principal advisor on telecommunications and Internet policy to the Biden administration. It argues that the way things are run at present may be "harmful," arguing that Google's and Apple's "gatekeeper" positions may harm consumers by raising prices and reducing innovation.
To read this article in full, please click here
|
|
Jan 26, 2023
Investment banking firm Morgan Stanley has punished some of its employees with fines that topped more than $1 million for breaching compliance rules by using WhatsApp and iMessage for business communications.
The fines were levied by docking previous bonuses or future pay, according to a report in the Financial Times.
While the fines might seem steep, Morgan Stanley itself has had to pay millions of dollars in fines for previous SEC violations related to the use of consumer messaging apps for business purposes.
To read this article in full, please click here
|
|
Jan 24, 2023
Apple this year is marking Data Privacy Week by working to educate iPhone users about the privacy protection tools they already have in hand, a move that has implications across any business that wants to maintain privacy.
Data protection is the bedrock of business
Data Privacy Week grew out of the Jan. 28, 2007 first convention on data protection. Today, it's a global event that aims to raise awareness around privacy and data protection.
To read this article in full, please click here
|
|
Jan 24, 2023
One of the big surprises in Russia's war against Ukraine has been how well Ukraine has fended off Russian cyberattacks. Ad hoc groups of white-hat hackers have helped, as have a number of nations and the US government.
Less well known is that tech companies, including Microsoft, are part of the effort. That aid ranges from giving advice to identifying attacks, offering fixes for them, and providing Ukraine with free tech and security services.
Microsoft isn't just trying to help defend a country under siege from an aggressive, more-powerful neighbor. Russian cyberattacks against Ukraine can also get loose in the wild and do damage to enterprises and organizations that rely on Microsoft technology. (Russia could also deliberately target private companies with those attacks.)
To read this article in full, please click here
|
|
Jan 13, 2023
The first Patch Tuesday of the year from Microsoft addresses 98 security vulnerabilities, with 10 classified as critical for Windows. One vulnerability (CVE-2023-21674) in a core section of Windows code is a zero-day that requires immediate attention. And Adobe has returned with a critical update, paired with a few low-profile patches for the Microsoft Edge browser.
We have added the Windows and Adobe updates to our "Patch Now" list, recognizing that this month's patch deployments will require significant testing and engineering effort. The team at Application Readiness has provided a helpful infographic that outlines the risks associated with each of the updates for this January update cycle.
To read this article in full, please click here
|
|
Jan 06, 2023
As enterprise adoption of the Apple platform accelerates, it's important to note that Macs can and sometimes do get hit by ransomware. So it's good to stay tuned to security concerns on a platform and application level — and take precautions.
Knowledge is power
With this in mind, extensive insights into Mac ransomware recently published by Microsoft can help explain these threats. The impact of such attack can be huge - ransomware already costs victims hundreds of billions each year, and no one is immune.
To read this article in full, please click here
|
|
Jan 06, 2023
As enterprise adoption of the Apple platform accelerates, it's important to note that Macs can and sometimes do get hit by ransomware. So it's good to stay tuned to security concerns on a platform and application level — and take precautions.
Knowledge is power
With this in mind, extensive insights into Mac ransomware recently published only to be subsequently removed by Microsoft, can help explain these threats. The impact of such attack can be huge - ransomware already costs victims hundreds of billions each year, and no one is immune.
To read this article in full, please click here
|
|
Dec 26, 2022
The technology sector's vulnerability to the vagaries of geopolitics and the macroeconomy became clearer than ever in 2022, as IT giants laid off workers en masse, regulators cracked down on tech rule-breakers, nations negotiated data privacy, the EU-China chip war widened, and the Ukraine war disrupted business as usual. Through it all the classic tech themes—including innovation and the fight to bolster cybersecurity—continued as ChatGPT was released, Broadcom sought to purchase VMWare, a Mac renaissance began to flower, and teen hackers brought major companies to their knees. Here are our editors' choices for the dozen stories that rocked the world of tech in 2022.
To read this article in full, please click here
|
|
Dec 22, 2022
Many businesses are looking to cut costs as economies face recession, but some enterprises may be ignoring one of the most effective ways to trim the fat while boosting productivity — by embracing remote working.
The power is in your hands
We know Macs, iPhones, and iPads have been seeing increased deployment across the enterprise. We also know (because IBM, SAP and so many companies tell us) that businesses that embrace Apple kit also see reduced overall cost of ownership and lower tech support costs. Employee choice delivers big benefits.
To read this article in full, please click here
|
|
Dec 21, 2022
China's digital Yuan project, a blockchain-based cryptocurrency for consumer and commercial finance, can no longer be considered a pilot. That's the assessment by economic and cryptocurrency experts.
Those experts have been monitoring efforts in China and other countries developing and piloting central bank digital currencies (CBDCs) with the aim of establishing a blockchain-based virtual cash that is cheaper to use and faster to exchange, both at home and across international borders.
To date, the People's Bank of China has distributed the digital yuan, called e-CNY, to 15 of China's 23 provinces, and it has been used in more than 360 million transactions totaling north of 100 billion yuan, or $13.9 billion. The country has literally given away millions of dollars worth of digital yuan through lotteries, and its central bank has also participated in cross-border exchanges with several nations.
