NEWS: COMPUTER WORLD SECURITY NEWS
Setup News Ticker
   NEWS: COMPUTER WORLD SECURITY NEWS
Computer World Security News
Apr 20, 2021

VMware targets remote work security with Anywhere Workspace
Providing secure access to vital applications has been a key challenge for businesses forced to adapt to remote working during the pandemic. And with many businesses set to continue to support a distributed workforce even after offices reopen, it will remain a priority for IT for some time.

With this in mind, VMware has unveiled a suite of security and endpoint management tools to support remote workers. VMware Anywhere Workspace, announced on Tuesday, combines VMware's Workspace One, a "digital workspace platform" that delivers applications across a range of devices, with its Carbon Black Cloud endpoint security tools and SASE, which provides secure network access for distributed teams.

To read this article in full, please click here



Computer World Security News
Apr 19, 2021

Details of how the feds broke into iPhones should shake up enterprise IT
Apple has an awkward history with security researchers: it wants to tout that its security is excellent, which means trying to silence those who aim to prove otherwise. But those attempts to fight security researchers who sell their information to anyone other than Apple undercuts the company's security message.

A recent piece in The Washington Post spilled the details behind Apple's legendary fight with the U.S. government in 2016, when the Justice Department pushed Apple to create a security backdoor related to the iPhone used by a terrorist in the San Bernardino shooting. Apple refused; the government pursued it in court. Then when the government found a security researcher who offered a way to bypass Apple security, the government abandoned its legal fight. The exploit worked and, anticlimactically, nothing of value to the government was found on the device.

To read this article in full, please click here



Computer World Security News
Apr 16, 2021

The Patch Tuesday focus for April: Windows and Exchange (again)
On Tuesday, MIcrosoft rolled out another broad series of updates across its Windows ecosystems, including four vulnerabilities affecting Windows that have been publicly disclosed and one security flaw — reportedly exploited already — that affects the Windows kernel. That means the Windows updates get our highest "Patch Now" rating, and if you have to manage Exchange servers, be aware that the update requires additional privileges and extra steps to complete.

It also looks as if Microsoft has announced a new way to deploy updates to any device, wherever it is located, with the Windows Update for Business Service. For more information on this cloud-based management service, you can check out this Microsoft video or this Computerworld FAQ. I have included ahelpful infographic which this month looks a little lopsided (again) as all of the attention should be on the Windows and Exchange components.

To read this article in full, please click here



Computer World Security News
Apr 16, 2021

Appogee becomes one-stop shop for enterprise iOS deployment
The Apple-focused enterprise services market continues to evolve. Case in point: Apple-only value-added-reseller Appogee is now offering a fully-managed iOS hardware deployment thanks to an arrangement with TRUCE Software.

A one-stop enterprise mobile shop At its simplest, this means enterprises choosing to deploy iOS devices across their business can approach Appogee to purchase, deploy, and create contextually-aware management tools for these new fleets. The system integrates tools from both TRUCE and Jamf and means businesses can accelerate their mobile strategy, and do so while ensuring their own policies can be enforced on a device and user basis.

To read this article in full, please click here



Computer World Security News
Apr 15, 2021

2 big questions to ask about Google and privacy
I don't know if you've noticed, but it's become a teensy bit trendy to trash Google and its position on privacy these days.

This wiggly ol' web of ours has always spent a fair amount of energy focusing on how Google uses personal data, of course — and that's a good thing. We absolutely should be aware of how companies do and don't tap into our information.

Lately, though, the conversation has turned especially heated, with a growing chorus of virtual voices suggesting it's time to ditch this-or-that Google service because of how it handles privacy and (insert spooky horror music and/or Sting ballad here) watches every move you make.

To read this article in full, please click here



Computer World Security News
Apr 13, 2021

Apple and Google reject UK COVID-19 app
Apple and Google have been forced to reject the UK's latest COVID-19 Test and Trace app update because it failed to follow privacy rules the nation had already agreed to follow in order to use the frameworks the tech firms provide.

Keeping deals In line with World Health Organization (WHO) advice to test widely and act fast in the event of COVID-19 outbreaks, Apple and Google moved quickly at the beginning of the pandemic to develop a private-by-design Exposure Notifications system the world's health authorities could use to build digital track-and-trace systems.

To read this article in full, please click here



Computer World Security News
Apr 12, 2021

Collaboration analytics: Yes, you can track employees. Should you?
From email to video meetings and team chat, collaboration applications have become vital tools to connect workers. And by giving companies the tools to track employee use of these apps, software vendors can provide insights into working patterns and help organizations better understand how they operate.

Tech Spotlight: Analytics Analytics in the cloud: Key challenges and how to overcome them (CIO) Collaboration analytics: Yes, you can track employees. Should you? (Computerworld) How data poisoning attacks corrupt machine learning models (CSO) How to excel with data analytics (InfoWorld) Major League Baseball makes a run at network visibility (Network World) The ability to view analytics data in collaboration and productivity software is not new; such products have long provided admins with a snapshot of app utilization. Typically aimed at gauging user uptake and tracking deployment progress, these metrics were otherwise limited in their wider business use.

To read this article in full, please click here



Computer World Security News
Apr 09, 2021

Your iPhone could soon be your driver's license (in Utah)
Apple's iPhone has already replaced your wallet, keys, and flight tickets. Now in Utah, it is beginning to replace your driving license in a new pilot project.

What is happening? The state is working on a mobile driving license (mDL) using a combination of technologies including NFC and QR codes as digital proof of ID. Holders of the license will be able to choose what personal information is displayed when the QR code is read, or NFC terminal tapped. This can be used in any situation in which you might be expected to present your driving license, including restaurants and bars.

To read this article in full, please click here



Computer World Security News
Apr 08, 2021

The Brave browser basics: what it does, how it differs from rivals
Boutique browsers try to scratch out a living by finding a niche underserved by the usual suspects. Brave is one of those browsers.

Brave has gotten more attention than most alternate browsers, partly because a co-founder was one of those who kick-started Mozilla's Firefox, partly because of its very unusual — some say parasitical — business model.

That model, which relies on stripping every site of every ad, then substituting different ads, came under attack almost immediately from publishers that depended on online advertising for their livelihood. "Your plan to use our content to sell your advertising is indistinguishable from a plan to steal our content to publish on your own website ((emphasis in original," lawyers for 17 newspaper publishers wrote in a cease-and-desist letter to Brave Software in April 2016.

To read this article in full, please click here



Computer World Security News
Apr 07, 2021

Apple gets ready to launch its Find My ecosystem
While we're still waiting for Apple to introduce its own take on Tile, the company is opening its Find My service to businesses joining its MFi scheme, enabling manufacturers to build location sensing into devices out of the box.

Now in advanced testing Apple has published a new app called Find My Certification Asst. Compatible with devices running iOS 14.3 or later and iPadOS 14.3 or later, the app lets accessory makers check that their devices are correctly configured for use with Apple's Find My network.

To read this article in full, please click here



Computer World Security News
Apr 07, 2021

Apple gets ready to launch its Find My ecosystem (updated)
While we're still waiting for Apple to introduce its own take on Tile, the company is opening its Find My service to businesses joining its MFi scheme, enabling manufacturers to build location sensing into devices out of the box.

Update: Since publishing this, Apple has made the following announcement. Additional information will be woven in below.

To read this article in full, please click here



Computer World Security News
Apr 05, 2021

Windows Update for Business: details, details
Here's something many Windows 10 users may not know: If you select options to control your updates in the local group policy settings better known as "Windows Update for Business," you end up controlling optional updates. And what if you are not necessarily a "business" user? What options do you have?

Plenty.

The little secret about "Windows Update for Business" is that it's nothing more than a set of registry keys and local group policy settings that allow you to better control updates. And you don't have to work for a business to utilize these settings, though it helps if you're running Windows 10 Professional.

