NEWS: COMPUTER WORLD SECURITY NEWS
Setup News Ticker
   NEWS: COMPUTER WORLD SECURITY NEWS
Computer World Security News
Nov 18, 2022

The future of security: smarter devices that protect themselves
Jamf officially completed its acquisition of Zecops this week. Why is this important and what might it mean to enterprise mobile security? Potentially, a lot.

Security beyond the perimiter To get an answer to the question, think about how security has evolved. as the proliferation of mobile devices has made traditional security protections even less effective than they used to be.

To read this article in full, please click here



Computer World Security News
Nov 17, 2022

Why Macs and iPhones should avoid installing 'orphan' apps
There are many reasons any business with a connected fleet of tech products needs robust security policies in place. But the need to protect the enterprise against vulnerabilities inherited with third-party software must be among the biggest motivators. While I shouldn't need to convince Computerworld readers to keep things locked down, I want to reprise two recent reports to reinforce the warning.

Half of all macOS malware comes from one app Elastic Security Labs (via 9to5Mac) recently estimated that half of all macOS malware is installed as a result of poor management of the MacKeeper utility app. The report said almost 50% of Mac malware arrives through its installation.

To read this article in full, please click here



Computer World Security News
Nov 16, 2022

Offboarding processes pose security risks as job turnover increases: Report
Organizations across multiple industries are struggling to mitigate potential risks—including loss of end-user and storage devices as well as unauthorized use of SaaS applications—during their offboarding process, according to new research conducted by YouGov in partnership with Enterprise Technology Management (ETM) firm Oomnitza.

Over the last 18 months, employee turnover has increased, with the US Department of Labor estimating that by the end of 2021, a total of 69 million people—more than 20% of Americans—had either lost or changed their job. Although these figures could initially be attributed to the so-called Great Resignation, this figure is likely to increase due to the numerous job cuts that are now being reported—including layoffs at major technology companies—as organizations look to reduce operational costs.

To read this article in full, please click here



Computer World Security News
Nov 16, 2022

Mosyle brings new iPhone, iPad endpoint security options
Mosyle is ramping up its wares with new security protections for iPhones and iPad adding more fuel to the Apple-in-the-enterprise fire.

Hardening and compliance options for iPhones and iPads The company is unveiling its first endpoint security solution for IT admins overseeing fleets of mobile Apple devices. The idea is that the product, Mosyle Hardening and Compliance, ensures that employee devices are protected, compliant, and following the latest cybersecurity benchmarks.

To read this article in full, please click here



Computer World Security News
Nov 14, 2022

Do you really know what's inside your iOS and Android apps?
It's time to audit your code, as it appears that some no/low code features used in iOS or Android apps may not be as secure as you thought. That's the big take away from a report explaining that disguised Russian software is being used in apps from the US Army, CDC, the UK Labour party, and other entities.

When Washington becomes Siberia What's at issue is that code developed by a company called Pushwoosh has been deployed within thousands of apps from thousands of entities. These include the Centers for Disease Control and Prevention (CDC), which claims it was led to believe Pushwoosh was based in Washington when the developer is, in fact, based in Siberia, Reuters explains. A visit to the Pushwoosh Twitter feed shows the company claiming to be based in Washington, DC.

To read this article in full, please click here



Computer World Security News
Nov 11, 2022

Patch Tuesday includes 6 Windows zero-day flaws; patch now!
Microsoft on Tuesday released a tightly focused but still significant update that addresses 68 reported (some publicly) vulnerabilities. Unfortunately, this month brings a new record: six zero-day flaws affecting Windows. As a result, we have added both the Windows and Exchange Server updates to our "Patch Now" schedule. Microsoft also published a "defense in depth" advisory (ADV220003) to help secure Office deployments. And there are a small number of Visual Studio, Word, and Excel updates to add to your standard patch release schedule.

To read this article in full, please click here



Computer World Security News
Nov 07, 2022

How to protect your privacy in Windows 10
There has been some concern that Windows 10 gathers too much private information from users. Whether you think Microsoft's operating system crosses the privacy line or just want to make sure you safeguard as much of your personal life as possible, we're here to help. Here's how to protect your privacy in just a few minutes.

Note: This story has been updated for Windows 10 version 22H2. If you have an earlier release of Windows 10, some things may be different.

Turn off ad tracking At the top of many people's privacy concerns is what data is being gathered about them as they browse the web. That information creates a profile of a person's interests that is used by a variety of companies to target ads.

To read this article in full, please click here



Computer World Security News
Oct 27, 2022

Google execs knew 'Incognito mode' failed to protect privacy, suit claims
A federal judge in California is considering motions to dismiss a lawsuit against Google that alleges the company misled them into believing their privacy was being protected while using Incognito mode in the Chrome browser.

The lawsuit, filed in the Northern District Court of California by five users more than two years ago, is now awaiting a recent motion by those plaintiffs for two class-action certifications.

The first would cover all Chrome users with a Google account who accessed a non-Google website containing Google tracking or advertising code and who were in "Incognito mode"; the second covers all Safari, Edge, and Internet Explorer users with a Google account who accessed a non-Google website containing Google tracking or advertising code while in "private browsing mode." 

To read this article in full, please click here



Computer World Security News
Oct 26, 2022

Is performance tracking about to go mobile?
Productivity and performance tracking have been on the rise since the start of the COVID-19 pandemic and the shift to remote and hybrid work. Now, as pandemic restrictions recede and more traditional work habits reemerge, it's inevitable some organizations will want to extend tracking beyond the company PC to mobile devices.

That means IT could soon be involved in selecting, implementing, and supporting productivity and performance monitoring solutions that keep tabs on workers wherever they are — even if they're not sitting in front of a computer.

To read this article in full, please click here



Computer World Security News
Oct 14, 2022

Zero-day flaws mean it's time to patch Exchange and Windows
This month's Patch Tuesday update from Microsoft deals with 84 flaws and a zero-day affecting Microsoft Exchange that at the moment remains unresolved. The Windows updates focus on Microsoft security and networking components with a difficult-to-test update to COM and OLE db. And Microsoft browsers get 18 updates—nothing critical or urgent.

To read this article in full, please click here



Computer World Security News
Oct 14, 2022

Zero-days flaws mean it's time to patch Exchange and Windows
This month's Patch Tuesday update from Microsoft deals with 84 flaws and a zero-day affecting Microsoft Exchange that at the moment remains unresolved. The Windows updates focus on Microsoft security and networking components with a difficult-to-test update to COM and OLE db. And Microsoft browsers get 18 updates—nothing critical or urgent.

To read this article in full, please click here



Computer World Security News
Oct 14, 2022

Google Smart Lock: The complete guide
Think fast: How many times a day do you pick up your phone to look at something? Unless you live in the tundra or have far more self-control than most, the answer probably falls somewhere between "quite a few" and "more than any sane person could count." Assuming you keep your device properly secured, that means you're doing an awful lot of unlocking — be it with your face, your fingerprint, or the code you tap or swipe onto your screen.

And that's to say nothing of the number of times you type your password into your laptop or enter your credentials into an app or website during the day. Security's important, but goodness gracious, it can sure be a hassle.

To read this article in full, please click here



Computer World Security News
Oct 13, 2022

Would a US digital dollar let the government track you?
US legislators continue to press for the creation of a digital dollar, raising questions about whether the move could make it easy for the federal government to track business and consumer transactions.

Putting all the digital dollars on one electronic ledger operated by the Federal Reserve would also be a tempting target for cyber criminals.

