NEWS: COMPUTER WORLD SECURITY NEWS
Setup News Ticker
   NEWS: COMPUTER WORLD SECURITY NEWS
Computer World Security News
Jul 30, 2021

Online privacy: Best browsers, settings, and tips
"You have zero privacy anyway. Get over it," Scott McNealy said of online privacy back in 1999, a view the former CEO of the now-defunct Sun Microsystems reiterated in 2015. Despite the hue and cry his initial remarks caused, he's been proven largely correct.

Other ways to protect yourself on the web: GDPR, CCPA, and AdChoicesTo read this article in full, please click here

(Insider Story)

Computer World Security News
Jul 29, 2021

How to give your phone an Android-12-inspired privacy upgrade
Android 12 sure is an onion of an update, wouldn't ya say?

Now, don't get me wrong: I'm not suggesting it's fragrant, likely to make you cry, or positively delicious when cooked in a stir-fry. (That'd be one heck of a piece of software!) I just mean that it has lots of layers to it, including some that are beneath the surface and impossible to see when you're only glancing from afar.

Android 12 is full of changes both big and small, in fact — and while many of its most noticeable external elements will be limited to Google's own Pixel phones, some of the improvements tucked away in those sticky lower layers are arguably the most important changes of all.

To read this article in full, please click here



Computer World Security News
Jul 26, 2021

Acronis teams with Jamf to secure the Apple-centric enterprise
As the Mac security journey becomes ever more challenging, there's fresh activity in the Mac security and enterprise infrastructure space: Acronis Cyber Protect Cloud now integrates with leading enterprise management platform Jamf.

Acronis and Jamf: Better together That's a significant step forward in terms of better native Mac support from Acronis, which has been working to widen its support for Apple's platform since at least 2014 when it introduced Mac support for Acronis Access. It's also a significant indicator that despite the existence of a few hold-outs, most enterprises now recognize that the future of work is remote.

To read this article in full, please click here



Computer World Security News
Jul 26, 2021

About the Pegasus spyware, Apple's telling the full truth
When it comes to security and privacy issues, Apple generally does a far better job than its rivals — though admittedly for selfish marketing reasons. When comparing Apple's iOS and Google's Android, it's hard to not see that at least Apple makes a good-faith attempt at being security- and privacy-oriented, compared to Google, which would prefer selling ads and anything else it can think of.

Still, Apple has been known to twist and shift the truth, omitting germane background info and context when it's convenient. Remember antenna-gate? The battery-gate brouhaha?

To read this article in full, please click here



Computer World Security News
Jul 22, 2021

Pegasus spyware and iPhone security
Amnesty International's Security Lab revealed that a handful of iPhones, mostly belonging to journalists and human rights activists, were successfully infected with Pegasus spyware. While the majority of iPhones users are not affected, the spyware, created by NSO Group, was found even on newer iPhone models equipped with the latest iOS update. Apple bills the iPhone as the most secure consumer cellular product on the market, so this wave of malware raises security concerns. Computerworld Executive Editor Ken Mingis and Macworld Executive Editor Michael Simon join Juliet to discuss iPhone security and more.

Computer World Security News
Jul 22, 2021

Scary ‘malware-as-a-service' Mac attack discovered
Another day, and it's time for another Apple security scare: malware that can harvest keystrokes and log-ins and is available on the Darknet for only $49.

Malware-as-a-service for Mac attacks Check Point Software's research team claims to have identified the hack, which it is calling XLoader. Enterprise security specialists managing Macs and Apple devices (of which there are many) need to be aware of the new attack, as we're told it can:

To read this article in full, please click here



Computer World Security News
Jul 19, 2021

iPhone spyware: It's a dirty job, but NSO's gonna do it
Amnesty International has revealed that NSO Group, an Israeli ‘surveillance as a service' company, has created and sold a nasty iMessage attack that can be used to spy on journalists, activists, and political representatives using their iPhones.

A zero-click hack attack What makes this latest attack particularly dangerous is its exploitation of zero-click vulnerabilities, meaning targets don't even need to read or open the iMessage carrying the hack. Amnesty says all iPhones and iOS updates are vulnerable to the exploit, which gives attackers "complete access to the device's messages, emails, media, microphone, camera, calls and contacts."

To read this article in full, please click here



Computer World Security News
Jul 19, 2021

In the fight against ransomware, Microsoft must do more
Not a day goes by that I don't hear about some business or consultant affected by ransomware. Often, the incident starts with a phishing attack or from a vulnerability introduced by delayed patching. Or it could be a consultant tool that should have been coded better. Regardless of how it began, if you attempt to recover from a backup (assuming you have a viable one on hand) or pay the ransom and attempt to unencrypt your data, recovery will take time.

That's time companies often don't have.

Last week, the US government set up the Stopransomware website to help businesses, schools, and other organizations deal with ransomware attacks. Included in the guidance are recommendations regarding backing up:

To read this article in full, please click here



Computer World Security News
Jul 17, 2021

A big July Patch Tuesday — and the ongoing print nightmare
This week's Patch Tuesday release from Microsoft is a big one for the Windows ecosystem; it includes 117 patches that handle four publicly reported and four exploited vulnerabilities. The good news: this month's Microsoft Office and development platform (Visual Studio) patches are relatively straightforward and can be added with minimal risk to your standard patch release schedules, and there are no browser updates. Alas, we have a really serious printer issue (CVE-2021-34527) that was released out of bounds (OOB) and has been updated at least twice in the past few days. That means you need to pay immediate attention to the Windows updates and that you add all of the Windows desktop patches to your "Patch Now" schedule. 

To read this article in full, please click here



Computer World Security News
Jul 13, 2021

To patch or not to patch: That is the question
Security is more important than ever—and ransomware is bigger and badder than ever.  Barely a week goes by without a major new ransomware attack.

One way you can slow down, if not stop, such attacks is by keeping your mission-critical applications and operating systems up to date. There's only one little problem with that. Those patches, especially Microsoft's Windows patches, can be more trouble than they're worth. What's a business to do?

To read this article in full, please click here



Computer World Security News
Jun 23, 2021

Apple: Sideloading apps will undermine iOS security
Following CEO Tim Cook's statements on security at a recent conference, Apple has come out fighting to protect the security of its App Store distribution model, publishing a white paper that argues enforced side-loading of apps would make the platform — and its users — far less secure.

To read this article in full, please click here



Computer World Security News
Jun 14, 2021

Google abandons URL shortening in Chrome
Google has called quits on the notion of truncating URLs in Chrome, according to a note from earlier this month in the Chromium project's bug database.

"This experiment didn't move relevant security metrics, so we're not going to launch it," Emily Stark, a staff software engineer on the Chrome team, wrote in the June 7 entry.

Android Police first reported on Stark's note June 10.

To read this article in full, please click here



Computer World Security News
Jun 14, 2021

Windows updates: The four basic patch personalities
If you ask most people what they dislike about Windows 10, they'd probably say it's the monthly updating process and the disruption it triggers. Depending on your personality type (and how risk averse you are), here's how to handle Windows updates, deal with the changes, and keep your sanity in the process.

Bleeding-edge patchers Are you a risk-taker who loves the bleeding edge? Do you look forward to trying out new technologies, dealing with green-colored blue screens of death (BSODs) and happen to have a spare computer that you can use to provide feedback and search for error messages? If so, the Insider version of Windows 10 is for you.

To read this article in full, please click here



Computer World Security News
Jun 14, 2021

The great cloud computing surge
Driven in part by the pandemic, cloud computing adoption has reached new heights. These five articles take a close look at the implications.

