NEWS: COMPUTER WORLD SECURITY NEWS
Setup News Ticker
   NEWS: COMPUTER WORLD SECURITY NEWS
Computer World Security News
Jul 02, 2020

13 privacy improvements Apple announced at WWDC
Apple continues to focus on the challenge of providing technology-driven convenience while protecting customer privacy in its upcoming operating system releases. Here are all the privacy-related improvements to expect in iOS 14, macOS 11 and iPad.

Why privacy matters Fundamentally, the challenge with mobile technologies is the sheer quantity of personal data that can be collected and used against people.

A smartphone, for example, knows when it is picked up, how often, how high, who by, who it is in contact with, which websites you visit and much, much more.

To read this article in full, please click here



Computer World Security News
Jul 02, 2020

Microsoft Patch Alert: June 2020
There's never a dull moment for folks who try to keep Windows and Office patched.

Windows 10 version 2004 continues to make slow inroads among the "Go ahead and kick me" crowd, in spite of its (now documented) lack of update deferral settings, while those of us who are still trying to keep Win10 versions 2009, 2003 and 1809 afloat have our hands full.

June saw two truly innovative patching methods: A fix for a Windows bug delivered as an update to Office Click-to-Run and a fix for a different Windows bug delivered through the Microsoft Store.

If you can't fix things the normal way, I guess there's always the back door.

The two printer bugs All of the Win10 cumulative updates in June broke some printers, some of the time. The damage fell into two heaps:

To read this article in full, please click here



Computer World Security News
Jul 02, 2020

When shadow IT goes remote: How to keep workers in the fold
IT admins have a hard enough time keeping employees on the technology straight-and-narrow in the best of times. It's even harder when a pandemic hits and everyone in the office scatters to work from home.

Computer World Security News
Jul 01, 2020

Why coronavirus contact tracing apps are failing
Security, yes. But the biggest problem to adoption is staring us all in the mirror. Here's what that means for you and your organization.

Computer World Security News
Jun 30, 2020

Apple Watch's planned handwashing reminder feature? I don't trust it
When Apple rolled out its planned changes for iOS 14 and its companion WatchOS 7- both are expected to be available for download in mid-September - it included a variety of interesting tweaks. Two stood out as especially interesting: a COVID-friendly Watch handwashing app and an enterprise-IT-friendly facial recognition app for video cameras and doorbells.

The more straight-forward effort is positioned as a consumer feature, where video camera and doorbell apps within iOS will be able to identify visitors by name if they happen to appear within a user's photo library. It sounds rather cool for a consumer app, but I'm not sure how valuable it is. My doorbell app, for example, instantly shows me live video of the person at the door, so I can have a realtime conversation with whoever is there.

To read this article in full, please click here



Computer World Security News
Jun 26, 2020

WWDC: Apple brings Face & Touch ID authentication to Safari
It will soon be possible for enterprise workers, partners and customers to casually access web-based sites and services using biometric ID, with Apple set to enable Face ID and Touch ID authentication in Safari, the company told WWDC 2020.

Toughen up, just toughen up This is important because the scourge of online crime is not abating, and traditional passcode-based protection has proved itself insufficient.

As we move into a world of quantum computing, breaking password-protection will only get easier, which is why biometric protection adds another layer of access control. We need to toughen up every level of security.

To read this article in full, please click here



Computer World Security News
Jun 26, 2020

WWDC: Apple brings Face ID and Touch ID authentication to Safari
It will soon be possible for enterprise workers, partners and customers to casually access web-based sites and services using biometric ID, with Apple set to enable Face ID and Touch ID authentication in Safari, the company said at WWDC 2020.

Time to toughen up This move is important because the scourge of online crime is not abating, and traditional passcode-based protection has proved itself insufficient. As we move into a world of quantum computing, breaking password-protection will only get easier, which is why biometric protection adds another layer of access control. We need to toughen up every level of security.

To read this article in full, please click here



Computer World Security News
Jun 24, 2020

Mozilla takes first step in pulling Firefox plug on macOS Mavericks, Yosemite and El Capitan
Mozilla this week announced it would automatically move users running outdated versions of macOS to the Firefox Extended Support Release (ESR), an edition that provides security updates only.

The move, a first step towards dropping all support, will take place June 30, when Mozilla releases Firefox 78. On that date, users of Firefox still running OS X 10.9 (Mavericks), 10.10 (Yosemite) and 10.11 (El Capitan) on their Macs will instead be shunted to the extended channel and given 78.0 ESR. While that and Firefox 78 will be identical, when the latter shifts to version 79 four weeks later, ERS will remain at 78, increased to 78.1 to mark its first security update.

To read this article in full, please click here



Computer World Security News
Jun 24, 2020

Save big on popular VPNs & backup solutions today
Surf the web in complete anonymity and keep your file system safe from hardware failure as well as cybercrime.

Computer World Security News
Jun 22, 2020

Debilitating 'Outlook needs to close' bug linked to a bad Windows cumulative update
Internecine conflict seems to be a recurring theme at Microsoft, but this one takes it to new levels. Somehow, somebody forgot to test the latest patched version of Outlook with the latest patched version of Windows. The result is an error message that makes Outlook inoperable.

The official announcement appears on the Microsoft 365 support site:

To read this article in full, please click here



Computer World Security News
Jun 15, 2020

Memory-Lane Monday: As it was, no encryption was needed
Sysadmin pilot fish is checking out encryption for his company's backups.

"We have a mainframe that runs our core system," explains fish. "Each night we back up to an on-site tape and then make a copy of the tape to go off-site. Couriers shuttle the tape back and forth between the sites each day."

The obvious place to apply encryption is to those off-site tapes, so fish decides to create an encrypted copy of a tape to show how well the process works.

And the encryption process works fine every time. But when fish tries to decrypt the tape, no data comes out.

After fish spends several weeks experimenting, talking to vendors and growing more and more frustrated, one of his co-workers asks whether he has checked the script that generates the copy of the tape.

To read this article in full, please click here



Computer World Security News
Jun 12, 2020

Chrome to target abusive notification requests beginning in July
Chrome next month will begin to block notifications from sites that Google believes misuse or abuse the privilege of issuing the warnings.

Starting with Chrome 84 - scheduled to release July 14 - sites that Google thinks traffic in notifications meant to trick users will be blacklisted. Such sites' notifications will be scaled back to what Google earlier defined as its "Quiet UI" and a Chrome-produced warning will appear telling the user that the website may be trying to dupe him or her into accepting future notices.

To read this article in full, please click here



Computer World Security News
Jun 12, 2020

June cumulative updates cause multiple problems with network printers
Many admins report that installing the latest June cumulative updates knock out their networked printers. The problem seems to span all common versions of Windows and Server and many printers that have been installed and working in place for years. The bug appears to cause a conflict with older (but very common) PCL 5 and PCL 6 version 2 drivers on printers that are attached to networks, although the details aren't yet clear. 