To read this article in full, please click here



Computer World Security News
Apr 05, 2021

Is it time to move to hosted Exchange? Considerations for IT
Have the recent widely publicized attacks on Microsoft Exchange made you realize that now is the time for someone else to run your organization's email?

Managing downtimeTo read this article in full, please click here

(Insider Story)

Computer World Security News
Apr 02, 2021

Apple switches off the ‘open web' by making it better
Apple has begun rejecting apps that ignore its new App Tracking Transparency policy as it moves ahead toward the launch of iOS 14.5.  

So, what's happening? Reports indicate Apple has started rejecting apps that ignore this new policy, which extends to iPhones, iPads, and tvOS. The policy requires that apps seek express permission to access the advertising identifier (IDFA) of a person's iPhone in order to track them for ad targeting purposes. The policy also forbids developers from using other methods to track users.

To read this article in full, please click here



Computer World Security News
Apr 02, 2021

Keeping a remote workforce secure: Lessons learned, tips for the future
CSO's Lucian Constantin joins Computerworld's Matthew Finnegan and Executive Editor Ken Mingis to explain what companies should do to keep their remote employees — and valuable corporate data and info — safe. Secure remote access is key, and it means more than getting everyone on a VPN. Zero-trust access gateways, network segmentation, user and device verification, and role-based access control policies are all part of today's security tool kit.

Computer World Security News
Mar 31, 2021

Microsoft hands IT admins beefed-up Windows release health hub
Microsoft has begun rolling out its Windows release health dashboard to the Microsoft 365 admin portal, a move the company previewed earlier this month at its all-virtual Ignite conference.

"This will be a phased rollout and we expect this information experience to be available to all applicable customers by the end of April," Mabel Gomes, senior communications program manager in the Windows group, said in a March 25 post to a company blog.

The original Windows release health launched almost two years ago as one of the changes Microsoft instituted after the disastrous debut of Windows 10 1809, the fall 2018 version of the operating system that had to be yanked from release because it deleted data.

To read this article in full, please click here



Computer World Security News
Mar 29, 2021

Microsoft elevates Teams' importance by offering top-dollar bug bounties
There's nothing like $30,000 to show that an app has made it to the big time.

Microsoft last week underscored the importance of Teams to its current and future strategic planning by inaugurating a new bug bounty program that will offer up to $30,000 — twice the maximum of any Office application — to security researchers for reporting previously-unknown vulnerabilities.

Out the gate, the new program, carrying the prosaic label "Microsoft Applications Bounty Program," focused exclusively on the Teams desktop client. Other applications will be brought into the program, Microsoft said, though no timeline was given.

To read this article in full, please click here



Computer World Security News
Mar 29, 2021

Patch Tuesday recap: This month, an ‘Ides of March' update?
While this month's security updates weren't released exactly on the Ides of March, they certainly caused disruption for many users.  (For those not into history or Shakespeare, the Ides of March — March 15, 44 BC — is famous as the day Julius Caesar was assassinated.) Microsoft's March 9 patch release brought more bumpiness and issues than I can remember in a long time. Perhaps we should reassign the date for this year's Ides of March to March 9 as an unofficial acknowledgment.

As I alluded to last week, this month was bumpy in terms of patching side effects. Here's what we know: The March updates included fixes for printing that triggered blue screens of death on computers when users tried to print. In the case of Dymo label printers (and other bar code or graphical printers) they left them printing out blank labels. Larger business-style multifunction printers saw issues, especially where you have an older PCL 3 or PCL 4 style driver. Ricoh and Kyocera users reported the most issues. (One workaround: use a generic PCL 6 driver instead, though you might lose some functions.) Any Kyocera printers that use the KX driver are affected, as are some Okidata, NiceLabel, and point-of-sale system printers from applications called BarTender. 



Computer World Security News
Mar 24, 2021

How Azure Active Directory helps manage identity for remote users
Still using Active Directory to manage identity for remote workers? You might want to consider moving to Azure Active Directory.(Insider Story)

Computer World Security News
Mar 23, 2021

5 handy Google Fi features you shouldn't forget
Got Fi? Google's unusual wireless service may have shifted its name from Project Fi to Google Fi a while back, but its core proposition has remained relatively constant since the start: Pay only for the data you use, and avoid all the traditional carrier shenanigans.

For the right kind of person, Fi can be a real cost-cutter and hassle-saver. And aside from its most prominently promoted perks — the seamless network-switching, the public Wi-Fi use, the fee-free roaming and hotspot capabilities, and so on — Fi has some pretty interesting out-of-the-way options that can really elevate your experience.

To read this article in full, please click here



Computer World Security News
Mar 22, 2021

Text authentication is even worse than almost anyone thought
Everyone has been lecturing IT about how horrible the security is from texting numbers for authentication for years, including me. Now, due to some excellent reporting from Vice, it's clear that the text situation is far worse than almost anyone thought. It's not merely texting that has inherent cybersecurity flaws, but the entire telecom space surrounding the text infrastructure is absolutely abysmal.

The demonstrated whitehat attack intercepted and rerouted all of the victim's text messages, but it wasn't a technical takeover. The whitehat (who had been asked by the Vice reporter to try and steal his text messages) simply paid a small fee ($16) to a legitimate SMS marketing and mass messaging firm called Sakari. The whitehat had to lie about having the user's permission, but no meaningful proof was sought.

To read this article in full, please click here



Computer World Security News
Mar 22, 2021

Microsoft, we need to have a talk
Microsoft? We need to talk. Lately you've been disappointing me. You released three sets of security updates this month for my Windows 10 machines. The first set of updates (KB5000802 for the 2004/20H2 versions) triggered blue screens of death when I attempted to print to Ricoh and Kyocera printers as caused issues with Dymo labels.  As you yourself noted, "after installing this update, you might receive an APC_INDEX_MISMATCH error with a blue screen when attempting to print to certain printers in some apps."

To read this article in full, please click here



Computer World Security News
Mar 22, 2021

Does Microsoft share blame for the SolarWinds hack?
In recent years, Microsoft has been in the forefront of the fight against governmental and foreign hacking, helping thwart countless attacks from Russian-linked attackers. It has publicly berated the US National Security Agency (NSA) for stockpiling software and hardware vulnerabilities so they can be exploited  instead of working with companies to fix them. And it has called for an international agreement to ban cyberattacks modeled after the Geneva Convention, which bans many weapons.To read this article in full, please click here

(Insider Story)

Computer World Security News
Mar 18, 2021

Hackers target developers to break into Apple's garden
Developers should beware, as cybercriminals have figured out that the best attack vectors to infect the Apple ecosystem may be the developers themselves.

Developers, developers, malware writers We've known for a long time that malware makers and other cyber-miscreants are smart. The work they do brings in real money, with a healthy trade in corporate and personal secrets, bank account details, fraud, and ransomware generating a market some say is already worth billions — even as it costs the global economy 1% of GDP.

To read this article in full, please click here



Computer World Security News
Mar 17, 2021

Microsoft provides Exchange Server defensive tool to help SMBs stymie zero-day attacks
Microsoft Tuesday issued instructions and a one-click tool to small businesses with on-premises Exchange servers to patch the vulnerability first disclosed by the company March 2, and which criminals have been using to spy on victims' communications as well as gain access to other parts of their networks.

"We realized that there was a need for a simple, easy to use, automated solution that would meet the needs of customers using both current and out-of-support versions of on-premises Exchange Server," Microsoft said in a post to a company blog attributed to the MSRC (Microsoft Security Research Center) Team.

To read this article in full, please click here



Computer World Security News
Mar 15, 2021

Apple lives by its own privacy rules
One of the defensive arguments raised to protest Apple's decision that developers place what it calls privacy labels alongside their apps has been that the company itself doesn't apply the same rules to itself.

