NEWS: COMPUTER WORLD SECURITY NEWS
Setup News Ticker
   NEWS: COMPUTER WORLD SECURITY NEWS
Computer World Security News
Sep 18, 2019

How to monitor Windows to prevent credential theft attacks
Attackers are now enabling WDigest credential caching to allow them to harvest credentials. Here's how to spot it.

Computer World Security News
Sep 18, 2019

Wayback Wednesday: When you said ‘gone for good,' I only heard ‘good'
User comes to this support pilot fish complaining that his PC is acting strangely.

"It turns out he had gotten his computer so jammed up with spyware and Trojans that it was basically nonfunctional," says fish. "We had to rebuild the computer from scratch." They were able to recover much of user's work and files, but some were irretrievably damaged — or just plain gone .

Fish explains what happened and points out the probable infection vectors. And he explains that they had recovered as much as they could, but some stuff was simply gone for good. There would be no way to get anything more.

"Two days later, he called to ask when I'm going to bring him the rest of his missing files."

To read this article in full, please click here



Computer World Security News
Sep 18, 2019

Why France and Germany fear Facebook's cryptocurrency - and plan to block it
Facebook's plans to launch its own Libra cryptocurrency next year is getting resistance from France and Germany who have promised to block it and plan to create their own national cryptocurrencies.

Last week, the two nations said Libra could threaten the Euro's value and unlawfully privatize money. Last year, the Reserve Bank of India (RBI), the country's central bank, announced a ban on the use of cryptocurrencies by any regulated financial entity because of risks associated with it.

To read this article in full, please click here



Computer World Security News
Sep 17, 2019

Mozilla first reveals, then conceals, paid support plan for Firefox
Mozilla earlier this month quietly outlined paid support for enterprise users of Firefox, but last week scrubbed the reference from its website, saying that it is "still exploring that option."

The offering - labeled "Mozilla Enterprise Client Support" - was to start at $10 per "supported installation," which likely referred to per-device, not per-user, pricing. It's unclear whether that was an annual or monthly fee, and Mozilla declined to say which it was when asked.

In return for the fee, Mozilla said on the now-absent Firefox enterprise site - still visible through the Internet Archive's Wayback Machine - customers would be able to privately report bugs via a new web portal and receive fixes on a timeline dependent on the impact and urgency of the problem. Customers would also be able to file requests for help with Firefox's installation and deployment, management policies, functionality and customization.

To read this article in full, please click here



Computer World Security News
Sep 17, 2019

All about U.S. tech antitrust investigations | TECH(feed)
Four large tech companies -- Apple, Amazon, Google and Facebook are under investigation in the U.S. for allegedly anticompetitive behavior. These antitrust investigations on both the federal and state levels are aimed at uncovering the practices these companies engage in to eliminate competition. In this episode of TECH(feed), Juliet discusses the House investigation into big tech and how Congress plans to investigate potential wrongdoing by these companies.

Computer World Security News
Sep 16, 2019

Now let me guess your password
This pilot fish IT guy gets a call from an irate client one day complaining (incorrectly) that we had changed his administrative password on his Windows 2000 server without his knowledge.

"As I walked him through the logon process, I asked if the username in the login prompt was ‘Administrator,' says fish. "His reply: "Oh, do I need to change that?"

Feed the Shark! Send me your true tales of IT life at sharky@computerworld.com. You can also subscribe to the Daily Shark Newsletter.

To read this article in full, please click here



Computer World Security News
Sep 12, 2019

Mozilla previews Firefox VPN, will charge for service at some point
Mozilla this week resurrected its Test Pilot preview program, offering Firefox users a free VPN-like service to encrypt browser-to-site-and-back transmissions over public networks.

"The Firefox Private Network is an extension which provides a secure, encrypted path to the web to protect your connection and your personal information anywhere and everywhere you use your Firefox browser," wrote Marissa Wood, vice president of product, in a post to the Mozilla blog.

[ Related: Get serious about privacy with the Epic, Brave and Tor browsers ] The free service is available immediately, but only to U.S.-based users running the desktop version of Firefox. A Firefox account - typically used for syncing copies of the browser on multiple devices - and an accompanying add-on are required.

To read this article in full, please click here



Computer World Security News
Sep 12, 2019

Heads up: Microsoft is back to snooping with this month's Win7 and 8.1 'security-only' patches
Two months ago, the July Win7 security-only patch was found to install telemetry software, triggered by newly installed scheduled tasks called ProgramDataUpdater, Microsoft Compatibility Appraiser, and AitAgent. As best I can tell, Microsoft never admitted that its security-only patch dropped a telemetry component.

The August security-only update didn't include that bit of snooping, so it looked like the July snooping was a one-off aberration.

To read this article in full, please click here



Computer World Security News
Sep 12, 2019

Throwback Thursday: Let's get an expert opinion
Card-reader door locks are installed at this pilot fish's company, and she's tasked with setting up the software, configuring the locks and assigning employee access and times.

A VP gives her a handwritten sheet of paper with the employee door access and times, reports fish. Then he promptly takes a one-week vacation.

"The day the system goes live, the employees are standing in front of me yelling because their cards won't let them in the door they want to use. They now have to use the main door instead.

"The VP comes along hearing all the complaints, then starts yelling at me that this is not the way it should be set up.

"I pull out his handwritten instructions. He looks at it and says, ‘That's not my handwriting!'"

To read this article in full, please click here



Computer World Security News
Sep 11, 2019

Windows 10 1909: What's in it for enterprises?
This fall's update for Windows 10 may not include a raft of new features, but it does offer something even more important to enterprise IT: extended support that should make future upgrades easier to manage.

Computer World Security News
Sep 11, 2019

Lemonade is changing the way we insure our homes
Your home can be broken into or destroyed by a natural disaster when you least expect it. When that happens, how will you get back on your feet? Ideally, you would've been paying homeowner's or renter's insurance to cover your losses. Unfortunately, it can take weeks or even months to receive your money after filing a claim. 

Lemonade is here to save the day in less than a day. With rates starting as low as $5/mo for renter's insurance and $25/mo for homeowner's insurance, you can rest assured that your property claims can be approved and reimbursed within seconds. 

To read this article in full, please click here



Computer World Security News
Sep 11, 2019

How to set up Microsoft Teams for security and compliance
These are the security and compliance decisions you need to make when deploying Microsoft Teams.

Computer World Security News
Sep 10, 2019

How to take full advantage of Android 10's privacy-reclaiming powers
Well, gang, it's here. In case you've been hibernating over the past week (or maybe just, ahem, on an unfortunately timed week off), Google brought Android 10 into this wacky ol' world of ours this past Tuesday.

There's really only so much to say about the Android 10 basics at this point — because, quite frankly, it's the same software we've seen evolving in plain view over the past several months.

Yes, Android 10 has new gestures for getting around your phone. Yes, it has a new system-wide switch for making the entire operating system dark. And yes, it has a nifty new Focus Mode for limiting distractions on an app-by-app basis.

To read this article in full, please click here



Computer World Security News
Sep 06, 2019

Heads up: A free, working exploit for BlueKeep just hit
There's been a lot of discussion about BlueKeep, its ramifications and various strategies for blocking it. In a nutshell, it's a security hole in the Windows Remote Desktop Protocol that allows a malicious program to enter your machine - if you have Remote Dekstop turned on, it's accessible directly from the internet, and you haven't installed the May patches.