Microsoft has acknowledged a bug in the June patches (it isn't clear precisely which ones) where the USB printer port disappears:

To read this article in full, please click here



Computer World Security News
Jun 12, 2020

Large in number, large in nature, this Patch Tuesday needs your attention
Despite Microsoft's announcement in May that all non-security releases (C and D updates) are paused until further notice, with 129 updates in June's Patch Tuesday release cycle, there is plenty to do - for your deployment team and your application testing team(s).

We see another critical update to Adobe Flash Player (see how to set your kill bits below) and critical updates to Microsoft's browsers that - depending on your legacy application portfolio - may require immediate action. The area to focus on this month is the number and nature of updates to the Windows platform.

To read this article in full, please click here



Computer World Security News
Jun 11, 2020

10 Signal tips for iPhone, Mac and iPad users
Enterprises, government officials or individuals - anyone who seriously wants to secure their communications - uses the cross-platform Signal service. Here are a dozen tips to help you get more from using this on your iPhone.

Secure by design Signal is built to be secure, so much so that the European Commission this year instructed staff to begin using the encrypted messaging app for public instant messaging. Encrypted emails and highly secure document exchange systems are also used.

To read this article in full, please click here



Computer World Security News
Jun 11, 2020

10 Signal tips for iPhone, Mac, iPad users
Enterprise, government or individuals, anyone who seriously wants to secure their communications uses the cross-platform Signal service. Here are a dozen tips to help you get more from using this on your iPhone.

Secure by design Signal is built to be secure. So much so in fact that the European Commission this year instructed staff to begin using the encrypted Signal messaging app for public instant messaging. Encrypted emails and highly secure document exchange systems are also used.

To read this article in full, please click here



Computer World Security News
Jun 11, 2020

Android 11's most important additions
Well, that was certainly unexpected.

In the middle of the day yesterday, Google dropped a big honkin' surprise in our laps: the official Android 11 Beta release. No buildup, no fanfare, no virtual events — just a short 'n' sweet blog post, some additional info for developers, and a website to download the software to supported Pixel phones for anyone feeling adventurous.

To read this article in full, please click here



Computer World Security News
Jun 10, 2020

14 IT certifications that will survive and thrive in the pandemic
These tech certifications not only have high value now, but employers will continue to value them as the coronavirus continues.

Computer World Security News
Jun 08, 2020

Microsoft Patch Tuesday is nigh: Pause updates now.
I call it crowdsourced beta testing. Here's how it works.

Microsoft releases its monthly patches. Headlines from the usual suspects scream that you need to get patched right now because of a known exploit - a zero-day.  "Microsoft warns hundreds of millions of users that Windows is at risk. Get patched now!"

You know the tune.

Folks who have seen this drama play out time and again wait to see what problems emerge. They know that you have to get patched eventually, but there's little upside and lots of downside in knee-jerk patching.

To read this article in full, please click here



Computer World Security News
Jun 03, 2020

The ultimate guide to privacy on Android
On the surface, Android and privacy might not seem like the most natural of bedfellows. Google is known for its advertising business, after all — it's how the company makes the lion's share of its money — and it can be tough to square the notion of data collection with the concept of carefully controlled information.

In actuality, though, Google gives you a good amount of authority over how and when it taps into your Android-associated info. (And even at its worst, the company never shares your data with anyone or sells it to third parties, despite some broad misconceptions to the contrary.) Ultimately, it just comes down to a matter of educating yourself about the possibilities and then determining what balance of privacy and function makes the most sense for you.

To read this article in full, please click here



Computer World Security News
Jun 01, 2020

Get your May 2020 Windows and Office patches installed
Headlines scream that you should avoid the May patches. Pshaw. From what I've seen they're largely overblown. Not to say that all is well in patchland - it isn't. But the situation has stabilized, and I don't see any reason to hold back on May's patches.

Of course, I'm assuming that you don't voluntarily jump down the rabbit hole and join the unpaid beta testers working on Windows 10 version 2004 - the May 2020 Update. It's kicking up all sorts of problems - but that's no reason to hold off on the May patches.

To read this article in full, please click here



Computer World Security News
May 29, 2020

Microsoft Patch Alert: May 2020
With most of the fanatical Windows fan base now circling the trough on the just-released upgrade to Windows 10 version 2004, it's time for those of us who rely on stable PCs to consider installing the May patches.

While the general outlook now is good, we've been through some rough patches - which you may, or may not, have noticed.

Unannounced Intel microcode patch triggers reboots On May 20, Microsoft released another of its ongoing series of "Intel microcode updates," all named KB 4497165. Ostensibly intended to fix the Meltdown/Spectre security holes, many of them have a history of problems and hassles not commensurate with the amount of protection they provide (unless you're running a bank transaction system or decrypting top secret emails).

To read this article in full, please click here



Computer World Security News
May 29, 2020

Getting started with Google Password Manager
If you're still trying to remember all of your passwords and then type 'em into sites by hand, let me tell you: You're doing it wrong.

With all the credentials we have to keep track of these days, there's just no way the human brain can handle the task of storing the specifics — at least, not if you're using complex, unique passwords that aren't repeated (or almost repeated, even) from one site to the next. That's where a password manager comes into play: It securely stores all your sign-in info for you and then fills it in as needed.

While there's a case to be made for leaning on a dedicated app for that purpose (for reasons we'll discuss further in a moment), Google has its own password management system built right into Chrome. And it's far better to rely on that than to use nothing at all.

To read this article in full, please click here



Computer World Security News
May 28, 2020

Mobile security forces difficult questions
As governments consider COVID-19 contact tracing and its privacy implications, it's not a bad idea for companies to take the opportunity to look more closely at their mobile agreements with employees. (By the way, just this week, Apple rolled out its latest iOS update, which included two COVID-19 updates, according to Apple: "iOS 13.5 speeds up access to the passcode field on devices with Face ID when you are wearing a face mask and introduces the Exposure Notification API to support COVID-19 contact tracing apps from public health authorities.")

Today, IT has to deal with pretty much one of two mobile scenarios: BYOD. where the employee uses the employee's personally owned device to perform enterprise business; and company-owned phones, which is the opposite: A company-owned phone where the employee, even if told not to, will use the phone for personal matters as well as business.

To read this article in full, please click here



Computer World Security News
May 27, 2020

Apple rejects flawed claims about its contact tracing tech
Even as we consider revelations Facebook shelved internal research suggesting its algorithms generate divisiveness, Apple has been forced to reject damaging claims against its contact tracing tech currently spreading on Facebook.

Exposure Notification is not spying on you Numerous hysterical myths concerning the Apple/Google contact tracing technology are being circulated on Facebook. A series of posts claim the Exposure Notification feature inside iOS 13.5 will allow authorities to track people's locations and monitor who they meet - which is precisely what it tries not to do.

To read this article in full, please click here



Computer World Security News
May 27, 2020

Use of cloud collaboration tools surges and so do attacks
Some industries have seen increases in cloud-related threat events rise as much as 1,350% since the COVID-19 crisis began.