Apple lives by its own (privacy) rules Apple has always said it intends to follow the same rules it imposes on developers and has now made privacy labels available for all of its apps, including its system utilities and the App Store itself. "Our privacy labels are designed to help you understand how apps handle your data, including apps we develop at Apple," the company states on a page where it published the information.

To read this article in full, please click here



Computer World Security News
Mar 15, 2021

Stuck on Windows 10 1909? Some workarounds on moving forward
If you're still running Windows 10 1909, you're probably receiving a notification that your OS is about to reach the end of its life. Many are confused by the message because the Windows 10 platform is not losing support; instead, the feature release for Windows 10 Professional will be more than likely closing in May.

Microsoft Windows 10 out of date?

First, check the Windows 10 feature release version you have. Click on Start, Settings, System, scroll down to the bottom, and choose About. If you scroll down to the Windows specifications section, you can see what version of Windows 10 you use. If it shows version 1909, you need to investigate why your machine has not yet received Windows 10 2004 or 20H1.

To read this article in full, please click here



Computer World Security News
Mar 12, 2021

Patch Exchange now, and test your Windows updates
If it weren't for the serious security issues surrounding on-premises Microsoft Exchange servers (CVE-2021-2685, CVE-2021-27065, CVE-2021-26857 and CVE-2021-26858), I would say things look pretty good for this month's Patch Tuesday. There are still things to test on the desktop, including printing, remote desktop connections via VPNs, and graphically intensive operations. And while the other lower-rated Microsoft Office and Development platform updates require attention, they don't require a rapid response and can be added to the regular testing regime and deployment cadence.

To read this article in full, please click here



Computer World Security News
Mar 11, 2021

Users condemn Microsoft for removing KB IDs from some bug documentation
Microsoft's decision in February to strip an identifier used for decades from some Windows update release notes continues to draw the ire of customers.

On Feb. 18, the company announced on its Windows IT Pro blog that it would no longer include the KB identifier — KB for Knowledge Base — in the URLs of all online release notes associated with Windows update release details. The KB identifiers have been used by Microsoft for several decades to pinpoint individual bug fixes and guide customers to the appropriate documentation.

[ Related: Microsoft revamps Windows Insider release vernacular ] "One of the primary ways that many find release notes is through the use of a KB identifier (KBID)," Christine Ahonen, a program manager at Microsoft, wrote in the post to the Windows IT Pro blog. "We use a unique identifier for each Windows update. Once a KBID is created, it is then used to identify the update throughout the release process, including documentation."

To read this article in full, please click here



Computer World Security News
Mar 10, 2021

Jamf move improves enterprise security and compliance for macOS
Enterprise device management company Jamf has acquired new tools from cmdSecurity designed to help business-using Macs make the platform even more secure and to protect compliance in regulated industries.

It's yet another clear signal of the extent to which the status of Apple's platforms in business has changed.

Securing the endpoints Jamf has acquired various tools and technical assets developed by cmdSecurity, a company whose founder wrote the security guidance for the use of Macs by the US government. The purchase includes the macOS security and compliance suite, cmdReporter, the developers of which, Daniel Griggs and Eric Metzger, have also joined Jamf.

To read this article in full, please click here



Computer World Security News
Mar 08, 2021

Pause Patch Tuesday updates, watch out for Exchange server attacks
With the arrival of Patch Tuesday for March, it's time for me to urge you to again review how you handle updates from Microsoft — and hold off a bit before installing anything. By waiting a week or two, any earth-shattering side effects can be identified and workarounds found. (I give the same advice for the feature-release process. I normally wait until the next release is ready before I install the current one; it's served me well to protect against side effects triggered by bad updates.)

So, before Microsoft's patches arrive, here's what to do: click on Start, go to Settings, then Update and security, Windows update, and look for Advanced options. Scroll down to the section that says, "Pause until" and pull down the "select date" to choose a specific date for dealing with updates. It should be at least a week after Patch Tuesday to give us time to deal with any issues. I personally patch on weekends when I have more time to handle any side effects. I recommend something like March 27 as a good date to choose. By then, we will have identified any issues.

To read this article in full, please click here



Computer World Security News
Mar 08, 2021

Cybersecurity in 2021: Stopping the madness
The challenges are greater than ever. But security pros have learned a lot - and with luck, the right strategic defenses can help even the highest-value targets withstand severe attacks.

Computer World Security News
Mar 08, 2021

WFH security lessons from the pandemic
A year ago, IT and cybersecurity teams faced a number of challenges — constantly emerging threats, data privacy regulations, and a significant and widening skills gap, to name a few. Then things really got difficult.

Tech Spotlight: Security 4 ways to keep the cybersecurity conversation going after the crisis (CSO) Mitigating the hidden risks of digital transformation (CIO) WFH security lessons from the pandemic (Computerworld) WAN challenges steer Sixt to cloud-native SASE deployment (Network World) 6 security risks in software development — and how to address them (InfoWorld) The COVID-19 pandemic and its impact on business processes changed the security dynamic in a big way, making matters even more complex. Shifts to cloud services were accelerated. E-commerce efforts were launched or expanded. COVID-related cyberattacks became common.

To read this article in full, please click here



Computer World Security News
Mar 04, 2021

When Windows bug fixes go bad, IT can now roll back individual changes
Microsoft this week announced a new enterprise-only flexibility in Windows servicing that lets IT professionals roll back individual non-security elements of an update when a change breaks something.

The feature, dubbed "Known Issue Rollback," aka KIR, is an unusually frank admission that the company's nearly six-year-long experiment of forcing customers to either accept everything in an update or pass on the update entirely, is flawed.

"Even as quality has improved over the last five years, we do acknowledge that sometimes things can and do go wrong," Namrata Bachwani, principal program manager lead, said in a March 2 session video from Microsoft's all-virtual Ignite conference. ??"In the past, you had two choices: all or nothing," Bachwani continued. "You either take it all, so you install the update and you get all the great fixes that you want and the problem, which is causing an issue for your customers. Or you take nothing.

To read this article in full, please click here



Computer World Security News
Mar 03, 2021

Of February's patches, Ignite, and the fate of Windows 10 feature releases
We finished off February with an all clear for that month's Microsoft updates. So if you haven't installed updates as we get into March, make sure you do so at this time.  

I do recommend that you skip KB4535680, the Microsoft secure boot patch that's been disruptive if you have Bitlocker enabled. (Many patchers reported that it triggered the Bitlocker recovery password.) If you got it installed, fantastic! You don't need to uninstall it now. There isn't a problem with the update; instead, there is a problem during the installation and for workstations with Bitlocker.

To read this article in full, please click here



Computer World Security News
Mar 03, 2021

How to protect Windows Remote Desktop deployments
Attackers gain access to your Windows network just as work-from-home employees do: remotely. Following these simple steps will send them looking for easier targets.(Insider Story)

Computer World Security News
Mar 02, 2021

3 Android 12 features you can bring to any phone today
Google's Android 12 software is nowhere near ready for prime time, but Goog almighty: We've sure seen plenty of hints about some of the tantalizing touches it could include. And if you're anything like me, that makes it tough not to feel at least a teensy bit hungry for a taste.

The current Android 12 developer preview, unfortunately, won't do much to satisfy that craving. It's basically just a barebones framework of the software, made mostly for developers, and most of the mouthwatering morsels are carefully tucked away, disabled, and not yet visible or available for regular-mammal phone-owner use.

To read this article in full, please click here



Computer World Security News
Feb 25, 2021

Podcast: 30K Macs infected with "Silver Sparrow" virus; M1 Mac SSD health
Security researchers uncovered malware affecting tens of thousands of macOS devices, but it's unclear what exactly the malware does. Affecting both Intel and Apple Silicon processors, this malware, nicknamed "Silver Sparrow," still poses a threat. And in other Apple news, some M1 Mac users have reported that the SSDs on their new systems are being overused. Macworld executive editor Michael Simon and Computerworld executive editor Ken Mingis join Juliet to discuss Apple's response to the virus and SSD issues and what users can do if they've been affected.