[ Related: Microsoft Windows 10 vs. Apple macOS: 18 security features compared ] Two weeks ago, Susan Bradley posted a CSO article that details ways admins can  avoid using RDP. I've seen reams of advice about blocking ports, disabling services, setting authentication levels, deploying voodoo dolls, reading chicken entrails…, but the simplest way for almost everybody to avoid the problem is to install the May (or later) Windows patches.

To read this article in full, please click here



Computer World Security News
Sep 06, 2019

How the California Consumer Privacy Act (CCPA) will affect you and your business | TECH(talk)
The California Consumer Privacy Act (CCPA) is, in some ways, similar to Europe's GDPR. This rule, which goes into effect in 2020, gives individual users more ownership over their own data. Users can even refuse to allow companies to sell their online data. As the compliance deadline approaches, CSO Online contributor Maria Kolokov and senior editor Michael Nadeau discuss with Juliet how CCPA may shift business models, change online behavior and reveal where exactly our data has been. Some tech companies, like Google, are even trying to exempt themselves from regulation. Failure to adhere to the rule could be an "extinction level" event.

Computer World Security News
Sep 06, 2019

Time to install the August Windows patches — but watch out for the bugs
August brought loads of drama to the Windows and Office patching scene. Microsoft's first round of patches killed Visual Basic, Visual Basic for Applications and VBScript in certain situations — on all versions of Windows. Fixes for the bugs dribbled out three, four, six and 17 days after the original infection. 

Those Microsoft-introduced bugs were all the more daunting because the August patches are the ones intended to protect us from DejaBlue — the recently announced "wormable" malware infection vector that (thankfully!) has yet to be exploited. The mainstream press picked up the Chicken Little cry to install August patches right away. Then the buggy offal hit the impeller, and the press fell silent.

To read this article in full, please click here



Computer World Security News
Sep 05, 2019

FTC fines YouTube, but do fines really encourage change? | TECH(feed)
The FTC hit yet another tech company with a seemingly massive fine for mishandling user data. This time, YouTube, owned by Google, is forced to pay $170 million for collecting data about children under 13 without parental consent. The Federal Trade Commission slapped Facebook with a $5 billion fine just a few months ago. In this episode of TECH(feed), Juliet asks whether or not these fines are effective in regulating the tech industry.

Computer World Security News
Sep 05, 2019

Why Apple's little ‘Find My' Tile competitor is big news
Apple is expected to introduce its own Tile-competing tracking device(s), perhaps as soon as fall. So, what are the advantages of the device, what can we expect, and what happens next?

Freedom from networks There are hundreds of tracking devices available today. These cost anything from tens to hundreds of dollars and in most cases require you sign-up to a network provider for SIM card-based network access.

To read this article in full, please click here



Computer World Security News
Sep 04, 2019

How to disable basic or legacy authentication to set up MFA in Office 365
Microsoft recommends setting up multi-factor authentication in Windows 10 for better security, but you have to disable basic or legacy authentication first.

Computer World Security News
Aug 30, 2019

Microsoft Patch Alert: Full of sound and fury, signifying nothing
What happens when Microsoft releases eight - count ‘em, eight - concurrent beta test versions of Win10 version 1909 without fixing bugs introduced into 1903 on Patch Tuesday?

Pan. De. Moaaan. Ium.

The VB/VBA/VBScript debacle No doubt, you recall the first wave of pain inflicted by the August 2019 patching regimen. Microsoft somehow managed to mess up Visual Basic (an old custom programming language), Visual Basic for Applications (for Office macros) and VBScript (a largely forgotten language primarily used inside Internet Explorer). Folks running applications in any of those languages would, on occasion, receive "invalid procedure call error" messages when using apps that had been working for decades.

To read this article in full, please click here



Computer World Security News
Aug 29, 2019

Hedera Hashgraph launches mainnet, hopes to compete with global business networks
Hedera Hashgraph, an electronic public ledger developed for corporate use, launched its mainnet beta today, allowing developers to create an account and build decentralized applications (dApps) for it.

The distributed ledger technology (DLT) is a direct competitor to blockchain distributed ledgers such as Ethereum and Hyperledger, and claims it can outperform traditional financial and business networks.

[ Read the Download: Beginner's guide to blockchain special report ] "There is no direct equivalent to Hedera Hashgraph today," said Martha Bennett, a principal analyst at Forrester Research. Hedera is potentially competing with public networks and all the enterprise DLT frameworks (such as Hyperledger Fabric & Sawtooth, R3 Corda, and others) and their commercial providers, which include AWS, IBM, Microsoft, Oracle.

To read this article in full, please click here



Computer World Security News
Aug 29, 2019

Hadera Hashgraph launches mainnet, hopes to compete with global business networks
Hedera Hashgraph, an electronic public ledger developed for corporate use, launched its mainnet beta today, allowing developers to create an account and build decentralized applications (dApps) for it.

The distributed ledger technology (DLT) is a direct competitor to blockchain distributed ledgers such as Ethereum and Hyperledger, and claims it can outperform traditional financial and business networks.

[ Read the Download: Beginner's guide to blockchain special report ] "There is no direct equivalent to Hedera Hashgraph today," said Martha Bennett, a principal analyst at Forrester Research. Hadera is potentially competing with public networks and all the enterprise DLT frameworks (such as Hyperledger Fabric & Sawtooth, R3 Corda, and others) and their commercial providers, which include AWS, IBM, Microsoft, Oracle.

To read this article in full, please click here



Computer World Security News
Aug 29, 2019

Throwback Thursday: Timing is everything
It's many years ago, and this pilot fish regularly travels to company offices around the country, dealing with IT-related problems and running user training sessions.

The big current project is implementing internet filtering after complaints that some workers are viewing inappropriate websites. So fish has to head to a meeting with many directors and managers to demonstrate.

Upon arriving at the meeting site, fish sets up a laptop and projector and connects it to the internal network. Then he tests to make sure the filtering is working, calling up a blocked site that, if it does display, only shows a silhouette of a bunny with a bow tie.

But not to worry: The site is blocked, so everything is ready.

To read this article in full, please click here



Computer World Security News
Aug 28, 2019

Microsoft removes August patch block on Win7/2008R2 systems running Norton, Symantec AV
If you're using Symantec Endpoint Protection or any Norton Antivirus product on a Windows 7 or Server 2008 R2 machine, you didn't get the August patches. Shortly after the August Monthly Rollup and Security-only patches were released, Microsoft put a freeze on systems running Symantec or Norton antivirus products.

The conflict stemmed from a long-anticipated change in the way Microsoft signed the August patches: Starting in August, all patches are signed using the SHA-2 encryption method. Somehow, Symantec didn't get the message back in November that the shift was underway, and missed the deadline.

To read this article in full, please click here



Computer World Security News
Aug 28, 2019

What is phishing? Learn how this attack works
Phishing is a method of trying to gather personal information using deceptive e-mails and websites. Here's what you need to know about this increasingly sophisticated form of cyberattack.

Computer World Security News
Aug 26, 2019

Microsoft offers free post-2020 Windows 7 support for Win 10 Enterprise subscribers
Microsoft is giving away one year of post-retirement support for Windows 7 to customers with active Windows 10 subscriptions.