Computer World Security News
May 20, 2020

Amid the pandemic, using trust to fight shadow IT
Shadow IT, where workers sometimes go rogue in their efforts to solve business problems, can create challenges - and opportunities - for companies in the best of times. With the COVID-19 pandemic still unfolding, these are not the best of times. With most employees and executives still working from home, the big issue for administrators and IT pros still centers on how to make things work in today's trying circumstances.

Every major platform has controls IT can use, some of them as blunt as a hammer and others that offer surgical precision. At either end of that spectrum lie two common questions: How restrictive does IT need to be and is there a way to fully communicate areas of risk while making business more secure.

To read this article in full, please click here

(Insider Story)

Computer World Security News
May 14, 2020

A 'business-as-usual' Patch Tuesday update for Windows desktops
It really is saying a lot when Microsoft releases more than 100 updates each month and this is now considered "business as usual." Speaking of the "new normal," Microsoft has changed the release cadence of its optional updates (generally released later each month).

In a statement about the new update regularity, the company said: "We have been evaluating the public health situation, and we understand this is impacting our customers. In response to these challenges we are prioritizing our focus on security updates. Starting in May 2020, we are pausing all optional non-security releases (C and D updates) for all supported versions of Windows client and server products (Windows 10, version 1909 down through Windows Server 2008 SP2).

To read this article in full, please click here



Computer World Security News
May 12, 2020

10 tips for a secure browsing experience
Your browser is one of the easiest ways for malware to penetrate your network. Here are 10 ways to practice safe surfing in Google Chrome, Microsoft Edge and Mozilla Firefox.

Computer World Security News
May 11, 2020

The Internet of things in 2020: More vital than ever
Just when we needed it most, the internet of things is delivering gobs of data and remote device control across almost every industry, from healthcare to agriculture.

Computer World Security News
May 08, 2020

Zoom to add end-to-end encryption with Keybase acquisition
Zoom has acquired secure messaging and identity management firm Keybase as its looks to shore up security capabilities on its platform with end-to-end encryption.

The acquisition will give Zoom access to Keybase's encryption technology, used to secure online identities, as well as its team of engineers. Launched in 2014, Keybase lets users encrypt social media messages and shared files with public key encryption to ensure that communications stay private. 

Keybase's cofounder Max Krohn will now head up Zoom's security team, Zoom said. Krohn's new role was first detailed by CNBC.

To read this article in full, please click here



Computer World Security News
May 07, 2020

5 lessons companies should learn about working at home
Companies now have the opportunity to learn from what is and isn't working during the coronavirus crisis. Use this time to build out a strategy so you won't have to use band aids and duct tape next time.

Computer World Security News
May 01, 2020

5 keys to supporting telework effectively and securely
Suddenly countless numbers of people are working from home. This massive shift in work processes can have huge repercussions from a security, privacy, regulatory and data governance standpoint.

Computer World Security News
Apr 29, 2020

Google extends G Suite identity and security device management to Windows 10 PCs
Google this week extended G Suite's device management tools to Windows 10 PCs, adding them to the Android, iOS and Chrome endpoints already on the list.

Administrators can now use the G Suite console to secure G Suite accounts on Windows 10 systems using Google's anti-hijacking and suspicious-login-detection technologies, and set those machines for single-sign on (SSO) so that G Suite account credentials double as Windows 10 log-in authentication.

The roll-out of the new console capabilities started April 27, with the rapid release and scheduled release tracks (the latter is the default) beginning simultaneously rather than staged, as usual.

To read this article in full, please click here



Computer World Security News
Apr 29, 2020

Microsoft Patch Alert: April 2020, another 'wacky' month
The patching pace this month returned to normal: We had the Patch Tuesday patches on April 14, followed by the "optional, non-security, C/D Week" patches one week later (Monthly Rollup Preview for you Win8.1 afficionados). With a bit of luck, that's the last round of confusing "optional" Win10 patches: Microsoft promises we won't see any more of them.

We also had an out-of-band patch for Office 2016 Click-to-Run, Office 2019 (which is only available as Click-to-Run) and Microsoft 365 Apps for Enterprise (previously known as Office 365 ProPlus). The big concern with those patches falls into the "it's not a bug, it's a feature" column.

To read this article in full, please click here



Computer World Security News
Apr 24, 2020

Many reported problems with this month's Win10 Cumulative Update, but few patterns
The blogosphere is awash in reports of problems with this month's Win10 1903/1909 Cumulative Update, with more than 100 reported bug sightings. What's causing the problems?

The trick every month is to sift through all of the problem reports and see if there are any common strings - whether folks running this piece of hardware or that kind of software should be especially cautious. 

I've been looking at the reports and I'll be hanged if I can see any pattern, aside from the usual cacophony of random error messages and broken systems. Can you see any common threads?

To read this article in full, please click here



Computer World Security News
Apr 23, 2020

Vivaldi joins anti-tracking browser brotherhood
Niche browser maker Vivaldi Technologies this week released version 3.0 of its eponymous application, which included integrated ad- and tracker-blockers.

Both tools were disabled by default in the new version, which was released Wednesday. "We believe that many users would not wish to prevent the sites they like to visit from generating revenue, and for that reason, we don't enable Ad blocker by default," wrote Jon von Tetzchner, co-founder and CEO of Vivaldi, in a post to a company blog.

To read this article in full, please click here



Computer World Security News
Apr 22, 2020

Zoom unveils a host of new privacy, security features
Looking to bounce back from a spate of recent security miss-steps, video conferencing platform Zoom today announced a variety of new privacy and security capabilities in Zoom 5.0, a key milestone in the company's recently launched 90-day security plan.

The primary difference between the current version of Zoom software and Zoom 5.0 is the addition of support for AES 256-bit GCM encryption; it's designed to provide increased protection for meeting data and resistance to tampering. The new level of encryption will be available across Zoom Meeting, Zoom Video Webinar, and Zoom Phone.

To read this article in full, please click here



Computer World Security News
Apr 21, 2020

8 video chat apps compared: Which is best for security?
Zoom, Microsoft Teams, Google Duo, Cisco Webex, FaceTime, Jitsi, Signal and WhatsApp. What does their encryption look like? What are the trade-offs?(Insider Story)

Computer World Security News
Apr 16, 2020

Don't Panic, but do make this month's Patch Tuesday a priority
Given that 113 updates arrived for April‘s Patch Tuesday, IT admins have a lot to do. For older systems, Adobe font issues (CVE-2020-0938, CVE-2020-1020) will should get immediate attention. Changes to the Windows Scripting handler and the browser-based Chakra scripting engine may require some additional testing for in-house applications.

This month's Office updates are relatively low impact unless you are running SharePoint server - which will then require a number of updates, leading to a server reboot. With three (so far) zero-days and a number of critical memory-related patches to Windows, my advice is: don't panic. Patch older systems first. Test core applications for scripting dependencies and then schedule the remaining updates according to your normal update cycle.

To read this article in full, please click here



Computer World Security News
Apr 16, 2020

How to protect against 'Apple' phishing scams
Checkpoint Research recently warned that criminals are exploiting the COVID-19 crisis with a wave of attempts to trick people into sharing their security credentials with fake emails.