Computer World Security News
Jun 11, 2021

6 zero-days make this a 'Patch Now' Patch Tuesday
Microsoft this week pushed out 50 updates to fix vulnerabilities across both the Windows and Office ecosystems. The good news is that there are no Adobe or Exchange Server updates this month. The bad news is that there are fixes for six zero-day exploits, including a critical update to the core web rendering (MSHTML) component for Windows. We've added this month's Windows updates to our "Patch Now" schedule, while the Microsoft Office and development platform updates can be deployed under their standard release regimes. Updates also include changes to Microsoft Hyper-V, the cryptographic libraries and Windows DCOM, all of which require some testing before deployment.

To read this article in full, please click here



Computer World Security News
Jun 11, 2021

Securing the Apple mobile enterprise takes context
Apple's prescence has expanded from being the brand behind a few Macs in the creative department; it is now a key mobile and productivity provider across every top enterprise. But even Apple's platforms face security challenges as people work remotely. I caught up with Truce Software CEO Joe Boyle to discuss Apple in the workplace and his company's approach to managing the mobile enterprise.

To read this article in full, please click here



Computer World Security News
Jun 10, 2021

WWDC: Why iCloud will help secure the enterprise
One of the biggest surprises of WWDC 2021 was Apple's introduction of iCloud , an upgraded version of its existing service available at no additional charge that provides secure emailing and VPN-style security for users.

iCloud just became a useful business tool The introduction of these features will transform iCloud into a very useful remote business tool, though it will be interesting to see whether all these features will be available to enterprise folks making use of Managed Apple IDs for their business tools. For the present let's assume they will, given the deep value they promise to those in that sector.

To read this article in full, please click here



Computer World Security News
Jun 08, 2021

WWDC: Apple digs deep to secure its platforms
Apple's WWDC announcements included plenty for enterprise professionals. One area that deserves  particular attention relates to the variety of privacy improvements the copany is making, because they offer significant benefits for the security conscious.

Putting you in control of your data The main thrust of Apple's recent work on privacy is information. The argument is that everyone should know about data collection, what it means, and which apps collect what information — and have at least some understanding of how that data is used.

To read this article in full, please click here



Computer World Security News
Jun 08, 2021

Ransomware revisited: As attacks worsen, tried-and-true defenses falter
Beef? Beef?!

It's come to this: a ransomware attack has come between me and my Wendy's quarter pounder! As much as I'd like to say that there's nothing to this problem for my favorite fast food lunch, I can't. A ransomware attack on the world's largest meat processor, JBS, forced nine US beef plants to close their doors on June 1.

It's not a laughing matter. If major companies such as JBS and Colonial pipeline can get hammered by ransomware, there's nothing stopping a low-life hacker from using Ransomware-as-a-Service (RaaS) to take your business out.

To read this article in full, please click here



Computer World Security News
Jun 07, 2021

Patch Tuesday: The rules of updating Windows (and Microsoft apps)
Patch Tuesday week is that time of the month when I get verklempt, — excited,and in a tizzy over the release of this month's raft of security updates. Will we get fixes for remote code execution attacks? Fixes for privilege escalations? Will we get…? Oh, you don't get verklempt, excited, and in a tizzy? You actually dread Patch Tuesday?

Let me help you out. When you install updates from Microsoft there are some fundamental rules to keep in mind.

First, when patching you should never ever lose data. Several years ago, when Microsoft rolled out the feature release version of Windows 10 1809, some users reported losing files and folders during the process. The problem caused Microsoft to pause the feature update to investigate what was triggering the issue. As it turned out, the root cause was not the update — it was the timing and rollout of a feature in One Drive. As Microsoft noted in a blog post at the time, the culprits involved three different scenarios with Onedrive — in particular, a setting called known-folder redirection. Although the issues were not widespread, the damage and loss of trust in the Windows update process was immense; even now, users remember that issue when updates arrive. Microsoft revised the 1809 release to deal with the problem and loss of data did not recur afterwards.

To read this article in full, please click here



Computer World Security News
Jun 04, 2021

Note to IT: Google really wants its privacy settings left alone
The biggest difference in business models between mobile giants Google and Apple is that Google sells hardware and software whereas Google sells information. So when Apple makes a big play out of protecting privacy—such as pushing back against encryption backdoors and government subpoenas—it's relatively easy for them. That's not primarily how they make money.

Google, though, has a business model that truly hates privacy. To Google, enterprise data privacy, along with consumer data privacy, is just something that deprives them of raw material that they can sell. In short, Google has to publicly say that it protects its customers' privacy while privately doing whatever it can to keep leveraging that data.

To read this article in full, please click here



Computer World Security News
Jun 03, 2021

The missing context around Google's Android privacy fallout
If you've read much tech news lately, you might be feeling a slight sense of shock right now.

A series of newly publicized documents related to an Arizona lawsuit reveals that Google's had some complicated systems for collecting location data across Android over the years — and that, according to the info, the company at one point tried putting a catch-all location toggle into the software's Quick Settings panel but saw a substantial increase in the number of users who took advantage of it with that more prominent positioning in place.

To read this article in full, please click here



Computer World Security News
Jun 02, 2021

When is a cybersecurity hole not a hole? Never
In cybersecurity, one of the more challenging issues is deciding when a security hole is a big deal, requiring an immediate fix or workaround, and when it's trivial enough to ignore or at least deprioritize. The tricky part is that much of this involves the dreaded security by obscurity, where a vulnerability is left in place and those in the know hope no one finds it. (Classic example: leaving a sensitive web page unprotected, but hoping that its very long and non-intuitive URL isn't accidentally found.)

And then there's the real problem: in the hands of a creative and well-resourced bad guy, almost any hole can be leveraged in non-traditional ways. But — there is always a but in cybersecurity — IT and security pros can't pragmatically fix every single hole anywhere in the environment.

To read this article in full, please click here



Computer World Security News
Jun 01, 2021

To secure your remote workforce, lock down ‘your' computers
I know some of you are still convinced you'll soon shepherd your flock of workers back into the comfortable cubicles of the corporate office. Not going to happen. I've been following the working from home revolution closely, and, trust me, your people like working from home. A lot.

According to a FlexJobs survey, 58% of workers currently working remotely said they'd "absolutely look for a new job" if they're not allowed to continue remote work. 

To read this article in full, please click here



Computer World Security News
May 25, 2021

Android 12's quietly important privacy progress
This year, for the first time in a long time, it's easy to glance at Google's latest Android effort and focus mostly on the surface.

Android 12's most striking element is without a doubt the overhauled look and feel it brings to the operating system (even if realistically, Pixel owners are the only ones who'll reap the full benefits of that change). We haven't seen such a dramatic reimagining of the Android interface in many a moon — since 2014's Android 5.0 (a.k.a. Lollipop) release — and this progression stretches past the core software itself, even, with effects set to reach the experience of using apps within Android and eventually also Google apps on the web. The same principles will apply to Chromebooks, Smart Displays, and Wear-based wearables before long as well, making this a true Google ecosystem evolution.

To read this article in full, please click here



Computer World Security News
May 25, 2021

5 free ways to get better business security
Ransomware to the left of you, malware to the right—what's a small business stuck in the middle to do?

We all know that securing your company isn't easy or cheap. As Christopher Krebs, former director of the US Cybersecurity and Infrastructure Security Agency (CISA), and Matthew Masterson, former CISA Senior Cybersecurity Advisor, both recently pointed out: we're "now in the midst of a new normal of cyber-enabled malicious activity."

To read this article in full, please click here



Computer World Security News
May 21, 2021

Apple's Mac security warning shows that closed beats open
Apple's software engineering chief Craig Federighi recently told us that Macs aren't yet as secure as iOS devices, but does this mean Mac users need to worry?