To read this article in full, please click here



Computer World Security News
Feb 24, 2021

How to hire and retain Black tech pros — for real
American companies are once again promising to increase minority hiring and retention in the aftermath of the 2020 police killings of George Floyd and other Black people and subsequent Black Lives Matter demonstrations. But Black people have heard this promise before — for decades, in fact — with little tangible change in the low employment numbers of Black engineers, developers, and IT pros.

For companies that really do want to change their staffs to better reflect diversity in the US, it's time to go beyond words and take action. To help you do that, Computerworld talked to several people in the frontlines of promoting the hiring of Black people for tech jobs. Their advice was strong and unambiguous: Define the business case for diversity, then follow up with a determined action plan and establish the metrics to monitor the results and adjust course as needed. And perhaps even harder, learn to truly connect with the Black community to establish the relationships that lead to sustainable diversity.

To read this article in full, please click here



Computer World Security News
Feb 24, 2021

Microsoft 365 Advanced Audit: What you need to know
Microsoft's powerful new auditing options will help detect intrusions and see what was accessed...if you've paid for the right licenses.(Insider Story)

Computer World Security News
Feb 23, 2021

Two big buts about Samsung's Android security update announcement
Didja see? Samsung's pledging a full four years of support for security updates on its Galaxy-branded Android phones. Well, shiver me timbers: That sure is somethin'!

Samsung slapped the news down onto these here internerfs of ours Monday morning, and the glowing headlines predictably followed — with some stories going as far as to proclaim Samsung as the new undisputed "king of Android upgrades" or to declare that the company was now "beating Google at its own game."

To read this article in full, please click here



Computer World Security News
Feb 22, 2021

Why Apple should let you define private places on iPhones
If you've ever found the Significant Locations section on your iPhone, then a recently published study that shows how such data can be used to decipher personal information about users should pose some alarm.

Significant Locations The way Significant Locations works is that your iPhone keeps a list of places you frequently visit. This list usually shows your favorite places and shops and will, of course, log the location of any service you might visit often, such as the medical center.

Apple gathers this information to provide "useful location-related information" in its apps and services, and promises this data is encrypted and cannot be read by Apple. But I'm a little unclear whether this information is made available to third-party apps.

To read this article in full, please click here



Computer World Security News
Feb 22, 2021

Apple tramples on security in the name of convenience
Apple plans with iOS 14.5 to allow masked enterprise employees to access their iPhones if they are also wearing an Apple Watch (running WatchOS 7.4), that is unlocked. Heads up: This is a quintessential convenience vs. security trade-off from Apple, and if you don't insist that workers refrain from using the feature, corporate security will suffer.

In short, it will be make it much easier for corporate spies and cyberthieves to snag your company's intellectual property, which is being created, stored, and shipped within smartphones today at a far greater rate than 2019 — aka the pre-COVID-19 times.

[ Related: When work-from-home means the boss is watching ] Apple has refused to let this convenience do anything other than opening the phone (which is bad enough). And it will not allow the feature to bypass facial ID authentication for the AppleCard, ApplePay or any third-party app (such as banks and investment firms) that have embraced Face ID. That tells you pretty much all you need to know about how much of a security corner-cutter this move is.

To read this article in full, please click here



Computer World Security News
Feb 22, 2021

The .NET patch failure that wasn't
When we started this month of patching, I fully expected to come back by now with massive listings of applications that hated the February updates. That hasn't been the case, though there have been some issues related to .NET this month. 

In case you're wondering, .NET is a framework used by developers to build applications. It makes for standard coding techniques and "managed code" and can make an app more secure. Developers primarily use Visual studio to develop software that we all use on our Windows systems.

To read this article in full, please click here



Computer World Security News
Feb 18, 2021

Apple publishes in-depth M1, Mac, and iOS security guide
Apple has published its annual Apple Platform Security Guide, which includes updated details concerning the security of all its platforms, including the new M1 and A14 chips inside Apple Silicon Macs and current iPhones, respectively.

The first look inside M1 Mac security The extensive 196-page report explains how Apple continues to develop its core security models along the premise of mutually distrusting security domains. The idea here is that each element in the security chain is independent, gathers little user information, and is built with a zero-trust model that helps boost security resilience.

To read this article in full, please click here



Computer World Security News
Feb 15, 2021

For February, a 'bumpy' Patch Tuesday ride
One week out from Patch Tuesday and it's been a bumpy release for the month, especially for older versions of Windows 10 and Server 2016. (Less affected: the consumer versions of Windows 10 2004 and 20H2.)

Windows Server 2016/1607 suffered the worst of the issues: the original version of the Servicing Stack update KB4601392 caused patching to get "stuck." Server patchers had to jump through a ton of hoops to get the monthly security update installed. Microsoft pulled the bad update and replaced it with KB5001078. If you were unlucky and installed KB4601392 before it was pulled, Microsoft has this  guidance to manually reset Windows updates components.

To read this article in full, please click here



Computer World Security News
Feb 12, 2021

What's not to love with this month's Patch Tuesday?
With only 53 updates in the February Patch Tuesday collection released this week — and no updates for Microsoft browsers — you'd be forgiven for thinking we had another easy month (after a light December and January). Despite lower-than-average numbers for updates and patches, four vulnerabilities have been publicly disclosed and we are seeing a growing number of reports of exploits in the wild.

In short: this is a big, important update that will require immediate attention and a rapid response to testing and deployment.

For example, Microsoft has just released an out-of-band update to fix a Wi-Fi issue that is leading to Blue Screens of Death (BSODs). Somebody is going to run into trouble unless this gets fixed fast. We have included a helpful infographic that this month looks a little lopsided (again), as all of the attention should be on the Windows components

To read this article in full, please click here



Computer World Security News
Feb 12, 2021

Can Apple Watch boost your endpoint security?
Enterprises seeking tools with which to improve endpoint security for the new remote working business environment may want to spend a little time considering the Apple Watch.

Access all areas My argument is simple: Apple's growing place in the enterprise means its complementary ecosystems can help support your business. As deal follows deal, the number of iPhones in use across the sector is growing fast, which means millions of workers already have access to the watch.

To read this article in full, please click here



Computer World Security News
Feb 11, 2021

Apple wants Safari in iOS to be your private browser
Apple seems focused on building Safari to become the world's leading privacy-focused web browser, continuing development of under-the-hood enhancements to protect private lives.

Better privacy by proxy Beginning with (currently in beta) iOS 14.5, Apple is improving privacy by changing how Safari accesses Google's Safe Browsing service. The latter warns users when they visit a fraudulent website. (Apple uses the service to drive the "Fraudulent Website Warning" in SettingsSafari on iOS or iPadOS devices.)

The Safe Browsing service works by identifying potentially compromised sites from Google's web index. If it suspects a site is compromised, virtual machines are despatched to see whether the site attempts to compromise them.

To read this article in full, please click here



Computer World Security News
Feb 08, 2021

Ahead of Patch Tuesday, a cautionary tale
Microsoft has officially deemed Windows 10 version 2004 as "ready for business," but I'd argue it still needs a bit more help to be fully ready for consumers. With this month's Patch Tuesday upon us, here's an example of what I mean. It involves mysterious NAS issues, some sleuthing, and a workaround — all of which show how troublesome updates can be sometimes.

This case involves one AskWoody subscriber who told me recently that each time he upgraded to Windows 10 2004 the installation would break his computer. Like any good geek who refuses to let technology get the best of me, I emailed him back and asked for more information about what was getting broken when he upgraded. Turns out, he would lose access to mapped drives on his NAS (network attached storage) devices. Though he tried to remap the drives, they would fail, forcing him to roll back to  Windows 10 1909 — where everything would work.