To read this article in full, please click here
|
|
Dec 19, 2022
KB5012170 is many things to many Windows users. First, it's a patch that either installs with no problems or leads to a blue screen of death (BSOD). It can also be an indicator we have a problem getting updated drivers on our systems. It can demonstrate how users don't keep up with Bios updates. And it shows that some OEMs enable Bitlocker on the systems they sell (not necessarily in a good way).
In short, it's a problematic patch that just keeps rearing its head.
Also known as "Security Update for Secure Boot DBX," KB5012170 was released earlier this year and makes improvements to the Secure Boot Forbidden Signature Database (DBX). Windows devices that have Unified Extensible Firmware Interface (UEFI)-based firmware have Secure Boot enabled. It ensures only trusted software can be loaded and executed on during the boot process by using cryptographic signatures to verify the integrity of the process and the software being loaded.
To read this article in full, please click here
|
|
Dec 16, 2022
Microsoft's December Patch Tuesday updated delivers 59 fixes, including two zero-days (CVE-2022-44698 and CVE-2022-44710) that require immediate attention on the Windows platform. This is a network focused update (TCP/IP and RDP) that will require significant testing with an emphasis on ODBC connections, Hyper-V systems, Kerberos authentication, and printing (both local and remote).
Microsoft also published an urgent out-of-band update (CVE-2022-37966) to address serious Kerberos authentication issues. (The team at Readiness has provided a helpful infographic that outlines the risks associated with each of these updates.)
To read this article in full, please click here
|
|
Dec 16, 2022
Security and privacy go hand in hand in the connected enterprise. So as we approach the holiday break, there's good news for security-conscious Mac-using enterprises from Jamf: powerful new telemetry tools in Jamf Protect.
Because complex security is sexy
We know that enterprise users don't just have a responsibility to keep things secure, they also need to prove they're doing so. Beyond that, many regulated industries must maintain ever more complex security event logging and insight to show how hard they're working to protect their systems.
To read this article in full, please click here
|
|
Dec 15, 2022
Using an Apple Watch as a device to authenticate access to enterprise sites and services using Microsoft Authenticator is a convenience that's about to go away. Microsoft says the feature will stop working after an Authenticator update scheduled for next month.
Apple Watch auth out
Microsoft Authenticator makes it easy to sign into Microsoft accounts, supported apps or services using two-step verification. Authenticator also generates one-time use codes, so you needn't wait for text messages or calls to access your accounts.
To read this article in full, please click here
|
|
Dec 15, 2022
Microsoft on Thursday said it will begin rolling out the first phase of its European Union data boundary plan from January 1, 2023 that'll allow customers to store and process their customer data within the EU. The move comes two days after the EU commission said it had officially begun the process of approving the EU-US Data Privacy Framework.
Under the first phase of the plan, companies that use Microsoft products and services will be able to store and process their customer data within the EU. Microsoft has included Azure, Power BI, Dynamics 365 and Office 365 under the first phase.
To read this article in full, please click here
|
|
Dec 15, 2022
Microsoft on Thursday said it will begin rolling out the first phase of its European Union data boundary plan from January 1, 2023 that'll allow customers to store and process their customer data within the EU. The move comes two days after the EU commission said it had officially begun the process of approving the EU-US Data Privacy Framework.
Under the first phase of the plan, companies that use Microsoft products and services will be able to store and process their customer data within the EU. Microsoft has included Azure, Power BI, Dynamics 365 and Office 365 under the first phase.
To read this article in full, please click here
|
|
Dec 13, 2022
The European Commission announced Tuesday that is has officially begun the process of approving the EU-US Data Privacy Framework—hammered together to allow the flow of data between the US and the European Union—after concluding that the framework provides privacy safeguards comparable to those of the EU.
After President Biden signed the executive order that implemented rules for the Trans-Atlantic Data Policy Framework in the US in October, the Commission conducted an assessment into the US legal framework that the bill was based upon. That assessment, released Tuesday, says that the legislation ensures an adequate level of protection for personal data transferred from the EU to US companies.
To read this article in full, please click here
|
|
Dec 09, 2022
Given Apple's big moves this week to roll out new data protection tools for iMessage and allow users to encrypt more of their data in iCloud, it seems obvious that security is going to be a major Apple priority in the year ahead.
Stamping out surveillance
The Biden administration's decision to blacklist the mercenary hackers at NSO Group was a welcome move, but it hasn't stopped the "surveillance-as-a-service" industry. Instead, it's atomized it, which means we now have more companies offering such "services" than ever before.
To read this article in full, please click here
|
|
Dec 07, 2022
Apple today introduced several new security features focused on fending off threats to user data in the cloud, including end-to-end encryption for backups for iCloud users.
Along with end-to-end encryption for iCloud, Apple's cloud storage and computing platform, the company announced iMessage Contact Key Verification, allowing users to verify they are communicating only with whom they intend.
Apple
Apple also announced hardware Security Keys for Apple ID, giving users the choice to require two-factor authentication to sign into their Apple ID account. (Hardware security keys use devices, such as USB thumb drives or near-field communication (NFC) dongles, to enable access to a service or application.)