In March, lawmakers introduced a bill that would allow the US Treasury to create a digital dollar and pilot it to determine its viability. That same month, President Joe Biden called for more research on developing a national digital currency through the nation's central bank. The order highlighted the need for more regulatory oversight of cryptocurrencies, which have been used for nefarious purposes such as money laundering and other criminal activities.

To read this article in full, please click here



Computer World Security News
Oct 12, 2022

EU-US data sharing agreement: Is it a done deal?
The thousands of companies waiting for a new US-EU data-transfer agreement to go into effect soon and ease the burdensome legal work necessary for cross-border data transfer shouldn't get their hopes up. US President Joe Biden's executive order to implement rules for the Trans-Atlantic Data Policy Framework agreed on earlier this year is a move in the right direction, but the new pact won't go into effect until next spring at the earliest, and even then it is bound to face legal challenges, say public policy and legal experts.

To read this article in full, please click here



Computer World Security News
Oct 06, 2022

Online privacy: Best browsers, settings, and tips
"You have zero privacy anyway. Get over it," Scott McNealy said of online privacy back in 1999, a view the former CEO of the now-defunct Sun Microsystems reiterated in 2015. Despite the hue and cry his initial remarks caused, he's been proven largely correct.

Cookies, beacons, digital signatures, trackers, and other technologies on websites and in apps let advertisers, businesses, governments, and even criminals build a profile about what you do, who you know, and who you are at very intimate levels of detail. Remember that 2012 story about how Target could tell a teenager was pregnant before her parents knew, based on her online activities? That is the norm today. Google and Facebook are the most notorious commercial internet spies, and among the most pervasive, but they are hardly alone.

To read this article in full, please click here



Computer World Security News
Oct 05, 2022

Coming soon — a resume-validating blockchain network for job seekers
An online resume-validating network has garnered support from than a dozen board members from companies whose ranks include Aon, Oracle, SAP, UKG and ZipRecruiter with the aim of reducing the time and cost of vetting job candidates.

To read this article in full, please click here



Computer World Security News
Sep 28, 2022

16 Wall Street firms fined $1.8B for using private text apps, lying about it
The US Securities and Exchange Commission (SEC) has fined big-name banks and brokerages a collective $1.8 billion over workers' use of private texting apps to discuss work and for not always saving those messages. The fines include $1.1 billion assessed by the SEC and a $710 million fine from the Commodity Futures Trading Commission (CFTC).

The SEC investigation uncovered what the agency called "pervasive off-channel communications," that were collected by the firms themselves from employee devices. The employees included senior and junior investment bankers and debt and equity traders.

To read this article in full, please click here



Computer World Security News
Sep 28, 2022

How Ukraine's MacPaw got its business ready for war
Vira Tkachenko, CTO at Ukraine software developer MacPaw, spoke remotely to Apple admins at Jamf's JNUC event. A real-world  example of a woman in a leadership position in tech, she explained how her company planned for business continuity during the war in Ukraine.

It's an excellent lesson in crisis management and planning for any business leader. Here are some of the insights shared during her session.

To read this article in full, please click here



Computer World Security News
Sep 27, 2022

Jamf touts big boost to enterprise security at JNUC
Jamf opened its annual JNUC event for Apple admins today with a slew of announcements focused on device management and security, a new Jamf Trust app, further information on its recently announced ZecOps deal and other updates likely to be of interest to Apple IT professionals.

The company also committed to supporting Microsoft Device Compliance on Macs later this year, with support for Google's context-aware zero trust framework (BeyondCorp) on iOS devices in early 2023.

To read this article in full, please click here



Computer World Security News
Sep 26, 2022

Jamf buys ZecOps to bring high-end security to Apple enterprise
The Apple-in-the-enterprise story continues to unfold, this week with Jamf's announced plans to acquire mobile threat detection and response company ZecOps.

Already consumer-simple, Jamf becomes government secure Jamf will likely reveal more about the motivations behind the deal at its JNUC event for Apple admins, which begins tomorrow. The purchase is the latest move by the Apple-focused enterprise MDM provider to supplement device management with an increasingly effective set of tools to bolster device security.

To read this article in full, please click here



Computer World Security News
Sep 20, 2022

Windows 11 2022 Update is the version enterprises can move to
Microsoft today announced the rollout of the first major feature upgrade to Windows 11. Many of the changes are incremental and focus on user interface and productivity enhancements, but there are some useful additions — including a new password security feature.

Mostly, Windows 11 version 22H2, known as the Windows 11 2022 Update, is about polishing up the user experience introduced with Windows 11, while rounding out the feature set with some additional enterprise-targeted capabilities, according to Stephen Kleynhans, a vice president analyst at research firm Gartner.

To read this article in full, please click here



Computer World Security News
Sep 16, 2022

Critical zero-days make September's Patch Tuesday a 'Patch Now' release
With 63 updates affecting Windows, Microsoft Office and the Visual Studio and .NET platforms — and reports of three publicly exploited vulnerabilities (CVE-2022-37969, CVE-2022-34713, CVE-2021-40444) — this month's Patch Tuesday release gets a "Patch Now" priority. Key testing areas include printing, Microsoft Word, and in general application un-installations. (The Microsoft Office, .NET and browser updates can be added to your standard release schedules.)

To read this article in full, please click here



Computer World Security News
Sep 16, 2022

Sadly, IT can no longer trust geolocation for much of anything
Geolocation was once a glorious way to know who your company is dealing with (and sometimes what they are doing). Then VPNs started to undermine that. And now, things have gotten so bad that the Apple App Store and Google Play both offer apps that unashamedly declare they can spoof locations — and neither mobile OS vendor does anything to stop it.

Why? It seems both Apple and Google created the holes these developers are using.

In a nutshell, Apple and Google — to test their apps across various geographies — needed to be able to trick the system into thinking that their developers are wherever they wanted to say that they are. What's good for the mobile goose, as they say.

To read this article in full, please click here



Computer World Security News
Sep 06, 2022

When Windows updating goes bad — the case of the problematic patch
Every month, Windows users and administrators receive updates from Microsoft on Patch Tuesday (or Wednesday, depending on where you're located). And each month, most users all apply the same updates. 

But should we?

Case in point: KB5012170, a patch released on Aug. 9 that either causes no issues — or triggers Bitlocker recover key requests or won't install at all, demanding that you go find a firmware update. This patch, called the Security update for Secure Boot DBX, applies to nearly all supported Windows releases. Specifically, it affects Windows Server 2012; Windows 8.1 and Windows Server 2012 R2; Windows 10, version 1507; Windows 10, version 1607 and Windows Server 2016; Windows 10, version 1809 and Windows Server 2019; Windows 10, versions 20H2, 21H1, and 21H2; Windows Server 2022; Windows 11, version 21H2 (original release), and Azure Stack HCI, version 1809, all the way to Azure Stack Data Box, version 1809 (ASDB).

To read this article in full, please click here



Computer World Security News
Sep 02, 2022

Apple wasn't fooling when it said it wanted to make Macs more secure
When Craig Federighi, Apple's senior vice president of software engineering last year said, "We have a level of malware on the Mac that we don't find acceptable," he apparently really meant it. And Apple seems to be doing about something about it.

Apple is giant taking steps to secure the Mac Federighi characterized Apple as being in an enduring battle against malware on the Mac. He also explained that between May 2020 and May 2021 the company identified 130 types of Mac malware that infected 300,000 systems.

Given the Mac's reputation for security, that may seem counter intuitive, but maintaining a secure platform requires constant watchfulness.