What Federighi said Apple's software lead was appearing as part of the interminable Epic v Apple trial (which today involves Apple CEO Tim Cook taking the stand). Federighi was arguing that by maintaining a highly controlled third-party app environment on iOS, Apple has been able to build an extremely secure platform.

To read this article in full, please click here



Computer World Security News
May 19, 2021

Firefox previews site-isolation tech in move to catch up to Chrome
Mozilla on Tuesday announced that a years-long effort to harden Firefox's defenses can now be previewed in the browser's Nightly and Beta builds.

Debuting as "Project Fission" in February 2019, the project was also linked to the more descriptive "site isolation," a defensive technology in which a browser devotes separate processes to each domain or even each website, and in some cases, assigns different processes to site components, such as iframes, so they are rendered separately from the process handling the overall site.

To read this article in full, please click here



Computer World Security News
May 18, 2021

Here's what you can do about ransomware
Last week, people in my neck of the woods, North Carolina, went into a panic. You couldn't get gasoline for love or money. The root cause? Colonial Pipeline, a major oil and gas pipeline company, had been hit by a major ransomware attack. With four main fuel pipelines shut down, people throughout the southeast U.S. lined up at gas stations for every drop of gas they could get.

You may not believe that ransomware is a serious threat. But I and most everyone else in the southeast? We believe.

To read this article in full, please click here



Computer World Security News
May 17, 2021

For Windows users, tips on fighting ransomware attacks
Ransomware.

It's one word that strikes fear in the minds of many a computer user, especially given the near daily headlines about companies affected. It makes us wonder why this keeps happening to users and businesses, large and small.

But there's plenty you can do to protect yourself or your business.

Be wary of what you click on Most of the time, ransomware that affects an individual happens after someone clicks on something they shouldn't — maybe a phishing-related email or a web page that installs malicious files. In a business setting, the attacks often come from an attacker going after open remote access protocol, either using brute force or harvested credentials. Once inside the network, they can disable backups and lie in wait until the best time to attack.

To read this article in full, please click here



Computer World Security News
May 17, 2021

Google makes a big security change, but other companies must follow
In a wonderful cybersecurity move that should be replicated by all vendors, Google is slowly moving to make multi-factor authentication (MFA) default. To confuse matters, Google isn't calling MFA "MFA;' instead it calls it "two-step verification (2SV)."

The more interesting part is that Google is also pushing the use of FIDO-compliant software that is embedded within the phone. It even has an iOS version, so it can be in all Android as well as Apple phones.

To be clear, this internal key is not designed to authenticate the user, according to Jonathan Skelker, product manager with Google Account Security. Android and iOS phones are using biometrics for that (mostly facial recognition with a few fingerprint authentications) — and biometrics, in theory, provides sufficient authentication. The FIDO-compliant software is designed to authenticate the device for non-phone access, such as for Gmail or Google Drive.

To read this article in full, please click here



Computer World Security News
May 14, 2021

Browser updates are back for the May's Patch Tuesday
With 55 updates, three publicly reported vulnerabilities and reported public exploits for Adobe Reader, this week's Patch Tuesday update will require some time and testing before deployment. There are some tough testing scenarios (we're looking at you, OLE) and kernel updates make for risky deployments. Focus on the IE and Adobe Reader patches — and take your time with the (technically challenging) Exchange and Windows updates.

Speaking of taking your time, if you're still Windows 10 1909, this is your last month of security updates. 

The three publicly disclosed vulnerabilities this month include:

To read this article in full, please click here



Computer World Security News
May 13, 2021

Social engineering, fake App Stores, hit iOS, Sophos warns
I didn't entirely mean to focus on Apple device security for most of this week (see here and here), but new Sophos research should interest any enterprise working to enhance security awareness.

Breaking bad The research looks at 167 counterfeit apps used to scam iOS and Android users. Those that impact Apple's mobile OS particularly stood out, as they show the increasing sophistication of malware authors.

To read this article in full, please click here



Computer World Security News
May 12, 2021

Jamf adds zero trust security to the Apple enterprise
Apple enterprise management company Jamf has announced its pending $400 million acquisition of zero trust cloud-based security company, Wandera.

Apple security with zero trust Security remains of critical concern to the many enterprises deploying Apple equipment during the time of COVID-19, and as the mobile device management (MDM) services industry becomes more competitive, many providers are attempting to bolster services with security protection.

To read this article in full, please click here



Computer World Security News
May 11, 2021

Enterprises need to get smart about iOS security
The XcodeGhost malware attack that allegedly affected 128 million iOS users is an excellent illustration of the kind of sophisticated attack all users should get ready to defend against as platforms become inherently more secure.

Designer label malware XcodeGhost was an intelligent exploit that presented itself as a malware-infested copy of Xcode made available via websites targeting Chinese developers. Developers in the region downloaded it because it was easier to get than the real code because local networks wereunreliable.

To read this article in full, please click here



Computer World Security News
May 11, 2021

No matter the size of your business, you must take security seriously.
I recently wrote about using passwords correctly, and a reader replied: "I've been getting told this for years, but who's ever going to attack my 12-employee business?"

This isn't the first time I've heard remarks like that. The answer is: "Who won't attack you!?"

Hackers don't care whether your annual revenue is in five figures or nine. They will target you. Indeed, if you're on the smaller size, you're more likely to be vulnerable because, chances are, you're an easier target. After all, as BullGuard CEO Paul Lipman said: "Small businesses are not immune to cyberattacks and data breaches and are often targeted specifically because they often fail to prioritize security."

To read this article in full, please click here



Computer World Security News
May 10, 2021

Patch Tuesday preview: Time for a 'measured' approach to updates
It's time again: with Patch Tuesday in sight, I always recommend pausing or delaying updates, and this month is no different. But the second Tuesday of May also brings to an end support for Windows 10 1909. If you want to receive updates for Windows 10 after May 11, you'll need to make sure you're running Windows 10 2004 or 20H2.

So my first request on this Patch Tuesday week is that you check to see what exact version of Windows 10 you have installed, so you know you are still supported.

Typically, there is a window of time when we can safely defer or delay updates and when businesses can test patches before rolling them out. The days of worm attacks where we had to immediately patch systems have long since passed. These days, attacks are typically done using phishing lures to gain access to a system; the weakest link isn't necessarily software, it's us,opening Office docs or other files that harvest credentials. If you are even a slightly savvy user, give yourself time to ensure that there are no patching side effects.

To read this article in full, please click here



Computer World Security News
May 04, 2021

Getting passwords right for you and your business
Chances are you've never heard of the National Institute of Standards and Technology (NIST) Special Publication 800-63, Appendix A. But you've been using its contents from your first online account and password until today. That's because, within it, you'll find the first password rules such as requiring a combination of a lowercase and uppercase letter, a number, and a special character — and the recommendation of changing your password every 90 days.

There's only one problem. Bill Burr, who originally set up these rules, thinks he blew it. "Much of what I did I now regret," Burr told the The Wall Street Journal a few years ago.

To read this article in full, please click here



Computer World Security News
May 03, 2021

For Windows, it's ‘squirrel away time'
It's that semi-annual time of the year we in AskWoody land call "squirrel away time" — time to make sure you have a copy of the ISO currently installed on your computer in case you need to reinstall it. There are a number of ways to get older versions of Windows by using a trick publicized on the Thurrott.com site. But the easiest way to grab a copy of, say, 20H2 is to go to the software download site, download a copy and store it on a spare hard drive, flash drive or external USB drive.

To read this article in full, please click here



Computer World Security News
Apr 29, 2021

A highly sarcastic Android security warning
Holy floppin' hellfire, Henry! Have you heard? A terrifying new form of Android malware is running amok — stealing passwords, emptying bank accounts, and drinking all the grape soda from the refrigerators of unsuspecting Android phone owners.

