NEWS: COMPUTER WORLD SECURITY NEWS
Setup News Ticker
   NEWS: COMPUTER WORLD SECURITY NEWS
Computer World Security News
Nov 13, 2019

Get 70% off NordVPN Virtual Private Network Service 3 months free - Deal Alert
Safeguard yourself against snoops, and access blocked content with this no-log VPN service. NordVPN has discounted their popular VPN software 70%, with 3 extra months on top. Use our link and see the discount applied when you click "buy now".

Computer World Security News
Nov 13, 2019

Patch Tuesday arrives with Access error, 1909 in tow, and a promise of no more 'optional' patches this year
The patches haven't yet been out for 24 hours and already we're seeing a lot of activity. Here's where we stand with the initial wave of problems.

Malicious Software Removal Tool installation error 800B0109  Many early patchers found that the MSRT, KB 890830, kept installing itself over and over again. Poster IndyPilot80 says:


To read this article in full, please click here



Computer World Security News
Nov 11, 2019

Patch Tuesday alert: Make sure Windows Auto Update is temporarily disabled
For those of you who haven't patched since May, there's exceedingly bad news on the horizon. Per Catalin Cimpanu at ZDNet, Metasploit's working-but-just-barely BlueKeep exploit is about to get a significant bug fix. That'll put BlueKeep infection capabilities in the hands of mere mortals. The script kiddies won't be far behind.

If you're using — or you know someone who's using — Windows XP, Vista, Win7, Server 2003, Server 2008 or Server 2008 R2, get patched now. The fix is easy. Even  Aunt Martha can handle it.

To read this article in full, please click here



Computer World Security News
Nov 08, 2019

Why you should begin using Sign in with Apple
Apple has published lots of information explaining how its newly introduced Sign in With Apple service solves a problem most of us didn't know existed and which many of us would very much like to solve.

Who watches the watchmen? The issue:

Most social sign-in services act a little like people-tracking honey pots: You come to use a website or service and stay because the people providing the authorization use that moment to gather even more information about what you do.

What happens is that the persistent identity used by those services can be combined with other data to identify where you go, what you look for and more.

To read this article in full, please click here



Computer World Security News
Nov 07, 2019

How to harden web browsers against cyberattacks
Use these techniques to limit attackers' ability to compromise systems and websites.

Computer World Security News
Nov 07, 2019

Printers: The overlooked security threat in your enterprise | TECHtalk
Printers, often a forgotten target in the enterprise, are vulnerable to all the usual cyberattacks. Watch as IDG TECH(talk) hosts Ken Mingis and Juliet Beauchamp and CSO Online's J.M. Porup discuss the threats to these devices, plus how to secure them and protect your network.

Computer World Security News
Nov 07, 2019

Duck Duck Go gives Mac users even more privacy
People are finally waking up to the importance of privacy and the risk of entities over whom you have no control hoovering up the details of our digital lives, and that's why the latest news from Duck Duck Go is so worthwhile.

Apple's good privacy just got better We know Apple is working to protect our privacy - its newly updated privacy website shares a huge amount of information on this, while the newly-published Safari white paper confirms the browser's privacy protections include (among other things):

To read this article in full, please click here



Computer World Security News
Nov 07, 2019

Duck Duck Go offers Mac users even more privacy
People are finally waking up to the importance of privacy and the risk of entities over whom we have no control hoovering up the details of our digital lives, and that's why the latest news from Duck Duck Go is so worthwhile.

Apple's good privacy just got better We know Apple is working to protect privacy - its newly updated privacy website shares a huge amount of information on its efforts, while the newly-published Safari white paper confirms the browser's privacy protections include (among other things):

To read this article in full, please click here



Computer World Security News
Nov 06, 2019

Apple updates its privacy pages, and you should take a look
Apple has updated its Privacy website and published several white papers explaining its approach to the topic and how its products protect your privacy.

Apple is offering more information than ever The updated website delivers much more information than before with a broad overview of what the company is doing. It includes pages detailing features and controls as well as its privacy policy and transparency report. 

The site also offers a selection of approachable white papers that explain how the privacy controls in Safari, Location Services, Photos and Sign-in With Apple work. These contain a huge amount of information on Apple and its services.

To read this article in full, please click here



Computer World Security News
Nov 06, 2019

Apple updates its privacy pages; you should take a look
Apple has updated its privacy website and published several white papers explaining its approach to the issue and how its products protect your privacy.

Apple offers more information than ever The updated website delivers much more information now, with a broad overview of what the company is doing. It details features and controls as well as the company's  privacy policy and transparency report. 

The site also offers a selection of understandable white papers that explain how  privacy controls work in Safari, Location Services, Photos and Sign-in With Apple. These contain a large amount of information on Apple and its services.

To read this article in full, please click here



Computer World Security News
Nov 05, 2019

Boeing's insecure networks threaten security and safety
Aircraft manufacturer Boeing's insecure networks leave the company--and potentially its aircraft--at risk of exploitation. Security researcher Chris Kubecka uncovered these threats in April, and new reporting by CSO's J.M. Porup reveals little has been done to patch these vulnerabilities. They both join Juliet to discuss how Kubecka discovered this information and what it means for national security and passenger safety.

Computer World Security News
Nov 05, 2019

Boeing's unsecure networks threaten security and safety
Aircraft manufacturer Boeing's unsecure networks leave the company--and potentially its aircraft--at risk of exploitation. Security researcher Chris Kubecka uncovered these threats in April, and new reporting by CSO's J.M. Porup reveals little has been done to patch these vulnerabilities. They both join Juliet to discuss how Kubecka discovered this information and what it means for national security and passenger safety.

Computer World Security News
Nov 05, 2019

Microsoft Intune can now block unauthorized BYOD hardware
Microsoft has integrated third-party mobile threat defense (MTD) software with its Intune unified endpoint management (UEM) platform, enabling corporate systems to detect when an employee's unenrolled, smartphone or tablet has an app potentially infected by malware.

The new Intune capability is particularly useful for companies with bring-your-own device (BYOD) policies in that it can block access to enterprise systems on devices flagged by the MTD software.

[ Related: How to get the most from Microsoft Intune ] The mobile threat detection feature on Intune will initially allow it to work with software from Lookout for Work, Better Mobile and Zimperium. "In future, we expect other partners to add support for this integration," Microsoft said via a Monday blog post released during its Ignite conference.

To read this article in full, please click here



Computer World Security News
Nov 04, 2019

Do you really need a Chief Mobility Officer? (Spoiler alert: nope)
While one in three large enterprises has a chief mobility officer (CMO), according to one survey, that role is now largely duplicative and unnecessary - and creating it can hit a company's bottom line.

Management consultancy Janco Associates, which lists job descriptions and conducts bi-annual salary surveys, last week updated its description of a Chief Mobility Officer (CMO) to include privacy compliance policies in light of the California Consumer Privacy Act (CaCPA), which goes into effect in January.