To catch a phish Apple, the research claims, is the most widely impersonated brand.

Phishing is the practice of impersonating legitimate messages from a brand in an email or other message in an attempt to trick people into accessing that service via insecure servers, sharing their login passwords and credentials when they do.

Criminals can then use this information to undermine account security, dig deeper into your identity to get even more confidential data, or even sell your details on the black market to other hackers.

To read this article in full, please click here



Computer World Security News
Apr 14, 2020

The coronavirus is revealing our technology blunders
You've lost your job and now you face an obsolete, sluggish unemployment system that feels like it was written in the 1950s. Actually, it's more than a feeling. If you're in New Jersey, New York or Connecticut, your unemployment system was written in 60-year-old Cobol. Meanwhile, if you want to apply for unemployment benefits online in Washington, D.C., the system insists you use Internet Explorer. As I recall, IE was put out to pasture five years ago.

To read this article in full, please click here



Computer World Security News
Apr 13, 2020

Everything we know about the Google/Apple COVID-19 contact tracing tech
Creeping erosion of privacy? Desperately needed technology-based solution to a global life or death problem? A little of both? Here is what we think we know now about the Apple/Google contact tracing technology.

What has happened? Apple and Google are working together to develop COVID-19 contact tracing technology for both Android and iOS devices.

To read this article in full, please click here



Computer World Security News
Apr 13, 2020

Amid the pandemic, MFA's shortcomings are clearer than ever
Due to you-know-what (if I have to type "corona" or "COVID" again, I'll scream), enterprises have been forced to send a massive number of employees into makeshift home offices within just a few days. That means that there was no time for the security niceties, such as properly processing RFPs for apps that were thoroughly vetted. Given the emergency, employees and IT teams worked with what they could, figuring that they would improve security on the fly as soon as circumstances permitted.

That brings us to MFA. Multifactor authentication is supposed to be just that, but it's typically deployed in the least secure manner — sending straight numeric texts to a mobile device, a tactic that is well-known to be susceptible to man-in-the-middle attacks. So, are there better ways to deploy MFA, something that can be easily executed under today's far-less-than-ideal conditions? Let's dig in.

To read this article in full, please click here



Computer World Security News
Apr 10, 2020

Podcast: How to secure and speed up your home Wi-Fi network
With most of (if not everyone in) your household now working from home, you're perhaps asking more of your home network than ever before. Multiple devices may now be hosting a video conference, streaming and using chat tools all at the same time. On top of those demands, you may also be accessing sensitive company data from home. Your home Wi-Fi network needs to be both fast and secure. PCWorld/Macworld's Michael Simon joins Juliet and gives tips on how to prioritize certain traffic on your home network, boost speeds and secure it all without leaving your house.

To read this article in full, please click here



Computer World Security News
Apr 09, 2020

Google, Microsoft talk up security after Zoom firestorm
As video conferencing platform Zoom continues to weather unfavorable headlines about its security, two big market rivals are doubling down on commitments to keeps users safe.

In recent weeks, Zoom has faced a barrage of criticism involving privacy and security failings, culminating in CEO Eric Yuan acknowledging this week that the company "moved too fast" but is  now committed to being "open and honest with [customers] about areas where we are strengthening our platform." He also announced that Zoom had stopped development of new product features for 90 days to focus on security.

To read this article in full, please click here



Computer World Security News
Apr 09, 2020

Zoom hit by investor lawsuit as security, privacy concerns mount
The challenges facing Zoom continue to mount, as the company now faces an investor lawsuit and more organizations ban the use of the video meeting app due to privacy and security concerns. The company also upped efforts to improve its security and privacy practices by hiring Facebook's former CSO as a consultant. 

Zoom has seen a surge in use in recent weeks as self isolation in response to the pandemic ramps up the demand for video software. As its popularity has boomed - both for business and personal use - and the company's stock price rocketed, Zoom has come under pressure on a number of fronts. 

To read this article in full, please click here



Computer World Security News
Apr 07, 2020

Dumb luck?
This pilot fish is an engineer setting up control systems for power plants, and one day he has a disagreement with an IT manager at one of his clients. Topic: complex passwords. There's a push on throughout the IT world to make passwords more complex.  

But fish's point is that that advice isn't valid when you have an air gap between the control systems and any other network. In fact, fish tells the manager, when it comes to internal hacking, complex passwords are more risky than no password at all because people never remember complex passwords and have to write then down on sticky notes. The manager says that would never happen at his plant — people know better.

To read this article in full, please click here



Computer World Security News
Apr 07, 2020

Do's and don'ts of videoconferencing security
When any technology sees its popularity increase quickly, the number of bad actors taking advantage of new and untrained users also grows. The world is seeing this now with videoconferencing services and applications, as reports about the popular Zoom app being hijacked — known as "Zoom-bombing" — have surfaced.

With multiple reports of conferences being disrupted by pornographic and/or hate images and threatening language, the FBI's Boston office recently issued a warning for users of videoconferencing platforms about the incidents. Security expert and investigative journalist Brian Krebs provided details on Zoom's password problems and how hackers were able to use "war dialing" methods to discover meeting IDs and passwords for Zoom meetings.

To read this article in full, please click here



Computer World Security News
Apr 06, 2020

Zoom clamps down further on security weaknesses
Zoom, which on Friday stopped development of new product features so it could focus on fixing various privacy and security issues, clamped down even further on security weaknesses over the weekend.

The company on Saturday switched on default password settings and waiting rooms for users of its Free Basic tier and those with a single account on its cheapest paid tier, such as K-12 eduction accounts. All meetings that use a Personal Meeting ID (PMI) will now need a password, and password settings that had been disabled will be re-enabled. As a result, passwords will be required for instant meetings, for participants joining by phone and when a new meeting is scheduled.

To read this article in full, please click here



Computer World Security News
Apr 06, 2020

We need to social-distance from the scammers
For hackers who target Windows, the coronavirus pandemic is like Christmas come early. But what's good news for them is bad news for you, piled onto all the other bad news wrought by the pandemic. Undeterred by the crisis — indeed, spurred to new heights by it — hackers have been coming up with a host of devious ways to use your natural fears in order to infect your Windows PC with malware and ransomware.

How bad is it? The security company Malwarebytes calls the pandemic "a golden opportunity for threat actors to capitalize on fear, spread misinformation, and generate mass hysteria — all while compromising victims with scams or malware campaigns."

To read this article in full, please click here



Computer World Security News
Apr 03, 2020

Browser makers cite coronavirus, restore support for obsolete TLS 1.0 and 1.1 encryption
Google, Microsoft and Mozilla have each issued reprieves to Transport Layer Security (TLS) 1.0 and 1.1, aged encryption protocols that were to be bounced from browser support in March, because of the COVID-19 pandemic.

By common agreement, Google's Chrome, Microsoft's Internet Explorer (IE) and Edge, and Mozilla's Firefox were to disable support for TLS 1.0 and 1.1 early in 2020. They, along with Apple - which produces Safari - announced the move a year and a half ago, noting then that the protocols had been made obsolete by TLS 1.2 and 1.3.