To read this article in full, please click here



Computer World Security News
Feb 08, 2021

The future of work: Coming sooner than you think
What will your worklife be like years from now? Today's work-from-home world has given us a glimpse of the future, as these five articles from CIO, Computerworld, CSO, InfoWorld, and Network World illustrate.

Computer World Security News
Feb 03, 2021

Jamf, TRUCE bring Apple to the deskless enterprise
A new partnership between Jamf and TRUCE Software will deliver significant benefits to Apple-based enterprises with remote, deskless workforces in such industries as manufacturing or construction.

The remote remote workers The idea sems pretty solid. Think how a move to adopt Apple kit and management solutions such as Jamf has enabled remote working to flourish during the pandemic.

To read this article in full, please click here



Computer World Security News
Feb 01, 2021

Is it time to install Microsoft's January updates? (Yes.)
Some people can't wait for a new version of Windows 10. They sign up for insider editions and eagerly watch for the next release.

I'm exactly the opposite of that.

I wait and make sure the version of Windows 10 that I'm using is fully compatible with my applications and I have time to deal with any side effects. My philosophy with security updates is the same; I don't install them right away. (Though I do install them every month without fail.) If you haven't yet installed the January updates, do so as soon as possible.

The major update that I warned about last month was KB4535680, which was offered up to Windows Server 2012 x64-bit; Windows Server 2012 R2 x64-bit; Windows 8.1 x64-bit; Windows Server 2016 x64-bit; Windows Server 2019 x64-bit; Windows 10, version 1607 x64-bit; Windows 10; version 1803 x64-bit; Windows 10, version 1809 x64-bit; and Windows 10, version 1909 x64-bit systems.

To read this article in full, please click here



Computer World Security News
Jan 29, 2021

When cryptographers looked at iOS and Android security, they weren't happy
For years, the US government begged Apple executives to create a backdoor for law enforcement. Apple publicly resisted, arguing that any such move for law enforcement would quickly become a backdoor for cyberthieves and cyberterrorists.

Good security protects us all, the argument went.

More recently, though, the feds have stopped asking for a workaround to get through Apple security. Why? It turns out that they were able to break through on their own. iOS security, along with Android security, is simply not as strong as Apple and Google suggested.

To read this article in full, please click here



Computer World Security News
Jan 28, 2021

Microsoft releases Application Guard for Office to M365 customers
Microsoft this week released Application Guard for Office, a defensive technology that quarantines untrusted Office documents so attack code embedded in malicious files can't reach the operating system or its applications.

The announcement of Application Guard's general availability came five months after Microsoft kicked off a public preview of the technology. At that time, Microsoft's roadmap indicated a December 2020 debut for Application Guard for Office.

"When you've enabled Application Guard and a user opens a file from a potentially unsafe location, Office opens the file in Application Guard; a secured, Hyper-V-enabled container isolated from the rest of a user's data through hardware-based virtualization," Emil Karafezov, senior program manager, said in a Jan. 27 post to a company blog.

To read this article in full, please click here



Computer World Security News
Jan 25, 2021

Decoding Microsoft Defender's hidden settings
Ask someone what antivirus software they use and you'll probably get a near-religious argument about which one they have installed. Antivirus choices are often about what we trust — or don't — on our operating system. I've seen some Windows users indicate they would rather have a third-party vendor watch over and protect their systems. Others, like me, view antivirus software as less important these days; it matters more that your antivirus vendor can handle windows updating properly and won't cause issues.

Still others rely on Microsoft Defender. It's been around in one form or another since Windows XP.

To read this article in full, please click here



Computer World Security News
Jan 21, 2021

The work-from-home employee's bill of rights
Remote work became the new normal quickly as COVID-19 pandemic lockdowns came into force in spring 2020, and it's clear that after the pandemic recedes, remote work will remain the norm for many employees — as much as half the deskbound "white collar" workforce, various research firms estimate. As a result of the sudden lockdowns, many employees had to create makeshift workspaces, buy or repurpose personal equipment, and figure out how to use new software and services to be able to keep doing their jobs.

Navigating the WFH world Remote working, now and forevermore? The work-from-home employee's bill of rights How to set up a WFH ‘office' for the long term The New Normal: When work-from-home means the boss is watching 10 tips to set up your WFH office for videoconferencing Users and IT departments alike made Herculean efforts to adapt quickly and ensure business continuity, and the result was an improvement in productivity despite the pandemic. But now the pandemic has become a longer-term phenomenon, and remote work will become more commonplace, even desirable as a way to save on office expenses and commute time, even after the pandemi

Computer World Security News
Jan 19, 2021

Chrome vs. Edge vs. Firefox: Which is the best browser for business?
What's the most important piece of productivity software in the business world? Some might say the office suite. But if you look at the time spent actually using software, the answer may well be the web browser. It's where people do most of their fact-finding and research.

EdgeTo read this article in full, please click here

(Insider Story)

Computer World Security News
Jan 18, 2021

For Microsoft's January patches, no all-clear (yet)
I'm not ready to give an all-clear to the security patches released Jan. 12, and I want to warn you about one specific update that is affecting HyperV servers and some consumer level workstations.  

KB4535680, also known as Security update for Secure Boot DBX: January 12, 2021, makes improvements to Secure Boot DBX for a number of supported Windows versions. These include Windows Server 2012 x64-bit; Windows Server 2012 R2 x64-bit; Windows 8.1 x64-bit; Windows Server 2016 x64-bit; Windows Server 2019 x64-bit; Windows 10, version 1607 x64-bit; Windows 10; version 1803 x64-bit; Windows 10, version 1809 x64-bit; and Windows 10, version 1909 x64-bit. Key changes affect "Windows devices that [have] Unified Extensible Firmware Interface (UEFI) based firmware that can run with Secure Boot enabled." The Secure Boot Forbidden Signature Database (DBX) prevents malicious UEFI modules from loading; this update adds additional modules to block malicious attackers who could successfully exploit the vulnerability, bypass secure boot, and load untrusted software.

To read this article in full, please click here



Computer World Security News
Jan 15, 2021

Easing into the new year with a modest January Patch Tuesday
Microsoft rolled into 2021 with a fairly benign update cycle for Windows and Microsoft Office systems, delivering 83 updates for January.

Yes, there is an update to Windows defender (CVE-2021-1647) that has been reported as exploited. Yes, there has been a publicly disclosed issue (CVE-2021-1648) in the Windows printing subsystem. But there are no Zero-days and no "Patch Now" recommendations for this month. There are, however, a large number of feature and functionality groups "touched" by these updates; we recommend a comprehensive test of printing and key graphics areas before general Windows update deployment.

To read this article in full, please click here



Computer World Security News
Jan 14, 2021

Apple makes welcome change to 'Big Sur' security for Macs
When Apple shipped macOS Big Sur in November, researchers quickly spotted a strange anomaly in the system's security protection that could have left Macs insecure. Apple now seems to be dealing with this problem, introducing a fix in the latest public beta release.

What was wrong? For some strange reason, Big Sur introduced a controversial and potentially insecure change that meant Apple's own apps could still access the internet even when a user blocked all access from that Mac using a firewall. This wasn't in tune with Apple's traditional security stance. What made this worse is that when those apps (and there were 56 in all) did access the ‘Net, user and network traffic monitoring applications were unable to monitor this use.

To read this article in full, please click here



Computer World Security News
Jan 14, 2021

Apple makes welcome change to Big Sur security for Macs
When Apple shipped macOS Big Sur in November, researchers quickly spotted a strange anomaly in the system's security protection that could have left Macs insecure. Apple now seems to be dealing with this problem, introducing a fix in the latest public beta release.