[ Related: How to get the most from Microsoft Intune ] "As the use of personal mobile devices, social networking, and compliance requirements expand, organizations are faced with a dilemma. How can they balance privacy compliance mandates like CaCPA with business continuity, security, and operational needs in an ever more complex operating environment?" said Victor Janulaitis, CEO of Janco Associates.

To read this article in full, please click here



Computer World Security News
Nov 01, 2019

With a few exceptions, all's clear to install Microsoft's October patches
If you had automatic update turned on at the beginning of October, you got clobbered with a bug-infested, out-of-band update for an IE-related zero-day that never appeared in real life. Later in the month, those with automatic update turned on were treated to a wide assortment of bugs (Start and Search fails, RDP redlines, older Visual Basic program blasts) - only some of which were solved with the month's final, optional, non-security patches.

To read this article in full, please click here



Computer World Security News
Oct 31, 2019

Google strengthens Chrome's site isolation to protect browser against its own vulnerabilities
Google is telling Chrome users that it has extended an advanced defensive technology to protect against attacks exploiting vulnerabilities in the browser's Blink rendering engine.

Chrome 77, which launched in September but was supplanted by Chrome 78 on Oct. 22, received the beefed-up site isolation, wrote Alex Moshchuk and Lukasz Anforowicz, two Google software engineers, in an Oct. 17 post to a company blog. "Site Isolation in Chrome 77 now helps defend against significantly stronger attacks," the two said. "Site Isolation can now handle even severe attacks where the renderer process is fully compromised via a security bug, such as memory corruption bugs or Universal Cross-Site Scripting (UXSS) logic errors."

To read this article in full, please click here



Computer World Security News
Oct 30, 2019

How to and why you should disable LLMNR with Windows Server
Link-Local Multicast Name Resolution could enable a man-in-the-middle attack, so it's best to disable the protocol when setting up Windows Server 2019.

Computer World Security News
Oct 29, 2019

Microsoft Patch Alert: October updates bring problems with Start, RDP, Ethernet, older VB programs
October started out on an extraordinarily low note. On Oct. 3, Microsoft released an "out of band" security update to protect all Windows users from an Internet Explorer scripting engine bug, CVE-2019-1367, once thought to be an imminent danger to all things (and all versions) Windows.

It was the third attempt to fix that security hole and each of the versions brought its own set of bugs.

To read this article in full, please click here



Computer World Security News
Oct 29, 2019

Earn your IoT security certification
Insider Pro is teaming up with CertNexus to offer subscribers access to an online course that leads to a Certified IoT Security Practitioner (CIoTSP) certification.

Computer World Security News
Oct 28, 2019

Memory-Lane Monday: Please tell me his name wasn't Jones
Pilot fish and his help desk colleagues do a lot of password resets and have learned that it's best to sympathize with the callers and normalize forgetting those strings of letters, numbers and symbols. It can happen to anybody is the message.

But some forgetfulness is more normal than others, finds fish, who told one user, "I'm going to reset your password to your last name, with the first letter capitalized."

Reports fish: "He said, ‘Wait a minute. Let me get a pencil and paper to write that down.

"I then spelled his last name for him and reminded him to capitalize the first letter. He thanked me and hung up the phone.

"Surreal doesn't even begin to describe how this felt!"

To read this article in full, please click here



Computer World Security News
Oct 25, 2019

Name game
This pilot fish builds a lot of Linux systems that have to be compliant with U.S. Department of Defense/Defense Information Systems Agency STIG security requirements, but he tries to lessen the pain by assigning root passwords that are secure but easily remembered. Naturally, he sends them to the owner via encrypted email.

When the Nvidia driver in one of those machines gets corrupted after the system goes down hard in a power outage, fish needs root access to reinstall the driver. Unfortunately, the user of that machine (who, just incidentally, had ignored the warnings about that planned power outage) has no recollection of the root password, and he can't get it from his email. Why? He has uninstalled all his old encryption certs, so older encrypted emails can no longer be decrypted.

To read this article in full, please click here



Computer World Security News
Oct 23, 2019

How to double-check permissions post migration from Windows 7
It pays to make sure all permissions in your Windows environment are correct after migrating from Windows 7 or Server 2008 R2. Here's how to check.

Computer World Security News
Oct 22, 2019

Your best defense against insider threats | TECH(talk)
When employees are your weakest link, companies must have programs in place to prevent them from accidentally or intentionally putting the organization at risk. Watch as TECHtalk hosts Ken Mingis and Juliet Beauchamp discuss various options with CSO's Lucian Constantin.

Computer World Security News
Oct 22, 2019

5 big buts about the Pixel 4 phone
Look, I'll just come out and say it: I'm a big believer in buts.

Now, hang on a sec: You haven't accidentally stumbled onto the world's last remaining Sir Mix-a-Lot fan site. (If only!) No, the buts of which I speak at this particular moment are the single "t" variety — as in, the contradictory kinds of statements that are so frequently missing when we talk about technology.

You know what I'm talking about, right? Here in these tribal times of 2019, it's all too easy to fall into a pattern of seeing a certain sort of product or type of device as being either "awesome" or "inferior," with little gray space in between those extremes. You've used this kind of smartphone for years now, damn it, so it has to be the best! And that other company's devices are, like, obviously awful. They're from the competing team! They could never be worth your while.

To read this article in full, please click here



Computer World Security News
Oct 21, 2019

Train to be a certified cyber security professional for just $39
Cyber crime is responsible for a staggering amount of damage and chaos around the world. Want to be a part of the solution? Then train for a career in this demanding field with The A to Z Cyber Security and IT Certification Training Bundle.

This e-training bundle is perfect for anyone who has an interest in putting a stop to cyber crime. It includes twelve courses that'll introduce students to ethical hacking methods, show them how to test a network for weaknesses, and identify problems so they can be fixed prior to being exploited. It's fast, flexible, and you can even apply your training in preparation for several certification exams

To read this article in full, please click here



Computer World Security News
Oct 21, 2019

Utah county moves to expand mobile voting through blockchain
Disabled voters in Utah County will be able to use their smartphones to vote in the November municipal election, an expansion of an earlier pilot test of the blockchain-based technology and anothert step toward allowing all voters to cast ballots with a mobile device.

The county, which has more than a half million residents, is the third in the U.S. to partner with Tusk Philanthropies, a non-profit focused on expanding mobile voting nationally. The latest pilot is a collaboration between the Utah County Elections Division, Tusk Philanthropies, the National Cybersecurity Center and Boston-based voting app developer Voatz.

To read this article in full, please click here



Computer World Security News
Oct 21, 2019

But I'm still me
Longtime user at a big bank can't access the archiving system, the intranet kicks her back to the login screen, and the attendance system that pilot fish supports never heard of her. She's frantic to be recognized by the system, and she starts flooding the IT department with calls — not just the help desk, but operations and individual IT employees as well.