"Enterprise Agreement and Enterprise Agreement Subscription (EA and EAS) customers with active subscription licenses to Windows 10 Enterprise E5, Microsoft 365 E5, or Microsoft 365 E5 Security will get Windows 7 Extended Security Updates for Year 1 as a benefit," Microsoft said in a FAQ about the end of support for Windows 7 and Office 2010.

Windows 10 Enterprise E5 and Microsoft 365 E5 are the top-tier subscriptions of the OS or packages that include the operating system. They are the highest-priced plans in their specific lines.

To read this article in full, please click here



Computer World Security News
Aug 22, 2019

Texas ransomware attacks: to pay or not to pay? | TECH(feed)
Nearly two dozen cities in Texas have been hit by a ransomware attack executed by a single threat actor. These attacks beg the question: Is it ever worth it to pay a cyber attacker's ransom? In this episode of TECH(feed), Juliet discusses the pattern of ransomware attacks on local governments, how municipalities have responded and how to prevent a ransomware attack in the first place.

Computer World Security News
Aug 22, 2019

Throwback Thursday: Eyes only
Programmer pilot fish goes online to a message board for a development system that's used for one of his company's applications.

But he gets a message that the site is blocked. He can either forget about it, click a link to continue, or click a link to see the company's access policy.

He clicks to continue, gets what he needs, and then, just out of curiosity, he clicks to see the access policy to get an idea of why this site is being blocked.

But instead of seeing the access policy, fish sees this message: Content blocked. Click here to access our internet resource policy.

Sputters baffled fish, "It actually blocked the policy!"

To read this article in full, please click here



Computer World Security News
Aug 21, 2019

How to avoid using RDP in Windows
Several new vulnerability disclosures in Windows Remote Desktop Protocol suggest it's time to stop using it. Here's how.

Computer World Security News
Aug 20, 2019

Safari to ape Firefox, go all-in on anti-tracking
The WebKit project - the open-source initiative that generates code for Apple's Safari browser - quietly announced last week that it would follow in Mozilla's footsteps and quash tracking technologies designed to follow users across the web.

In a short message on Aug. 14, the WebKit team pointed to its new Tracking Prevention Policy, a document that spells out its plans in detail, including what types of tracking it will create and how it will deal with any side effects.

[ Related: Get serious about privacy with the Epic, Brave and Tor browsers ] "We have implemented or intend to implement technical protections in WebKit to prevent all tracking practices included in this policy," the document read. "If we discover additional tracking techniques, we may expand this policy to include the new techniques and we may implement technical measures to prevent those techniques."

To read this article in full, please click here



Computer World Security News
Aug 19, 2019

Installing Windows 7 from a backup? You need a BitLocker patch right away
No doubt you recall the warning back in February that Windows 7, Server 2008 and Server 2008 R2 patches starting in July would use the SHA-2 encryption protocol. If you want to install Win7 patches issued after July, you have to get the SHA-2 translator installed.

[ Related: Windows 7 to Windows 10 migration guide ] A few days ago, Microsoft tossed a zinger into the FAQs down at the bottom of its SHA-2 post, 2019 SHA-2 Code Signing Support requirement for Windows and WSUS. That post now says that you have to install a seemingly unrelated patch, KB 3133977, entitled, BitLocker can't encrypt drives because of service crashes in svchost.exe process in Windows 7 or Windows Server 2008 R2.  

To read this article in full, please click here



Computer World Security News
Aug 15, 2019

Microsoft warns of Visual Basic, VBA and VBScript 'procedure call' errors after August patches
August is going to be a perilous patching month.

We're tracking down credible reports of the Server 2012 R2 Monthly rollup breaking RDP logins, a conflict between the Win10 1903 cumulative update and last month's version of Outlook 365, confusion about Win7 patches being branded as "IA64 only," dealing with the lack of telemetry (!) in the August Win7 Security Only patch, much mayhem trying to install SHA-2 signed patches (including the Win7 Monthly Rollup) on systems using Symantec Endpoint Protection, even

Computer World Security News
Aug 15, 2019

3 Google privacy tips for Mac and iOS users
Alternative search engines such as DuckDuckGo are attracting growing numbers of privacy focused users, but there's no doubt that Google dominates the industry, even on Apple products. Fortunately, there are several ways to make your Google activity more private.

Do you have a Google account? (You probably do) Do you use Gmail? Did you one use Google ? Perhaps you employ Google Drive, Google Docs or any of the company's other products. If so, you have a Google account.

To read this article in full, please click here



Computer World Security News
Aug 15, 2019

Chrome, Firefox to expunge Extended Validation cert signals
Google and Mozilla have decided to eliminate visual signals in their Chrome and Firefox desktop browsers of special digital certificates meant to assure users that they landed at a legitimate site, not a malicious copycat.

The certificates, dubbed "Extended Validation" (EV) certificates, were a subset of the usual certificates used to encrypt browser-to-server-and-back communications. Unlike run-of-the-mill certificates, EVs can be issued only by a select group of certificate authorities (CAs); to acquire one, a company must go through a complicated process that validates its legal identity as the site owner. They're also more expensive.

[ Further reading: 10 must-have Safari extensions ] The idea behind EVs was to give web users confidence that they were at their intended destination, that the site computerworld.com, for instance, was owned by its legal proprietor, IDG, and not a fishy - and phishy - URL run by It's Crooks All the Way Down LLC and chockablock with malware. Browsers quickly took to the concept, rewarding EV-secured sites with in-your-face visual cues, notably the verified legal identity in front of the domain in the address bar. The identity was often shaded in green as an additional tip-off. (Chrome dismissed the green in September 2018 as of Chrome 69.)

To read this article in full, please click here



Computer World Security News
Aug 12, 2019

Why blockchain-based voting could threaten democracy
Public tests of blockchain-based mobile voting are growing.

Even as there's been an uptick in pilot projects, security experts warn that blockchain-based mobile voting technology is innately insecure and potentially a danger to democracy through "wholesale fraud" or "manipulation tactics."

The topic of election security has been in the spotlight recently after Congress held classified briefings on U.S. cyber infrastructure to identify and defend against threats to the election system, especially after Russian interference was uncovered in the 2016 Presidential election.

To read this article in full, please click here



Computer World Security News
Aug 09, 2019

Apple announces a new iPhone (and you can't have it)
Apple has announced a new iPhone for 2020, but it will only be made available to a select group of security researchers - along with huge bounties to anyone informing the company of a new OS vulnerability.

Probably the world's most exclusive iPhone Ivan Krstic, Apple's head of security engineering provided big insights into Apple's platform security during his presentation at Black Hat U.S. 2019.

To read this article in full, please click here



Computer World Security News
Aug 09, 2019

The best privacy and security apps for Android
Let's get one thing out of the way right off the bat: If you're looking for recommendations about Android security suites or other malware-scanning software, you've come to the wrong place.

Why? Because, like most people who closely study Android, I don't recommend using those types of apps at all. Android malware isn't the massive real-world threat it's frequently made out to be, and Google Play Protect and other native Android features are more than enough to keep most devices safe.

To read this article in full, please click here



Computer World Security News
Aug 08, 2019

Many VPN apps on Apple's App store can't be trusted, researcher warns
I'm told Apple is at last looking into the privacy and security of free VPN apps made available across its platforms, following a report from researcher, Simon Migliano.