We should all be quivering in our rainboots, according to almost all the information I've read on these here internets. Numerous adjective-filled news stories have warned me that the "scary new Android malware" is "spreading quickly," targeting "millions" (millions!) of users, and occasionally even "kicking people square in the groin." (All right, so I made that last part up. But you get the idea.)

To read this article in full, please click here



Computer World Security News
Apr 28, 2021

How long until Apple boots apps from its stores for privacy issues?
Apple will inevitably begin enforcing the privacy requirements it has put in place across its ecosystem, meaning developers who attempt to avoid or dissemble their way around these protections should expect action, including removal from the App Store.

What Apple is doing Everyone recognizes how seriously Apple takes privacy. Statement by statement and all through iterative software and product releases, the company is making it crystal clear that it believes privacy is essential to achieve the potential of digital transformation.

To read this article in full, please click here



Computer World Security News
Apr 28, 2021

Microsoft patents biometric 'wellness insights' tool for workers
Microsoft has patented an employee "wellbeing" recommendation feature that uses biometric data to detect a worker's stress levels when completing tasks such as sending emails, encouraging them to take a break when anxiety levels run high.

The "Emotion Detection From Contextual Signals For Surfacing Wellness Insights" patent, filed in October 2019 and published last week, describes a "wellness insights service" that collates data from a range of sources. This includes blood pressure and heartrate monitoring data that could be obtained from an employees' wearable devices, such as smart watches and fitness trackers.

To read this article in full, please click here



Computer World Security News
Apr 27, 2021

Why enterprises must install the latest macOS software patch
Enterprises should install Apple's latest macOS Big Sur 11.3 update to secure their Macs. I spoke with Jamf Mac security expert Jaron Bradley, who explained why.

Install macOS 11.3 immediately Enterprise users running fleets of Macs should get their IT support teams to approve the installation of Apple's macOS Big Sur 11.3 update as swiftly as possible; the update should protect Macs against a serious software vulnerability that places data at risk.

As first spotted by Cedric Owens (and subsequently heavily researched by Jamf), the malware — a new version of a known Shlayer vulnerability — spreads in the following ways:

To read this article in full, please click here



Computer World Security News
Apr 26, 2021

April patch recap: Mostly quiet on the Microsoft front
Unlike March, when patch updates caused issues with some printers, Microsoft's updates for April were relatively tame. Windows users lost the old pre-Chromium version of Edge; some users saw performance issues; and Microsoft started talking up "News and Interests."

In fact, its that last one that has some IT admins concerns. (More about that below.)

Old Edge out, new Edge in First off, Microsoft this month installed the new Chromium-based Edge browser and removed the old Edge. Now that the browser relies on the Chromium engine, it will receive updates on the same schedule as Google Chrome. Note: the rollout wasn't without some side effects. If you had some other application set to open up PDF files, the April release reset your default PDF reader to be Edge. So, you'll need to reset the default application back to whatever your preference was. (This can be easily done; check out this recent YouTube video for details.) Microsoft also moved the default download location from the bottom left of the browser window to the top right — in line with other browser download locations. If you're a long time Edge user like me, this takes a bit of getting used to.

To read this article in full, please click here



Computer World Security News
Apr 26, 2021

Rethinking mobile security in a post-COVID workplace
In the world of enterprise mobile security, sometimes horrible situations force security corner-cutting to preserve the company. And COVID-19 forcing companies to empty office buildings and move everything (and everyone) to remote locations and the cloud in March 2020 is the classic example. What led to the security shortcuts was not just the abrupt change to work from home, but the fact that companies typically had to make the transition in a few days.

Add to that increased problems with IoT security — especially as IoT devices in home environments accessed global systems via VPNs, sometimes spreading malware through the pipeline — and you have a mess. A recent Verizon mobile security report put it bluntly: "Almost half of respondents admitted that their company had knowingly cut corners on mobile device security. That's an increase from our 2020 report when the figure was 46%. The proportion rises to two-thirds [67%] in our IoT sample. And of those remaining, 38% (27% IoT) came under pressure to do so. Another way of looking at this is that 68% came under pressure to cut corners and 72% of those succumbed."

To read this article in full, please click here



Computer World Security News
Apr 20, 2021

VMware targets remote work security with Anywhere Workspace
Providing secure access to vital applications has been a key challenge for businesses forced to adapt to remote working during the pandemic. And with many businesses set to continue to support a distributed workforce even after offices reopen, it will remain a priority for IT for some time.

With this in mind, VMware has unveiled a suite of security and endpoint management tools to support remote workers. VMware Anywhere Workspace, announced on Tuesday, combines VMware's Workspace One, a "digital workspace platform" that delivers applications across a range of devices, with its Carbon Black Cloud endpoint security tools and SASE, which provides secure network access for distributed teams.

To read this article in full, please click here



Computer World Security News
Apr 19, 2021

Details of how the feds broke into iPhones should shake up enterprise IT
Apple has an awkward history with security researchers: it wants to tout that its security is excellent, which means trying to silence those who aim to prove otherwise. But those attempts to fight security researchers who sell their information to anyone other than Apple undercuts the company's security message.

A recent piece in The Washington Post spilled the details behind Apple's legendary fight with the U.S. government in 2016, when the Justice Department pushed Apple to create a security backdoor related to the iPhone used by a terrorist in the San Bernardino shooting. Apple refused; the government pursued it in court. Then when the government found a security researcher who offered a way to bypass Apple security, the government abandoned its legal fight. The exploit worked and, anticlimactically, nothing of value to the government was found on the device.

To read this article in full, please click here



Computer World Security News
Apr 16, 2021

The Patch Tuesday focus for April: Windows and Exchange (again)
On Tuesday, MIcrosoft rolled out another broad series of updates across its Windows ecosystems, including four vulnerabilities affecting Windows that have been publicly disclosed and one security flaw — reportedly exploited already — that affects the Windows kernel. That means the Windows updates get our highest "Patch Now" rating, and if you have to manage Exchange servers, be aware that the update requires additional privileges and extra steps to complete.

It also looks as if Microsoft has announced a new way to deploy updates to any device, wherever it is located, with the Windows Update for Business Service. For more information on this cloud-based management service, you can check out this Microsoft video or this Computerworld FAQ. I have included ahelpful infographic which this month looks a little lopsided (again) as all of the attention should be on the Windows and Exchange components.

To read this article in full, please click here



Computer World Security News
Apr 16, 2021

Appogee becomes one-stop shop for enterprise iOS deployment
The Apple-focused enterprise services market continues to evolve. Case in point: Apple-only value-added-reseller Appogee is now offering a fully-managed iOS hardware deployment thanks to an arrangement with TRUCE Software.

A one-stop enterprise mobile shop At its simplest, this means enterprises choosing to deploy iOS devices across their business can approach Appogee to purchase, deploy, and create contextually-aware management tools for these new fleets. The system integrates tools from both TRUCE and Jamf and means businesses can accelerate their mobile strategy, and do so while ensuring their own policies can be enforced on a device and user basis.

To read this article in full, please click here



Computer World Security News
Apr 15, 2021

2 big questions to ask about Google and privacy
I don't know if you've noticed, but it's become a teensy bit trendy to trash Google and its position on privacy these days.

This wiggly ol' web of ours has always spent a fair amount of energy focusing on how Google uses personal data, of course — and that's a good thing. We absolutely should be aware of how companies do and don't tap into our information.

Lately, though, the conversation has turned especially heated, with a growing chorus of virtual voices suggesting it's time to ditch this-or-that Google service because of how it handles privacy and (insert spooky horror music and/or Sting ballad here) watches every move you make.