Everyone who gets a call is solicitous and sympathetic, and they all run down the list of questions that could rule out scenarios. Did she get a new PC? No. Did she change offices? No. Is anyone else affected? No. So what is going on?

The answer is simple after all. The woman had just gotten married, and upon her return from her honeymoon, she started using her new last name with every application — without first requesting to have her name changed in any applications. What isn't so simple is understanding why she never thought to try logging in with her maiden name.

To read this article in full, please click here



Computer World Security News
Oct 16, 2019

Can Facebook's Libra cryptocurrency survive the exodus?
After the withdrawal of seven of the 29 founding members of the Libra Association, the governing council for Facebook's planned global cryptocurrency, the project's fate  looks increasingly uncertain.

PayPal, Visa, Mastercard, eBay, Stripe, Mercado Pago and Brooking Holdings have backed away from participation on the Libra Association; their hands were forced when  all members met Monday in Switzerland for formalize their commitment to the project.

To read this article in full, please click here



Computer World Security News
Oct 16, 2019

Why we need Apple's HomeKit-enabled routers
How secure are the connected smart devices you keep in your home? How much protection have you put in place, and have you even taken a minute to change your default router password?

Computer says no The truth is many smart home device users (and those running connected devices in smart offices, enterprises, manufacturing and beyond) may not yet have taken stock of their security.

This is a particular problem when it comes to older smart devices, many of which are still in use even though a large number of them shipped with weak or non-replaceable factory default passcodes.

To read this article in full, please click here



Computer World Security News
Oct 16, 2019

Microsoft's Windows, Office 365 advice for secure elections
Microsoft has issued guidance and offered resources to help election officials and candidate campaigns to better protect their Windows and Office 365 systems.

Computer World Security News
Oct 15, 2019

9 ways to use Windows 7 (safely) when support ends
With support ending in January, our Windows 7 Survival Guide for 2020 offers ways to protect your older machines that can't or won't be upgraded.

Computer World Security News
Oct 10, 2019

A Chrome security setting you shouldn't overlook
We spend tons o' time talking about Android security settings — like the added Android 10 option to limit how and when apps are able to access your location. Often lost in the shuffle, though, is the fact that the Chrome desktop browser has some significant security options of its own, and they're just as critical to consider.

In fact, Chrome has an easily overlooked setting that's somewhat similar to that new location control feature in Android. It's attached to every Chrome extension you install, as of not that long ago, and it lets you decide exactly when an extension should be able to see what you're doing on the web and be made privy to all the details (yes, even those details) of your browsing activity.

To read this article in full, please click here



Computer World Security News
Oct 08, 2019

Top enterprise VPN vulnerabilities
Don't assume VPNs are always safe. These popular enterprise VPNs all have known remote code execution vulnerabilities.

Computer World Security News
Oct 04, 2019

IoT dangers demand a dedicated group
The internet of things (IoT) brings with it a wide range of IT security headaches, along with compliance nightmares — and turf wars.

Internal problem No. 1: Departments that typically have little to no interactions with IT are now directly ordering corporate IoT devices. Maybe you've got Facilities purchasing IoT door locks or Maintenance buying a ton of IoT light bulbs. Given that those departments have been purchasing door locks and light bulbs for as long as anyone can remember and have never needed IT or security's signoff, this can be a problem.

Internal problem No. 2: In many ways, IoT devices (think of devices for tracking pallets on ships or for monitoring where every fleet car is and how fast it's been driven) are very different from anything else that IT or security has dealt with. The units are capturing data that has never been tracked before — Hello, Compliance. Go away, GDPR regulator — and in different ways, such as bypassing enterprise LANs and cloud networks and using internal antennas to directly communicate.

To read this article in full, please click here



Computer World Security News
Oct 04, 2019

Will 5G increase mobile security?
We love our smartphones, but there's a dark side. Their prevalence and users' tendencies to connect over public Wi-Fi make mobile devices a common target of bad guys. Analyst Jack Gold looks at how to mitigate the risk.

Computer World Security News
Oct 04, 2019

Microsoft releases even more patches for the CVE-2019-1367 IE zero-day, and the bugs are having a field day
You may recall the Keystone Kops reenactment that goes by the code name CVE-2019-1367. In short:

Sept. 23: Microsoft released the CVE-2019-1367 bulletin, and published Win10 cumulative updates in the Microsoft Catalog for versions 1903, 1809, 1803, 1709, 1703, Server 2019 and Server 2016. It also released an IE rollup for Win7, 8.1, Server 2012 and Server 2012 R2. Those were only available by manual download from the Catalog — they didn't go out through Windows Update, or through the Update Server. 

Sept. 24: Microsoft released "optional, non-security" cumulative updates for Win10 version 1809, 1803, 1709, 1703, 1607/Server 2016. Nothing for Win10 version 1903. We also got Monthly Rollup Previews for Win7 and 8.1. Microsoft didn't bother to mention it, but we found that those Previews include the IE zero-day patch as well. This bunch of patches went out through normal channels — Windows Update, Update Server — but they're "optional" and "Preview," which means most savvy individuals and companies won't install them until they've been tested.

To read this article in full, please click here



Computer World Security News
Oct 04, 2019

Google launches leaked-password checker, will bake it into Chrome in December
Google has launched a web-based hacked-password checker, part of its efforts to bake an alert system into Chrome.

Called "Password Checker," the service examines the username-password combinations stored in Chrome's own password manager and reports back on those authentication pairings that have been exposed in publicly-known data breaches.

[ Further reading: Google's Chromium browser explained ] The web version can be found at passwords.google.com, the umbrella site for Chrome users who run the browser after logging in with their Google account, then use that to synchronize data - including passwords - between copies of Chrome on different devices.

To read this article in full, please click here



Computer World Security News
Oct 03, 2019

5 industries that will be disrupted by blockchain
Here are five major industries that will benefit from blockchain technology in the near future: financial services and banking, government, healthcare, energy, and transportation and logistics.

Computer World Security News
Oct 03, 2019

Throwback Thursday: Everybody gets an F
As the IT communications manager at this university, pilot fish is the person who sends out memos about IT policy to users. And he does just that when a phishing email starts circulating on campus.

Never send your user name and password to anyone via email, he warns them, and to give them an example of what to look out for, he pastes in the text of the phishing attempt.

Within minutes, his inbox is flooded with responses from students sending him their campus passwords, their Gmail passwords, their Yahoo passwords and more.

Sharky is looking for fish, not phish. Send me your true tales of IT life at sharky@computerworld.com. You can also subscribe to the Daily Shark Newsletter.

To read this article in full, please click here



Computer World Security News
Oct 02, 2019

Time to install Microsoft's mainstream September patches - and avoid the dregs
It's a smelter-weight slapdown. 

In one corner you have the Chicken Little contingent, which insists that September's IE zero-day patch must be important because Microsoft marked it as "Exploited: Yes" and memorialized it with an extremely odd patch on a Monday, followed in Keystone Kops fashion with a stumbling trail of follow-ons. 