To read this article in full, please click here
|
|
Dec 07, 2022
If there are two things that should never mix, it's cybersecurity/privacy compliance and corporate politics. And yet, that's at the heart of a compliance fight between Microsoft and German authorities that might wind up punishing the company's customers.
The German Datenschutzkonferenz — the regulatory body entrusted to handle Germany's flavor of the European Union's General Data Protection Regulation (GDPR) — has publicly declared that "no data protection-compliant use of Microsoft Office 365 was possible."
To read this article in full, please click here
|
|
Dec 06, 2022
Rackspace's hosting for Exchange servers remained offline Tuesday after an outage Friday that the company now ascribes to a ransomware attack.
|
|
Dec 06, 2022
Three years and four prime ministers after the UK government first published its Online Harms white paper—the basis for the current Online Safety Bill—the Conservative Party's ambitious attempt at internet regulation has found its way back to Parliament after multiple amendments.
If the bill becomes law, it will apply to any service or site that has users in the UK, or targets the UK as a market, even if it is not based in the country. Failure to comply with the proposed rules will place organizations at risk of fines of up to 10% of global annual turnover or £18 million (US$22 million), whichever is higher.
A somewhat bloated and confused version of its former self, the bill, which was dropped from the legislative agenda when Boris Johnson was ousted in July, has now passed its final report stage, meaning the House of Commons now has one last chance to debate its contents and vote on whether to approve it.
To read this article in full, please click here
|
|
Dec 06, 2022
The UK government is backing proposed legislation that would give workers the right to request flexible working arrangements from day one of their employment.
In the aftermath of the COVID-19 pandemic, which saw millions of workers start working from home as lockdown orders were enforced, most employees continued to have flexibility over how and when they work, with many organizations now practicing a hybrid work model.
To read this article in full, please click here
|
|
Dec 05, 2022
Biometrics is supposed to be one of the underpinnings of a modern authentication system. But many biometric implementations (whether that be fingerprint scanes or face recognition) can be wildly inaccurate, and the only universally positive thing to say about them is they're better than nothing.
Also — and this may prove critical — the fact that biometrics are falsely seen as being very accurate may be sufficient to dissuade some fraud attempts.
There are a variety of practical reasons biometrics don't work well in the real world, and a recent post by a cybersecurity specialist at KnowBe4, a security awareness training vendor, adds a new layer of complexity to the biometrics issue.
To read this article in full, please click here
|
|
Dec 02, 2022
Look, it's no big secret that I'm a fan of Google's Pixel program.
I've personally owned Pixel phones since the first-gen model graced our gunk-filled pockets way back in 2016. And Pixels have been the only Android devices I've wholeheartedly recommended for most folks ever since.
There's a reason. And more than anything, it comes down to the software and the overall experience Google's Pixel approach provides.
Part of that is the Pixel's interface and the lack of any unnecessary meddling and complication — including the absence of confusing (and often privacy-compromising) duplicative apps and services larded onto the phone for the manufacturer's business benefit and at the expense of your user experience.
Part of it is the unmatched integration of exceptional Google services and exclusive Google intelligence that puts genuinely useful stuff you'll actually benefit from front and center and makes it an integrated part of the Pixel package.
And, yes, part of it is the Pixel upgrade promise and the fact that Pixel phones are still the only Android devices where both timely and reliable software updates are a built-in feature and guarantee.
[Psst: Got a Pixel? Any Pixel? Check out my free Pixel Academy e-course to uncover all sorts of advanced intelligence lurking within your phone!]
To read this article in full, please click here
|
|
Nov 30, 2022
Amazon is introducing its next-gen AWS Verified Access security technology. At its annual AWS re: Invent show, the company confirmed the tech will be made available to enterprises running Apple products thanks to partnerships with Jamf,
|
|
Nov 28, 2022
Just days after announcing the close of its consumer-oriented Wickr Me encrypted messaging service, Amazon Web Services (AWS), at its annual re:Invent conference on Monday, said that it was making the enterprise version of the app generally available.
Dubbed simply AWS Wickr, the service was first announced in July and has been in preview till now.
The enterprise version of the messaging service, designed to allow enterprise users to securely collaborate via text, voice and video, along with file and screen sharing, is expected to help enterprises meet auditing and regulatory requirements such as e-discovery and US Freedom of Information Act (FOIA) requests, the company said in a statement.
To read this article in full, please click here
|
|
Nov 18, 2022
Jamf officially completed its acquisition of Zecops this week. Why is this important and what might it mean to enterprise mobile security? Potentially, a lot.
Security beyond the perimiter
To get an answer to the question, think about how security has evolved. as the proliferation of mobile devices has made traditional security protections even less effective than they used to be.
To read this article in full, please click here
|
|
Nov 17, 2022
There are many reasons any business with a connected fleet of tech products needs robust security policies in place. But the need to protect the enterprise against vulnerabilities inherited with third-party software must be among the biggest motivators. While I shouldn't need to convince Computerworld readers to keep things locked down, I want to reprise two recent reports to reinforce the warning.