To read this article in full, please click here



Computer World Security News
Sep 01, 2022

Apple pushes out emergency updates to address zero-day exploits
Apple this week released urgent security updates to address zero-day vulnerabilities on older model iPhones, iPads, and iPods.

The patches, pushed out on Wednesday, address an out-of-bounds write issue that could be exploited by an attacker enabling them to take control of the affected device. The US Cybersecurity and Infrastructure Agency (CISA) today encouraged users and IT admins to review Apple's advisory HT213428 and apply the necessary updates.

To read this article in full, please click here



Computer World Security News
Aug 29, 2022

Facebook agrees to settle class action lawsuit related to Cambridge Analytica data breach
The four-year-old lawsuit claimed Facebook allowed the British political consulting firm access to private data of over 80 million users.

Computer World Security News
Aug 26, 2022

What is Managed Device Attestation on Apple platforms?
Announced at WWDC 2022, Managed Device Attestation protection shows that Apple is adjusting device security protections to adapt to an increasingly distributed age.

Secure the endpoints, not the end times This adjustment reflects a reality shift. Work doesn't happen on specific servers or behind defined firewalls today. VPN access can differ across teams. And yet, in a workplace defined by multiple remote devices (endpoints), the security threat is greater than ever.

Managed Device Attestation works to create a second boundary of trust around which device management solutions can work to protect against attack.

To read this article in full, please click here



Computer World Security News
Aug 26, 2022

Planned ‘fixes' for credit-card interchange fees will actually make fraud easier
I love it when organizations try and do something good, but don't think things through and end up delivering unintended negative consequences.

Today's case in point: the US Senate and the Federal Reserve, both of whom are looking to reduce high interchange costs, but are unintentionally increasing costs for merchants and sharply boosting the undiscovered fraud rate. Not bad for government work.

Let's start with the Senate, where Sens. Dick Durbin (D-IL) and Roger Marshall (R-KS) have crafted The Credit Card Competition Act of 2022. Its stated goal: reduce the interchange fee that financial institutions and card brands (Visa, MasterCard, Amex, etc.) charge retailers. 

To read this article in full, please click here



Computer World Security News
Aug 18, 2022

Android security: Analysis, advice, and next-level knowledge
It's tough to talk about Android security without venturing into sensational terrain.

A large part of that is due to the simple fact that the forces driving most Android security coverage are companies that make their money by selling Android security software — and thus companies with strong interests in pushing the narrative that every Android phone is on the perpetual brink of grave, unfathomable danger. Plus, let's face it: A headline about 70 gazillion Android phones being vulnerable to the MegaMonsterSkullCrusher Virus is far more enticing than one explaining the nuanced realities of Android security.

In actuality, though, Android security is a complex beast — one with multiple layers in place to protect you and one that almost never warrants an alarmist attitude. I've been covering Android security closely since the platform's earliest days, and I've busted more myths and called out more shameless publicity stunts than I can even count at this point.

To read this article in full, please click here



Computer World Security News
Aug 15, 2022

What is USB Restricted Mode in macOS Ventura, and why do you want it?
Once upon a time, one attack vector for industrial sabotage consisted of exfiltrating data from Macs using a standard-issue USB storage card. Researchers have also shown that it's possible to hijack computers with malware-infested cables. It's a jungle out there, so Apple has toughened up (Apple Silicon) Mac protection with USB Restricted Mode.

What is USB Restricted Mode? Beginning with macOS Ventura, the new layer of protection comes in the form of USB Restricted mode, which should provide a little reassurance to enterprise IT and is enabled by default.

To read this article in full, please click here



Computer World Security News
Aug 15, 2022

Q&A: How employee monitoring can sometimes do more harm than good
Digital surveillance in the workplace became a growing concern for many workers during the COVID-19 pandemic, with a reported increase in use of productivity monitoring tools to track staffers working from home or "gig workers" subject to location and productivity monitoring throughout their day.

To read this article in full, please click here



Computer World Security News
Aug 13, 2022

Patch Tuesday update addresses 123 vulnerabilities, two critical zero-days
Microsoft's August Patch Tuesday release addresses 123 security issues in Microsoft Windows, Office, Exchange (it's back!) and Visual Studio — and unfortunately, we have two zero-days with reports of active exploitation in the wild. Since this is a broad update, it will require planning and testing before deployment.

The first (CVE-2022-34713) occurs in the Windows diagnostic tools and the second (CVE-2022-30134) affects Microsoft Exchange. Basically, the holidays are over and it's time to pay attention to Microsoft updates again. We have made "Patch Now" recommendations for Windows, Exchange and Adobe for this month.

To read this article in full, please click here



Computer World Security News
Aug 10, 2022

Microsoft urges Windows users to run patch for DogWalk zero-day exploit
Microsoft has confirmed that a high-severity, zero-day security vulnerability is actively being exploited by threat actors and is advising all Windows and Windows Server users to apply its latest monthly Patch Tuesday update as soon as possible.

The vulnerability, known as CVE-2022-34713 or DogWalk, allows attackers to exploit a weakness in the Windows Microsoft Support Diagnostic Tool (MSDT). By using social engineering or phishing, attackers can trick users into visiting a fake website or opening a malicious document or file and ultimately gain remote code execution on compromised systems.

To read this article in full, please click here



Computer World Security News
Aug 08, 2022

Banks face a WhatsApp reckoning as regulators clamp down on messaging apps
As regulators hand out hundreds of millions of dollars in fines for record-keeping failures related to the use of social messaging platforms such as WhatsApp, the finance industry faces a choice: properly enforce bans on the use of these apps or find ways to make them compliant.

"The explosion of new electronic communications channels — and the pervasive use of these — raises lots of red flags for the regulators," said Anthony Diana, a partner at law firm Reed Smith's Tech & Data Group. "The fear is that, if bad things are happening, they're happening on these personal apps, not on the sanctioned communication channels that are surveilled."

Anthony Diana Anthony Diana, a partner at law firm Reed Smith's Tech & Data Group.

To read this article in full, please click here



Computer World Security News
Aug 04, 2022

Microsoft bolsters threat intelligence security portfolio with two new products
Drawing from its acquisition of RiskIQ, Microsoft is releasing Defender External Attack Surface Management and Defender External Attack Surface Management.

Computer World Security News
Aug 04, 2022

Microsoft boosts threat intelligence with new Defender programs
Drawing from its acquisition of RiskIQ, Microsoft is releasing Defender External Attack Surface Management and Defender Threat Intelligence.

Computer World Security News
Aug 03, 2022

5 best practices for secure collaboration
How successful companies are facing the challenges of securing emerging communication technologies.

Computer World Security News
Aug 02, 2022

How to protect Windows 10 and 11 PCs from ransomware
CryptoLocker. WannaCry. DarkSide. Conti. MedusaLocker. The ransomware threat isn't going away anytime soon; the news brings constant reports of new waves of this pernicious type of malware washing across the world. It's popular in large part because of the immediate financial payoff for attackers: It works by encrypting the files on your hard disk, then demands that you pay a ransom, frequently in Bitcoin or other cryptocurrency, to decrypt them.

But you needn't be a victim. There's plenty that Windows 10 and 11 users can do to protect themselves against it. In this article, I'll show you how to keep yourself safe, including how to use an anti-ransomware tool built into Windows.

To read this article in full, please click here



Computer World Security News
Aug 01, 2022

Apple's latest controversy: Expanded App Store advertising
Depending on how you look at it, Apple may be ramping up ways developers can  reach out durectly to customers via its App Store - or building its own business at others' expense.