To read this article in full, please click here



Computer World Security News
Oct 02, 2019

Post-retirement Windows 7 patches: Not just for the big dogs now
Microsoft on Tuesday changed its plans for selling Windows 7 post-retirement support, saying that it will offer patches-for-a-price to any business, no matter how small, that's willing to pay.

"Through January 2023, we will extend the availability of paid Windows 7 Extended Security Updates (ESU) to businesses of all sizes," Jared Spataro, an executive in the Microsoft 365 group, wrote in a post to a company blog.

[ Related: How to clean up your Windows 10 act ] Microsoft had announced the ESU program in September 2018. Since April, when the company started selling ESU, only customers with volume licensing deals for Windows 7 Enterprise or Windows 10 Professional have been eligible to purchase the support add-on.

To read this article in full, please click here



Computer World Security News
Oct 02, 2019

How to safely erase data under Windows
Bitlocker and self-encrypting hard drives can make it easier to erase data so that it cannot be recovered. This is how the "crypto-erase" method works.

Computer World Security News
Sep 30, 2019

Microsoft Patch Alert: Botched IE zero-day patch leaves cognoscenti fuming
So you think Windows 10 patching is getting better? Not if this month's Keystone Kops reenactment is an indicator.

In a fervent frenzy, well-meaning but ill-informed bloggers, international news outlets, even little TV stations, enjoyed a hearty round of "The Windows sky is falling!" right after the local weather. It wasn't. It isn't - no matter what you may have read or heard.

The fickle finger of zero-day fate Microsoft has a special way of telling folks how important its patches might be. Every individual security hole, listed by its CVE number, has an "Exploitability Assessment" consisting of:

To read this article in full, please click here



Computer World Security News
Sep 27, 2019

Cheers!
Pilot fish has a sweet deal with one of the owners of a local drinking establishment he frequents. The bar owner is in the habit of using the main office computer for what fish calls "nonstandard business activity." What does that mean? Suffice to say that that computer gets infected by viruses a couple of times a year. Bar owner would then call fish and ask for expedited service.

Fish stops by on his way home, grabs the tower, and disinfects the hard drive at home. He usually returns the system to the bar late that night or on his way to work the next morning.

Either way, the next time he stops by for an adult beverage, he receives a gift card that usually covers several rounds.

To read this article in full, please click here



Computer World Security News
Sep 25, 2019

What do we know about the big, scary, exploited, emergency-patched IE security hole CVE-2019-1367?
Microsoft set the patching world on its ear on Monday when it released an "out of band" patch to fix a vulnerability known as CVE-2019-1367. Susan Bradley raised the alarm immediately. I chimed in a few hours later with more details.

To read this article in full, please click here



Computer World Security News
Sep 25, 2019

Apple just made Safari a better fit for the enterprise
Enterprise users can now wrap a new layer of security around their web services, thanks to Apple's introduction of support for USB security keys in Safari 13.0.1.

Enterprise class security Dongles aren't a terribly convenient security protection for most people, but government, military and regulated industries are always searching out new ways to secure themselves, and their data.

FIDO2-compliant USB security keys - such as those made by Yubico - add a layer of security to the verification process:

To read this article in full, please click here



Computer World Security News
Sep 25, 2019

How to move users to the Outlook app with Intune
Microsoft is turning off basic authentication, so it's wise to move mobile users to the Outlook app to better protect them from attackers.

Computer World Security News
Sep 24, 2019

Microsoft releases emergency IE patches inside 'optional, non-security' cumulative updates
I've seen a lot of confusion about the security hole known as CVE-2019-1367 and what normal Windows customers should do about it. Part of the reason for the confusion is the way the fix was distributed - the patching files were released on Monday, Sept. 23, but only via manual download from the Microsoft Update Catalog.

On a Monday.

[ Related: How to clean up your Windows 10 act ] In the past few hours, Microsoft released a hodge-podge of patches that seem to tackle the problem. They're "optional non-security" and "Monthly Rollup preview" patches, so you won't get them unless you specifically go looking for them.

To read this article in full, please click here



Computer World Security News
Sep 24, 2019

Microsoft delivers emergency security update for antiquated IE
Microsoft on Monday released an emergency security update to patch a vulnerability in Internet Explorer (IE), the legacy browser predominantly used by commercial customers.

The flaw, which was reported to Microsoft by Clement Lecigne, a security engineer with Google's Threat Analysis Group (TAG), has already been exploited by attackers, making it a classic "zero-day," a vulnerability actively in use before a patch is in place.

[ Related: Get serious about privacy with the Epic, Brave and Tor browsers ] In the security bulletin that accompanied the release of the IE patch, Microsoft labeled the bug a remote code vulnerability, meaning that a hacker could, by exploiting the bug, introduce malicious code into the browser. Remote code vulnerabilities, also called remote code execution, or RCE, flaws, are among the most serious. That seriousness, as well as the fact that criminals are already leveraging the vulnerability, was reflected in Microsoft's decision to go "out of band," or off the usual patching cycle, to plug the hole.

To read this article in full, please click here



Computer World Security News
Sep 23, 2019

iOS 13: Apple's big BYOD improvements help enterprise pros
Apple may place much of its focus on Apple Arcade and consumer-friendly iPad/iPhone features, but there are numerous enterprise-focused enhancements wrapped up inside iOS 13.

The BYOD enterprise The company's latest operating systems introduce a host of productivity-enhancing upgrades, particularly for the iPad.

Yet the biggest improvements specifically for enterprise users aim to make a more robust division between personal and enterprise data for Bring Your Own Device (BYOD) deployments, solving one of the big challenges in the space.

To read this article in full, please click here



Computer World Security News
Sep 20, 2019

Now change these 4 new security settings in iOS 13
If you've (successfully) upgraded to iOS 13 or just got hold of an iPhone 11 device, here are the new security settings inside Apple's new operating system you need to learn and use.

Fight back against robocalls There were 26.3 billion robocalls in the U.S. in 2018. It's a a sickness.

You can stop the contagion thanks to a new in iOS 13 feature that directs incoming calls from unknown numbers (ie. Those you don't have in your Contacts book) to voicemail.

It's a useful feature that isn't enabled by default.

To read this article in full, please click here



Computer World Security News
Sep 20, 2019

Change these 4 new security settings in iOS 13 now
If you've (successfully) upgraded to iOS 13 or just got hold of a new iPhone 11 or 11 Pro, there are new security settings in Apple's latest operating system you need to learn and use. Here's what's important to understand.

Fight back against robocalls There were 26.3 billion robocalls in the U.S. in 2018. It's a a sickness.

You can stop the contagion thanks to a new in iOS 13 feature that directs incoming calls from unknown numbers (ie. those you don't have in your Contacts book) to voicemail. It's a useful feature that isn't enabled by default.