Half of all macOS malware comes from one app
Elastic Security Labs (via 9to5Mac) recently estimated that half of all macOS malware is installed as a result of poor management of the MacKeeper utility app. The report said almost 50% of Mac malware arrives through its installation.
To read this article in full, please click here
|
|
Nov 16, 2022
Organizations across multiple industries are struggling to mitigate potential risks—including loss of end-user and storage devices as well as unauthorized use of SaaS applications—during their offboarding process, according to new research conducted by YouGov in partnership with Enterprise Technology Management (ETM) firm Oomnitza.
Over the last 18 months, employee turnover has increased, with the US Department of Labor estimating that by the end of 2021, a total of 69 million people—more than 20% of Americans—had either lost or changed their job. Although these figures could initially be attributed to the so-called Great Resignation, this figure is likely to increase due to the numerous job cuts that are now being reported—including layoffs at major technology companies—as organizations look to reduce operational costs.
To read this article in full, please click here
|
|
Nov 16, 2022
Mosyle is ramping up its wares with new security protections for iPhones and iPad adding more fuel to the Apple-in-the-enterprise fire.
Hardening and compliance options for iPhones and iPads
The company is unveiling its first endpoint security solution for IT admins overseeing fleets of mobile Apple devices. The idea is that the product, Mosyle Hardening and Compliance, ensures that employee devices are protected, compliant, and following the latest cybersecurity benchmarks.
To read this article in full, please click here
|
|
Nov 14, 2022
It's time to audit your code, as it appears that some no/low code features used in iOS or Android apps may not be as secure as you thought. That's the big take away from a report explaining that disguised Russian software is being used in apps from the US Army, CDC, the UK Labour party, and other entities.
When Washington becomes Siberia
What's at issue is that code developed by a company called Pushwoosh has been deployed within thousands of apps from thousands of entities. These include the Centers for Disease Control and Prevention (CDC), which claims it was led to believe Pushwoosh was based in Washington when the developer is, in fact, based in Siberia, Reuters explains. A visit to the Pushwoosh Twitter feed shows the company claiming to be based in Washington, DC.
To read this article in full, please click here
|
|
Nov 11, 2022
Microsoft on Tuesday released a tightly focused but still significant update that addresses 68 reported (some publicly) vulnerabilities. Unfortunately, this month brings a new record: six zero-day flaws affecting Windows. As a result, we have added both the Windows and Exchange Server updates to our "Patch Now" schedule. Microsoft also published a "defense in depth" advisory (ADV220003) to help secure Office deployments. And there are a small number of Visual Studio, Word, and Excel updates to add to your standard patch release schedule.
To read this article in full, please click here
|
|
Nov 07, 2022
There has been some concern that Windows 10 gathers too much private information from users. Whether you think Microsoft's operating system crosses the privacy line or just want to make sure you safeguard as much of your personal life as possible, we're here to help. Here's how to protect your privacy in just a few minutes.
Note: This story has been updated for Windows 10 version 22H2. If you have an earlier release of Windows 10, some things may be different.
Turn off ad tracking
At the top of many people's privacy concerns is what data is being gathered about them as they browse the web. That information creates a profile of a person's interests that is used by a variety of companies to target ads.
To read this article in full, please click here
|
|
Oct 27, 2022
A federal judge in California is considering motions to dismiss a lawsuit against Google that alleges the company misled them into believing their privacy was being protected while using Incognito mode in the Chrome browser.
The lawsuit, filed in the Northern District Court of California by five users more than two years ago, is now awaiting a recent motion by those plaintiffs for two class-action certifications.
The first would cover all Chrome users with a Google account who accessed a non-Google website containing Google tracking or advertising code and who were in "Incognito mode"; the second covers all Safari, Edge, and Internet Explorer users with a Google account who accessed a non-Google website containing Google tracking or advertising code while in "private browsing mode."
To read this article in full, please click here
|
|
Oct 26, 2022
Productivity and performance tracking have been on the rise since the start of the COVID-19 pandemic and the shift to remote and hybrid work. Now, as pandemic restrictions recede and more traditional work habits reemerge, it's inevitable some organizations will want to extend tracking beyond the company PC to mobile devices.
That means IT could soon be involved in selecting, implementing, and supporting productivity and performance monitoring solutions that keep tabs on workers wherever they are — even if they're not sitting in front of a computer.
To read this article in full, please click here
|
|
Oct 14, 2022
This month's Patch Tuesday update from Microsoft deals with 84 flaws and a zero-day affecting Microsoft Exchange that at the moment remains unresolved. The Windows updates focus on Microsoft security and networking components with a difficult-to-test update to COM and OLE db. And Microsoft browsers get 18 updates—nothing critical or urgent.
To read this article in full, please click here
|
|
Oct 14, 2022
This month's Patch Tuesday update from Microsoft deals with 84 flaws and a zero-day affecting Microsoft Exchange that at the moment remains unresolved. The Windows updates focus on Microsoft security and networking components with a difficult-to-test update to COM and OLE db. And Microsoft browsers get 18 updates—nothing critical or urgent.