What Apple is doing Apple has had an advertising business of its own ever since Apple's then CEO, Steve Jobs, introduced us to iAds in 2010. The scale of that offer was always limited to Apple's platform, but the service arguably failed, with its technology living on in the form of ad slots in Apple News and the App Store.

Apple's App Store currently hosts just two ad slots, one in the search tab and the other in Search results. You can tell when you are looking at an ad from the blue shade behind the graphic and a small blue badge that says "ad" - these ads are hard to mistake for content.

To read this article in full, please click here



Computer World Security News
Jul 25, 2022

For SMBs, Microsoft offers a new layer of server protection
Do you run a small business with on-premises servers?

Chances are, you rely on technology that includes servers, whether they're Windows- or Linux-based. With that in mind, Microsoft recently announced it's previewing "server protection for small business" — bundling the offering with Microsoft Defender for Business.

This is noteworthy because until now, most Endpoint Detection and Response (EDR) solutions have been expensive and typically only deployed by larger enterprises. (EDR is an integrated, layered approach to endpoint protection that combines real-time continuous monitoring and endpoint data analytics with rule-based automated response.)

To read this article in full, please click here



Computer World Security News
Jul 22, 2022

Zoom expands end-to-end encryption for Phone and breakout rooms
Zoom has announced it is expanding end-to-end encryption (E2EE) capabilities to Zoom Phone, with breakout rooms to be given the same level of encryption in the near future.

Zoom Phone customers now have the option to upgrade to E2EE during one-on-one Zoom Phone calls between users on the same Zoom account that occur via the Zoom client.

During a call, when users select "More" they will see an option to change the session to an end-to-end encrypted phone call. When enabled, Zoom encrypts the call by using cryptographic keys known only to the devices of the caller and receiver. Users will also have the option to verify E2EE status by providing a unique security code to one another.

To read this article in full, please click here



Computer World Security News
Jul 20, 2022

Will new EU crypto rules change how ransomware is played?
Cryptocurrency has always been the payment method of choice for bad guys. Get hit with an enterprise ransomware attack and plan to pay? You'll need crypto. The key reason cyberthieves love cryptocurrency so much is that it is far harder to trace payments. 

That is why a move being attempted by the European Union has so much potential. The EU — in a move that will likely be mimicked by many other regional regulatory forces, including in the United States — is putting in place tracking requirements for all cryptocurrency. 

If it is successful, and the EU has an excellent track record on precisely these kinds of changes, cryptocurrency may quickly fade as the thief's payment of choice.

To read this article in full, please click here



Computer World Security News
Jul 20, 2022

How to stay smart about Android app permissions
When it comes to Android and privacy, we're accustomed to seeing things move in a certain direction.

It's simple, really: With each new Android version, it usually gets easier to manage your privacy and understand how your information is being used. And we typically get more front-facing tools and under-the-hood improvements that allow us to handle that stuff intelligently. Obviously, right?

To read this article in full, please click here



Computer World Security News
Jul 15, 2022

With a light July Patch Tuesday, it's time to invest in your IT processes
Though we get a reprieve from Exchange updates in this month's Patch Tuesday update, more printer updates are on the way. Even with no updates for Microsoft Exchange or Visual Studio, Adobe is back with 15 critical updates for Adobe Reader. And Microsoft's new patch deployment tool Auto-Patch is now live. (I always thought application testing was the main problem here, but actually getting patches deployed is still tough.)

Though the numbers are still quite high (with 86 reported vulnerabilities), the testing and deployment profile for July should be fairly moderate. We suggest taking the time to harden your Exchange Server defenses and mitigation processes, and invest in your testing processes.

To read this article in full, please click here



Computer World Security News
Jul 13, 2022

Drop, crack, d'oh! My broken Android phone epiphany
Man, I had one hell of a streak.

All these years — approximately 7,967 since I first started using and writing about Android — and somehow, rather miraculously, I'd never outright broken a phone.

Impressive, I know. But don't let yourself get wrapped in awe yet, my fellow drop-dreading denizen: My streak of impeccable Android phone protection has officially come to a crashing halt.

[Got Android? Get Android Intelligence in your inbox and get three new things to try every Friday.] Now, I didn't technically drop my phone, mind you. And I didn't technically break it myself, either. But it was definitely broken. And it happened on my watch.

To read this article in full, please click here



Computer World Security News
Jul 11, 2022

Now's the time to prep for Microsoft's Excel macro crackdown
On July 8, Microsoft pulled back from its decision in February to block macros in Excel documents by default. Microsoft had said it would block Excel files that contained macros if they were downloaded from the internet. (Malicious actors use these lures as a way to launch attacks on networks; specifically, ransomware and other types of malicious activity can launched from a plain, old malicious spreadsheet.)

Microsoft still plans to put this blocking in place, but only after "a better experience." In the meantime, there are actions you can take now so you won't need to worry about the change in the future.

[ Related: What enterprise needs to know about Windows 11 ] If you work for a firm that's developed spreadsheets for your own internal office use, chances are the spreadsheet does not have a digital signature. Signing machos is similar to how websites use SSL certificates to validate the site is legit. The hardest part of the self-signing process is deciding whether you want to purchase a code-signing certificate or use the self-signed certificate process. (I can tell you from personal experience that trying to purchase a code-signing certificate is an expensive and cumbersome process. I don't recommend that option, except for large enterprises where the code-signing process is routine.)

To read this article in full, please click here



Computer World Security News
Jul 07, 2022

Apple slaps hard against ‘mercenary' surveillance-as-a-service industry
Apple has struck a big blow against the mercenary "surveillance-as-a-service" industry, introducing a new, highly secure Lockdown Mode to protect individuals at the greatest risk of targeted attacks. The company is also offering millions of dollars to support research to expose such threats.

Starting in iOS 16, iPadOS 16 and macOS Ventura, and available now in the latest developer-only betas, Lockdown Mode hardens security defenses and limits the functionalities sometimes abused by state-sponsored surveillance hackers. Apple describes this protection as "sharply reducing the attack surface that potentially could be exploited by highly targeted mercenary spyware."

To read this article in full, please click here



Computer World Security News
Jul 07, 2022

Microsoft backs off facial recognition analysis, but big questions remain
Microsoft is backing away from its public support for some AI-driven features, including facial recognition, and acknowledging the discrimination and accuracy issues these offerings create. But the company had years to fix the problems and didn't. That's akin to a car manufacturer recalling a vehicle rather than fixing it.

Despite concerns that facial recognition technology can be discriminatory, the real issue is that results are inaccurate. (The discriminatory argument plays a role, though, due to the assumptions Microsoft developers made when crafting these apps.)

Let's start with what Microsoft did and said. Sarah Bird, the principal group product manager for Microsoft's Azure AI, summed up the pullback last month in a Microsoft blog. 

To read this article in full, please click here



Computer World Security News
Jul 06, 2022

European Parliament approves sweeping big tech antitrust laws
The European Commission announced late yesterday that the Digital Markets Act (DMA) and Digital Services Act (DSA) have been voted through, marking a new chapter for how technology companies will be able to operate in the EU. The parliament voted 588 in favor and 11 against for the DMA, while 539 MEPs backed the DSA, with 54 votes against.

To read this article in full, please click here



Computer World Security News
Jul 05, 2022

Think twice before deploying Windows' Controlled Folder Access
As ransomware attacks gained steam in the mid-2010s, Microsoft sought to give Windows users and admins tools to protect their PCs from such attacks. With its October 2017 feature update, the company added a feature called Controlled Folder Access to Windows 10.