To read this article in full, please click here



Computer World Security News
Sep 19, 2019

Throwback Thursday: Ultimatum
It's 1977, and this pilot fish's company is moving to a new data center. "The old facility was in the basement of the headquarters building," says fish. "Access was via an ancient magnetic strip reader with no special capabilities. You either got in or you didn't.

The new facility has state-of-the-art card readers, supported by a small midrange system. It has lots of capabilities — which can be a bit of trouble when you have a security department that's paranoid about access to the facility.

And trouble does arrive, about a month after the move to the new building, when the security department programs the system to allow admission only during scheduled working hours.

To read this article in full, please click here



Computer World Security News
Sep 18, 2019

Wayback Wednesday: When you said ‘gone for good,' I only heard ‘good'
User comes to this support pilot fish complaining that his PC is acting strangely.

"It turns out he had gotten his computer so jammed up with spyware and Trojans that it was basically nonfunctional," says fish. "We had to rebuild the computer from scratch." They were able to recover much of user's work and files, but some were irretrievably damaged — or just plain gone .

Fish explains what happened and points out the probable infection vectors. And he explains that they had recovered as much as they could, but some stuff was simply gone for good. There would be no way to get anything more.

"Two days later, he called to ask when I'm going to bring him the rest of his missing files."

To read this article in full, please click here



Computer World Security News
Sep 18, 2019

Why France and Germany fear Facebook's cryptocurrency - and plan to block it
Facebook's plans to launch its own Libra cryptocurrency next year is getting resistance from France and Germany who have promised to block it and plan to create their own national cryptocurrencies.

Last week, the two nations said Libra could threaten the Euro's value and unlawfully privatize money. Last year, the Reserve Bank of India (RBI), the country's central bank, announced a ban on the use of cryptocurrencies by any regulated financial entity because of risks associated with it.

To read this article in full, please click here



Computer World Security News
Sep 18, 2019

How to monitor Windows to prevent credential theft attacks
Attackers are now enabling WDigest credential caching to allow them to harvest credentials. Here's how to spot it.

Computer World Security News
Sep 17, 2019

Mozilla first reveals, then conceals, paid support plan for Firefox
Mozilla earlier this month quietly outlined paid support for enterprise users of Firefox, but last week scrubbed the reference from its website, saying that it is "still exploring that option."

The offering - labeled "Mozilla Enterprise Client Support" - was to start at $10 per "supported installation," which likely referred to per-device, not per-user, pricing. It's unclear whether that was an annual or monthly fee, and Mozilla declined to say which it was when asked.

In return for the fee, Mozilla said on the now-absent Firefox enterprise site - still visible through the Internet Archive's Wayback Machine - customers would be able to privately report bugs via a new web portal and receive fixes on a timeline dependent on the impact and urgency of the problem. Customers would also be able to file requests for help with Firefox's installation and deployment, management policies, functionality and customization.

To read this article in full, please click here



Computer World Security News
Sep 17, 2019

All about U.S. tech antitrust investigations | TECH(feed)
Four large tech companies -- Apple, Amazon, Google and Facebook are under investigation in the U.S. for allegedly anticompetitive behavior. These antitrust investigations on both the federal and state levels are aimed at uncovering the practices these companies engage in to eliminate competition. In this episode of TECH(feed), Juliet discusses the House investigation into big tech and how Congress plans to investigate potential wrongdoing by these companies.

Computer World Security News
Sep 16, 2019

Now let me guess your password
This pilot fish IT guy gets a call from an irate client one day complaining (incorrectly) that we had changed his administrative password on his Windows 2000 server without his knowledge.

"As I walked him through the logon process, I asked if the username in the login prompt was ‘Administrator,' says fish. "His reply: "Oh, do I need to change that?"

Feed the Shark! Send me your true tales of IT life at sharky@computerworld.com. You can also subscribe to the Daily Shark Newsletter.

To read this article in full, please click here



Computer World Security News
Sep 12, 2019

Mozilla previews Firefox VPN, will charge for service at some point
Mozilla this week resurrected its Test Pilot preview program, offering Firefox users a free VPN-like service to encrypt browser-to-site-and-back transmissions over public networks.

"The Firefox Private Network is an extension which provides a secure, encrypted path to the web to protect your connection and your personal information anywhere and everywhere you use your Firefox browser," wrote Marissa Wood, vice president of product, in a post to the Mozilla blog.

[ Related: Get serious about privacy with the Epic, Brave and Tor browsers ] The free service is available immediately, but only to U.S.-based users running the desktop version of Firefox. A Firefox account - typically used for syncing copies of the browser on multiple devices - and an accompanying add-on are required.

To read this article in full, please click here



Computer World Security News
Sep 12, 2019

Heads up: Microsoft is back to snooping with this month's Win7 and 8.1 'security-only' patches
Two months ago, the July Win7 security-only patch was found to install telemetry software, triggered by newly installed scheduled tasks called ProgramDataUpdater, Microsoft Compatibility Appraiser, and AitAgent. As best I can tell, Microsoft never admitted that its security-only patch dropped a telemetry component.

The August security-only update didn't include that bit of snooping, so it looked like the July snooping was a one-off aberration.

To read this article in full, please click here



Computer World Security News
Sep 12, 2019

Throwback Thursday: Let's get an expert opinion
Card-reader door locks are installed at this pilot fish's company, and she's tasked with setting up the software, configuring the locks and assigning employee access and times.

A VP gives her a handwritten sheet of paper with the employee door access and times, reports fish. Then he promptly takes a one-week vacation.

"The day the system goes live, the employees are standing in front of me yelling because their cards won't let them in the door they want to use. They now have to use the main door instead.

"The VP comes along hearing all the complaints, then starts yelling at me that this is not the way it should be set up.

"I pull out his handwritten instructions. He looks at it and says, ‘That's not my handwriting!'"

To read this article in full, please click here



Computer World Security News
Sep 11, 2019

Windows 10 1909: What's in it for enterprises?
This fall's update for Windows 10 may not include a raft of new features, but it does offer something even more important to enterprise IT: extended support that should make future upgrades easier to manage.

Computer World Security News
Sep 11, 2019

Lemonade is changing the way we insure our homes
Your home can be broken into or destroyed by a natural disaster when you least expect it. When that happens, how will you get back on your feet? Ideally, you would've been paying homeowner's or renter's insurance to cover your losses. Unfortunately, it can take weeks or even months to receive your money after filing a claim. 

Lemonade is here to save the day in less than a day. With rates starting as low as $5/mo for renter's insurance and $25/mo for homeowner's insurance, you can rest assured that your property claims can be approved and reimbursed within seconds. 

To read this article in full, please click here



Computer World Security News
Sep 11, 2019

How to set up Microsoft Teams for security and compliance
These are the security and compliance decisions you need to make when deploying Microsoft Teams.

Computer World Security News
Sep 10, 2019

How to take full advantage of Android 10's privacy-reclaiming powers
Well, gang, it's here. In case you've been hibernating over the past week (or maybe just, ahem, on an unfortunately timed week off), Google brought Android 10 into this wacky ol' world of ours this past Tuesday.