Who owns your VPN service? The researcher has flagged up several concerns that really should be recognized by anyone choosing a VPN service from both the Apple and Google App Stores:

Ownership: Migliano claims that almost 60 percent of the most popular VPN apps are actually owned (sometimes opaquely) by Chinese companies. Privacy: The researcher also found that as many as 77% of these VPN apps may have what he calls "serious privacy flaws",including no privacy policy at all, generic policies with no mention of VPN or no detailed logging policy. Data protection: Migliano claims Apple is not enforcing its third-party data-sharing ban against VPN apps, with 80 percent of the top free VPN apps "in breach of the rules", he said. Many are sharing data with third parties, he claims. That last allegation is particularly concerning.

To read this article in full, please click here



Computer World Security News
Aug 08, 2019

Almost half of tested free Android antivirus apps fail. That might prove very useful to IT.
One of the problems with enterprise mobile BYOD efforts is that corporate apps — and lots of corporate data, including sensitive intellectual property — must coexist on the same device with whatever employees choose to download on the personal side. That's far from ideal, but even worse is if employees choose to download a second antivirus program. Unlike doubling up on most apps (two VPNs, two word processors, two email programs, etc.), antivirus programs often conflict and fight each other, generating false positives and other bad results.

Unlike two deadbolts on a door, doubling up on security not only doesn't work with antivirus, it can actually sharply weaken security. This all assumes that both antivirus programs are professional, effective and well-intentioned. But that's often not the case. There are quite a few free antivirus programs out there, and they are disproportionately the ones employees opt to download. After all, if the company has already installed a high-level antivirus on the phone, why would an employee pay to install a second? But a free antivirus program is much more tempting.

To read this article in full, please click here



Computer World Security News
Aug 07, 2019

Microsoft relaxes telemetry rule for PCs managed with Windows Update for Business
Microsoft has quietly relaxed a rule that prevented privacy-first organizations from managing the Windows Update for Business (WUfB) service using group policies.

With Windows 10 1903, aka "Windows 10 May 2019 Update," which debuted in late May, organizations no longer are required to set the "diagnostic data level" for their devices to "Basic" or higher.

[ Related: Windows 10 May 2019 Update: Key enterprise features ] That diagnostic data level is a multi-step categorization of what Microsoft pulls from Windows devices and sends to its own servers. Also dubbed "telemetry," the data harvesting is used by Microsoft for a range of tasks, notably deciding when a specific PC receives a feature upgrade.

To read this article in full, please click here



Computer World Security News
Aug 07, 2019

How to set up Edge Chromium security options
Edge Chromium can provide more protection for organizations that use older versions of Windows.

Computer World Security News
Aug 06, 2019

Slack beefs up mobile security controls for Enterprise Grid
Slack today unveiled new security capabilities for Enterprise Grid customers, including tighter controls for admins who oversee mobile device access.

Enterprise Grid was launched in 2017 for Slack's biggest customers, with additional features to support large-scale deployments. Among the 150 organizations now using Enterprise Grid are Capital One, IBM and Target. 

Slack has continued to build out security and compliance features for the software since its introduction, including the addition of enterprise key management last September.  

To read this article in full, please click here



Computer World Security News
Aug 06, 2019

Train to become an ethical hacker for only $39
There are countless hackers and threats looming on the internet, so IT departments are in high demand for cybersecurity professionals to pinpoint threats before they strike. Luckily, there's no better way to fight fire than with fire; ethical hackers study hacking techniques so that IT infrastructures will be better prepared for attacks. If you're interested in becoming a hacker (legally, of course), then this $39 bundle is right for you.

To read this article in full, please click here



Computer World Security News
Aug 02, 2019

It's time to install most of July's Windows and Office patches
With one glaring exception, July was a rather benign patching month. The Win10 versions got their usual two cumulative updates (the second considered "optional"). Visual Studio had some hiccups, but they're fixed now.

To read this article in full, please click here



Computer World Security News
Aug 02, 2019

Apple suspends Siri snooping (and promises more control for the rest of us)
Apple has once again proved that it listens to valid criticism with the immediate global suspension of the Siri listening program that attracted so much controversy.

When it comes to privacy, Siri listens At issue was quality control.

A small number of conversational snippets were shared with third party human contractors for quality control purposes.

To read this article in full, please click here



Computer World Security News
Aug 01, 2019

Black Hat 2019 and DEF CON 27: What to expect at hacker summer camp | TECH(talk)
Every year, thousands of hackers arrive in Las Vegas for three large security conferences -- DEF CON, Black Hat and Bsides Las Vegas -- taking place from Monday through Sunday next week. CSO Online's J.M. Porup chats with Juliet about what to expect at the conferences' sessions and what he's looking forward to.

Computer World Security News
Jul 31, 2019

The latest large-scale data breach: Capital One | TECH(feed)
Just a few days after Equifax settled with the FTC over its 2017 data breach, Capital One announced it was the target of a March attack. Identifying information and bank account numbers are among some of the data breached in the attack that affects 100 million people. A software engineer is behind the attack and is awaiting a hearing. In this episode of TECH(feed), Juliet discusses the consequences of the attack and how to find out if you've been affected.

Computer World Security News
Jul 31, 2019

How an attacker can target phishing attacks
There are a number of ways attackers can exploit public information about your organization's employees. CSO Online's Susan Bradley walks through how an attacker can gain access to your organization's Office 365 accounts and how you can protect your enterprise from these potential attacks.

Computer World Security News
Jul 30, 2019

Microsoft Patch Alert: Welcome to the Upside Down
This month, Microsoft Patch Land looks like a stranger Stranger Things Upside Down, where Security-only patches carry loads of telemetry, Visual Studio patches appear for the wrong versions... and we still can't figure out how to keep the Win10 1903 upgrade demogorgon from swallowing established drivers.

As we end the month, we've seen the second "optional" monthly cumulative updates for all Win10 versions — the 1903 patch was released, pulled, then re-released — and fixes for Visual Studio's transgressions. There's a kludge for getting the Win10 1903 upgrade to work. And BlueKeep still looms like a gorging Mind Flayer.

Win7 Security-only patch brings telemetry Those of you who have been dodging Windows 7 telemetry by using the monthly Security-only patches — a process I described as "Group B" three years ago — have reached the end of the road. The July 2019 Win7 "Security-only" patch, KB4507456, includes a full array of telemetry/snooping, uh, enhancements.

To read this article in full, please click here



Computer World Security News
Jul 29, 2019

Apple's shock Siri surveillance demands a swift response
News that Siri records snippets of our conversations with the voice assistant isn't new, but claims that those short recordings are listened to by human agents is- particularly in light of the company's big push on privacy.

These are bad optics I'm a passionate believer in the importance of privacy.

It isn't only important in terms of preserving hard-won liberties and protecting public discourse, it's also of growing importance across every part of human existence, for every school, medical facility or enterprise. History shows that the absence of privacy has a corrosive effect on society, turning family members against each other and dampening innovation.

To read this article in full, please click here



Computer World Security News
Jul 26, 2019

Android security: Analysis, advice, and next-level knowledge
It's tough to talk about Android security without venturing into sensational terrain.

A large part of that is due to the simple fact that the forces driving most Android security coverage are companies that make their money by selling Android security software — and thus companies with strong interests in pushing the narrative that every Android phone is on the perpetual brink of grave, unfathomable danger. Plus, let's face it: A headline about 70 gazillion Android phones being vulnerable to the MegaMonsterSkullCrusher Virus is far more enticing than one explaining the nuanced realities of Android security.