To read this article in full, please click here



Computer World Security News
Apr 13, 2021

Apple and Google reject UK COVID-19 app
Apple and Google have been forced to reject the UK's latest COVID-19 Test and Trace app update because it failed to follow privacy rules the nation had already agreed to follow in order to use the frameworks the tech firms provide.

Keeping deals In line with World Health Organization (WHO) advice to test widely and act fast in the event of COVID-19 outbreaks, Apple and Google moved quickly at the beginning of the pandemic to develop a private-by-design Exposure Notifications system the world's health authorities could use to build digital track-and-trace systems.

To read this article in full, please click here



Computer World Security News
Apr 12, 2021

Collaboration analytics: Yes, you can track employees. Should you?
From email to video meetings and team chat, collaboration applications have become vital tools to connect workers. And by giving companies the tools to track employee use of these apps, software vendors can provide insights into working patterns and help organizations better understand how they operate.

Tech Spotlight: Analytics Analytics in the cloud: Key challenges and how to overcome them (CIO) Collaboration analytics: Yes, you can track employees. Should you? (Computerworld) How data poisoning attacks corrupt machine learning models (CSO) How to excel with data analytics (InfoWorld) Major League Baseball makes a run at network visibility (Network World) The ability to view analytics data in collaboration and productivity software is not new; such products have long provided admins with a snapshot of app utilization. Typically aimed at gauging user uptake and tracking deployment progress, these metrics were otherwise limited in their wider business use.

To read this article in full, please click here



Computer World Security News
Apr 09, 2021

Your iPhone could soon be your driver's license (in Utah)
Apple's iPhone has already replaced your wallet, keys, and flight tickets. Now in Utah, it is beginning to replace your driving license in a new pilot project.

What is happening? The state is working on a mobile driving license (mDL) using a combination of technologies including NFC and QR codes as digital proof of ID. Holders of the license will be able to choose what personal information is displayed when the QR code is read, or NFC terminal tapped. This can be used in any situation in which you might be expected to present your driving license, including restaurants and bars.

To read this article in full, please click here



Computer World Security News
Apr 08, 2021

The Brave browser basics: what it does, how it differs from rivals
Boutique browsers try to scratch out a living by finding a niche underserved by the usual suspects. Brave is one of those browsers.

Brave has gotten more attention than most alternate browsers, partly because a co-founder was one of those who kick-started Mozilla's Firefox, partly because of its very unusual — some say parasitical — business model.

That model, which relies on stripping every site of every ad, then substituting different ads, came under attack almost immediately from publishers that depended on online advertising for their livelihood. "Your plan to use our content to sell your advertising is indistinguishable from a plan to steal our content to publish on your own website ((emphasis in original," lawyers for 17 newspaper publishers wrote in a cease-and-desist letter to Brave Software in April 2016.

To read this article in full, please click here



Computer World Security News
Apr 07, 2021

Apple gets ready to launch its Find My ecosystem
While we're still waiting for Apple to introduce its own take on Tile, the company is opening its Find My service to businesses joining its MFi scheme, enabling manufacturers to build location sensing into devices out of the box.

Now in advanced testing Apple has published a new app called Find My Certification Asst. Compatible with devices running iOS 14.3 or later and iPadOS 14.3 or later, the app lets accessory makers check that their devices are correctly configured for use with Apple's Find My network.

To read this article in full, please click here



Computer World Security News
Apr 07, 2021

Apple gets ready to launch its Find My ecosystem (updated)
While we're still waiting for Apple to introduce its own take on Tile, the company is opening its Find My service to businesses joining its MFi scheme, enabling manufacturers to build location sensing into devices out of the box.

Update: Since publishing this, Apple has made the following announcement. Additional information will be woven in below.

To read this article in full, please click here



Computer World Security News
Apr 05, 2021

Windows Update for Business: details, details
Here's something many Windows 10 users may not know: If you select options to control your updates in the local group policy settings better known as "Windows Update for Business," you end up controlling optional updates. And what if you are not necessarily a "business" user? What options do you have?

Plenty.

The little secret about "Windows Update for Business" is that it's nothing more than a set of registry keys and local group policy settings that allow you to better control updates. And you don't have to work for a business to utilize these settings, though it helps if you're running Windows 10 Professional.

To read this article in full, please click here



Computer World Security News
Apr 05, 2021

Is it time to move to hosted Exchange? Considerations for IT
Have the recent widely publicized attacks on Microsoft Exchange made you realize that now is the time for someone else to run your organization's email?

Managing downtimeTo read this article in full, please click here

(Insider Story)

Computer World Security News
Apr 02, 2021

Apple switches off the ‘open web' by making it better
Apple has begun rejecting apps that ignore its new App Tracking Transparency policy as it moves ahead toward the launch of iOS 14.5.  

So, what's happening? Reports indicate Apple has started rejecting apps that ignore this new policy, which extends to iPhones, iPads, and tvOS. The policy requires that apps seek express permission to access the advertising identifier (IDFA) of a person's iPhone in order to track them for ad targeting purposes. The policy also forbids developers from using other methods to track users.

To read this article in full, please click here



Computer World Security News
Apr 02, 2021

Keeping a remote workforce secure: Lessons learned, tips for the future
CSO's Lucian Constantin joins Computerworld's Matthew Finnegan and Executive Editor Ken Mingis to explain what companies should do to keep their remote employees — and valuable corporate data and info — safe. Secure remote access is key, and it means more than getting everyone on a VPN. Zero-trust access gateways, network segmentation, user and device verification, and role-based access control policies are all part of today's security tool kit.

Computer World Security News
Mar 31, 2021

Microsoft hands IT admins beefed-up Windows release health hub
Microsoft has begun rolling out its Windows release health dashboard to the Microsoft 365 admin portal, a move the company previewed earlier this month at its all-virtual Ignite conference.

"This will be a phased rollout and we expect this information experience to be available to all applicable customers by the end of April," Mabel Gomes, senior communications program manager in the Windows group, said in a March 25 post to a company blog.

The original Windows release health launched almost two years ago as one of the changes Microsoft instituted after the disastrous debut of Windows 10 1809, the fall 2018 version of the operating system that had to be yanked from release because it deleted data.

To read this article in full, please click here



Computer World Security News
Mar 29, 2021

Microsoft elevates Teams' importance by offering top-dollar bug bounties
There's nothing like $30,000 to show that an app has made it to the big time.

Microsoft last week underscored the importance of Teams to its current and future strategic planning by inaugurating a new bug bounty program that will offer up to $30,000 — twice the maximum of any Office application — to security researchers for reporting previously-unknown vulnerabilities.

Out the gate, the new program, carrying the prosaic label "Microsoft Applications Bounty Program," focused exclusively on the Teams desktop client. Other applications will be brought into the program, Microsoft said, though no timeline was given.

To read this article in full, please click here



Computer World Security News
Mar 29, 2021

Patch Tuesday recap: This month, an ‘Ides of March' update?
While this month's security updates weren't released exactly on the Ides of March, they certainly caused disruption for many users.  (For those not into history or Shakespeare, the Ides of March — March 15, 44 BC — is famous as the day Julius Caesar was assassinated.) Microsoft's March 9 patch release brought more bumpiness and issues than I can remember in a long time. Perhaps we should reassign the date for this year's Ides of March to March 9 as an unofficial acknowledgment.

As I alluded to last week, this month was bumpy in terms of patching side effects. Here's what we know: The March updates included fixes for printing that triggered blue screens of death on computers when users tried to print. In the case of Dymo label printers (and other bar code or graphical printers) they left them printing out blank labels. Larger business-style multifunction printers saw issues, especially where you have an older PCL 3 or PCL 4 style driver. Ricoh and Kyocera users reported the most issues. (One workaround: use a generic PCL 6 driver instead, though you might lose some functions.) Any Kyocera printers that use the KX driver are affected, as are some Okidata, NiceLabel, and point-of-sale system printers from applications called BarTender. 