There's really only so much to say about the Android 10 basics at this point — because, quite frankly, it's the same software we've seen evolving in plain view over the past several months.

Yes, Android 10 has new gestures for getting around your phone. Yes, it has a new system-wide switch for making the entire operating system dark. And yes, it has a nifty new Focus Mode for limiting distractions on an app-by-app basis.

To read this article in full, please click here



Computer World Security News
Sep 06, 2019

Heads up: A free, working exploit for BlueKeep just hit
There's been a lot of discussion about BlueKeep, its ramifications and various strategies for blocking it. In a nutshell, it's a security hole in the Windows Remote Desktop Protocol that allows a malicious program to enter your machine - if you have Remote Dekstop turned on, it's accessible directly from the internet, and you haven't installed the May patches.

[ Related: Microsoft Windows 10 vs. Apple macOS: 18 security features compared ] Two weeks ago, Susan Bradley posted a CSO article that details ways admins can  avoid using RDP. I've seen reams of advice about blocking ports, disabling services, setting authentication levels, deploying voodoo dolls, reading chicken entrails…, but the simplest way for almost everybody to avoid the problem is to install the May (or later) Windows patches.

To read this article in full, please click here



Computer World Security News
Sep 06, 2019

How the California Consumer Privacy Act (CCPA) will affect you and your business | TECH(talk)
The California Consumer Privacy Act (CCPA) is, in some ways, similar to Europe's GDPR. This rule, which goes into effect in 2020, gives individual users more ownership over their own data. Users can even refuse to allow companies to sell their online data. As the compliance deadline approaches, CSO Online contributor Maria Kolokov and senior editor Michael Nadeau discuss with Juliet how CCPA may shift business models, change online behavior and reveal where exactly our data has been. Some tech companies, like Google, are even trying to exempt themselves from regulation. Failure to adhere to the rule could be an "extinction level" event.

Computer World Security News
Sep 06, 2019

Time to install the August Windows patches — but watch out for the bugs
August brought loads of drama to the Windows and Office patching scene. Microsoft's first round of patches killed Visual Basic, Visual Basic for Applications and VBScript in certain situations — on all versions of Windows. Fixes for the bugs dribbled out three, four, six and 17 days after the original infection. 

Those Microsoft-introduced bugs were all the more daunting because the August patches are the ones intended to protect us from DejaBlue — the recently announced "wormable" malware infection vector that (thankfully!) has yet to be exploited. The mainstream press picked up the Chicken Little cry to install August patches right away. Then the buggy offal hit the impeller, and the press fell silent.

To read this article in full, please click here



Computer World Security News
Sep 05, 2019

FTC fines YouTube, but do fines really encourage change? | TECH(feed)
The FTC hit yet another tech company with a seemingly massive fine for mishandling user data. This time, YouTube, owned by Google, is forced to pay $170 million for collecting data about children under 13 without parental consent. The Federal Trade Commission slapped Facebook with a $5 billion fine just a few months ago. In this episode of TECH(feed), Juliet asks whether or not these fines are effective in regulating the tech industry.

Computer World Security News
Sep 05, 2019

Why Apple's little ‘Find My' Tile competitor is big news
Apple is expected to introduce its own Tile-competing tracking device(s), perhaps as soon as fall. So, what are the advantages of the device, what can we expect, and what happens next?

Freedom from networks There are hundreds of tracking devices available today. These cost anything from tens to hundreds of dollars and in most cases require you sign-up to a network provider for SIM card-based network access.

To read this article in full, please click here



Computer World Security News
Sep 04, 2019

How to disable basic or legacy authentication to set up MFA in Office 365
Microsoft recommends setting up multi-factor authentication in Windows 10 for better security, but you have to disable basic or legacy authentication first.

Computer World Security News
Aug 30, 2019

Microsoft Patch Alert: Full of sound and fury, signifying nothing
What happens when Microsoft releases eight - count ‘em, eight - concurrent beta test versions of Win10 version 1909 without fixing bugs introduced into 1903 on Patch Tuesday?

Pan. De. Moaaan. Ium.

The VB/VBA/VBScript debacle No doubt, you recall the first wave of pain inflicted by the August 2019 patching regimen. Microsoft somehow managed to mess up Visual Basic (an old custom programming language), Visual Basic for Applications (for Office macros) and VBScript (a largely forgotten language primarily used inside Internet Explorer). Folks running applications in any of those languages would, on occasion, receive "invalid procedure call error" messages when using apps that had been working for decades.

To read this article in full, please click here



Computer World Security News
Aug 29, 2019

Hadera Hashgraph launches mainnet, hopes to compete with global business networks
Hedera Hashgraph, an electronic public ledger developed for corporate use, launched its mainnet beta today, allowing developers to create an account and build decentralized applications (dApps) for it.

The distributed ledger technology (DLT) is a direct competitor to blockchain distributed ledgers such as Ethereum and Hyperledger, and claims it can outperform traditional financial and business networks.

[ Read the Download: Beginner's guide to blockchain special report ] "There is no direct equivalent to Hedera Hashgraph today," said Martha Bennett, a principal analyst at Forrester Research. Hadera is potentially competing with public networks and all the enterprise DLT frameworks (such as Hyperledger Fabric & Sawtooth, R3 Corda, and others) and their commercial providers, which include AWS, IBM, Microsoft, Oracle.

To read this article in full, please click here



Computer World Security News
Aug 29, 2019

Hedera Hashgraph launches mainnet, hopes to compete with global business networks
Hedera Hashgraph, an electronic public ledger developed for corporate use, launched its mainnet beta today, allowing developers to create an account and build decentralized applications (dApps) for it.

The distributed ledger technology (DLT) is a direct competitor to blockchain distributed ledgers such as Ethereum and Hyperledger, and claims it can outperform traditional financial and business networks.

[ Read the Download: Beginner's guide to blockchain special report ] "There is no direct equivalent to Hedera Hashgraph today," said Martha Bennett, a principal analyst at Forrester Research. Hedera is potentially competing with public networks and all the enterprise DLT frameworks (such as Hyperledger Fabric & Sawtooth, R3 Corda, and others) and their commercial providers, which include AWS, IBM, Microsoft, Oracle.

To read this article in full, please click here



Computer World Security News
Aug 29, 2019

Throwback Thursday: Timing is everything
It's many years ago, and this pilot fish regularly travels to company offices around the country, dealing with IT-related problems and running user training sessions.

The big current project is implementing internet filtering after complaints that some workers are viewing inappropriate websites. So fish has to head to a meeting with many directors and managers to demonstrate.

Upon arriving at the meeting site, fish sets up a laptop and projector and connects it to the internal network. Then he tests to make sure the filtering is working, calling up a blocked site that, if it does display, only shows a silhouette of a bunny with a bow tie.

But not to worry: The site is blocked, so everything is ready.