In actuality, though, Android security is a complex beast — one with multiple layers in place to protect you and one that almost never warrants an alarmist attitude. I've been covering Android security closely since the platform's earliest days, and I've busted more myths and called out more shameless publicity stunts than I can even count at this point.

To read this article in full, please click here



Computer World Security News
Jul 26, 2019

Mozilla blames 'interlocking complex systems' and confusion for Firefox's May add-on outage
Mozilla has issued multiple after-action reports analyzing the major mix-up in May that crippled most Firefox add-ons. The reports also made recommendations for preventing similar incidents in the future.

The fiasco started just after 8 p.m. ET on Friday, May 3, when a certificate used to digitally sign Firefox extensions expired. Because Mozilla had neglected to renew the certificate, Firefox assumed add-ons could not be trusted - that they were potentially malicious - and disabled any already installed. Add-ons could not be added to the browser for the same reason.

To read this article in full, please click here



Computer World Security News
Jul 25, 2019

Researchers to launch intentionally ‘vulnerable' blockchain at Black Hat
Hoping to raise awareness about blockchain vulnerabilities, cybersecurity firm  Kudelski Security next week plans to launch the industry's first "purposefully vulnerable" blockchain - and will demo it at next month's Black Hat conference.

Kudelski Security's FumbleChain project is aimed at highlighting vulnerabilities in blockchain ecosystems, according to Nathan Hamiel, head of cybersecurity research at Kudelski.

[ Read the Download: Beginner's guide to blockchain special report ] The flawed blockchain ledger is written in Python 3.0, making it easy for anyone to read and modify its source code, and it's modular - allowing users to hack and add new challenges to promote continuous learning.

To read this article in full, please click here



Computer World Security News
Jul 25, 2019

5 smart questions that'll smother most Android security scares
I haven't looked at today's tech news too closely just yet, but I have a sneaking suspicion some evil-sounding virtual gremlin or other is probably on the brink of invading my smartphone, stealing my secrets, and setting me up for a lifetime of dread and despair.

He might even be covertly eating all the salty snacks from my kitchen this very second. ALL THE SALTY SNACKS, DAMN IT!

I don't have to scan the headlines too closely to know there's a decent chance of all of this happening — because all of this happens practically every other week here in the Android world. A solid few to several times a month, it seems, some hilariously named and made-to-seem-scary new piece of malware (ViperRat! Desert Scorpion! Ooga-Booga-Meanie-Monster!) is making its way onto our phones and into our lives. Or so we're told, rather convincingly and repeatedly. (All right, so I may have made Ooga-Booga-Meanie-Monster up just now, but c'mon: It's probably only a matter of time til we see something using that name.)

To read this article in full, please click here



Computer World Security News
Jul 24, 2019

How to set up Azure AD to spot risky users
You have several options to set up alerts in Azure Active Directory to help spot risky user behavior.

Computer World Security News
Jul 23, 2019

Utah County to pilot blockchain-based mobile voting
Utah County is the latest government entity to pilot a mobile voting application based on blockchain to allow military absentee voters and their family members living overseas to vote in an upcoming municipal primary election.

The county, which has more than a half million residents, is the third in the U.S. to partner with Tusk Philanthropies on a national effort to expand mobile voting. The pilot is a collaboration between the Utah County Elections Division, Tusk Philanthropies, the National Cybersecurity Center and Boston-based voting app developer Voatz.

To read this article in full, please click here



Computer World Security News
Jul 23, 2019

Mozilla to add password manager, hack alert to Firefox 70
Mozilla plans bake its Lockwise password manager into Firefox 70, the upgrade now set to launch Oct. 22.

At the same time, the browser will also be more tightly integrated with Firefox Monitor, which will provide warnings to users when their saved passwords have been revealed by a data hack.

[ Further reading: 14 must-have Firefox add-ons ] According to Firefox bug reports and project documentation, Lockwise will automatically record username-and-password pairs, generate complex passwords on demand, identify victimized accounts and instruct users to change any passwords that have leaked.

To read this article in full, please click here



Computer World Security News
Jul 23, 2019

9 steps to lock down corporate browsers
Everyone in the enterprise loves the web browser when it's delivering news, email, documentation, and sales leads. With the shift to web apps, it's arguably the most important installed software on any corporate desktop. But the internet is filled with people who aren't nice — sometimes even dangerous — and the same browser can also bring viruses, rootkits, and worse. Even if the browser sits on a little-used desktop in a dusty corner with no access to sensitive information, an attacker can use the seemingly unimportant machine as a stepping stone.

Keeping your users' browsers secure is essential. The browser companies work hard to block the attackers by sealing the back doors, side doors, and cracks in between, but that isn't always enough. Some useful features have dark sides, and enterprises can increase security dramatically by shutting down or tightly limiting access to these options.

To read this article in full, please click here

(Insider Story)

Computer World Security News
Jul 22, 2019

Slack tweaks desktop app to be faster, more efficient
Slack has overhauled its desktop software, adding offline access and tweaking the software for faster load times.

Recent efforts to improve the desktop app were highlighted at Slack Frontiers last year and the coming update - which the company says will launch 33% faster than before - will be available to users "over the next few weeks."

[ Related: AR and VR bring a new twist to collaboration ] Calls made to team mates via the app should be a speedier too, up to 10 times quicker, Slack said. "That could mean the difference between showing up to a meeting on time or not," the company said in a blog post Monday. "These moments saved can quickly add up, giving you more time to focus on the tasks at hand."

To read this article in full, please click here



Computer World Security News
Jul 19, 2019

What is the dark web? And what will you find there?
The dark web may sound ominous, but it's really a catch-all term for the part of the internet that isn't indexed by search engines. Stay tuned for a guided tour of the web's less mainstream regions.

Computer World Security News
Jul 18, 2019

How and why Apple users should switch to DuckDuckGo for search
Like liberty for all, privacy demands vigilance, and that's why Apple users who care about either are moving to DuckDuckGo for search.

Why use DuckDuckGo? Privacy is under attack.

It doesn't take much effort to prove this truth. At time of writing, recent news is full of creeping privacy erosion:

We've seen video conferencing solutions that surreptitiously install software on your Macs; A face changing photography app perhaps implicated in the assembly of a vast database of faces; Ahousehold name in smart speakers sharing your private conversations with people you don't know, including chatter you didn't know was recorded in the first place. And then there's Duck Duck Go.

To read this article in full, please click here



Computer World Security News
Jul 17, 2019

How to manage Microsoft Windows BitLocker
Use these techniques to inventory your network to determine which devices have BitLocker.

Computer World Security News
Jul 16, 2019

What the FTC's $5 billion fine really means for Facebook | TECH(feed)
Last week, the Federal Trade Commission hit Facebook with a $5 billion fine for mishandling user data. The fine comes after the FTC's investigation following the Cambridge Analytica scandal. On this episode of TECH(feed), Juliet discusses the implications of this fine -- and how Facebook may (or may not) change its practices.

Computer World Security News
Jul 15, 2019

How to take control of Face ID (with tools you may not know exist)
If you travel frequently and use an iPhone or iPad then you simply must familiarize yourself with these two tips - they'll make it much easier to secure your device and its contents when you are on the move.

In praise of Face ID I've become very used to using Face ID. It's seamless.

On the iPhone, I like that I can pay for groceries with a look and find it much easier to use in the dark than the Home button.