Computer World Security News
Mar 24, 2021

How Azure Active Directory helps manage identity for remote users
Still using Active Directory to manage identity for remote workers? You might want to consider moving to Azure Active Directory.(Insider Story)

Computer World Security News
Mar 23, 2021

5 handy Google Fi features you shouldn't forget
Got Fi? Google's unusual wireless service may have shifted its name from Project Fi to Google Fi a while back, but its core proposition has remained relatively constant since the start: Pay only for the data you use, and avoid all the traditional carrier shenanigans.

For the right kind of person, Fi can be a real cost-cutter and hassle-saver. And aside from its most prominently promoted perks — the seamless network-switching, the public Wi-Fi use, the fee-free roaming and hotspot capabilities, and so on — Fi has some pretty interesting out-of-the-way options that can really elevate your experience.

To read this article in full, please click here



Computer World Security News
Mar 22, 2021

Text authentication is even worse than almost anyone thought
Everyone has been lecturing IT about how horrible the security is from texting numbers for authentication for years, including me. Now, due to some excellent reporting from Vice, it's clear that the text situation is far worse than almost anyone thought. It's not merely texting that has inherent cybersecurity flaws, but the entire telecom space surrounding the text infrastructure is absolutely abysmal.

The demonstrated whitehat attack intercepted and rerouted all of the victim's text messages, but it wasn't a technical takeover. The whitehat (who had been asked by the Vice reporter to try and steal his text messages) simply paid a small fee ($16) to a legitimate SMS marketing and mass messaging firm called Sakari. The whitehat had to lie about having the user's permission, but no meaningful proof was sought.

To read this article in full, please click here



Computer World Security News
Mar 22, 2021

Microsoft, we need to have a talk
Microsoft? We need to talk. Lately you've been disappointing me. You released three sets of security updates this month for my Windows 10 machines. The first set of updates (KB5000802 for the 2004/20H2 versions) triggered blue screens of death when I attempted to print to Ricoh and Kyocera printers as caused issues with Dymo labels.  As you yourself noted, "after installing this update, you might receive an APC_INDEX_MISMATCH error with a blue screen when attempting to print to certain printers in some apps."

To read this article in full, please click here



Computer World Security News
Mar 22, 2021

Does Microsoft share blame for the SolarWinds hack?
In recent years, Microsoft has been in the forefront of the fight against governmental and foreign hacking, helping thwart countless attacks from Russian-linked attackers. It has publicly berated the US National Security Agency (NSA) for stockpiling software and hardware vulnerabilities so they can be exploited  instead of working with companies to fix them. And it has called for an international agreement to ban cyberattacks modeled after the Geneva Convention, which bans many weapons.To read this article in full, please click here

(Insider Story)

Computer World Security News
Mar 18, 2021

Hackers target developers to break into Apple's garden
Developers should beware, as cybercriminals have figured out that the best attack vectors to infect the Apple ecosystem may be the developers themselves.

Developers, developers, malware writers We've known for a long time that malware makers and other cyber-miscreants are smart. The work they do brings in real money, with a healthy trade in corporate and personal secrets, bank account details, fraud, and ransomware generating a market some say is already worth billions — even as it costs the global economy 1% of GDP.

To read this article in full, please click here



Computer World Security News
Mar 17, 2021

Microsoft provides Exchange Server defensive tool to help SMBs stymie zero-day attacks
Microsoft Tuesday issued instructions and a one-click tool to small businesses with on-premises Exchange servers to patch the vulnerability first disclosed by the company March 2, and which criminals have been using to spy on victims' communications as well as gain access to other parts of their networks.

"We realized that there was a need for a simple, easy to use, automated solution that would meet the needs of customers using both current and out-of-support versions of on-premises Exchange Server," Microsoft said in a post to a company blog attributed to the MSRC (Microsoft Security Research Center) Team.

To read this article in full, please click here



Computer World Security News
Mar 15, 2021

Apple lives by its own privacy rules
One of the defensive arguments raised to protest Apple's decision that developers place what it calls privacy labels alongside their apps has been that the company itself doesn't apply the same rules to itself.

Apple lives by its own (privacy) rules Apple has always said it intends to follow the same rules it imposes on developers and has now made privacy labels available for all of its apps, including its system utilities and the App Store itself. "Our privacy labels are designed to help you understand how apps handle your data, including apps we develop at Apple," the company states on a page where it published the information.

To read this article in full, please click here



Computer World Security News
Mar 15, 2021

Stuck on Windows 10 1909? Some workarounds on moving forward
If you're still running Windows 10 1909, you're probably receiving a notification that your OS is about to reach the end of its life. Many are confused by the message because the Windows 10 platform is not losing support; instead, the feature release for Windows 10 Professional will be more than likely closing in May.

Microsoft Windows 10 out of date?

First, check the Windows 10 feature release version you have. Click on Start, Settings, System, scroll down to the bottom, and choose About. If you scroll down to the Windows specifications section, you can see what version of Windows 10 you use. If it shows version 1909, you need to investigate why your machine has not yet received Windows 10 2004 or 20H1.

To read this article in full, please click here



Computer World Security News
Mar 12, 2021

Patch Exchange now, and test your Windows updates
If it weren't for the serious security issues surrounding on-premises Microsoft Exchange servers (CVE-2021-2685, CVE-2021-27065, CVE-2021-26857 and CVE-2021-26858), I would say things look pretty good for this month's Patch Tuesday. There are still things to test on the desktop, including printing, remote desktop connections via VPNs, and graphically intensive operations. And while the other lower-rated Microsoft Office and Development platform updates require attention, they don't require a rapid response and can be added to the regular testing regime and deployment cadence.

To read this article in full, please click here



Computer World Security News
Mar 11, 2021

Users condemn Microsoft for removing KB IDs from some bug documentation
Microsoft's decision in February to strip an identifier used for decades from some Windows update release notes continues to draw the ire of customers.

On Feb. 18, the company announced on its Windows IT Pro blog that it would no longer include the KB identifier — KB for Knowledge Base — in the URLs of all online release notes associated with Windows update release details. The KB identifiers have been used by Microsoft for several decades to pinpoint individual bug fixes and guide customers to the appropriate documentation.

[ Related: Microsoft revamps Windows Insider release vernacular ] "One of the primary ways that many find release notes is through the use of a KB identifier (KBID)," Christine Ahonen, a program manager at Microsoft, wrote in the post to the Windows IT Pro blog. "We use a unique identifier for each Windows update. Once a KBID is created, it is then used to identify the update throughout the release process, including documentation."

To read this article in full, please click here



Computer World Security News
Mar 10, 2021

Jamf move improves enterprise security and compliance for macOS
Enterprise device management company Jamf has acquired new tools from cmdSecurity designed to help business-using Macs make the platform even more secure and to protect compliance in regulated industries.

It's yet another clear signal of the extent to which the status of Apple's platforms in business has changed.

Securing the endpoints Jamf has acquired various tools and technical assets developed by cmdSecurity, a company whose founder wrote the security guidance for the use of Macs by the US government. The purchase includes the macOS security and compliance suite, cmdReporter, the developers of which, Daniel Griggs and Eric Metzger, have also joined Jamf.

To read this article in full, please click here



Computer World Security News
Mar 08, 2021

Pause Patch Tuesday updates, watch out for Exchange server attacks
With the arrival of Patch Tuesday for March, it's time for me to urge you to again review how you handle updates from Microsoft — and hold off a bit before installing anything. By waiting a week or two, any earth-shattering side effects can be identified and workarounds found. (I give the same advice for the feature-release process. I normally wait until the next release is ready before I install the current one; it's served me well to protect against side effects triggered by bad updates.)