To read this article in full, please click here
|
|
Oct 14, 2022
Think fast: How many times a day do you pick up your phone to look at something? Unless you live in the tundra or have far more self-control than most, the answer probably falls somewhere between "quite a few" and "more than any sane person could count." Assuming you keep your device properly secured, that means you're doing an awful lot of unlocking — be it with your face, your fingerprint, or the code you tap or swipe onto your screen.
And that's to say nothing of the number of times you type your password into your laptop or enter your credentials into an app or website during the day. Security's important, but goodness gracious, it can sure be a hassle.
To read this article in full, please click here
|
|
Oct 13, 2022
US legislators continue to press for the creation of a digital dollar, raising questions about whether the move could make it easy for the federal government to track business and consumer transactions.
Putting all the digital dollars on one electronic ledger operated by the Federal Reserve would also be a tempting target for cyber criminals.
In March, lawmakers introduced a bill that would allow the US Treasury to create a digital dollar and pilot it to determine its viability. That same month, President Joe Biden called for more research on developing a national digital currency through the nation's central bank. The order highlighted the need for more regulatory oversight of cryptocurrencies, which have been used for nefarious purposes such as money laundering and other criminal activities.
To read this article in full, please click here
|
|
Oct 12, 2022
The thousands of companies waiting for a new US-EU data-transfer agreement to go into effect soon and ease the burdensome legal work necessary for cross-border data transfer shouldn't get their hopes up. US President Joe Biden's executive order to implement rules for the Trans-Atlantic Data Policy Framework agreed on earlier this year is a move in the right direction, but the new pact won't go into effect until next spring at the earliest, and even then it is bound to face legal challenges, say public policy and legal experts.
To read this article in full, please click here
|
|
Oct 06, 2022
"You have zero privacy anyway. Get over it," Scott McNealy said of online privacy back in 1999, a view the former CEO of the now-defunct Sun Microsystems reiterated in 2015. Despite the hue and cry his initial remarks caused, he's been proven largely correct.
Cookies, beacons, digital signatures, trackers, and other technologies on websites and in apps let advertisers, businesses, governments, and even criminals build a profile about what you do, who you know, and who you are at very intimate levels of detail. Remember that 2012 story about how Target could tell a teenager was pregnant before her parents knew, based on her online activities? That is the norm today. Google and Facebook are the most notorious commercial internet spies, and among the most pervasive, but they are hardly alone.
To read this article in full, please click here
|
|
Oct 05, 2022
An online resume-validating network has garnered support from than a dozen board members from companies whose ranks include Aon, Oracle, SAP, UKG and ZipRecruiter with the aim of reducing the time and cost of vetting job candidates.
To read this article in full, please click here
|
|
Sep 28, 2022
The US Securities and Exchange Commission (SEC) has fined big-name banks and brokerages a collective $1.8 billion over workers' use of private texting apps to discuss work and for not always saving those messages. The fines include $1.1 billion assessed by the SEC and a $710 million fine from the Commodity Futures Trading Commission (CFTC).
The SEC investigation uncovered what the agency called "pervasive off-channel communications," that were collected by the firms themselves from employee devices. The employees included senior and junior investment bankers and debt and equity traders.
To read this article in full, please click here
|
|
Sep 28, 2022
Vira Tkachenko, CTO at Ukraine software developer MacPaw, spoke remotely to Apple admins at Jamf's JNUC event. A real-world example of a woman in a leadership position in tech, she explained how her company planned for business continuity during the war in Ukraine.
It's an excellent lesson in crisis management and planning for any business leader. Here are some of the insights shared during her session.
To read this article in full, please click here
|
|
Sep 27, 2022
Jamf opened its annual JNUC event for Apple admins today with a slew of announcements focused on device management and security, a new Jamf Trust app, further information on its recently announced ZecOps deal and other updates likely to be of interest to Apple IT professionals.
The company also committed to supporting Microsoft Device Compliance on Macs later this year, with support for Google's context-aware zero trust framework (BeyondCorp) on iOS devices in early 2023.
To read this article in full, please click here
|
|
Sep 26, 2022
The Apple-in-the-enterprise story continues to unfold, this week with Jamf's announced plans to acquire mobile threat detection and response company ZecOps.
Already consumer-simple, Jamf becomes government secure
Jamf will likely reveal more about the motivations behind the deal at its JNUC event for Apple admins, which begins tomorrow. The purchase is the latest move by the Apple-focused enterprise MDM provider to supplement device management with an increasingly effective set of tools to bolster device security.
To read this article in full, please click here
|
|
Sep 20, 2022
Microsoft today announced the rollout of the first major feature upgrade to Windows 11. Many of the changes are incremental and focus on user interface and productivity enhancements, but there are some useful additions — including a new password security feature.
Mostly, Windows 11 version 22H2, known as the Windows 11 2022 Update, is about polishing up the user experience introduced with Windows 11, while rounding out the feature set with some additional enterprise-targeted capabilities, according to Stephen Kleynhans, a vice president analyst at research firm Gartner.
To read this article in full, please click here
|
|
Sep 16, 2022
With 63 updates affecting Windows, Microsoft Office and the Visual Studio and .NET platforms — and reports of three publicly exploited vulnerabilities (CVE-2022-37969, CVE-2022-34713, CVE-2021-40444) — this month's Patch Tuesday release gets a "Patch Now" priority. Key testing areas include printing, Microsoft Word, and in general application un-installations. (The Microsoft Office, .NET and browser updates can be added to your standard release schedules.)