On paper, Controlled Folder Access sounds like a great protection for consumers, home users, and small businesses with limited resources. As defined by Microsoft, "Controlled folder access helps protect your valuable data from malicious apps and threats, such as ransomware. Controlled folder access protects your data by checking apps against a list of known, trusted apps. Supported on Windows Server 2019, Windows Server 2022, Windows 10, and Windows 11 clients, controlled folder access can be turned on using the Windows Security App, Microsoft Endpoint Configuration Manager, or Intune (for managed devices)."

To read this article in full, please click here



Computer World Security News
Jul 05, 2022

Are banks quietly refusing reimbursements to fraud victims?
There are some scary reports popping up that various major financial institutions no longer credit back all fraudulent transactions, even when victims file a police report. If true, it's a disastrous move that will painfully hurt the institutions.

Let's look a recent New York Times report on the problem:

To read this article in full, please click here



Computer World Security News
Jun 29, 2022

FCC commissioner wants Apple, Google to remove TikTok from App Stores
FCC Commissioner Brendan Carr has written to Apple and Google to request that both companies remove the incredibly popular TikTok app from their stores, citing a threat to national security.

Is your data going TikTok? Carr warns the app collects huge quantities of data and cited a recent report that claimed the company has accessed sensitive data collected from Americans. He argues that TikTok's, "pattern of conduct and misrepresentations regarding the unfettered access that persons in Beijing have to sensitive U.S. data...puts it out of compliance," with App Store security and privacy policies.

To read this article in full, please click here



Computer World Security News
Jun 28, 2022

How Apple is improving single sign-on
Among a slew of announcements at WWDC this year were some important changes to Apple's support for single sign-on (SSO). Here's what's coming when new updates ship this fall.

SSO BYOD = iOS 16, iPadOS 16 Apple first introduced SSO support at WWDC 2019 with Sign in with Apple, which also saw the introduction of extensions to enable this kind of authentication. It allowed a user to access a service or website using their Apple ID, and meant support for identity providers, the use of highly secure token-based signatures and the tools service providers required to implement these systems.

To read this article in full, please click here



Computer World Security News
Jun 27, 2022

Time for a mid-year browser security check
We've reached the mid-point of 2022 and when it comes to security, I feel like we're not making much headway. I still see people report they're getting scammed, ransomed, and attacked on a regular basis — and for many users the browser is becoming the most important part of whatever platform you use. So now is a good time to review your browsers, and any extensions you've installed to beef up security.

Note, I said browsers —plural. While enterprises might want to standardize on only one browser for better control, for small businesses and individual users, I recommend installing more than one. (I often use three different browsers.)

Why is this important? Because attackers (and trackers) go after browsers. In fact, it's good to think of your browser a separate operating system, and act accordingly to protect it. Though I focus mainly on Windows issues, these guidelines and recommendations apply to Mac OS, Ubunto, Mint, and others.

To read this article in full, please click here



Computer World Security News
Jun 24, 2022

The surveillance-as-a-service industry needs to be brought to heel
Here we go again: another example of government surveillance involving smartphones from Apple and Google has emerged, and it shows how sophisticated government-backed attacks can become and why there's justification for keeping mobile platforms utterly locked down.

What has happened? I don't intend to focus too much on the news, but in brief it is as follows:

Google's Threat Analysis Group has published information revealing the hack. Italian surveillance firm RCS Labs created the attack. The attack has been used in Italy and Kazakhstan, and possibly elsewhere. Some generations of the attack are wielded with help from ISPs. On iOS, attackers abused Apple's enterprise certification tools that enable in-house app deployment. Around nine different attacks were used. The attack works like this: The target is sent a unique link that aims to trick them into downloading and installing a malicious app. In some cases, the spooks worked with an ISP to disable data connectivity to trick targets into downloading the app to recover that connection.

To read this article in full, please click here



Computer World Security News
Jun 24, 2022

Italian spyware firm is hacking into iOS and Android devices, Google says
Google's Threat Analysis Group (TAG) has identified Italian vendor RCS Lab as a spyware offender, developing tools that are being used to exploit zero-day vulnerabilities to effect attacks on iOS and Android mobile users in Italy and Kazakhstan.

According to a Google blog post on Thursday, RCS Lab uses a combination of tactics, including atypical drive-by downloads as initial infection vectors. The company has developed tools to spy on the private data of the targeted devices, the post said.

To read this article in full, please click here



Computer World Security News
Jun 23, 2022

Apple says it's time your business ran BIMI
Apple will add another obstacle against successful phishing attacks in iOS 16, iPadOS 16, and macOS Ventura, which will show a company's official logo to help recipients recognize genuine from fake emails.

Brand Indicators for Message Identification Apple's forthcoming operating systems will support Brand Indicators for Message Identification (BIMI). This is a specification to enable the use of brand-controlled logos within emails and will be a way to tell recipients that an email genuinely comes from the company concerned. Google has supported BIMI since 2021.

To read this article in full, please click here



Computer World Security News
Jun 21, 2022

Trouble with Windows? You have support options
So, you finally got around to installing a Windows update from Microsoft, and there's a problem. Where do you go for support and assistance?

Short answer: it depends.

If you are an Enterprise customer and have an issue with your work computer — whether in the office or remote — there should be a designated IT administrator or help desk for you. You either call the help desk or open a trouble ticket and someone gets back to you. Often, they have tools to remotely connect to your computer and see what's going on.  If the issue is so serious your machine can't be fixed, they'll deploy a new computer or reimage your PC using tools such as Autopilot to deploy a fresh copy of Windows for you.

To read this article in full, please click here



Computer World Security News
Jun 17, 2022

Microsoft delivers solid Windows-focused updates for June's Patch Tuesday
June's Patch Tuesday updates, released on June 14, address 55 vulnerabilities in Windows, SQL Server, Microsoft Office, and Visual Studio (though there are oo Microsoft Exchange Server or Adobe updates this month). And a zero-day vulnerability in a key Windows component, CVE-2022-30190, led to a "Patch Now" recommendation for Windows, while the .NET, Office and SQL Server updates can be included in a standard release schedule.

To read this article in full, please click here



Computer World Security News
Jun 17, 2022

Will COVID's legacy be a healthier workplace?
Exit signs and fire extinguishers became mandatory following the Triangle Shirtwaist Factory fire in New York City. The 1933 Long Beach earthquake triggered an overhaul of building codes for California public schools. Regulations covering the construction and operation of nuclear power plants were fortified after the 1979 Three Mile Island accident.

What will the long-term impacts of COVID-19 be on workplace safety?

To read this article in full, please click here



Computer World Security News
Jun 17, 2022

Apple offers devs two useful enterprise security tools
Two sessions I attended at last week's Worldwide Developer Conference (WWDC) — the Managed Device Attestation and Secure Endpoint sessions — highlight the company's commitment to delivering increased capabilities for security tools. While both were naturally oriented more to developers of device management and security solutions than to end users or IT admins, some of the additional capabilities developers will be able to build into enterprise tools are noteworthy.

To read this article in full, please click here



Computer World Security News
Jun 16, 2022

Jamf CIO: Apple will be the No. 1 enterprise endpoint by 2030
I spoke with Jamf CIO Linh Lam on a recent UK visit to mark the company's 20th anniversary. The 2020 Bay Area CIO of the Year Finalist joined Jamf in 2021 - and thinks Apple will be the top enterprise endpoint by 2030 as its current momentum accelerates.

The changing landscape of enterprise IT "The way the demand is growing and the expectations of younger generations joining the workforce, Apple devices will be the number one endpoint by 2030," she told me.