So, before Microsoft's patches arrive, here's what to do: click on Start, go to Settings, then Update and security, Windows update, and look for Advanced options. Scroll down to the section that says, "Pause until" and pull down the "select date" to choose a specific date for dealing with updates. It should be at least a week after Patch Tuesday to give us time to deal with any issues. I personally patch on weekends when I have more time to handle any side effects. I recommend something like March 27 as a good date to choose. By then, we will have identified any issues.

To read this article in full, please click here



Computer World Security News
Mar 08, 2021

Cybersecurity in 2021: Stopping the madness
The challenges are greater than ever. But security pros have learned a lot - and with luck, the right strategic defenses can help even the highest-value targets withstand severe attacks.

Computer World Security News
Mar 08, 2021

WFH security lessons from the pandemic
A year ago, IT and cybersecurity teams faced a number of challenges — constantly emerging threats, data privacy regulations, and a significant and widening skills gap, to name a few. Then things really got difficult.

Tech Spotlight: Security 4 ways to keep the cybersecurity conversation going after the crisis (CSO) Mitigating the hidden risks of digital transformation (CIO) WFH security lessons from the pandemic (Computerworld) WAN challenges steer Sixt to cloud-native SASE deployment (Network World) 6 security risks in software development — and how to address them (InfoWorld) The COVID-19 pandemic and its impact on business processes changed the security dynamic in a big way, making matters even more complex. Shifts to cloud services were accelerated. E-commerce efforts were launched or expanded. COVID-related cyberattacks became common.

To read this article in full, please click here



Computer World Security News
Mar 04, 2021

When Windows bug fixes go bad, IT can now roll back individual changes
Microsoft this week announced a new enterprise-only flexibility in Windows servicing that lets IT professionals roll back individual non-security elements of an update when a change breaks something.

The feature, dubbed "Known Issue Rollback," aka KIR, is an unusually frank admission that the company's nearly six-year-long experiment of forcing customers to either accept everything in an update or pass on the update entirely, is flawed.

"Even as quality has improved over the last five years, we do acknowledge that sometimes things can and do go wrong," Namrata Bachwani, principal program manager lead, said in a March 2 session video from Microsoft's all-virtual Ignite conference. ??"In the past, you had two choices: all or nothing," Bachwani continued. "You either take it all, so you install the update and you get all the great fixes that you want and the problem, which is causing an issue for your customers. Or you take nothing.

To read this article in full, please click here



Computer World Security News
Mar 03, 2021

Of February's patches, Ignite, and the fate of Windows 10 feature releases
We finished off February with an all clear for that month's Microsoft updates. So if you haven't installed updates as we get into March, make sure you do so at this time.  

I do recommend that you skip KB4535680, the Microsoft secure boot patch that's been disruptive if you have Bitlocker enabled. (Many patchers reported that it triggered the Bitlocker recovery password.) If you got it installed, fantastic! You don't need to uninstall it now. There isn't a problem with the update; instead, there is a problem during the installation and for workstations with Bitlocker.

To read this article in full, please click here



Computer World Security News
Mar 03, 2021

How to protect Windows Remote Desktop deployments
Attackers gain access to your Windows network just as work-from-home employees do: remotely. Following these simple steps will send them looking for easier targets.(Insider Story)

Computer World Security News
Mar 02, 2021

3 Android 12 features you can bring to any phone today
Google's Android 12 software is nowhere near ready for prime time, but Goog almighty: We've sure seen plenty of hints about some of the tantalizing touches it could include. And if you're anything like me, that makes it tough not to feel at least a teensy bit hungry for a taste.

The current Android 12 developer preview, unfortunately, won't do much to satisfy that craving. It's basically just a barebones framework of the software, made mostly for developers, and most of the mouthwatering morsels are carefully tucked away, disabled, and not yet visible or available for regular-mammal phone-owner use.

To read this article in full, please click here



Computer World Security News
Feb 25, 2021

Podcast: 30K Macs infected with "Silver Sparrow" virus; M1 Mac SSD health
Security researchers uncovered malware affecting tens of thousands of macOS devices, but it's unclear what exactly the malware does. Affecting both Intel and Apple Silicon processors, this malware, nicknamed "Silver Sparrow," still poses a threat. And in other Apple news, some M1 Mac users have reported that the SSDs on their new systems are being overused. Macworld executive editor Michael Simon and Computerworld executive editor Ken Mingis join Juliet to discuss Apple's response to the virus and SSD issues and what users can do if they've been affected.

To read this article in full, please click here



Computer World Security News
Feb 24, 2021

How to hire and retain Black tech pros — for real
American companies are once again promising to increase minority hiring and retention in the aftermath of the 2020 police killings of George Floyd and other Black people and subsequent Black Lives Matter demonstrations. But Black people have heard this promise before — for decades, in fact — with little tangible change in the low employment numbers of Black engineers, developers, and IT pros.

For companies that really do want to change their staffs to better reflect diversity in the US, it's time to go beyond words and take action. To help you do that, Computerworld talked to several people in the frontlines of promoting the hiring of Black people for tech jobs. Their advice was strong and unambiguous: Define the business case for diversity, then follow up with a determined action plan and establish the metrics to monitor the results and adjust course as needed. And perhaps even harder, learn to truly connect with the Black community to establish the relationships that lead to sustainable diversity.

To read this article in full, please click here



Computer World Security News
Feb 24, 2021

Microsoft 365 Advanced Audit: What you need to know
Microsoft's powerful new auditing options will help detect intrusions and see what was accessed...if you've paid for the right licenses.(Insider Story)

Computer World Security News
Feb 23, 2021

Two big buts about Samsung's Android security update announcement
Didja see? Samsung's pledging a full four years of support for security updates on its Galaxy-branded Android phones. Well, shiver me timbers: That sure is somethin'!

Samsung slapped the news down onto these here internerfs of ours Monday morning, and the glowing headlines predictably followed — with some stories going as far as to proclaim Samsung as the new undisputed "king of Android upgrades" or to declare that the company was now "beating Google at its own game."

To read this article in full, please click here



Computer World Security News
Feb 22, 2021

Why Apple should let you define private places on iPhones
If you've ever found the Significant Locations section on your iPhone, then a recently published study that shows how such data can be used to decipher personal information about users should pose some alarm.

Significant Locations The way Significant Locations works is that your iPhone keeps a list of places you frequently visit. This list usually shows your favorite places and shops and will, of course, log the location of any service you might visit often, such as the medical center.

Apple gathers this information to provide "useful location-related information" in its apps and services, and promises this data is encrypted and cannot be read by Apple. But I'm a little unclear whether this information is made available to third-party apps.

To read this article in full, please click here



Computer World Security News
Feb 22, 2021

Apple tramples on security in the name of convenience
Apple plans with iOS 14.5 to allow masked enterprise employees to access their iPhones if they are also wearing an Apple Watch (running WatchOS 7.4), that is unlocked. Heads up: This is a quintessential convenience vs. security trade-off from Apple, and if you don't insist that workers refrain from using the feature, corporate security will suffer.

In short, it will be make it much easier for corporate spies and cyberthieves to snag your company's intellectual property, which is being created, stored, and shipped within smartphones today at a far greater rate than 2019 — aka the pre-COVID-19 times.

[ Related: When work-from-home means the boss is watching ] Apple has refused to let this convenience do anything other than opening the phone (which is bad enough). And it will not allow the feature to bypass facial ID authentication for the AppleCard, ApplePay or any third-party app (such as banks and investment firms) that have embraced Face ID. That tells you pretty much all you need to know about how much of a security corner-cutter this move is.