To read this article in full, please click here
|
|
Sep 16, 2022
Geolocation was once a glorious way to know who your company is dealing with (and sometimes what they are doing). Then VPNs started to undermine that. And now, things have gotten so bad that the Apple App Store and Google Play both offer apps that unashamedly declare they can spoof locations — and neither mobile OS vendor does anything to stop it.
Why? It seems both Apple and Google created the holes these developers are using.
In a nutshell, Apple and Google — to test their apps across various geographies — needed to be able to trick the system into thinking that their developers are wherever they wanted to say that they are. What's good for the mobile goose, as they say.
To read this article in full, please click here
|
|
Sep 06, 2022
Every month, Windows users and administrators receive updates from Microsoft on Patch Tuesday (or Wednesday, depending on where you're located). And each month, most users all apply the same updates.
But should we?
Case in point: KB5012170, a patch released on Aug. 9 that either causes no issues — or triggers Bitlocker recover key requests or won't install at all, demanding that you go find a firmware update. This patch, called the Security update for Secure Boot DBX, applies to nearly all supported Windows releases. Specifically, it affects Windows Server 2012; Windows 8.1 and Windows Server 2012 R2; Windows 10, version 1507; Windows 10, version 1607 and Windows Server 2016; Windows 10, version 1809 and Windows Server 2019; Windows 10, versions 20H2, 21H1, and 21H2; Windows Server 2022; Windows 11, version 21H2 (original release), and Azure Stack HCI, version 1809, all the way to Azure Stack Data Box, version 1809 (ASDB).
To read this article in full, please click here
|
|
Sep 02, 2022
When Craig Federighi, Apple's senior vice president of software engineering last year said, "We have a level of malware on the Mac that we don't find acceptable," he apparently really meant it. And Apple seems to be doing about something about it.
Apple is giant taking steps to secure the Mac
Federighi characterized Apple as being in an enduring battle against malware on the Mac. He also explained that between May 2020 and May 2021 the company identified 130 types of Mac malware that infected 300,000 systems.
Given the Mac's reputation for security, that may seem counter intuitive, but maintaining a secure platform requires constant watchfulness.
To read this article in full, please click here
|
|
Sep 01, 2022
Apple this week released urgent security updates to address zero-day vulnerabilities on older model iPhones, iPads, and iPods.
The patches, pushed out on Wednesday, address an out-of-bounds write issue that could be exploited by an attacker enabling them to take control of the affected device. The US Cybersecurity and Infrastructure Agency (CISA) today encouraged users and IT admins to review Apple's advisory HT213428 and apply the necessary updates.
To read this article in full, please click here
|
|
Aug 29, 2022
The four-year-old lawsuit claimed Facebook allowed the British political consulting firm access to private data of over 80 million users.
|
|
Aug 26, 2022
Announced at WWDC 2022, Managed Device Attestation protection shows that Apple is adjusting device security protections to adapt to an increasingly distributed age.
Secure the endpoints, not the end times
This adjustment reflects a reality shift. Work doesn't happen on specific servers or behind defined firewalls today. VPN access can differ across teams. And yet, in a workplace defined by multiple remote devices (endpoints), the security threat is greater than ever.
Managed Device Attestation works to create a second boundary of trust around which device management solutions can work to protect against attack.
To read this article in full, please click here
|
|
Aug 26, 2022
I love it when organizations try and do something good, but don't think things through and end up delivering unintended negative consequences.
Today's case in point: the US Senate and the Federal Reserve, both of whom are looking to reduce high interchange costs, but are unintentionally increasing costs for merchants and sharply boosting the undiscovered fraud rate. Not bad for government work.
Let's start with the Senate, where Sens. Dick Durbin (D-IL) and Roger Marshall (R-KS) have crafted The Credit Card Competition Act of 2022. Its stated goal: reduce the interchange fee that financial institutions and card brands (Visa, MasterCard, Amex, etc.) charge retailers.
To read this article in full, please click here
|
|
Aug 18, 2022
It's tough to talk about Android security without venturing into sensational terrain.
A large part of that is due to the simple fact that the forces driving most Android security coverage are companies that make their money by selling Android security software — and thus companies with strong interests in pushing the narrative that every Android phone is on the perpetual brink of grave, unfathomable danger. Plus, let's face it: A headline about 70 gazillion Android phones being vulnerable to the MegaMonsterSkullCrusher Virus is far more enticing than one explaining the nuanced realities of Android security.
In actuality, though, Android security is a complex beast — one with multiple layers in place to protect you and one that almost never warrants an alarmist attitude. I've been covering Android security closely since the platform's earliest days, and I've busted more myths and called out more shameless publicity stunts than I can even count at this point.
To read this article in full, please click here
|
|
Aug 15, 2022
Once upon a time, one attack vector for industrial sabotage consisted of exfiltrating data from Macs using a standard-issue USB storage card. Researchers have also shown that it's possible to hijack computers with malware-infested cables. It's a jungle out there, so Apple has toughened up (Apple Silicon) Mac protection with USB Restricted Mode.