To read this article in full, please click here



Computer World Security News
Jun 13, 2022

Before Patch Tuesday, a to-do list to avoid trouble
You could call today Patch-Tuesday Eve. It's the day before Windows machines get offered updates from Microsoft. What should you be doing to prepare?

It depends on what kind of computer user you are.

If your files are stored in the cloud You keep everything in the cloud, you use a Microsoft account, you don't mind reinstalling your OS if need be. Your data is protected by a username and a password, and if you are savvy, your data is protected by two-factor authentication.  

Prior to Patch Tuesday, you might decide you don't need to back up your computer system since you know if something happens to your computer, you can reinstall the operating system and merely reconnect to your various online storage services. You've double-checked that all cloud services you use have Version History." rel="noopener nofollow" target="_blank"file versioning enabled, so if you need to roll back to a prior version of a file, you can do so.

To read this article in full, please click here



Computer World Security News
Jun 10, 2022

WWDC: Apple, Cloudflare, Fastly plot the end of CAPTCHA
Apple took several steps toward a password-free future at its Worldwide Developer Conference, but another component of its strategy will be to replace CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart) with a more private solution.

Introducing: Private Access Tokens Apple is working with Cloudflare (with whom most think it developed the tech behind iCloud Private Relay). It is also working with Google and Fastly to deploy a standardized alternative to CAPTCHA called Private Access Tokens.

To read this article in full, please click here



Computer World Security News
Jun 09, 2022

Microsoft commits to ban non-competes and increase pay transparency in the US
Microsoft has launched four new employee workforce initiatives aimed at creating a more transparent workplace culture, including the banning of non-compete clauses in contracts and a commitment to improved pay transparency.

The four commitments have been categorized by Microsoft as:

Empowering employee mobility Fostering a safe space for concerns Increasing pay transparency Conducting a civil rights audit The new policies aim to address concerns raised by employees that current non-compete obligations are being used as a forced retention tactic. Consequently, the company will be removing non-compete clauses from US employee agreements and will not enforce existing clauses for workers outside of Microsoft's senior leadership team.

To read this article in full, please click here



Computer World Security News
Jun 06, 2022

WWDC22: Apple brings declarative device management to the Mac?
More opportunities for engineers and developers to implement declarative device management solutions are likely to emerge at WWDC 2022, at least, according to MacAdmins.

Speaking during the pre-event podcast, speakers argue that Apple will eventually require that all mobile device management (MDM)  providers introduce support for declarative management. Might this include bringing declarative device management to the Mac?

What is declarative device management? Apple first introduced declarative device management last year, largely for two reasons: to make devices more proactive, and to reduce the impact on MDM servers that handle large fleets of devices. This should boost performance and scalability.

To read this article in full, please click here



Computer World Security News
Jun 06, 2022

After a Windows update, what should you expect?
Let's get this straight: It's not normal for a Windows update to remove software. It's designed to install the update, not change software already in place on your system. 

At least, updates are not supposed to remove software. Since March, however, if you run the RDgateway broker service on Server 2022 (and only that version), the monthly cumulative updates have removed that service. This behavior is not normal; this is a bug.

As Microsoft notes in the Microsoft 365 Admin dashboard: "We have received reports that after installing KB5005575 or later updates on Windows Server 2022 Standard Edition, Remote Desktop Services Connection Broker role and supporting services might be removed unexpectedly. We have expedited investigation and are working on a resolution. Note: Windows Server 2022 Datacenter edition and other versions of Windows Server are not affected by this issue."

To read this article in full, please click here



Computer World Security News
Jun 03, 2022

The best privacy and security apps for Android
Let's get one thing out of the way right off the bat: If you're looking for recommendations about Android security suites or other malware-scanning software, you've come to the wrong place.

Why? Because, like most people who closely study Android, I don't recommend using those types of apps at all. Android malware isn't the massive real-world threat it's frequently made out to be, and Google Play Protect and other native Android settings are more than enough to keep most devices safe.

To read this article in full, please click here



Computer World Security News
Jun 02, 2022

Apple confirms the scale of App Store fraud
Apple says millions of fraudulent attempts are made against the App Store and its users each year. The company prevented $1.5 billion in fraudulent transactions in 2021, it said, in line with similar levels of fraud in 2020.

How people attempt to commit App Store fraud The company explains how fraudsters attempt to commit fraud via the store.

To read this article in full, please click here



Computer World Security News
May 31, 2022

Windows 11: Should you bypass the hardware block?
If you're like most PC users, your current computer can't run Windows 11. Microsoft has placed a line in the hardware sand to ensure that only modern machines with certain specifications that harden security can run Windows 11. 

Well, sort of. The company provides a workaround, as I'll discuss in a moment. Whether you should take advantage of this loophole to upgrade PCs (whether yours or your users') to Windows 11 is the question.

First, if you want to know if a computer can run Windows 11, you can use the PC Health Check app, Microsoft's diagnostic tool. But if your PC doesn't support Windows 11, Microsoft's app doesn't do a great job of explaining why. Instead, I recommend using either the Windows 11 Requirements Check Tool from ByteJams.com or WhyNotWin11, available on Github. Both tools provide granular detail about why a machine won't run Windows 11. On my personal laptop at home, for instance, the processor can't support hardware for hypervisor enforced code integrity, nor does Windows 11 like the graphics display.

To read this article in full, please click here



Computer World Security News
May 31, 2022

Why Industry 4.0 must think more like Apple
For industrial applications, the Internet of Things risks becoming the Internet of Thieves. Perhaps industries making use of connected solutions should take a leaf out the Apple book and lock down their infrastructure.

What the ethical hackers say As digital processes become deeply embedded across every industry, it makes sense that industrial control systems were tested at this year's Pwn2Own contest. Hackers were asked to seek out vulnerabilities in industrial software and systems.

Contest winners Daan Keuper and Thijs Alkemade found that once they managed to break into the IT networks used at these companies, it was "relatively easy" to then cause havoc with systems and equipment.

To read this article in full, please click here



Computer World Security News
May 31, 2022

Google's open-source security move may be pointless. In a perfect world, it should be.
One of the bigger threats to enterprise cybersecurity involves re-purposed third-party code and open-source code, so you'd

Think again.

Here's Google's pitch: "Assured OSS enables enterprise and public sector users of open source software to easily incorporate the same OSS packages that Google uses into their own developer workflows. Packages curated by the Assured OSS service are regularly scanned, analyzed, and fuzz-tested for vulnerabilities; have corresponding enriched metadata incorporating Container/Artifact Analysis data; are built with Cloud Build including evidence of verifiable SLSA-compliance; are verifiably signed by Google; and are distributed from an Artifact Registry secured and protected by Google."

To read this article in full, please click here



Computer World Security News
May 26, 2022

DOJ reverses itself, says good-faith security researchers should be left alone
In a move that could have a major impact on enterprise penetration testing and other cybersecurity tactics, the US Department of Justice last Thursday reversed one of its own policies by telling prosecutors not to prosecute anyone involved in "good-faith security research."

This is one of those common-sense decisions that makes me far more interested in exploring the original DOJ policy (set in 2014, during the Obama era). 

The underlying law at issue is the Computer Fraud and Abuse Act, which made it illegal to access a computer without proper authorization. It was passed in 1986 and has been updated several times since then.

To read this article in full, please click here



Computer World Security News
May 26, 2022

IT salaries aren't keeping up with inflation — but that may soon change
Pay for some IT professionals is failing to keep up with inflation, according to a salary survey by IT employment consultancy Janco Associates for calendar year 2021. But preliminary data indicates pay for tech workers could soon change drastically with job market in IT tight, and many companies eyeing major tech projects in the year ahead.