My iPad experience is similar, but I do get annoyed sometimes that I must raise the tablet slightly to get the face angle right - this isn't always as intuitive as I would like.

All the same, given Apple's claim that there is a 1 in 50,000 chance that someone else's fingerprint will unlock your iPhone and a 1 in 1,000,000 chance that it will be unlocked by another person's face, I'll always opt for the highly secure choice.

To read this article in full, please click here



Computer World Security News
Jul 15, 2019

Memory-Lane Monday: Even worse than you thought
This government agency has cashiers' stations for handling transactions with the public, and the treasurer's office decides it needs new software to run those stations, according to a pilot fish in IT.

And there's going to be one sign-on and password for all the stations, brag the higher-ups.

Bad idea, protest all the IT programmers and system administrators. For one thing, having a single user sign-on to the system will prevent tracking who is completing each transaction. They cite security, accountability and separation of duties, but their protests fall on deaf ears.

The vendor rep shows up one day, and he and the treasurer do a presentation for an audience that includes IT managers. The two sound excited, and a touch proud, when they tell everyone that the cashiers will sign on with the user ID "Cash." They don't share the top-secret password, though; that's just for the cashiers to know.

To read this article in full, please click here



Computer World Security News
Jul 11, 2019

Zoom fixes webcam flaw for Macs, but security concerns linger
Zoom released a patch this week to fix a security flaw in the Mac version of its desktop video chat app that could allow hackers to take control of a user's webcam. 

The vulnerability was discovered by security researcher Jonathan Leitschuh, who published information about it in a blog post Monday. The flaw potentially affected 750,000 companies and approximately 4 million individuals using Zoom, Leitschuh said.

[ Related: 6 tips for scaling up team collaboration tools ] Zoom said it's seen "no indication" any users were affected. But concerns about the flaw and how it works raised questions about whether other similar apps could be equally vulnerable.

To read this article in full, please click here



Computer World Security News
Jul 11, 2019

How to set up Microsoft Cloud App Security
This new add-on will let you set up alerts about suspicious sign-on activity for Office 365 and other cloud apps.

Computer World Security News
Jul 11, 2019

New Windows 7 'security-only' update installs telemetry/snooping, uh, feature
Back in October 2016, Microsoft divided the Win7 and 8.1 patching worlds into two parts.

Those who got their patches through Windows Update received so-called Monthly Rollups, which included security patches, bug fixes - and we frankly don't know what else - rolled out in a cumulative stream.

The folks who were willing to download and manually install patches were also given the option of installing "security-only" patches, not cumulative; these were meant to address just the security holes.

To read this article in full, please click here



Computer World Security News
Jul 09, 2019

Microsoft delivers Defender ATP security service to Macs
Microsoft on Monday made good on a March pledge by announcing that its most sophisticated endpoint security service is now available for Macs.

Microsoft Defender ATP (Advanced Threat Protection) for Mac shifted to what the company calls "general availability" on June 28, wrote Helen Allas, a principal program manager on the enterprise security team, in a July 8 post to a company blog. Core components of Defender ATP, including the latest - "Threat & Vulnerability Management," which made it to general availability a week ago - now serve Macs.

To read this article in full, please click here



Computer World Security News
Jul 09, 2019

How Apple is improving iCloud this year
Apple quite evidently plans many interesting improvements in its iCloud service this year. So, what's going on?

What we know so far Apple at WWDC made several announcements that will be reliant on iCloud - these include obvious things like new services and support for new functions, and less evident topics around sync, data and AI.

Most recently, the company began beta-testing Touch ID and Face ID access to iCloud.com online, meaning that if you happen to be using an Apple device (Mac, iPad, iPhone) you can access your online iCloud services with the touch of a finger or a quick eye scan.

This may also be Apple's way of testing the privacy-protecting Sign-in with Apple service it intends launching later this year.

To read this article in full, please click here



Computer World Security News
Jul 08, 2019

The top 8 problems with blockchain
While blockchain holds tremendous potential for creating new financial, supply chain and digital identity systems, it's often erroneously seen as a panacea for business problems.

The myriad of pilots and proofs of concept by large corporations and government agencies are showing real promise, but those projects don't always lead to obvious business cases that justify doing something differently. Sometimes a tried and true technology like a relational database can perform the task much more efficiently than a distributed ledger based on peer-to-peer technology that will require complex governance and rules.

To read this article in full, please click here

(Insider Story)

Computer World Security News
Jul 04, 2019

Throwback Thursday: Spoilsport
This IT security pilot fish knows something about audits — and knows what he expects of auditors.

"I have more than 15 years of audit experience in IT," fish says. "I have written and implemented policy and procedure, and developed incident response plans. I spent the better part of last year making sure that the external auditors could not find any inconsistencies in our control standards."

Then the internal audit director decides to perform an audit of fish's group — and sends a young auditor who thinks he knows everything IT.

After three weeks of research and testing, young auditor presents his results in a meeting with his boss the audit director and fish.

To read this article in full, please click here



Computer World Security News
Jul 01, 2019

Message to IT: Trusting Apple and Google for mobile app security is career suicide
Ready for the mobile security news that IT doesn't want to hear about but needs to? When security firm Positive Technologies started pen-testing various mobile apps, security holes were rampant.

We'll plunge into the details momentarily, but here's the upshot: "High-risk vulnerabilities were found in 38 percent of mobile applications for iOS and in 43 percent of Android applications" and "most cases are caused by weaknesses in security mechanisms — 74 percent and 57 percent for iOS and Android apps, respectively, and 42 percent for server-side components — because such vulnerabilities creep in during the design stage, fixing them requires significant changes to code."

To read this article in full, please click here



Computer World Security News
Jul 01, 2019

Microsoft Patch Alert: The Windows patching heavens buzz with silver bullets
How many bugs could a WinPatcher patch, if a WinPatcher could patch bugs?

Ends up that June's one of the buggiest patching months in recent memory - lots of pesky little critters, and the ones acknowledged by Microsoft led to even more patches later in the month.

In June, we saw eight single-purpose Windows patches whose sole mission is to fix bugs introduced in earlier Windows patches. I call them silver bullets - all they do is fix earlier screw-ups. If you install security patches only, these eight have to be installed manually to fix the bugs introduced earlier. It's a congenital defect in the patching regimen - bugs introduced by security patches get fixed by non-security "optional" patches, while waiting for the next month's cumulative updates to roll around.

To read this article in full, please click here



Computer World Security News
Jun 27, 2019

Mozilla takes swipe at Chrome with 'Track THIS' project
Mozilla this week touted Firefox's anti-ad tracking talents by urging users of other browsers to load 100 tabs to trick those trackers into offering goods and services suitable for someone in the 1%, an end-times devotee and other archetypes.

[ Related: Get serious about privacy with the Epic, Brave and Tor browsers ] Tagged as "Track THIS," the only-semi-tongue-in-cheek project lets users select from four personas - including "hypebeast," "filthy rich," "doomsday prepper," and "influencer" - for illustrative purposes. Track THIS then opens 100 tabs "to fool trackers into thinking you're someone else."

To read this article in full, please click here



Computer World Security News
Jun 26, 2019

How updates to MongoDB work to prevent data breaches | TECH(talk)
CSO senior writer Lucian Constantin and Computerworld Executive Editor Ken Mingis talk database security and how MongoDB's new field-level encryption takes security to the next level.