What was wrong? For some strange reason, Big Sur introduced a controversial and potentially insecure change that meant Apple's own apps could still access the internet even when a user blocked all access from that Mac using a firewall. This wasn't in tune with Apple's traditional security stance. What made this worse is that when those apps (and there were 56 in all) did access the ‘Net, user and network traffic monitoring applications were unable to monitor this use.

To read this article in full, please click here



Computer World Security News
Jan 12, 2021

Apple's mythical AirTags shimmer slowly to release
Stop me if you've heard this before: Apple seems to be closer to actually introducing the near-mythical AirTags, which you'll no doubt use to track hardware, devices, and the vehicles that make up your transit fleet.

What we think we know This is a long-running story. We first began to anticipate introduction of these products after WWDC 2019. Later, we thought they might show up even before the iPhone 12, or even as part of the company's holiday season launches.

To read this article in full, please click here



Computer World Security News
Jan 11, 2021

The first Patch Tuesday of '21; time to delay updates
It's Patch Tuesday time — that exciting second Tuesday of each month when we turn towards Redmond, WA, hoping for quality updates — and my advice is to not install updates tomorrow. To be fair, the vast majority of Microsoft users should be fine with whatever patches and fixes arrive. But, personally, I push off updates and delay installations on the systems I care about; you should do the same.

With that piece of advice out of the way, I have some suggestions for 2021 for a healthy patching year.

Susan's first recommendation of ‘21: Use Windows 10 Pro, not Home.

I recommend several things when dealing with updates: First and foremost, make sure you are on Windows 10 professional, not Windows 10 Home. 

To read this article in full, please click here



Computer World Security News
Jan 05, 2021

6 smart steps to get your Android phone in tip-top shape for 2021
Happy New Year! I don't know about you, but I find the start of a fresh voyage around this shiny ol' sun of ours to be a fine time for tidying up, optimizing, and getting good and organized for the months ahead. And while I'd love to pretend I'm the type of person who has one of those disgustingly pristine, clutter-free desks you see on the internet, let me be brutally honest: The physical space around me tends to resemble a half-abandoned hog parlor.

But my Android phone? My Android phone is as orderly as can be, gosh darn it. And if you ask me, that makes far more of a difference than the state of the physical space around me.

Our mobile devices are where we do so much of our actual work and contemplation these days, after all — and yet it's all too easy to overlook the importance of maintaining an optimal arrangement for both productivity and security within 'em. So now, as we gaze ahead at the promise-filled 2021 calendar, join me in taking 10 minutes to get your own trusty Android phone fine-tuned and fully ready for the coming year.

To read this article in full, please click here



Computer World Security News
Jan 04, 2021

Solarwinds, Solorigate, and what it means for Windows updates
Microsoft recently announced that its Windows source code had been viewed by the Solarwinds attackers. (Normally, only key government customers and trusted partners would have this level of access to the "stuff" of which Windows is made.) The attackers were able to read - but not change - the software secret sauce, raising questions and concerns among Microsoft customers. Did it mean, perhaps, that attackers could inject backdoor processes into Microsoft's updating processes

First, a bit of background on the Solarwinds attack, also called Solorigate: An attacker got into a remote management/monitoring tool company and was able to inject itself into the development process and build a backdoor. When the software was updated through the normal updating processes set up by Solarwinds, the backdoored software was deployed into customer systems — including numerous US government agencies. The attacker was then able to silently spy on several activities across these customers. 

To read this article in full, please click here



Computer World Security News
Dec 28, 2020

The end-of-the-year patching all-clear
It's that time of the month to give the final 2020 all-clear for installing updates.

Microsoft has already fixed the issue with KB4592438 for Windows 10 20H2 and 2004, where if you were lucky, or rather, unlucky enough to perform a chkdsk c: /f on your system after installing the December updates you might have been forced to rebuild your system — not exactly the greatest holiday present from Microsoft.  As I noted last week, this issue was fixed with a cryptic behind-the-scenes update for those who get their updates from Windows update. 

To read this article in full, please click here



Computer World Security News
Dec 23, 2020

The patching conundrum: When is good enough good enough?
As Günter Born recently reported at Born's Tech and Windows World, KB4592438 has a bug that triggers a blue screen of death when you run the chkdsk c: /f command, leaving the hardware unable to boot. Several others confirmed the issue independently in the various venues and forums. Still others graciously decided to risk their systems and install the update and when they ran the command had zero issues. I tested it myself and also didn't see a blue screen of death.

To read this article in full, please click here



Computer World Security News
Dec 21, 2020

Android security: Analysis, advice, and next-level knowledge
It's tough to talk about Android security without venturing into sensational terrain.

A large part of that is due to the simple fact that the forces driving most Android security coverage are companies that make their money by selling Android security software — and thus companies with strong interests in pushing the narrative that every Android phone is on the perpetual brink of grave, unfathomable danger. Plus, let's face it: A headline about 70 gazillion Android phones being vulnerable to the MegaMonsterSkullCrusher Virus is far more enticing than one explaining the nuanced realities of Android security.

In actuality, though, Android security is a complex beast — one with multiple layers in place to protect you and one that almost never warrants an alarmist attitude. I've been covering Android security closely since the platform's earliest days, and I've busted more myths and called out more shameless publicity stunts than I can even count at this point.

To read this article in full, please click here



Computer World Security News
Dec 17, 2020

Thoughts on Apple versus Facebook
War against Apple on the part of Facebook has officially begun, with the social media giant spending some of its user data targeted ads revenue on a series of press ads against the computer company, presumably because using its own platform to spread such claims may fall foul of anti-trust law.

You are the product Facebook is making the usual hyperbolic arguments around "standing up for small business" and "making sure the internet stays free", though it isn't entirely clear when Facebook became "the internet", or why we as users aren't paid for the provision of the personal data the soc-med company builds its business on.

To read this article in full, please click here



Computer World Security News
Dec 16, 2020

2020: A look back at patching and the pandemic
As we close out this extraordinary year, it's important to remember the unusual patching experiences this year that affected many businesses and their processes.  

The pandemic effect Not surprisingly, the pandemic impacted patching in a big way. In April, it forced Microsoft to push off the end of life for two products, Windows 10 1709 and Windows 10 1809 — by six months each. Win 10 1709 wound up with a 36-month support window for Enterprise and Education users and 1809 Home and Pro got an extra six months, to Nov. 10. Clearly, Microsoft could see the impact of the pandemic on enterprise rollout plans and understood that most of us had other things on our minds.

To read this article in full, please click here



Computer World Security News
Dec 14, 2020

Apple's Privacy Nutrition Labels, available now and good for business
Apple today is introducing iOS 14.3, and among a host of improvements the upgrade introduces Privacy Nutrition Labels for apps sold at the App Store. This should be good for developers, enterprises and users.

What are Privacy Nutrition Labels? Apple announced Privacy Nutrition Labels at WWDC 2020. Under the scheme, developers selling apps on the App Store must explain the privacy practices of each one they sell. That means detailed information concerning what data they collect, why, and what they do with it must be provided to users in the form of what looks like a food nutrition label.

To read this article in full, please click here



Computer World Security News
Dec 11, 2020

Microsoft presents us with a light Patch Tuesday for December
With just 58 updates to deal with this month, the December Patch Tuesday should make for a welcome  light-duty patch-and-test cycle. There were no zero-days or reports of publicly exploited security issues, though there is a critical update to Microsoft Exchange Server that should be a priority. But we saw less pressure on the Windows, browser, and Office updates.

Microsoft has also released two Servicestack Updates (SSUs) for its desktop and server platforms (ADV990001) and an update to the Chromium project (ADV200002).

To read this article in full, please click here



Computer World Security News
Dec 09, 2020

December Patch Tuesday round-up: Winding down for the year
At last, we have the final updates for 2020 from Microsoft. For anyone keeping count, we ended up with 1,250 CVEs (Common Vulnerabilities and Exposures) for the year. That's almost 50% more than the 800 we had to deal with in 2019. Given the way we get updates delivered in a cumulative fashion, I don't think of it as about the number of vulnerabilities; I think more about how many times I had to deal with post-release issues in 2020. I'll recap the year's major patching issues later this month. For now, I'll summarize the issues to watch out for in December.