With inflation in the US running at about 8% over the past year, salary increases — even for IT execs — have failed to keep pace.

The mean compensation for all IT pros last year rose only 2.05%, with the median salary at $100,022 for those at large enterprises and at $95,681 for IT workers at mid-sized firms, according to Janco.

To read this article in full, please click here



Computer World Security News
May 25, 2022

Microsoft security vulnerabilities drop after five-year rise
While elevated privilege attacks remain a critical security concern when using Microsoft products, a new report says that the raw number of vulnerabilities is dropping.

Computer World Security News
May 16, 2022

Not all patching problems are created equal
It's the third week of the month — the week we find out whether Microsoft acknowledges any side effects it's investigating as part of the monthly patch-release process.

First, a bit of background. Microsoft has released patches for years. But they haven't always been released on a schedule. In the early days, Microsoft would release updates any day of the week. Then in October 2003, Microsoft formalized the release of normal security updates on the second Tuesday of the month. Thus was born Patch Tuesday. (Note: depending on where you are in the world, Patch Tuesday may be a Patch Wednesday.) The following day, or in some cases, over the next week, users and admins report issues with updates — and Microsoft finally acknowledges that, yes, there are issues.

To read this article in full, please click here



Computer World Security News
May 14, 2022

May's Patch Tuesday updates make urgent patching a must
This past week's Patch Tuesday started with 73 updates, but ended up (so far) with three revisions and a late addition (CVE-2022-30138) for a total of 77 vulnerabilities addressed this month. Compared with the broad set of updates released in April, we see a greater urgency in patching Windows — especially wiith three zero-days and several very serious flaws in key server and authentication areas. Exchange will require attention, too, due to new server update technology.

To read this article in full, please click here



Computer World Security News
May 12, 2022

Europe puts Apple's CSAM plans back in the spotlight
Apple may have put some of its plans to scan devices for CSAM material on hold, but the European Commission has put them right back in the spotlight with a move to force messaging services to begin monitoring for such material.

CSAM is emerging as a privacy test In terms of child protection, it's a good thing. Child Sexual Abuse Material (CSAM) is a far bigger problem than many people realize; victims of this appalling trade end up with shattered lives.

To read this article in full, please click here



Computer World Security News
May 09, 2022

Just what does Windows 11 bring to the table?
The other day, my Dad — my bellwether for technology — mentioned in passing that he'd read online that Windows 11 shouldn't be used and that the operating system wasn't being adopted.

Dad had a point. He's more of an Apple user now — I have him on my phone plan to support his tech needs, he uses an iPhone and has an iPad. As his needs have changed, his reliance on Windows devices has decreased. In fact, his current Windows needs involve applications not on the Apple platform. (And because he's a standalone user, not a domain user, many of the advances in Windows 11 having to do with authentication won't be available to him.)

To read this article in full, please click here



Computer World Security News
May 04, 2022

Google responds to EU data rulings with new Workspace controls
Google Cloud has announced a new set of Sovereign Controls for users of its Workspace productivity software, aimed at allowing organizations in both the public and private sector to better control, limit, and monitor data transfers to and from the European Union.

The changes look to have come in response to a range of recent European Union efforts to better protect the personal data of members when using cloud services, following the collapse of Privacy Shield.

To read this article in full, please click here



Computer World Security News
May 03, 2022

Download: UEM vendor comparison chart 2022
Unified endpoint management (UEM) is a strategic IT approach that consolidates how enterprises secure and manage an array of deployed devices including phones, tablets, PCs, and even IoT devices.To read this article in full, please click here

(Insider Story)

Computer World Security News
May 03, 2022

Enterprise mobility 2022: UEM adds user experience, AI, automation
The past two years have seen mobility management take on a greater importance than ever in the enterprise. As remote and hybrid work models take hold at many organizations, "mobility management" has expanded its meaning from management of mobile devices to management of all devices used by mobile employees, wherever they happen to be working from.

Unified endpoint management (UEM) has become a strategic technology at the center of companies' efforts to control this increasingly complex environment. Essentially combining enterprise mobility management (EMM) tools with PC management tools, UEM platforms help companies manage and protect a range of devices including smartphones, tablets, laptops, and desktop computers across multiple operating systems — all from a unified interface.

To read this article in full, please click here



Computer World Security News
May 02, 2022

Russia is losing the cyberwar against Ukraine, too
When Russia launched its all-out attack against Ukraine in February, the world expected the invaders to roll over the country quickly. That didn't happen, and Ukraine today, though still under assault, has so far thwarted Russia's ambitions to conquer it.

Russia has also been fighting a quieter war against Ukraine, a cyberwar, deploying what had been considered the most feared state-sponsored hackers in the world. And in the same way that Ukraine has fended off Russia's military might, it's been winning the cyberwar as well.

[ Ukrainian IT industry says it's still open for business ] In that cyberwar, as always, the terrain is primarily Windows, because it represents the largest and most vulnerable attack surface in the world. The facts about what exactly is going on have been shadowy. But there's plenty of evidence that Ukraine may keep the upper hand.

To read this article in full, please click here



Computer World Security News
Apr 28, 2022

Think the video call mute button keeps you safe? Think again
Have you recently been on a video confefence call, hit the "mute" button and then offered up some nasty comments about a client or a colleague — or even the boss?

Or maybe while in a conference room with colleagues — muted — and pointed out that some proposed action would violate the terms of a secret acquisition in its final stages?

If you were comfortable that the mute button was actively protecting your secret, you shouldn't have been.

Thanks to some impressive experimentation and research from a group of academics at the University of Wisconsin-Madison and Loyola University Chicago, utterances made while the app is in mute are still captured and saved into RAM.

To read this article in full, please click here



Computer World Security News
Apr 26, 2022

Jamf adds network and endpoint security tools for enterprise Macs
Jamf has announced a series of significant updates to Jamf Protect, introducing a unique set of technologies designed to make enterprise devices more secure while also identifying and responding to incoming endpoint threats. The company also introduced, Jamf Trust, which aims to make this kind of security simple to use. (The latter is also available for Android and Windows.)

What's new in Jamf Protect? The big news for Mac security, Jamf Protect, now offers a comprehensive endpoint and network security solution, supplementing its existing protections with new tools for:

To read this article in full, please click here



Computer World Security News
Apr 22, 2022

When it comes to data, resist your inner packrat
Human beings are natural pack rats, as evidenced by the 2.3 billion square feet of self-storage space that's in use in the U.S. Fear of getting rid of stuff even has a name: disposophobia.

Keeping every pair of shoes your kids have ever worn isn't a problem for anyone except those with whom you share living space.

But the same rules don't apply to data.

All industries have records retention guidelines spelled out in compliance rules. They are usually strictly enforced for regulated companies, and firms that run afoul of them can be punished.

To read this article in full, please click here



Computer World Security News
Apr 22, 2022

In a remote-work world, a zero-trust revolution is necessary
Last summer, law enforcement officials contacted both Apple and Meta, demanding customer data in "emergency data requests." The companies complied. Unfortunately, the "officials" turned out to be hackers affiliated with a cyber-gang called "Recursion Team."

Roughly three years ago, the CEO of a UK-based energy company got a call from the CEO of the company's German parent company instructing him to wire a quarter of a million dollars to a Hungarian "supplier." He complied. Sadly, the German "CEO" was in fact a cybercriminal using deepfake audio technology to spoof the other man's voice.