To read this article in full, please click here



Computer World Security News
Feb 22, 2021

The .NET patch failure that wasn't
When we started this month of patching, I fully expected to come back by now with massive listings of applications that hated the February updates. That hasn't been the case, though there have been some issues related to .NET this month. 

In case you're wondering, .NET is a framework used by developers to build applications. It makes for standard coding techniques and "managed code" and can make an app more secure. Developers primarily use Visual studio to develop software that we all use on our Windows systems.

To read this article in full, please click here



Computer World Security News
Feb 18, 2021

Apple publishes in-depth M1, Mac, and iOS security guide
Apple has published its annual Apple Platform Security Guide, which includes updated details concerning the security of all its platforms, including the new M1 and A14 chips inside Apple Silicon Macs and current iPhones, respectively.

The first look inside M1 Mac security The extensive 196-page report explains how Apple continues to develop its core security models along the premise of mutually distrusting security domains. The idea here is that each element in the security chain is independent, gathers little user information, and is built with a zero-trust model that helps boost security resilience.

To read this article in full, please click here



Computer World Security News
Feb 15, 2021

For February, a 'bumpy' Patch Tuesday ride
One week out from Patch Tuesday and it's been a bumpy release for the month, especially for older versions of Windows 10 and Server 2016. (Less affected: the consumer versions of Windows 10 2004 and 20H2.)

Windows Server 2016/1607 suffered the worst of the issues: the original version of the Servicing Stack update KB4601392 caused patching to get "stuck." Server patchers had to jump through a ton of hoops to get the monthly security update installed. Microsoft pulled the bad update and replaced it with KB5001078. If you were unlucky and installed KB4601392 before it was pulled, Microsoft has this  guidance to manually reset Windows updates components.

To read this article in full, please click here



Computer World Security News
Feb 12, 2021

What's not to love with this month's Patch Tuesday?
With only 53 updates in the February Patch Tuesday collection released this week — and no updates for Microsoft browsers — you'd be forgiven for thinking we had another easy month (after a light December and January). Despite lower-than-average numbers for updates and patches, four vulnerabilities have been publicly disclosed and we are seeing a growing number of reports of exploits in the wild.

In short: this is a big, important update that will require immediate attention and a rapid response to testing and deployment.

For example, Microsoft has just released an out-of-band update to fix a Wi-Fi issue that is leading to Blue Screens of Death (BSODs). Somebody is going to run into trouble unless this gets fixed fast. We have included a helpful infographic that this month looks a little lopsided (again), as all of the attention should be on the Windows components

To read this article in full, please click here



Computer World Security News
Feb 12, 2021

Can Apple Watch boost your endpoint security?
Enterprises seeking tools with which to improve endpoint security for the new remote working business environment may want to spend a little time considering the Apple Watch.

Access all areas My argument is simple: Apple's growing place in the enterprise means its complementary ecosystems can help support your business. As deal follows deal, the number of iPhones in use across the sector is growing fast, which means millions of workers already have access to the watch.

To read this article in full, please click here



Computer World Security News
Feb 11, 2021

Apple wants Safari in iOS to be your private browser
Apple seems focused on building Safari to become the world's leading privacy-focused web browser, continuing development of under-the-hood enhancements to protect private lives.

Better privacy by proxy Beginning with (currently in beta) iOS 14.5, Apple is improving privacy by changing how Safari accesses Google's Safe Browsing service. The latter warns users when they visit a fraudulent website. (Apple uses the service to drive the "Fraudulent Website Warning" in SettingsSafari on iOS or iPadOS devices.)

The Safe Browsing service works by identifying potentially compromised sites from Google's web index. If it suspects a site is compromised, virtual machines are despatched to see whether the site attempts to compromise them.

To read this article in full, please click here



Computer World Security News
Feb 08, 2021

Ahead of Patch Tuesday, a cautionary tale
Microsoft has officially deemed Windows 10 version 2004 as "ready for business," but I'd argue it still needs a bit more help to be fully ready for consumers. With this month's Patch Tuesday upon us, here's an example of what I mean. It involves mysterious NAS issues, some sleuthing, and a workaround — all of which show how troublesome updates can be sometimes.

This case involves one AskWoody subscriber who told me recently that each time he upgraded to Windows 10 2004 the installation would break his computer. Like any good geek who refuses to let technology get the best of me, I emailed him back and asked for more information about what was getting broken when he upgraded. Turns out, he would lose access to mapped drives on his NAS (network attached storage) devices. Though he tried to remap the drives, they would fail, forcing him to roll back to  Windows 10 1909 — where everything would work.

To read this article in full, please click here



Computer World Security News
Feb 08, 2021

The future of work: Coming sooner than you think
What will your worklife be like years from now? Today's work-from-home world has given us a glimpse of the future, as these five articles from CIO, Computerworld, CSO, InfoWorld, and Network World illustrate.

Computer World Security News
Feb 03, 2021

Jamf, TRUCE bring Apple to the deskless enterprise
A new partnership between Jamf and TRUCE Software will deliver significant benefits to Apple-based enterprises with remote, deskless workforces in such industries as manufacturing or construction.

The remote remote workers The idea sems pretty solid. Think how a move to adopt Apple kit and management solutions such as Jamf has enabled remote working to flourish during the pandemic.

To read this article in full, please click here



Computer World Security News
Feb 01, 2021

Is it time to install Microsoft's January updates? (Yes.)
Some people can't wait for a new version of Windows 10. They sign up for insider editions and eagerly watch for the next release.

I'm exactly the opposite of that.

I wait and make sure the version of Windows 10 that I'm using is fully compatible with my applications and I have time to deal with any side effects. My philosophy with security updates is the same; I don't install them right away. (Though I do install them every month without fail.) If you haven't yet installed the January updates, do so as soon as possible.

The major update that I warned about last month was KB4535680, which was offered up to Windows Server 2012 x64-bit; Windows Server 2012 R2 x64-bit; Windows 8.1 x64-bit; Windows Server 2016 x64-bit; Windows Server 2019 x64-bit; Windows 10, version 1607 x64-bit; Windows 10; version 1803 x64-bit; Windows 10, version 1809 x64-bit; and Windows 10, version 1909 x64-bit systems.

To read this article in full, please click here



Computer World Security News
Jan 29, 2021

When cryptographers looked at iOS and Android security, they weren't happy
For years, the US government begged Apple executives to create a backdoor for law enforcement. Apple publicly resisted, arguing that any such move for law enforcement would quickly become a backdoor for cyberthieves and cyberterrorists.

Good security protects us all, the argument went.

More recently, though, the feds have stopped asking for a workaround to get through Apple security. Why? It turns out that they were able to break through on their own. iOS security, along with Android security, is simply not as strong as Apple and Google suggested.

To read this article in full, please click here



Computer World Security News
Jan 28, 2021

Microsoft releases Application Guard for Office to M365 customers
Microsoft this week released Application Guard for Office, a defensive technology that quarantines untrusted Office documents so attack code embedded in malicious files can't reach the operating system or its applications.

The announcement of Application Guard's general availability came five months after Microsoft kicked off a public preview of the technology. At that time, Microsoft's roadmap indicated a December 2020 debut for Application Guard for Office.

"When you've enabled Application Guard and a user opens a file from a potentially unsafe location, Office opens the file in Application Guard; a secured, Hyper-V-enabled container isolated from the rest of a user's data through hardware-based virtualization," Emil Karafezov, senior program manager, said in a Jan. 27 post to a company blog.

To read this article in full, please click here



  • CEOExpress
  • 1 Boston Place | Suite 2600
    Boston MA 02108
  • Contact
  • As an Amazon Associate
    CEOExpress earns from
    qualifying purchases.

©1999-2021 CEOExpress Company LLC