First, a reminder if you're running Windows 10 1903: This is the last official release for that version. You must be on Windows 10 1909 (or later) to continue to receive security updates. In the past, I have recommended setting the deferral for feature updates for 365 days. Now, I recommend using the targetreleaseversion setting to specify the exact feature release version you want. So if you set the value at 1909, you'll receive 1909; if you set it at 2004 — even if you are on 1903 — you'll get offered 2004, not 1909. (For Windows 10 Home users, I continue to recommend you upgrade from Home to Professional to better control updates.) 

To read this article in full, please click here



Computer World Security News
Dec 09, 2020

Windows hackers target COVID-19 vaccine efforts
I've written before about how during the coronavirus pandemic, hackers have increasingly exploited Windows vulnerabilities to trick people into downloading malware and ransomware to get fast, easy money.To read this article in full, please click here

(Insider Story)

Computer World Security News
Dec 08, 2020

VP Craig Federighi wants competitors to copy Apple's privacy protection
Apple VP Software Engineering, Craig Federighi discussed his company's thoughts on ad tracking and more at the European Data Protection and Privacy Conference December 8.

Privacy is possible It is "absolutely possible to design technology that respects [customer] privacy and protects their personal information," he stressed. 

"When it comes to privacy protections, we're very happy to see our competitors copy our work, or develop innovative privacy features of their own that we can learn from," he said during this speech.

But it's under assault

To read this article in full, please click here



Computer World Security News
Dec 08, 2020

Apple VP Federighi wants competitors to copy Apple's privacy protection
Apple Vice President of Software Engineering, Craig Federighi, discussed his company's thoughts on ad tracking and more at the European Data Protection and Privacy Conference today. Not surprisingly, he stressed the importance of privacy for Apple — which has made it a centerpiece — in particular and users in general.

Privacy is possible... It is "absolutely possible to design technology that respects [customer] privacy and protects their personal information," Federighi said during this speech. "When it comes to privacy protections, we're very happy to see our competitors copy our work, or develop innovative privacy features of their own that we can learn from."

To read this article in full, please click here



Computer World Security News
Dec 07, 2020

SMS: Texting numeric strings is the best holiday gift to cyberthieves
For years, enterprise IT and security operations have been told they need to advance beyond texting short numeric strings in plain text and calling it meaningful Multi-Factor Authentication (MFA) or even just Two-Factor Authentication (2FA). It is stunning how many enterprises still cling to that entry-level security sham, even knowing how subject it is to man-in-the-middle attacks.

As for the oft-cited defense that, "it's better than having no MFA at all," I am not so sure. It provides false comfort to enterprise users that they have meaningful security. That prevents companies from quickly deploying truly robust security, such as an MFA that uses several authentication layers, including voice-recognition, facial- or finger-ID courtesy of the ubiquitous smartphone and almost any of the mobile encrypted authentication apps. (Don't forget that Signal can work well, too.)

To read this article in full, please click here



Computer World Security News
Dec 01, 2020

It's December patch prep time
It's the final patching month for 2020 — and what a year it's been. Two more Windows 10 feature releases, numerous servicing stack updates, the end of Office 2010, the pandemic — this has been a year when technology has driven us slightly crazy, and kept us sane. 

The first Tuesday of the month is the start of my Patching month and serves as a reminder to make sure my machines have all of the mandatory patches installed for November — and I'm ready to pause updates for December. We will not see any optional updates at the end of the month; Microsoft has indicated it will not be releasing the optional preview updates for Windows 10 that they would normally arrive during the third week of December.

To read this article in full, please click here



Computer World Security News
Nov 30, 2020

BrandPost: Security als platform, niet als verzameling point solutions
Richt je cybersecurity in vanuit een platformgedachte of vanuit de afzonderlijke point solutions? Sander Almekinders, hoofdredacteur bij IDG Benelux gaat over onder andere deze vraag in gesprek met Michel Schaalje, Security Lead bij Cisco Nederland.

To read this article in full, please click here



Computer World Security News
Nov 30, 2020

How to protect Windows 10 PCs from ransomware
CryptoLocker. WannaCry. Petya. Bad Rabbit. The ransomware threat isn't going away anytime soon; the news brings constant reports of new waves of this pernicious type of malware washing across the world. It's popular in large part because of the immediate financial payoff for attackers: It works by encrypting the files on your hard disk, then demands that you pay a ransom, frequently in Bitcoins, to decrypt them.To read this article in full, please click here

(Insider Story)

Computer World Security News
Nov 25, 2020

Susan Bradley: Windows 10 Thanksgiving-week patches
Computerworld blogger Susan Bradley takes a look at the latest patches from Microsoft, just in time for Thanksgiving in the US.

Computer World Security News
Nov 24, 2020

Gmail encryption: Everything you need to know
Encryption may sound like a subject best left to hackers and tinfoil hat wearers, but don't be fooled: It's a critical part of contemporary life and something that's important for everyone, especially business users, to understand. And one of the places where encryption is most relevant and misunderstood is in the realm of email.

If you're using Gmail for electronic communication — be it for business purposes, for personal use, or some combination of the two — it's well worth your while to know how the service does and doesn't secure your information and what steps you can take to make sure you're getting the level of privacy you need.

Ready to dive in?

To read this article in full, please click here



Computer World Security News
Nov 23, 2020

A pre-Thanksgiving all-clear to install patches
In the U.S., we're quickly coming up to the start of holiday season, meaning it's time for, well, time off. I typically add technology maintenance jobs to the monthly mix of patching and maintaining servers and workstations. This month, I'm also taking time to better understand the impact of one specific security bulletin — I honestly can't figure out exactly what I'm supposed to do to keep my network secure. 

The good news: for most readers, none of these concerns apply to you. I'm ready to give the all-clear to go ahead and install Microsoft's November updates on laptops, desktops and workstations — especially if you are running the Windows 10 1909 feature release. That said, do your Thanksgiving Zoom get-together first and then install any updates. I'd hate to have you see nothing but the spinning wheel of Windows updates instead of your family and friends.

To read this article in full, please click here



Computer World Security News
Nov 23, 2020

How to stay as private as possible on the Mac
Apple believes in your right to privacy. Here is some advice on how to use the privacy tools it provides on your Mac. We have a guide for iPhones and iPads here.

Use a strong passcode To secure your Mac, all your data, and your privacy it is essential to create a strong alphanumeric login password.

The temptation to use something short or easy to remember is completely understandable, but if your Mac goes missing your life is on show, so visit Security & PrivacyGeneral and tap Change Password to pick something more challenging.

To read this article in full, please click here



Computer World Security News
Nov 19, 2020

Deciphering (and understanding) Microsoft's patch management options
If you asked a normal user what they dislike most about Windows 10, the answer would likely be related to patching, rebooting and the generally confusing update process. Entire web sites have sections devoted to explaining the updating process and how to manage it — and I've written my fair share about the topic. 

In addition to writing about Microsoft patches here (and about Windows security for CSO), I'm also a moderator on the Patchmanagement.org listserve. We have many people who rely on various patching tools to deploy updates and maintain workstations.  There are a number of options, so it's important to understand how they work (and how they vary) so you can get the most out of them.

To read this article in full, please click here



Computer World Security News
Nov 16, 2020

Microsoft exhorts enterprises to quit text, voice multi-factor authentication passcodes
A Microsoft executive is urging enterprises to abandon the most popular multi-factor authentication (MFA) method — one-time passcodes sent to mobile devices via text or voice — for different approaches, including app authenticators, that he claims are more secure.