To read this article in full, please click here



Computer World Security News
Apr 22, 2022

12 Android settings that'll strengthen your security
You might not know it from all the panic-inducing headlines out there, but Android is actually packed with practical and powerful security options. Some are activated by default and protecting you whether you realize it or not, while others are more out of the way but equally deserving of your attention.

So stop wasting your time worrying about the Android malware monster du jour and which security company is using it to scare you into an unnecessary subscription, and take a moment instead to look through these far more impactful Android settings — ranging from core system-level elements to some more advanced and easily overlooked options.

To read this article in full, please click here



Computer World Security News
Apr 21, 2022

California eyes law to protect workers from digital surveillance
The California State Assembly is considering new rules that would offer workers greater protection from the use of digital monitoring tools by employers.

The "Workplace Technology Accountability Act" (AB 1651), introduced by Assemblymember Ash Kalra, would create a way to protect workers against the use of technologies that can negatively affect privacy and wellbeing.

The bill would "establish much needed, yet reasonable, limitations on how employers use data-driven technology at work," Kalra told the Assembly Labor and Employment Committee on Wednesday. "The time is now to address the increasing use of unregulated data-driven technologies in the workplace and give workers — and the state — the necessary tools to mitigate any insidious impacts caused by them."

To read this article in full, please click here



Computer World Security News
Apr 20, 2022

Top 6 e-signature software tools
The COVID-19 pandemic did not just disrupt physical meetings and physical office spaces; workflows that relied on in-person interaction, such as signing documents and contracts, were also highly impacted. Electronic signature (e-signature) software has surged in popularity over the past two years as enterprises looked to modify their signature workflows to support a remote workforce, said Holly Muscolino, group vice president for content strategies and future of work at IDC.

With many companies returning to an in-person office environment or adopting a hybrid workforce approach, where employees work some days in the office and some at home, e-signature vendors are working to convince businesses that they are still relevant. Although the market has slowed down, Muscolino said, "it's still showing healthy growth, because there are still companies who have not adopted this technology. There is still significant room for adoption."

To read this article in full, please click here



Computer World Security News
Apr 18, 2022

When humans make tech mistakes
We often think vendors are perfect. They have backups. They have redundancy. They have experts that know exactly how to deploy solutions without fail. And then we see they aren't any better than we are.

Let's look at a few recent examples.

In the small to mid-sized business (SMB) space, StorageCraft has long been a trusted backup software vendor. One of the first to make image backups easy to do, it was used and recommended by many managed service providers. After StorageCraft was acquired by Arcserve in March 2021, there were no immediate major changes in how the company ran.

To read this article in full, please click here



Computer World Security News
Apr 15, 2022

April's Patch Tuesday: a lot of large, diverse and urgent updates
This week's Patch Tuesday release was huge, diverse, risky, and urgent, with late update arrivals for Microsoft browsers (CVE-2022-1364) and two zero-day vulnerabilities affecting Windows (CVE-2022-26809 and CVE-2022-24500). Fortunately, Microsoft has not released any patches for Microsoft Exchange, but this month we do have to deal with more Adobe (PDF) printing related vulnerabilities and associated testing efforts. We have added the Windows and Adobe updates to our "Patch Now" schedule, and will be watching closely to see what happens with any further Microsoft Office updates. 

To read this article in full, please click here



Computer World Security News
Apr 13, 2022

Apple has good privacy arguments, but critics aren't listening
Apple CEO Tim Cook this week warned that regulators are on the edge of making poor decisions that will impact our future during a passionate speech in defense of personal privacy and his company's business models at the Global Privacy Summit in Washington DC.

Neither good nor evil The thrust of Cook's argument is that privacy and security are essential building blocks of trust for a technologically advanced society. But that huge potential is being constrained by surveillance and insecurity.

To read this article in full, please click here



Computer World Security News
Apr 12, 2022

Duckduckgo launches privacy browser beta for macOS
Privacy-centered search engine DuckDuckGo today launched the beta of its desktop browser for macOS.

The browser is designed from the ground up to maintain privacy, the company said, meaning it will not collect information about users and will not install cookies or tracking codes on devices. DuckDuckGo also said it can block "hidden trackers" before they load.

Duckduckgo first announced plans for a macOS desktop browser in December 2021. (The browser is already available as a download for mobile devices). In 2019, DuckDuckGo added Apple Maps support and has since made  other improvements to how it works on Apple devices.

To read this article in full, please click here



Computer World Security News
Apr 06, 2022

Windows 11 — we haven't seen anything, yet
Disclosure: Microsoft is a client of the author.

Microsoft this week had an analyst event about Windows 11 and a variety of productivity, management, and security features the company has planned. Over the last couple of years, Microsoft has aggressively improved both Windows and Office 365, but the big change ahead is the potential blend of Windows with Windows 365. We'll see that start by the end of the year. The end game should be what appears to be a Windows desktop that integrates so well with the cloud that it can, when necessary, seamlessly switch between instances to comply with company policy, assure security, and provide recourse on automatic demand from Azure Cloud. 

To read this article in full, please click here



Computer World Security News
Apr 05, 2022

Apple quietly stops meaningful auto-updates in iOS
In the mobile world pitting Apple's iOS devices against Google's Android devices, Apple has historically had one distinct advantage: patches and updates.

Given the fragmented nature of Android (hundreds of handset manufacturers versus just one for iOS), it is simply far easier for Apple to quickly and efficiently push out updates in a way that allows a large percentage of users get updates quickly. That has been true regardless of whether its new functionality or a critical security patch.

So what's the problem? Craig Federighi, Apple's senior vice president of software engineering, has quietly said that Apple has dramatically slowed down auto updates — by as much as a month.

To read this article in full, please click here



Computer World Security News
Apr 05, 2022

Android 12 Upgrade Report Card: What a weird year
In the world of software, six months is an eternity.

Heck, look at how much has happened over the past six months since Android 12 came into the universe. Google started and then finished a hefty 0.1-style update that lays the groundwork for significant large-screen improvements to the Android experience. And it's now well into the public development phase of its next big Android version, Android 13 — which is the rapidly forming release on most folks' minds at this point.

To read this article in full, please click here



Computer World Security News
Apr 04, 2022

The Russian cyberattack threat might force a new IT stance
There's a lot of fear of possible Russian cyberattacks stemming from Russia's attempted takeover of Ukraine. Perhaps the biggest worry —and quite possibly the most likely to materialize — is that these cyberattacks will likely be finely tuned as retaliation for US financial moves against the Russian economy. 

The cyberattacks would be designed not to steal money or data per se, but to harm the US economy by strategically hitting major players in key verticals. In other words, the Russian government might say, "You hurt our economy and our people? We'll do the same to you."

Thus far, there's no evidence of any large-scale attack, but one could be launched at any time. 

To read this article in full, please click here



Computer World Security News
Apr 01, 2022

When should the data breach clock start?
One of the most difficult issues in enterprise cybersecurity — something the US Securities and Exchange Commission is now openly struggling with — is when should an enterprise report a data breach?

The easy part is, "how long after the enterprise knows of the breach should it disclose?" Different compliance regimes come to different numbers, but they are relatively close, from GDPR's 72 hours to the SEC's initial four days.

To read this article in full, please click here



  • CEOExpress
  • c/o CommunityScape | 200 Anderson Avenue
    Rochester, NY 14607
  • Contact
  • As an Amazon Associate
    CEOExpress earns from
    qualifying purchases.

©1999-2022 CEOExpress Company LLC