What is USB Restricted Mode?
Beginning with macOS Ventura, the new layer of protection comes in the form of USB Restricted mode, which should provide a little reassurance to enterprise IT and is enabled by default.
To read this article in full, please click here
|
|
Aug 15, 2022
Digital surveillance in the workplace became a growing concern for many workers during the COVID-19 pandemic, with a reported increase in use of productivity monitoring tools to track staffers working from home or "gig workers" subject to location and productivity monitoring throughout their day.
To read this article in full, please click here
|
|
Aug 13, 2022
Microsoft's August Patch Tuesday release addresses 123 security issues in Microsoft Windows, Office, Exchange (it's back!) and Visual Studio — and unfortunately, we have two zero-days with reports of active exploitation in the wild. Since this is a broad update, it will require planning and testing before deployment.
The first (CVE-2022-34713) occurs in the Windows diagnostic tools and the second (CVE-2022-30134) affects Microsoft Exchange. Basically, the holidays are over and it's time to pay attention to Microsoft updates again. We have made "Patch Now" recommendations for Windows, Exchange and Adobe for this month.
To read this article in full, please click here
|
|
Aug 10, 2022
Microsoft has confirmed that a high-severity, zero-day security vulnerability is actively being exploited by threat actors and is advising all Windows and Windows Server users to apply its latest monthly Patch Tuesday update as soon as possible.
The vulnerability, known as CVE-2022-34713 or DogWalk, allows attackers to exploit a weakness in the Windows Microsoft Support Diagnostic Tool (MSDT). By using social engineering or phishing, attackers can trick users into visiting a fake website or opening a malicious document or file and ultimately gain remote code execution on compromised systems.
To read this article in full, please click here
|
|
Aug 08, 2022
As regulators hand out hundreds of millions of dollars in fines for record-keeping failures related to the use of social messaging platforms such as WhatsApp, the finance industry faces a choice: properly enforce bans on the use of these apps or find ways to make them compliant.
"The explosion of new electronic communications channels — and the pervasive use of these — raises lots of red flags for the regulators," said Anthony Diana, a partner at law firm Reed Smith's Tech & Data Group. "The fear is that, if bad things are happening, they're happening on these personal apps, not on the sanctioned communication channels that are surveilled."
Anthony Diana
Anthony Diana, a partner at law firm Reed Smith's Tech & Data Group.
To read this article in full, please click here
|
|
Aug 04, 2022
Drawing from its acquisition of RiskIQ, Microsoft is releasing Defender External Attack Surface Management and Defender External Attack Surface Management.
|
|
Aug 04, 2022
Drawing from its acquisition of RiskIQ, Microsoft is releasing Defender External Attack Surface Management and Defender Threat Intelligence.
|
|
Aug 03, 2022
How successful companies are facing the challenges of securing emerging communication technologies.
|
|
Aug 02, 2022
CryptoLocker. WannaCry. DarkSide. Conti. MedusaLocker. The ransomware threat isn't going away anytime soon; the news brings constant reports of new waves of this pernicious type of malware washing across the world. It's popular in large part because of the immediate financial payoff for attackers: It works by encrypting the files on your hard disk, then demands that you pay a ransom, frequently in Bitcoin or other cryptocurrency, to decrypt them.
But you needn't be a victim. There's plenty that Windows 10 and 11 users can do to protect themselves against it. In this article, I'll show you how to keep yourself safe, including how to use an anti-ransomware tool built into Windows.
To read this article in full, please click here
|
|
Aug 01, 2022
Depending on how you look at it, Apple may be ramping up ways developers can reach out durectly to customers via its App Store - or building its own business at others' expense.
What Apple is doing
Apple has had an advertising business of its own ever since Apple's then CEO, Steve Jobs, introduced us to iAds in 2010. The scale of that offer was always limited to Apple's platform, but the service arguably failed, with its technology living on in the form of ad slots in Apple News and the App Store.
Apple's App Store currently hosts just two ad slots, one in the search tab and the other in Search results. You can tell when you are looking at an ad from the blue shade behind the graphic and a small blue badge that says "ad" - these ads are hard to mistake for content.
To read this article in full, please click here
|
|
Jul 25, 2022
Do you run a small business with on-premises servers?
Chances are, you rely on technology that includes servers, whether they're Windows- or Linux-based. With that in mind, Microsoft recently announced it's previewing "server protection for small business" — bundling the offering with Microsoft Defender for Business.
This is noteworthy because until now, most Endpoint Detection and Response (EDR) solutions have been expensive and typically only deployed by larger enterprises. (EDR is an integrated, layered approach to endpoint protection that combines real-time continuous monitoring and endpoint data analytics with rule-based automated response.)
To read this article in full, please click here
|
|
Jul 22, 2022
Zoom has announced it is expanding end-to-end encryption (E2EE) capabilities to Zoom Phone, with breakout rooms to be given the same level of encryption in the near future.
Zoom Phone customers now have the option to upgrade to E2EE during one-on-one Zoom Phone calls between users on the same Zoom account that occur via the Zoom client.