To read this article in full, please click here



Computer World Security News
Aug 28, 2019

Microsoft removes August patch block on Win7/2008R2 systems running Norton, Symantec AV
If you're using Symantec Endpoint Protection or any Norton Antivirus product on a Windows 7 or Server 2008 R2 machine, you didn't get the August patches. Shortly after the August Monthly Rollup and Security-only patches were released, Microsoft put a freeze on systems running Symantec or Norton antivirus products.

The conflict stemmed from a long-anticipated change in the way Microsoft signed the August patches: Starting in August, all patches are signed using the SHA-2 encryption method. Somehow, Symantec didn't get the message back in November that the shift was underway, and missed the deadline.

To read this article in full, please click here



Computer World Security News
Aug 28, 2019

What is phishing? Learn how this attack works
Phishing is a method of trying to gather personal information using deceptive e-mails and websites. Here's what you need to know about this increasingly sophisticated form of cyberattack.

Computer World Security News
Aug 26, 2019

Microsoft offers free post-2020 Windows 7 support for Win 10 Enterprise subscribers
Microsoft is giving away one year of post-retirement support for Windows 7 to customers with active Windows 10 subscriptions.

"Enterprise Agreement and Enterprise Agreement Subscription (EA and EAS) customers with active subscription licenses to Windows 10 Enterprise E5, Microsoft 365 E5, or Microsoft 365 E5 Security will get Windows 7 Extended Security Updates for Year 1 as a benefit," Microsoft said in a FAQ about the end of support for Windows 7 and Office 2010.

Windows 10 Enterprise E5 and Microsoft 365 E5 are the top-tier subscriptions of the OS or packages that include the operating system. They are the highest-priced plans in their specific lines.

To read this article in full, please click here



Computer World Security News
Aug 22, 2019

Texas ransomware attacks: to pay or not to pay? | TECH(feed)
Nearly two dozen cities in Texas have been hit by a ransomware attack executed by a single threat actor. These attacks beg the question: Is it ever worth it to pay a cyber attacker's ransom? In this episode of TECH(feed), Juliet discusses the pattern of ransomware attacks on local governments, how municipalities have responded and how to prevent a ransomware attack in the first place.

Computer World Security News
Aug 22, 2019

Throwback Thursday: Eyes only
Programmer pilot fish goes online to a message board for a development system that's used for one of his company's applications.

But he gets a message that the site is blocked. He can either forget about it, click a link to continue, or click a link to see the company's access policy.

He clicks to continue, gets what he needs, and then, just out of curiosity, he clicks to see the access policy to get an idea of why this site is being blocked.

But instead of seeing the access policy, fish sees this message: Content blocked. Click here to access our internet resource policy.

Sputters baffled fish, "It actually blocked the policy!"

To read this article in full, please click here



Computer World Security News
Aug 21, 2019

How to avoid using RDP in Windows
Several new vulnerability disclosures in Windows Remote Desktop Protocol suggest it's time to stop using it. Here's how.

Computer World Security News
Aug 20, 2019

Safari to ape Firefox, go all-in on anti-tracking
The WebKit project - the open-source initiative that generates code for Apple's Safari browser - quietly announced last week that it would follow in Mozilla's footsteps and quash tracking technologies designed to follow users across the web.

In a short message on Aug. 14, the WebKit team pointed to its new Tracking Prevention Policy, a document that spells out its plans in detail, including what types of tracking it will create and how it will deal with any side effects.

[ Related: Get serious about privacy with the Epic, Brave and Tor browsers ] "We have implemented or intend to implement technical protections in WebKit to prevent all tracking practices included in this policy," the document read. "If we discover additional tracking techniques, we may expand this policy to include the new techniques and we may implement technical measures to prevent those techniques."

To read this article in full, please click here



Computer World Security News
Aug 19, 2019

Installing Windows 7 from a backup? You need a BitLocker patch right away
No doubt you recall the warning back in February that Windows 7, Server 2008 and Server 2008 R2 patches starting in July would use the SHA-2 encryption protocol. If you want to install Win7 patches issued after July, you have to get the SHA-2 translator installed.

[ Related: Windows 7 to Windows 10 migration guide ] A few days ago, Microsoft tossed a zinger into the FAQs down at the bottom of its SHA-2 post, 2019 SHA-2 Code Signing Support requirement for Windows and WSUS. That post now says that you have to install a seemingly unrelated patch, KB 3133977, entitled, BitLocker can't encrypt drives because of service crashes in svchost.exe process in Windows 7 or Windows Server 2008 R2.  

To read this article in full, please click here



Computer World Security News
Aug 15, 2019

Microsoft warns of Visual Basic, VBA and VBScript 'procedure call' errors after August patches
August is going to be a perilous patching month.

We're tracking down credible reports of the Server 2012 R2 Monthly rollup breaking RDP logins, a conflict between the Win10 1903 cumulative update and last month's version of Outlook 365, confusion about Win7 patches being branded as "IA64 only," dealing with the lack of telemetry (!) in the August Win7 Security Only patch, much mayhem trying to install SHA-2 signed patches (including the Win7 Monthly Rollup) on systems using Symantec Endpoint Protection, even

Computer World Security News
Aug 15, 2019

3 Google privacy tips for Mac and iOS users
Alternative search engines such as DuckDuckGo are attracting growing numbers of privacy focused users, but there's no doubt that Google dominates the industry, even on Apple products. Fortunately, there are several ways to make your Google activity more private.

Do you have a Google account? (You probably do) Do you use Gmail? Did you one use Google ? Perhaps you employ Google Drive, Google Docs or any of the company's other products. If so, you have a Google account.

To read this article in full, please click here



Computer World Security News
Aug 15, 2019

Chrome, Firefox to expunge Extended Validation cert signals
Google and Mozilla have decided to eliminate visual signals in their Chrome and Firefox desktop browsers of special digital certificates meant to assure users that they landed at a legitimate site, not a malicious copycat.

The certificates, dubbed "Extended Validation" (EV) certificates, were a subset of the usual certificates used to encrypt browser-to-server-and-back communications. Unlike run-of-the-mill certificates, EVs can be issued only by a select group of certificate authorities (CAs); to acquire one, a company must go through a complicated process that validates its legal identity as the site owner. They're also more expensive.

[ Further reading: 10 must-have Safari extensions ] The idea behind EVs was to give web users confidence that they were at their intended destination, that the site computerworld.com, for instance, was owned by its legal proprietor, IDG, and not a fishy - and phishy - URL run by It's Crooks All the Way Down LLC and chockablock with malware. Browsers quickly took to the concept, rewarding EV-secured sites with in-your-face visual cues, notably the verified legal identity in front of the domain in the address bar. The identity was often shaded in green as an additional tip-off. (Chrome dismissed the green in September 2018 as of Chrome 69.)

To read this article in full, please click here



Computer World Security News
Aug 12, 2019

Why blockchain-based voting could threaten democracy
Public tests of blockchain-based mobile voting are growing.