To read this article in full, please click here



Computer World Security News
Apr 03, 2020

Zoom pauses new feature development to focus on privacy, security
Zoom has decided to cease development of new product features so it can focus on fixing various privacy and security issues.

The company has seen a surge in the use of its platform in recent weeks, as self isolation in response to the Covid-19 pandemic ramps up the demand for video software. As its popularity has boomed - both for business and personal use - and the company's stock price rocketed, underlying vulnerabilities in the platform have become apparent. 

[ Related: 7 Zoom tips for working from home ] "Zoom-bombing," where intruders have been able to access video meetings that were not password protected, has led to serious privacy concerns, with uninvited attendees harassing online A.A. meetings and church meetings, for example. The FBI this week warned of unauthorized access to virtual classrooms and recommended that users change security settings to protect meetings. 

To read this article in full, please click here



Computer World Security News
Apr 01, 2020

BrandPost: Avoid security breaches: How to protect your data
Data security breaches at major corporations seem to be perpetually in the news. The hacks range in size and scope, but it's no secret that firms hit by hackers often suffer serious consequences.

What can you do to help prevent your organization from becoming tomorrow's cyber-breach news headline? Here are 18 pointers:

Educate all employees on the importance of protecting data. Explain the need to avoid risky behavior such as downloading music or videos from rogue websites. Once employees understand that criminals want the data with which the employees work, their thinking changes in ways that can make the organization's data much safer than before. Understand what data you have and classify it. You cannot secure information if you do not know that it exists, where it is stored, how it is used, how it is backed up, and how it is decommissioned. Make sure you know those things about all of your sensitive information. Because not all data is equally sensitive, make sure to classify data according to its level of importance. Do not give every employee access to every system and piece of data. Create policies governing who has physical and/or electronic access to which computer systems and data, and implement procedures, policies, and technical controls to enforce such a scheme. Authorize people to access the data that they need in order to do their jobs but do not provide them with access to other sensitive data. Consider moving sensitive information and systems to a cloud provider. Unless you have an adequate information security team, the odds are pretty good that a major cloud provider will do a better jo

Computer World Security News
Apr 01, 2020

BrandPost: Protect your data to protect your business
The most important thing your business provides isn't a service or a product. It's trust. And it comes from letting your customers and employees know that you're protecting your business—and their data—against cyberattacks.

Building a foundation for trust isn't easy. Cyberthreats continue to grow in number and complexity as businesses shift more of their operations online and enable anytime/anywhere access to information to support an increasingly remote workforce. This ongoing digital transformation exposes more systems and data to potential attacks - increasing risk for your organization.

Addressing this challenge requires a new approach to protecting business information. "The assumption that everything's on-premises and protected behind a firewall has largely disappeared," says Robert Crane, principal at CIAOPS, a technology consultancy that specializes in helping businesses improve their productivity by using technology and smart business practices. "But some businesses are still locked into that old-world thinking."

To read this article in full, please click here



Computer World Security News
Mar 26, 2020

Google Smart Lock: The complete guide
Think fast: How many times a day do you pick up your phone to look at something? Unless you live in the tundra or have far more self-control than most, the answer probably falls somewhere between "quite a few" and "more than any sane person could count." Assuming you keep your device properly secured, that means you're doing an awful lot of unlocking — be it with your face, your fingerprint, or the code you tap or swipe onto your screen.

Security's important, but goodness gracious, it can be a hassle.

Thankfully, there's a better way. Google Smart Lock provides a variety of options for keeping your Android phone unlocked in preapproved, known-to-be-safe circumstances. It's an easily overlooked but incredibly useful feature that lets you create a sensible balance between security and convenience. And once you set it up, it's simple as can be to use.

To read this article in full, please click here



Computer World Security News
Mar 25, 2020

Microsoft to stop serving non-security monthly updates to Windows
Beginning in May, Microsoft plans to halt the delivery of all non-security updates to Windows, another step in its suspension of non-essential revisions to the OS and other important products.

The optional updates, which Microsoft designates as Windows' C and D updates, are released during the third and fourth week of each month, respectively.

"We have been evaluating the public health situation, and we understand this is impacting our customers," Microsoft said to some understatement in a March 24 post to the Windows 10 messaging center. "In response to these challenges we are prioritizing our focus on security updates."

To read this article in full, please click here



Computer World Security News
Mar 25, 2020

Reading between the lines about Microsoft 'pausing optional updates'
Yesterday, a post on the official Windows Release Information site said that Microsoft will, at least temporarily and starting in May, stop sending out the pesky "optional, non-security, C/D Week" patches we've come to expect. 

Those "optional" second-monthly patches are usually laden with many dozens of fixes for miscellaneous, minor bugs in Windows. For example, the second-monthly cumulative update for Win10 version 1903 released yesterday lists 31 different fixes, most of which only matter in very specific cases.

To read this article in full, please click here



Computer World Security News
Mar 24, 2020

Don't let the coronavirus make you a home office security risk
Congratulations. You're now the chief security officer of your company's newest branch office: Your home. Here's how to manage your new job.

Computer World Security News
Mar 24, 2020

Microsoft Patch Alert: March 2020 brings two ‘sky-is-falling' warnings, with no problems in sight
It's been another strange patching month. The usual Patch Tuesday crop appeared. Two days later, we got a second cumulative update for Win10 1903 and 1909, KB 4551762, that's had all sorts of documented problems. Two weeks later, on Monday, Microsoft posted a warning about (another) security hole related to jimmied Adobe fonts.

Predictably, much of the security press has gone P.T. Barnum.

The big, nasty, scary SMBv3 vulnerability Patch Tuesday rolled out with a jump-the-gun-early warning from various antivirus manufacturers about a mysterious and initially undocumented security hole in the networking protocol SMBv3.

To read this article in full, please click here



Computer World Security News
Mar 23, 2020

Post-coranavirus planning calls for more (not less) investment in tech
The coronavirus crisis is just beginning. But it will end. And how you fare after the pandemic depends on what you do right now. Here are four areas to focus on.

Computer World Security News
Mar 23, 2020

Post-coronavirus planning calls for more (not less) investment in tech
The coronavirus crisis is just beginning. But it will end. And how you fare after the pandemic depends on what you do right now. Here are four areas to focus on.

Computer World Security News
Mar 19, 2020

Microsoft adds 6 months support for Windows 10 1709 to account for pandemic disruption
Microsoft today extended the support lifespan of Windows 10 Enterprise 1709 and Windows 10 Education 1709 by six months, pushing their retirements to Oct. 13. The original end-of-support date had been fixed as April 14.

Microsoft cited the COVID-19 pandemic's impact, which in just the U.S. has ranged from massive business closings and multi-county lockdowns to a broad movement of companies telling white-collar employees to work from home. By midday March 19, 171 deaths in the U.S. had been attributed to the virus. Globally, deaths approached 10,000.