Computer World Security News
Jun 26, 2019

Microsoft beefs up OneDrive security
Microsoft today announced changes to its OneDrive storage service that will let consumers protect some or even all of their cloud-stored documents with an additional layer of security.

The new feature - dubbed OneDrive Personal Vault - was trumpeted as a special protected partition of OneDrive where users could lock their "most sensitive and important files." They would access that area only after a second step of identity verification, ranging from a fingerprint or face scan to a self-made PIN, a one-time code texted to the user's smartphone or the use of the Microsoft Authenticator mobile app. (The process is often labeled as two-factor security to differentiate it from the username/password that typically secures an account.)

To read this article in full, please click here



Computer World Security News
Jun 21, 2019

How ‘Find My' Mac works in macOS Catalina and iOS 13
Apple is changing how its Find My Mac tool works in macOS Catalina and iOS - it will now use Bluetooth and should find your Mac even when it is asleep.

How does ‘Find My' Mac work? Apple is combining two apps - Find My Friends and Find My iPhone into a new ‘Find My' app.

The combined app offers what we are used to from each one of these individual apps, but introduces new tools based on Bluetooth.

The ideas is that it will use low energy Bluetooth signals to help bring people together with lost things.

To read this article in full, please click here



Computer World Security News
Jun 19, 2019

Google asks Chrome users for help in spotting deceptive sites
Google this week asked for help in identifying suspicious websites, offering users of its Chrome browser an add-on that lets them rat out URLs.

The Suspicious Site Reporter, which can be added to desktop Chrome, places a new flag-style icon on the top bar of the browser. "By clicking the icon, you're now able to report unsafe sites to Safe Browsing for further evaluation," Emily Schechter, a Chrome product manager, wrote in a Tuesday post to a company blog.

[ Related: How to protect Windows 10 PCs from ransomware ] Safe Browsing is the name of the technology used by Google's search engine, Chrome, Mozilla's Firefox, Apple's Safari, and Android to steer users away from sites that host malicious or deceptive content. On the back end, Google uses robots to scan the web and build a list of websites that host malware, harmful downloads or deceptive ads and pages. Software developers can then plug into an API to integrate this list into their own applications, something rival browser makers have done for years.

To read this article in full, please click here



Computer World Security News
Jun 18, 2019

What the latest iOS passcode hack means for you
A mobile device forensics company now says it can break into any Apple device running iOS 12.3 or below.

Israeli-based Cellebrite made the announcement on an updated webpage and through a tweet where it asserted it can unlock and extract data from all iOS and "high-end Android" devices.

[ Further reading: The wireless road warrior's essential guide ] On the webpage describing the capabilities of its Universal Forensic Extraction Device (UFED) Physical Analyzer, Cellebrite said it can "determine locks and perform a full file- system extraction on any iOS device, or a physical extraction or full file system (File-Based Encryption) extraction on many high-end Android devices, to get much more data than what is possible through logical extractions and other conventional means."

To read this article in full, please click here



Computer World Security News
Jun 18, 2019

How the Huawei ban could become a security threat | TECH(feed)
We've already talked about how the Huawei ban may affect business, but how will it affect security? Google has already warned of security threats should the company be unable to send updates to Huawei's Android-powered devices. And even if Huawei responds with its own OS, will people trust it? In this episode of TECH(feed), Juliet discusses those security implications and what some people think the U.S. should do instead.

Computer World Security News
Jun 18, 2019

Time-Machine Tuesday: Get a room!
This security pilot fish is a big believer in automated systems. And he's very impressed when his company moves into new offices where the meeting rooms take the manual labor out of scheduling meetings.

"There are room wizards outside every door to assist in scheduling," fish says. "And there's full integration with Microsoft Exchange, so that your meeting information is accurate and timely and always shows the proper room."

One of fish's most important meetings is a committee meeting every month on the day after Patch Tuesday to consider how to handle that batch of Microsoft updates. It's been a regular meeting for years, and after the move the new scheduling system seems to handle it fine.

To read this article in full, please click here



Computer World Security News
Jun 17, 2019

WWDC: Has Apple closed the door on non-Mac App Store apps?
Ever since Apple introduced the Mac App Store developers have warned it plans to close off its platform, so news the company will insist on App Notarization in macOC Catalina set those critics off again. The thing is, it's a little more complicated.

What is Apple doing? Yes, Apple is making it a little more difficult for Mac users to install apps that aren't sold at the Mac App Store or made available from bona fide developers happy to submit their software for the company's speedy App notarization service.

To read this article in full, please click here



Computer World Security News
Jun 17, 2019

The case against knee-jerk installation of Windows patches
Heresy. Yes, I know. Any way you slice it, from my point of view anyway, Windows Automatic Update is for chumps.

Just like the "users must be forced to change their passwords frequently" argument that's no longer au courant, the "users must get patched immediately" argument is based on old, faulty, and totally unsubstantiated claims that make security people feel better — and little else.

With a few notable exceptions, in the real world, the risks of getting clobbered by a bad patch far, far outweigh the risks of getting hit with a just-patched exploit. Many security "experts" huff and puff at that assertion. The poohbahs preach Automatic Update for the unwashed masses, while frequently exempting themselves from the edict.

To read this article in full, please click here



Computer World Security News
Jun 13, 2019

WWDC: Apple's iOS 13 NFC improvements are good for business
Apple will make NFC much more useful in iPhones running iOS 13, and these enhancements will impact the retail, medical, government and security industries.

What is Apple changing?

Apple already uses NFC to support Apple Pay and the Apple Pay Express Transit system which is rolling out at this time.

While it has incrementally extended the tasks NFC supports over the years, the company has limited its NFC support to the NDEF standard until now, but extends this with support for new standards in its Core NFC Framework in iOS 13.

To read this article in full, please click here



Computer World Security News
Jun 13, 2019

Microsoft is better at documenting patch problems, but issues abound
I don't know about you, but I've given up on Microsoft's ability to deliver reliable patches. Month after month, we've seen big bugs and little bugs pushed and pulled and squished and re-squished. You can see a chronology from the past two years in my patching whack-a-mole columns starting here.

[ Related: Windows 10 May 2019 Update: Key enterprise features ] For the past few months, though, we've seen some improvement. Microsoft has started identifying and publicly acknowledging big bugs, shortly after they're pushed. Consider:

To read this article in full, please click here



Computer World Security News
Jun 10, 2019

Save yourself a headache: Make sure Windows automatic update is off
Much has changed in the past month. We've seen an emergency cry for all Windows XP, Vista, Win7, Server 2003, 2008 and 2008 R2 systems to get patched in order to fend off widely anticipated BlueKeep attacks. We've also seen Microsoft officially release Windows 10 version 1903, with unsuspecting "seekers" now the prime targets.

To read this article in full, please click here



Computer World Security News
Jun 07, 2019

WWDC: Get to know Apple's 11 new privacy tools
Apple introduced an array of additional privacy protections at WWDC 2019. Many of these both offer protection and help us better understand how our privacy is undermined.

Why does this matter? Apple CEO Tim Cook is passionate about the need to protect user privacy and this is by no means a one man mission.

Speaking with Vector, Apple's VP Software Technology, Bud Tribble stressed the need to educate people into the needs and benefits of privacy, a topic he believes is much more" widely discussed now than before.