Even as there's been an uptick in pilot projects, security experts warn that blockchain-based mobile voting technology is innately insecure and potentially a danger to democracy through "wholesale fraud" or "manipulation tactics."

The topic of election security has been in the spotlight recently after Congress held classified briefings on U.S. cyber infrastructure to identify and defend against threats to the election system, especially after Russian interference was uncovered in the 2016 Presidential election.

To read this article in full, please click here



Computer World Security News
Aug 09, 2019

Apple announces a new iPhone (and you can't have it)
Apple has announced a new iPhone for 2020, but it will only be made available to a select group of security researchers - along with huge bounties to anyone informing the company of a new OS vulnerability.

Probably the world's most exclusive iPhone Ivan Krstic, Apple's head of security engineering provided big insights into Apple's platform security during his presentation at Black Hat U.S. 2019.

To read this article in full, please click here



Computer World Security News
Aug 09, 2019

The best privacy and security apps for Android
Let's get one thing out of the way right off the bat: If you're looking for recommendations about Android security suites or other malware-scanning software, you've come to the wrong place.

Why? Because, like most people who closely study Android, I don't recommend using those types of apps at all. Android malware isn't the massive real-world threat it's frequently made out to be, and Google Play Protect and other native Android features are more than enough to keep most devices safe.

To read this article in full, please click here



Computer World Security News
Aug 08, 2019

Many VPN apps on Apple's App store can't be trusted, researcher warns
I'm told Apple is at last looking into the privacy and security of free VPN apps made available across its platforms, following a report from researcher, Simon Migliano.

Who owns your VPN service? The researcher has flagged up several concerns that really should be recognized by anyone choosing a VPN service from both the Apple and Google App Stores:

Ownership: Migliano claims that almost 60 percent of the most popular VPN apps are actually owned (sometimes opaquely) by Chinese companies. Privacy: The researcher also found that as many as 77% of these VPN apps may have what he calls "serious privacy flaws",including no privacy policy at all, generic policies with no mention of VPN or no detailed logging policy. Data protection: Migliano claims Apple is not enforcing its third-party data-sharing ban against VPN apps, with 80 percent of the top free VPN apps "in breach of the rules", he said. Many are sharing data with third parties, he claims. That last allegation is particularly concerning.

To read this article in full, please click here



Computer World Security News
Aug 08, 2019

Almost half of tested free Android antivirus apps fail. That might prove very useful to IT.
One of the problems with enterprise mobile BYOD efforts is that corporate apps — and lots of corporate data, including sensitive intellectual property — must coexist on the same device with whatever employees choose to download on the personal side. That's far from ideal, but even worse is if employees choose to download a second antivirus program. Unlike doubling up on most apps (two VPNs, two word processors, two email programs, etc.), antivirus programs often conflict and fight each other, generating false positives and other bad results.

Unlike two deadbolts on a door, doubling up on security not only doesn't work with antivirus, it can actually sharply weaken security. This all assumes that both antivirus programs are professional, effective and well-intentioned. But that's often not the case. There are quite a few free antivirus programs out there, and they are disproportionately the ones employees opt to download. After all, if the company has already installed a high-level antivirus on the phone, why would an employee pay to install a second? But a free antivirus program is much more tempting.

To read this article in full, please click here



Computer World Security News
Aug 07, 2019

Microsoft relaxes telemetry rule for PCs managed with Windows Update for Business
Microsoft has quietly relaxed a rule that prevented privacy-first organizations from managing the Windows Update for Business (WUfB) service using group policies.

With Windows 10 1903, aka "Windows 10 May 2019 Update," which debuted in late May, organizations no longer are required to set the "diagnostic data level" for their devices to "Basic" or higher.

[ Related: Windows 10 May 2019 Update: Key enterprise features ] That diagnostic data level is a multi-step categorization of what Microsoft pulls from Windows devices and sends to its own servers. Also dubbed "telemetry," the data harvesting is used by Microsoft for a range of tasks, notably deciding when a specific PC receives a feature upgrade.

To read this article in full, please click here



Computer World Security News
Aug 07, 2019

How to set up Edge Chromium security options
Edge Chromium can provide more protection for organizations that use older versions of Windows.

Computer World Security News
Aug 06, 2019

Slack beefs up mobile security controls for Enterprise Grid
Slack today unveiled new security capabilities for Enterprise Grid customers, including tighter controls for admins who oversee mobile device access.

Enterprise Grid was launched in 2017 for Slack's biggest customers, with additional features to support large-scale deployments. Among the 150 organizations now using Enterprise Grid are Capital One, IBM and Target. 

Slack has continued to build out security and compliance features for the software since its introduction, including the addition of enterprise key management last September.  

To read this article in full, please click here



Computer World Security News
Aug 06, 2019

Train to become an ethical hacker for only $39
There are countless hackers and threats looming on the internet, so IT departments are in high demand for cybersecurity professionals to pinpoint threats before they strike. Luckily, there's no better way to fight fire than with fire; ethical hackers study hacking techniques so that IT infrastructures will be better prepared for attacks. If you're interested in becoming a hacker (legally, of course), then this $39 bundle is right for you.

To read this article in full, please click here



Computer World Security News
Aug 02, 2019

It's time to install most of July's Windows and Office patches
With one glaring exception, July was a rather benign patching month. The Win10 versions got their usual two cumulative updates (the second considered "optional"). Visual Studio had some hiccups, but they're fixed now.

To read this article in full, please click here



Computer World Security News
Aug 02, 2019

Apple suspends Siri snooping (and promises more control for the rest of us)
Apple has once again proved that it listens to valid criticism with the immediate global suspension of the Siri listening program that attracted so much controversy.

When it comes to privacy, Siri listens At issue was quality control.

A small number of conversational snippets were shared with third party human contractors for quality control purposes.

To read this article in full, please click here



Computer World Security News
Aug 01, 2019

Black Hat 2019 and DEF CON 27: What to expect at hacker summer camp | TECH(talk)
Every year, thousands of hackers arrive in Las Vegas for three large security conferences -- DEF CON, Black Hat and Bsides Las Vegas -- taking place from Monday through Sunday next week. CSO Online's J.M. Porup chats with Juliet about what to expect at the conferences' sessions and what he's looking forward to.

Computer World Security News
Jul 31, 2019

The latest large-scale data breach: Capital One | TECH(feed)
Just a few days after Equifax settled with the FTC over its 2017 data breach, Capital One announced it was the target of a March attack. Identifying information and bank account numbers are among some of the data breached in the attack that affects 100 million people. A software engineer is behind the attack and is awaiting a hearing. In this episode of TECH(feed), Juliet discusses the consequences of the attack and how to find out if you've been affected.

  • CEOExpress
  • 1 Boston Place | Suite 2600
    Boston MA 02108
  • 617 482 1200
    617 299 8649 (fax)
  • Contact
  • As an Amazon Associate
    CEOExpress earns from
    qualifying purchases.

©1999-2019 CEOExpress Company LLC