To read this article in full, please click here



Computer World Security News
Mar 19, 2020

COVID-19 and tech: New collaboration tools mean new security risks
As the coronavirus forces companies to move their communication and file sharing onto collaboration platforms, be prepared for unintended consequences: New security threats will surface, requiring new methods of securing your environment.

Computer World Security News
Mar 13, 2020

What your business can do about the coronavirus ... right now
The Covid-19 crisis is the Black Swan event of our lifetime. Here's how to hold it all together (while keeping employees apart).

Computer World Security News
Mar 13, 2020

What your business should do about the coronavirus ... right now
The Covid-19 crisis is the Black Swan event of our lifetime. Here's how to hold it all together (while keeping employees apart).

Computer World Security News
Mar 13, 2020

12 security tips for the ‘work from home' enterprise
If you or your employees are working from home while our governments lurch awkwardly through the current crisis, then there are several security considerations that must be explored.

Your enterprise outside the wall Enterprises must consider the consequences of working from home in terms of systems access, access to internal IT infrastructure, bandwidth costs and data repatriation.

What this means, basically, is that when your worker accesses your data and/or databases remotely, then the risk to that data grows.

While at normal times the risk is only between the server, internal network and end user machine, external working adds public internet, local networks and consumer grade security systems to the mix of risk.

To read this article in full, please click here



Computer World Security News
Mar 12, 2020

Take your time, get it right for March Patch Tuesday
This is a big update to the Windows platform for the Microsoft March Patch Tuesday release cycle. Consisting of 115 patches, mostly to the Windows desktop, with almost all of the critical issues relating to browser-based scripting engine memory issues, this will be a difficult set of updates to release and manage.

The testing profile for the Windows desktop platform is very large, with a lower than usual exploitability/risk rating. For this month, we do not have any reports of publicly exploited or disclosed vulnerabilities (zero-days), so my recommendation is to take your time, test the changes to each platform, create a staged rollout plan and wait for future (potentially) imminent changes from Microsoft.

To read this article in full, please click here



Computer World Security News
Mar 11, 2020

Come on, Microsoft! Is it really that hard to update Windows 10 right?
Yesterday, on Patch Tuesday, as I was finishing up the column that follows lamenting the sorry state of Windows 10 patches and providing copious examples of things gone very wrong, a big, fat example landed in my lap (but happily not in my laptop). Word emerged that Microsoft had accidentally leaked news about a new Server Message Block (SMB) bug with a maximum severity rating, a.k.a. SMBGhost. The leak also said that this bug wasn't patched in that day's releases.

To read this article in full, please click here



Computer World Security News
Mar 09, 2020

Patch Tuesday's tomorrow. We're in uncharted territory. Get Automatic Updates paused.
It's always a good idea to pause Windows updates just before they hit the rollout chute. This month, we're facing two extraordinary issues that you need to take into account. Wouldn't hurt if you told your friends and family, too.

Take last month's Windows patches. Please. We had one patch, KB 4524244, that slid out on Patch Tuesday, clobbered an unknown number of machines (HP PCs with Ryzen processors got hit hard), then remained in "automatic download" status until it was finally pulled on Friday. We had another patch, KB 4532693, that gobbled desktop icons and moved files while performing a nifty trick with temporary user profiles. Microsoft never did fix that one.

To read this article in full, please click here



Computer World Security News
Mar 06, 2020

Enterprise resilience: Backup and management tips for iOS, Mac
Apple's solutions are seeing increasing use across the enterprise, but do you have a business resilience strategy in place in case things go wrong?

If you're one of the estimated 73% of SMBs that have not yet made such preparation, now might be a good time to start.

Your data is your business It's challenging enough when a consumer user suffers data loss as precious memories and valuable information go up in the digital smoke.

To read this article in full, please click here



Computer World Security News
Mar 03, 2020

Apple, the FIDO Alliance and the future of passwords
Apple is the latest firm to join the FIDO Alliance, an industry standards group developing more secure ways to log in to online accounts and apps using multi-factor authentication (MFA), biometric authentication and physical security keys. Computerworld's Lucas Mearian joins Ken Mingis and Juliet Beauchamp to discuss the Apple move, how different forms of authentication work and how far away we are from a password-less world.

Computer World Security News
Mar 03, 2020

FIDO Alliance and the future of passwords
Apple is the latest company to join the FIDO Alliance, an industry standards group committed to finding more secure ways to log in to online accounts and apps. The FIDO Alliance pushes for multi-factor authentication (MFA) deployment, from biometric authentication to physical security keys. Computerworld's Lucas Mearian joins Ken and Juliet to discuss why Apple joined the FIDO Alliance, how different forms of authentication work and how far away we are from a password-less world.

To read this article in full, please click here



Computer World Security News
Mar 03, 2020

Mitigate your risk of getting hacked with help from with this online academy
Cyber crime rates are on the rise. In fact, according to this 2019 Juniper Research paper, the financial burden of this global nuisance is expected to surpass $2 trillion in 2020 alone. But don't panic. It turns out that education plays a major role in mitigating the risks, which is why grabbing a lifetime subscription to the CyberTraining 365 Online Academy is money well spent.

To read this article in full, please click here



Computer World Security News
Mar 03, 2020

Verizon: Companies will sacrifice mobile security for profitability, convenience
Despite an increase in the number of companies hit by mobile attacks that led to compromises, four in 10 businesses sacrificed security to meet profit goals or avoid "cumbersome" security processes, according to Verizon's third annual Mobile Security Index 2020.

It showed that 43% of organizations sacrificed security. More typical reasons for companies exposing themselves to risk, such as lack of budget and IT expertise, trailed "way behind" things such as expediency (62%), convenience (52%) and  profitability targets (46%). Lack of budget and IT expertise were only cited by 27% and 26% of respondents, respectively.

To read this article in full, please click here



Computer World Security News
Mar 03, 2020

Will pay by palm be a thing? Should it be?
Amazon is experimenting with a way to allow shoppers to use a palm-print biometric to authenticate payments and to do so in physical stores far beyond Amazon-owned brick-and-mortars, (Whole Foods, AmazonGo, AmazonBooks, Amazon 4-Star and Amazon Pop-Up). Amazon is reportedly looking at QSRs (quick-service restaurants), especially coffee shops.

Palm prints have several advantages over more popular mobile biometric methods, such as fingerprint (prescription drugs, cleaning chemicals, burns and various other things can interfere with fingerprint readings) and facial recognition (finicky method that requires the face to be a precise distance from the scanner — not an inch too close or too far — and can suffer from hair growth, lighting, cosmetic changes, some sunglasses, as well as giving false positives to close relatives). And unlike my favorite biometric for security (retina scan), it's far less invasive. It's fairly accurate, convenient and (other than forcing customers to remove gloves, which could be a problem with outdoor shops in the winter) should be well-received.

To read this article in full, please click here



Computer World Security News
Mar 02, 2020

Memory-Lane Monday: The cruelest password
After a network manager unexpectedly tightens up the rules for passwords and forces the expiration of all user passwords on the main application system, calls flood into the help desk, reports a pilot fish on the scene. They're having trouble because of the new complexity rules.

One of the calls:

User: I can't seem to change my password.