To read this article in full, please click here



Computer World Security News
Jun 06, 2019

Mozilla makes anti-tracking the Firefox default
Mozilla this week began to switch on an aggressive anti-tracking technology in Firefox that it has touted since 2015.

With a June 4 update to Firefox 67, Mozilla turned on Enhanced Tracking Protection (ETP) by default for new users. Existing customers simply updating their browsers may enable ETP themselves. The default-of-on will be extended to those users "in the coming months," Mozilla said, apparently activating it in stages as a last-step quality control.

[ Related: What's in the latest Firefox update? ] Mozilla also used the update to Firefox 67.0.1 to trumpet other privacy- and security-centric enhancements, including an add-on that brings its Lockwise password manager to the desktop browser and an improved Facebook Container, an extension designed to keep the social network behemoth from tracking users elsewhere on the web.

To read this article in full, please click here



Computer World Security News
Jun 05, 2019

NSA, Microsoft implore enterprises to patch Windows' 'BlueKeep' flaw before it's too late
The U.S. National Security Agency (NSA) on Tuesday called on IT administrators to apply security updates issued by Microsoft three weeks ago, adding to a chorus of voices urging haste.

"The National Security Agency is urging Microsoft Windows administrators and users to ensure they are using a patched and updated system in the face of growing threats," the NSA said in a June 4 advisory.

[ Related: Microsoft Windows 10 vs. Apple macOS: 18 security features compared ] The agency's advice followed by several days that of Microsoft itself. On Thursday, May 30, a company official reminded users of the updates - which the company released May 14 - and implied that time is short. "We strongly advise that all affected systems should be updated as soon as possible," Simon Pope, the director of incident response at the Microsoft Security Response Center (MSRC), wrote in a blog post.

To read this article in full, please click here



Computer World Security News
Jun 04, 2019

WWDC: What you need to know about Sign In with Apple
There's lots of interest in Apple's new Sign In with Apple system, a highly secure, private way to sign in to apps and websites. Here's what you need to know:

What is Sign In with Apple? Apple has noticed that sign-in systems for services, apps, and websites rely on services that use your action of signing in to place cookies on your computer and track what you do.

Apple's focus on privacy means it is attempting to restrict such practices, which is why it has developed the new system as a more private way to sign into these apps and services.

To read this article in full, please click here



Computer World Security News
Jun 04, 2019

It's time to install the May Windows and Office patches
May 2019 will go down in the annals of Patch-dom as the month we all ran for cover to fend off another WannaCry-caliber worm, but a convincing exploit never emerged.

Microsoft officially released Windows 10 version 1903 on May 21, but I haven't yet heard from anyone who's been pushed. All of the complaints I hear are from those "seekers" who went to the download site and installed 1903 with malice and forethought. A triumph of hope over experience.

This month, if you let Windows Update have its way on your machine, you may end up with a different build number than the person sitting next to you. Blame the gov.uk debacle for that: Folks with Windows set up for U.K. English get an extra cumulative update pushed onto their machines, whilst those who don't fly the Union Jack will get the fix in due course next month.

To read this article in full, please click here



Computer World Security News
May 31, 2019

Who watches the iOS parental control apps?
Children are emotional. Protecting them matters. When it comes to technology, do you want developers you don't know over whom you have no control watching what your children do on their devices?

Apple doesn't Apple recently cut developers off from using MDM software to drive third-party parental control solutions.

Developers were upset, and seventeen smaller developers you've probably never heard of got together just days before Apple's WWDC 2019 conference with a well-organized PR campaign and a professional website to demand access to new API's that let them develop parental control software for iOS.

To read this article in full, please click here



Computer World Security News
May 30, 2019

What do recent public SAP exploits mean for enterprises? | TECH(talk)
Recently released public SAP exploits (dubbed 10KBLAZE) could pose a security risk for thousands of businesses. Computerworld executive editor Ken Mingis and CSO Online's Lucian Constantin discuss the fallout of 10KBLAZE, and how businesses using SAP should respond.

Computer World Security News
May 30, 2019

Microsoft Patch Alert: Patching whack-a-mole continues
In a normal month, you need a scorecard to keep track of Windows patches. Now, your scorecards need a scorecard. One ray of hope: It looks like some Windows 10 cumulative updates will include the new "Download and install now" feature.

The May 2019 Windows updates have taken so many twists and turns it's hard to pin things down, but as of Thursday morning, here's what we've seen.

Windows 10 cumulative updates As of now, all of the recent versions of Win10 (1607/Server 2016, 1703, 1709, 1803, 1809/Server 2019) have had three cumulative updates in May. Depending on where you live (or, more correctly, which locality you've chosen for your machine), you've been pushed one or two of them. If you're a "seeker" (and clicked "Check for updates" or downloaded and installed the patches), you've had at least two, and maybe three. Got that?

To read this article in full, please click here



Computer World Security News
May 24, 2019

AT&T becomes first big mobile carrier to accept Bitcoin payments
AT&T will allow customers to pay their mobile bills using Bitcoin, adding its name to a short list of major businesses and government agencies that allow the blockchain-based cryptocurrency to be used as a form of payment.

While not directly accepting cryptocurrency, AT&T is the first major U.S. mobile carrier to let customers pay in Bitcoin through a third-party service provider.

Customers using its online bill pay service or the myAT&T app will be able to choose BitPay, a cryptocurrency payment processor for payments. The customer pays in Bitcoin and BitPay verifies the funds and accepts the Bitcoin on behalf of the business.

To read this article in full, please click here



Computer World Security News
May 16, 2019

Microsoft sets post-retirement patching record with Windows XP fix - 5 years after support ended
Microsoft on Wednesday resurrected Windows XP and Windows Server 2003 long enough to push patches to the long-dead products. It was the first time since 2017 that Microsoft deemed the situation serious enough to warrant a security fix for XP.

Windows XP fell off the public support list in April 2014, while Windows Server 2003 was removed in July 2015.

[ Related: Windows 7 to Windows 10 migration guide ] "If you are on an out-of-support version, the best way to address this vulnerability is to upgrade to the latest version of Windows," Simon Pope, director of incident response at the Microsoft Security Response Center, asserted in a post to a company blog. "Even so, we are making fixes available for these out-of-support versions of Windows."

To read this article in full, please click here



Computer World Security News
May 16, 2019

Do Apple devices need anti-virus software?
Apple's devices are far better defended against malware and viruses than other platforms, but does this mean they don't need anti-virus software?

No, yes and maybe I've lost track of the number of times Mac users have told me Macs don't need virus protection because they are inherently more robust against such attacks.

I've also lost count of how many security researchers have said that Apple devices are becoming more liable to being attacked as their market share grows.

Both are right. Both are wrong.

To read this article in full, please click here



Computer World Security News
May 16, 2019

WhatsApp attacked by spyware | TECH(feed)
WhatsApp's recent spyware hack took advantage of a security vulnerability and allowed attackers to access private, digital communication. In this episode of TECH(feed), Juliet walks through the hack, who was affected and how you can secure your devices ASAP.

Computer World Security News
May 15, 2019

How to set up a Microsoft Azure backup process
Setting up a backup process in Azure is one way to quickly recover from a ransomware attack.

  • CEOExpress
  • 1 Boston Place | Suite 2600
    Boston MA 02108
  • 617 482 1200
    617 299 8649 (fax)
  • Contact
  • As an Amazon Associate
    CEOExpress earns from
    qualifying purchases.

©1999-2019 CEOExpress Company LLC