During a call, when users select "More" they will see an option to change the session to an end-to-end encrypted phone call. When enabled, Zoom encrypts the call by using cryptographic keys known only to the devices of the caller and receiver. Users will also have the option to verify E2EE status by providing a unique security code to one another.
To read this article in full, please click here
|
|
Jul 20, 2022
Cryptocurrency has always been the payment method of choice for bad guys. Get hit with an enterprise ransomware attack and plan to pay? You'll need crypto. The key reason cyberthieves love cryptocurrency so much is that it is far harder to trace payments.
That is why a move being attempted by the European Union has so much potential. The EU — in a move that will likely be mimicked by many other regional regulatory forces, including in the United States — is putting in place tracking requirements for all cryptocurrency.
If it is successful, and the EU has an excellent track record on precisely these kinds of changes, cryptocurrency may quickly fade as the thief's payment of choice.
To read this article in full, please click here
|
|
Jul 20, 2022
When it comes to Android and privacy, we're accustomed to seeing things move in a certain direction.
It's simple, really: With each new Android version, it usually gets easier to manage your privacy and understand how your information is being used. And we typically get more front-facing tools and under-the-hood improvements that allow us to handle that stuff intelligently. Obviously, right?
To read this article in full, please click here
|
|
Jul 15, 2022
Though we get a reprieve from Exchange updates in this month's Patch Tuesday update, more printer updates are on the way. Even with no updates for Microsoft Exchange or Visual Studio, Adobe is back with 15 critical updates for Adobe Reader. And Microsoft's new patch deployment tool Auto-Patch is now live. (I always thought application testing was the main problem here, but actually getting patches deployed is still tough.)
Though the numbers are still quite high (with 86 reported vulnerabilities), the testing and deployment profile for July should be fairly moderate. We suggest taking the time to harden your Exchange Server defenses and mitigation processes, and invest in your testing processes.
To read this article in full, please click here
|
|
Jul 13, 2022
Man, I had one hell of a streak.
All these years — approximately 7,967 since I first started using and writing about Android — and somehow, rather miraculously, I'd never outright broken a phone.
Impressive, I know. But don't let yourself get wrapped in awe yet, my fellow drop-dreading denizen: My streak of impeccable Android phone protection has officially come to a crashing halt.
[Got Android? Get Android Intelligence in your inbox and get three new things to try every Friday.]
Now, I didn't technically drop my phone, mind you. And I didn't technically break it myself, either. But it was definitely broken. And it happened on my watch.
To read this article in full, please click here
|
|
Jul 11, 2022
On July 8, Microsoft pulled back from its decision in February to block macros in Excel documents by default. Microsoft had said it would block Excel files that contained macros if they were downloaded from the internet. (Malicious actors use these lures as a way to launch attacks on networks; specifically, ransomware and other types of malicious activity can launched from a plain, old malicious spreadsheet.)
Microsoft still plans to put this blocking in place, but only after "a better experience." In the meantime, there are actions you can take now so you won't need to worry about the change in the future.
[ Related: What enterprise needs to know about Windows 11 ]
If you work for a firm that's developed spreadsheets for your own internal office use, chances are the spreadsheet does not have a digital signature. Signing machos is similar to how websites use SSL certificates to validate the site is legit. The hardest part of the self-signing process is deciding whether you want to purchase a code-signing certificate or use the self-signed certificate process. (I can tell you from personal experience that trying to purchase a code-signing certificate is an expensive and cumbersome process. I don't recommend that option, except for large enterprises where the code-signing process is routine.)
To read this article in full, please click here
|
|
Jul 07, 2022
Apple has struck a big blow against the mercenary "surveillance-as-a-service" industry, introducing a new, highly secure Lockdown Mode to protect individuals at the greatest risk of targeted attacks. The company is also offering millions of dollars to support research to expose such threats.
Starting in iOS 16, iPadOS 16 and macOS Ventura, and available now in the latest developer-only betas, Lockdown Mode hardens security defenses and limits the functionalities sometimes abused by state-sponsored surveillance hackers. Apple describes this protection as "sharply reducing the attack surface that potentially could be exploited by highly targeted mercenary spyware."
To read this article in full, please click here
|
|
Jul 07, 2022
Microsoft is backing away from its public support for some AI-driven features, including facial recognition, and acknowledging the discrimination and accuracy issues these offerings create. But the company had years to fix the problems and didn't. That's akin to a car manufacturer recalling a vehicle rather than fixing it.
Despite concerns that facial recognition technology can be discriminatory, the real issue is that results are inaccurate. (The discriminatory argument plays a role, though, due to the assumptions Microsoft developers made when crafting these apps.)
Let's start with what Microsoft did and said. Sarah Bird, the principal group product manager for Microsoft's Azure AI, summed up the pullback last month in a Microsoft blog.
To read this article in full, please click here
|
|
Jul 06, 2022
The European Commission announced late yesterday that the Digital Markets Act (DMA) and Digital Services Act (DSA) have been voted through, marking a new chapter for how technology companies will be able to operate in the EU. The parliament voted 588 in favor and 11 against for the DMA, while 539 MEPs backed the DSA, with 54 votes against.
To read this article in full, please click here
|
|