Help desk tech: Your new password needs to contain letters, numbers and punctuation. Do not use any words such as you'd find in a dictionary.

User: OK. (Pause.) No, it still won't let me change it.

Tech: What is the password you are trying to use?

User: April.

Tech: "April" is a word.

To read this article in full, please click here



Computer World Security News
Feb 27, 2020

How and why you need HomeKit-secured smart homes
Once upon a time the Internet was amazing, enabling niche interests and connecting people. Apple's iMac was the epitome of the era, while the iPhone became the prophet of change.

What is HomeKit-secured and why should you use it? These days hackers break into home networks using our routers and smart home devices, which is why everyone must learn how to use HomeKit-secured routers to keep their connected homes safe.

Apple announced HomeKit-secured routers at WWDC 2019. The first few devices to support the tech recently began to reach market, including options from Linksys and (now) Amazon's Eero routers.

To read this article in full, please click here



Computer World Security News
Feb 26, 2020

Firefox starts switching on DNS-over-HTTPS to encrypt lookups, stymie tracking
Mozilla has started to turn on DNS-over-HTTPS, or DoH, as part of its overall strategy of stressing user privacy.

"We know that unencrypted DNS is not only vulnerable to spying but is being exploited," wrote Selena Deckelmann, Mozilla's new vice president of desktop Firefox, in a Feb. 25 post to a company blog. "We are helping...to make the shift to more secure alternatives [and] do this by performing DNS lookups in an encrypted HTTPS connection. This helps hide your browsing history from attackers on the network, helps prevent data collection by third parties on the network that ties your computer to websites you visit."

To read this article in full, please click here



Computer World Security News
Feb 26, 2020

Microsoft Patch Alert: February 2020 patches bring fire and ice but seem to have settled - finally.
The real stinker this month, KB 4524244, rolled out the automatic update chute for four full days until Microsoft yanked it - leaving a trail of wounded PCs, primarily HP machines, in its wake. The other big-time bug in this month's patches, a race condition in the KB 4532693 Win10 version 1903 and 1909 cumulative update installer, hasn't been officially acknowledged by Microsoft outside of a blog post. But at least it's well known and understood.

Folks running SQL Server and Exchange Server networks need to get patched right away.

Win10 UEFI update KB 4524244 blockages Patch Tuesday brought KB 4524244 for Windows 10 owners, a bizarre single-purpose patch apparently directed at one specific UEFI bootloader. I talked about it last week.

To read this article in full, please click here



Computer World Security News
Feb 26, 2020

How to fight scripting attacks
Most phishing campaigns use links to malicious scripts that infect users' devices. Here's how to spot and prevent them from doing damage.

Computer World Security News
Feb 26, 2020

10 steps to smarter Google account security
There are important accounts to secure, and then there are important accounts to secure. Your Google account falls into that second category, maybe even with a couple of asterisks and some neon orange highlighting added in for good measure.

I mean, really: When you stop and think about how much stuff is associated with that single sign-in — your email, your documents, your photos, your files, your search history, maybe even your contacts, text messages, and location history, if you use Android — saying it's a "sensitive account" seems like an understatement. Whether you're using Google for business, personal purposes, or some combination of the two, you want to do everything you possibly can to keep all of that information locked down and completely under your control.

To read this article in full, please click here



Computer World Security News
Feb 25, 2020

Top secret
It's back when 5-inch floppy disks roamed the Earth, and a customer service tech sends a software update to a customer known to be a bit more than a little computer-challenged, says a pilot fish in the know. This involves physically mailing a stack of disks to the customer, along with a note saying to call the tech when she's ready to install the update.

When the call comes, the tech is prepared to walk her through the installation step by step. After getting the computer booted up and verifying that the user has located disk No. 1, the tech says, "Insert the floppy disk into the disk drive, with the label facing up."

Customer: "Done."

Tech: "Type ‘A,' and press the Enter key."

To read this article in full, please click here



Computer World Security News
Feb 24, 2020

Why every user needs a smart speaker security policy
Does your voice assistant wake up randomly when you are engaged in normal conversation, listening to radio, or watching TV? You're not alone, and this may have serious implications in enterprise security policy.

All things being equal (they're not) "Anyone who has used voice assistants knows that they accidentally wake up and record when the 'wake word' isn't spoken - for example, 'seriously' sounds like the wake word 'Siri' and often causes Apple's Siri-enabled devices to start listening," the Smart Speakers research study says.

To read this article in full, please click here



Computer World Security News
Feb 21, 2020

Apple joins industry effort to eliminate passwords
In a somewhat unusual move for Apple, the company has joined the Fast IDentity Online (FIDO) Alliance, an authentication standards group dedicated to replacing passwords with another, faster and more secure method for logging into online services and apps.

Apple is among the last tech bigwigs to join FIDO, whose members now include Amazon, Facebook, Google, Intel, Microsoft, RSA, Samsung, Qualcomm and VMware. The group also boasts more than a dozen financial service firms such as American Express, ING, Mastercard, PayPal, Visa and Wells Fargo.

"Apple is not usually up front in joining new organizations and often waits to see if they gain enough traction before joining in. This is fairly atypical for them," said Jack Gold, president and principal analyst at J. Gold Associates. "Apple is often trying to present [its] own proposed industry standards for wide adoption, but is generally not an early adopter of true multi-vendor industry standards.

To read this article in full, please click here



Computer World Security News
Feb 20, 2020

The mess behind Microsoft's yanked UEFI patch KB 4524244
Remember the warning about watching how sausage is made? This is an electronic sausage-making story with lots of dirty little bits.

First, the chronology. On February's Patch Tuesday, Microsoft released a bizarre standalone security patch, KB 4524244, which was then called "Security update for Windows 10, version 1607, 1703, 1709, 1803, 1809, and 1903: Feb. 11, 2020." The name has changed, but bear with me.

The original problems with KB 4524244 That patch had all sorts of weird hallmarks as I discussed at the time:

To read this article in full, please click here



Computer World Security News
Feb 19, 2020

How to prevent data loss on your network
Use these tools and techniques to protect important data from being exfiltrated from your Windows network.

Computer World Security News
Feb 18, 2020

Complying with CCPA: Answers to common questions
Enforcement of the California Consumer Privacy Act begins this summer, but lawsuits are already being filed. To help you comply and avoid being sued, CSO contributor Maria Korolov joins IDG TECH(talk) host Juliet Beauchamp to discuss critical components of the CCPA and answer viewers' questions.

Computer World Security News
Feb 18, 2020

Dump Windows 7 already! Jeez!
Why am I still writing about Windows 7? It's dead, Jim! The tombstone reads, "June 22, 2009 - January 14, 2020." It was a good run, but unless you're shelling out some serious coin for Windows 7 Extended Security Updates (ESU), you shouldn't be running Windows 7.

But many of you are. According to the best survey of who's running what, the U.S. government's Digital Analytics Program (DAP), on Feb. 14, weeks after Win7's end of life, just over one in 20 of Windows users was still using Windows 7! Oh, come on! More than 5%! A dead and buried OS! Get with the program!