"It's time to start your move away from the SMS and voice Multi-Factor Authentication (MFA) mechanisms," asserted Alex Weinert, director of identity security, in a Nov. 10 post to a Microsoft blog. "These mechanisms are based on publicly switched telephone networks (PSTN), and I believe they're the least secure of the MFA methods available today."

To read this article in full, please click here



Computer World Security News
Nov 13, 2020

Browser updates are back for Update Tuesday; testing may be needed for Windows patches
Though we return to monthly browser updates after last month's brief respite — none of this November's browser security issues are worm-able, and we have not seen anything that would require a return to an urgent browser update cycle. The Windows platform gets the most attention this time, but no single issue requires immediate deployment — though some legacy systems may require full testing for graphically intensive applications that rely on older graphic/media conversion technology. And the Microsoft Office and associated development platforms receive some lower-rated patches, with recommendations for a standard roll-out regime. 

To read this article in full, please click here



Computer World Security News
Nov 12, 2020

The November Patch Tuesday aftermath
November's updates held a few surprises. 

First, for those still running Office 2010 last month was supposed to be the drop-dead date for support.  No more security updates at all.  None.  Zilch.  Zippo.  

And yet, we week received updates for Excel (KB4486743), Office (KB4486737, KB4486738, KB4484534, KB4484455), and for Word (KB4486740) — all of which patch for remote code executions.  (I remember when Office 2007 had its swan song, we received updates after its end-of-life notice as well.) My guess is that these updates were probably still in testing and had not yet been completed, hence the late release. So, if you are still running Office 2010, you get one more month's worth of updates.  I don't expect another set next month. But then again, I didn't expect this month's either.

To read this article in full, please click here



Computer World Security News
Nov 12, 2020

Online privacy: Best browsers, settings, and tips
"You have zero privacy anyway. Get over it," Scott McNealy said of online privacy back in 1999, a view the former CEO of the now-defunct Sun Microsystems reiterated in 2015. Despite the hue and cry his initial remarks caused, he's been proven largely correct.

Where mainstream mobile browsers differ in privacy settingsTo read this article in full, please click here

(Insider Story)

Computer World Security News
Nov 10, 2020

11 Android settings that'll strengthen your security
You might not know it from all the panic-inducing headlines out there, but Android is actually packed with powerful and practical security features. Some are activated by default and protecting you whether you realize it or not, while others are more out of the way but equally deserving of your attention.

So stop wasting your time worrying about the Android malware monster du jour and which security company is using it to scare you into an unnecessary subscription, and take a moment instead to look through these far more impactful Android security settings — ranging from core system-level elements to some more advanced and easily overlooked options.

To read this article in full, please click here



Computer World Security News
Nov 09, 2020

For Patch Tuesday, it's time to pause those Windows 10 updates
First a bit of an introduction.  Recently, Woody Leonhard decided to take a much deserved "retirement" from both AskWoody.com and Computerworld. I put "retirement" in quotes because I find that in IT, you never really retire. You're often called on to fix anything that has a motherboard or boots up, no matter what operating system is under the hood — especially when visiting family members and even in a pandemic.  Woody is back in Thailand on what he calls an extended vacation.

To read this article in full, please click here



Computer World Security News
Nov 09, 2020

On a personal note...
A combination of medical concerns, family obligations … and a screaming desire to turn my attention to interests outside the computer industry have nudged me into retirement.

And it's my great pleasure to announce that "Patch Lady" Susan Bradley will be taking up the cause here at Computerworld  with a new blog: Microsoft Patch Lady. She will also be major-domo of AskWoody.com, managing editor of the AskWoody Newsletters, as guiding light of the @AskWoody twitter charge — and, most importantly, as a spiritual advisor to gazillions of disenfranchised Microsoft customers.

To read this article in full, please click here



Computer World Security News
Nov 03, 2020

How to give Chrome a super-simple security upgrade
Smart security, just like autumn attire, is all about layers. The more effective pieces you have working to protect you, the less likely you'll be to let a burst of cold air — whether a metaphorical one or a literal one — catch you off-guard. (Also, the more flannel, the better. I'm not entirely sure how that applies to the tech side of things, but I'm stickin' with it.)

When it comes to browsing this wild ol' web of ours, after all, potential threats are a-plenty. Shady sites sit in wait to try to trick you into doing something dangerous, passwords are compromised constantly, and ghoulish virtual boogeymen who look curiously like Gary Busey crouch behind dark corners and prepare to pounce.

To read this article in full, please click here



Computer World Security News
Oct 30, 2020

Get Microsoft's October patches installed — and seriously consider Win10 2004
It was yet another patch roller coaster ride this month with the usual crop of one-off bugs, a  Malwarebytes-associated assault on networking, a promised Flash killer that doesn't — and that announced Dynamics 365 Commerce patch, CVE-2020-16943, still isn't out. 

To read this article in full, please click here



Computer World Security News
Oct 30, 2020

Get the October patches installed — and seriously consider Win10 2004
It was yet another patch roller coaster ride this month with the usual crop of one-off bugs, a  Malwarebytes-associated assault on networking, a promised Flash killer that doesn't — and that announced Dynamics 365 Commerce patch, CVE-2020-16943, still isn't out. 

To read this article in full, please click here



Computer World Security News
Oct 29, 2020

The New Normal: When work-from-home means the boss is watching
In the midst of a pandemic that's led to unprecedented levels of remote working, digital tools to monitor employees in real time are gaining popularity among companies looking for new ways to track employee productivity. At the same time, the trend raises concerns about employee privacy and how far companies should be allowed to go to keep tabs on their workers.

Applications such as StaffCop, Teramind, Hubstaff, CleverControl, and Time Doctor include real-time activity tracking, can take screenshots of workers' computers at regular intervals, do keystroke logging, and record screens. In some cases, the tracking tools can be installed without the knowledge of employees. Companies say they're focused on transparency and productivity, but privacy groups decry draconian "Big Brother" moves made possible by technology. (Computerworld reached out to several of the vendors for comment; they either did not return messages or could not provide someone to discuss their software.)

To read this article in full, please click here



Computer World Security News
Oct 22, 2020

Microsoft Patch Alert: October 2020
October 2020 brought a lighter-than-usual crop of patches. For the first time in recent memory, there were none at all for Internet Explorer or the (Chromium-based) Edge browser. The cumulative updates went in with few reports of problems, although there were many complaints about printers not working after the update.

Strange things happened, though, outside the usual monthly patching schedule. The day after Patch Tuesday, Microsoft announced a(nother) fix for a security hole in the HEVC codec — CVE-2020-17022 — distributed, once again, only through the Microsoft Store.

To read this article in full, please click here



Computer World Security News
Oct 20, 2020

Warning: Multiple Windows 10 retirements ahead
Two Windows 10 feature upgrades will reach end of support in the next seven weeks, the congestion caused by decisions Microsoft made earlier this year as the coronavirus pandemic began.To read this article in full, please click here

(Insider Story)

Computer World Security News
Oct 20, 2020

A phenomenal Android privacy feature you probably forget to use
It's amazing how many useful Android features get buried in the operating system and then forgotten over time.

When you stop and think about it, it's also kind of inevitable: With every passing year, Android grows increasingly robust and complex, as more advanced options make their way into the software. So it's only logical that certain elements will become out of sight and out of mind and get lost in the shuffle somewhere along the way.

One such item jumped out at me the other day, triggering an immediate "AHAH!" in this rusty ol' noggin of mine as I remembered its existence and then scolded myself for forgetting to use it all this time. It's a little somethin' called Android Guest Mode, and it first showed up way back in the Android 5.0 (Lollipop) era of 2014.

To read this article in full, please click here



  • CEOExpress
  • 1 Boston Place | Suite 2600
    Boston MA 02108
  • Contact
  • As an Amazon Associate
    CEOExpress earns from
    qualifying purchases.

©1999-2021 CEOExpress Company LLC