To read this article in full, please click here



Computer World Security News
Feb 18, 2020

Mobile security: Worse than you thought
Many security professionals have long held that the words "mobile security" are an oxymoron. True or not, with today's mobile usage soaring in enterprises, that viewpoint may become irrelevant. It's a reasonable estimate that 2020 knowledge workers use mobile devices to either supplement or handle much of their work 98% of the time. Laptops still have a role (OK, if you want to get literal, I suppose a laptop can be considered mobile), but that's only because of their larger screens and keyboards. I'd give mobile players maybe three more years before that becomes moot.

That means that security on mobile needs to become a top priority. To date, that usually has been addressed with enterprise-grade mobile VPNs, antivirus and more secure communication methods (such as Signal). But in the latest Verizon Data Breach Investigations Report — always a worthwhile read — Verizon eloquently argues that aside from wireless, the form factor of mobile in and of itself poses security risks.

To read this article in full, please click here



Computer World Security News
Feb 17, 2020

How blockchain could help block fake news
In 2018, a video of former President Barrack Obama surfaced on YouTube explaining how easily technology could be used to manipulate video and create fake news. It got more than 7.2 million views.

In the video, Obama explains how we live in dangerous times when "enemies" can make anyone say anything at any point in time. Moments later, it's revealed that the video was itself faked.

Whether its news articles, images or video, fake and misleading content has proliferated across the internet over the past five or so years. One possible solution to the problem now being proposed would standardize how content is delivered online, with anything outside those standards not trusted.

To read this article in full, please click here



Computer World Security News
Feb 15, 2020

Microsoft springs last-minute demand on buyers of Windows 7 after-expiration support
Microsoft this week threw a wrench into the workings of its long-touted Windows 7 post-retirement support, telling IT administrators that there was a brand new prerequisite that must be installed before they can download the patches they'd already paid for.

The last-minute requirement was titled "Extended Security Updates Licensing Preparation Package" and identified as KB4538483 in Microsoft's numerical format.

The licensing prep package can be downloaded manually from the Microsoft Update Catalog. It should also appear in WSUS (Windows Server Update Services), the patch management platform used by many commercial customers. It will not, however, be automatically delivered through the Windows Update service, which some very small businesses rely on to provide them necessary patches.

To read this article in full, please click here



Computer World Security News
Feb 13, 2020

MIT researchers say mobile voting app piloted in U.S. is rife with vulnerabilities
Elections officials in numerous states have piloted various mobile voting applications as a method of expanding access to the polls, but MIT researchers say one of the more popular apps has security vulnerabilities that could open it up to tampering by bad actors.

The MIT analysis of the application, called Voatz, highlighted a number of weaknesses that could allow hackers to "alter, stop, or expose how an individual user has voted."

Additionally, the researchers found that Voatz's use of Palo Alto-based vendor Jumio for voter identification and verification poses potential privacy issues for users.

To read this article in full, please click here



Computer World Security News
Feb 13, 2020

A large - but manageable - February Patch Tuesday brings critical browser updates
With 99 reported vulnerabilities and patches to both Microsoft browsers, Office and Windows, this month's Patch Tuesday update is not as large an administrative burden as you might initially think. We've rated the browser updates as a "Patch Now" update due to issues with the Chakra engine, but both Office and Windows can be scheduled according to a regular patch cadence. Unfortunately, we have another Adobe Flash update to deploy, but no critical development updates for February.

You can find more information in our helpful infographic here.

To read this article in full, please click here



Computer World Security News
Feb 12, 2020

BlackBerry says its new Digital Workplace eliminates need for VPN, VDI
BlackBerry has unveiled its Digital Workplace platform, a web portal and workspace for secure online and offline access to corporate on-premise or cloud content,  including Microsoft Office 365 resources.

Digital Workplace, announced last week, integrates a secure browser-based workspace sold by Awingu, a Belgium company that penned a partnership with BlackBerry in 2018. Businesses can access their legacy Windows, Linux, SaaS or internal web apps, desktops and files inside of Awingu's secure managed browser. Awingu's unified workspace runs Windows, Linux, web and intranet apps.

To read this article in full, please click here



Computer World Security News
Feb 12, 2020

Patch Tuesday: 99 holes, 'exploited' IE fix, Win7 mayhem and UEFI ghost
What a month it's been - and the Patch Tuesday patches have only been out for 24 hours. There are many February patching foibles to report.

Every version of Windows 10, stretching back to the beginning of time (except for the long-neglected version 1511) got patches this month.

Welcome to the new, improved, paid-for Win7 patches There was no free Windows 7 update this month, even though Microsoft released a Monthly Rollup Preview in January. Anyone concerned about the well-documented "Stretch" black wallpaper bug caused by last month's Win7 Monthly Rollup apparently can pound sand - or manually download and install the fix. Your choice.

To read this article in full, please click here



Computer World Security News
Feb 12, 2020

Thought you already paid for Win7 Extended Security Updates? Think again.
I'm hearing lots of complaints from people who spent good money to get Win7 Extended Security Updates, but don't see this month's patches. There's a reason why. Microsoft didn't bother to tell us that you need a new patch, released yesterday, in order to start receiving Win7 ESU updates. You have to download the new patch, KB 4538483, from the Microsoft Catalog, and install it manually before the updates even appear.

Folks who spent money to get the February and later patches are livid. 

Yesterday, after releasing the February updates, Microsoft modified its ESU Procedure page to add this step:

To read this article in full, please click here



Computer World Security News
Feb 12, 2020

How cyber attackers hide malware on your network
Knowing where to look for malware lurking on your network gives you a better chance to prevent damage from it.

Computer World Security News
Feb 11, 2020

What's the difference between the deep web and the dark web?
We hear the terms "deep web" and "dark web" thrown around a lot... but what do they actually mean? And what's the difference between the two? CSO Online writer J.M. Porup joins Juliet to dispel rumors and discuss what sets the deep web and dark web apart from the rest of the web.

Computer World Security News
Feb 11, 2020

Why the Fed is considering a cash-backed cryptocurrency
The Federal Reserve is investigating the potential of a central bank digital currency (CBDC) as the backbone for a new, secure real-time payments and settlements system.

The move toward a form of government-backed digital currency is being driven by Fintech firms and a banking industry already piloting or planning to pilot cash-backed digital tokens, according to Lael Brainard, a member of the U.S. Federal Reserve's Board of Governors.

"Today, it can take a few days to get access to your funds. A real-time retail payments infrastructure would ensure the funds are available immediately - to pay utility bills or split the rent with roommates, or for small business owners to pay their suppliers," said Brainard, who serves as chair of the committees overseeing Financial Stability and Payments, Clearing and Settlements.

To read this article in full, please click here



  • CEOExpress
  • 1 Boston Place | Suite 2600
    Boston MA 02108
  • 617 482 1200
    617 299 8649 (fax)
  • Contact
  • As an Amazon Associate
    CEOExpress earns from
    qualifying purchases.

©1999-2020 CEOExpress Company LLC