Latest Security News

Getting hands-on with industrial control system setups at RSA | Salted Hash Ep 31

Computer World Security - Tue, 06/19/2018 - 06:00
Host Steve Ragan is joined on the RSA 2018 show floor by Bryson Bort, CEO and founder of SCYTHE, to talk about the ICS Village, where attendees can learn how to better defend industrial equipment through hands-on access to the equipment.
Categories: Latest Security News

Apple wins praise for adding 'USB Restricted Mode' to secure iPhones

Computer World Security - Thu, 06/14/2018 - 15:43

Apple confirmed today it will close a security hole that has allowed law enforcement officials, working with forensic companies, to break into iPhones to retrieve data related to criminal investigations.

In the upcoming release of iOS 12, Apple will change default settings on iPhones to shutter access to the USB port when the phone has not been unlocked for one hour. In its beta release of iOS 11.3, Apple introduced the feature – known as USB Restricted Mode – but cut it from iOS 11.3 before that version was released publicly.

To read this article in full, please click here

Categories: Latest Security News

Which Android phones get regular security updates? Here's a hint

Computer World Security - Thu, 06/14/2018 - 11:48

Here in the land o' Android, wrapping your noggin around the subject of software updates isn't always easy to do.

We've got regular OS updates, sure — and info on the various phone-makers' performance in that domain is readily available, if you (a) know where to find it and (b) are even aware that you should be looking for such data in the first place. But still, that's only one piece of the puzzle.

To read this article in full, please click here

Categories: Latest Security News

Is your company part of the GDPR 'mobile loophole'?

Computer World Security - Thu, 06/14/2018 - 11:13

Mobile tech, and especially mobile brought into companies through BYOD, has unique challenges for companies that need to comply with General Data Protection Regulations (GDPR) — and that’s virtually all companies, not just the ones in Europe. The regulations compel companies to manage personal data and protect privacy, and they provide individuals to have a say in what and how data about them is used.

GDPR has several disclosure and control requirements, such as providing notice of any personally identifiable data collection, notifying of any data breaches, obtaining consent of any person for whom data is being collected, recording what and how data is being used, and providing a right for people whose data is being collected to see, modify, and/or delete any information about them from corporate systems.

To read this article in full, please click here

Categories: Latest Security News

Apple bans cryptocurrency mining apps on iOS to protect mobile users

Computer World Security - Tue, 06/12/2018 - 15:36

Using an iPad or iPhone to mine bitcoin or other cryptocurrencies would be hard to do, as the CPU power available to complete the task would be a drop in the bucket compared to what's needed.

But using a portion of the CPU power from thousands of iPads or iPhones to mine cryptocurrency makes more sense – and that's exactly what some malware has been doing.

Apple is now moving to stop the practice.

[ Further reading: The way blockchain-based cryptocurrencies are governed could soon change ]

To read this article in full, please click here

Categories: Latest Security News

How the Spanish cybercriminal underground operates | Salted Hash Ep 30

Computer World Security - Tue, 06/12/2018 - 06:00
Host Steve Ragan reports from the RSA 2018 conference, talking with Liv Rowley, an intelligence analyst at Flashpoint, about Spanish cybercrime, an underground community that poses persistent security risks.
Categories: Latest Security News

Make sure Windows auto update is temporarily turned off, and watch out for SMBv1 fixes

Computer World Security - Mon, 06/11/2018 - 16:12

In May, we saw a host of bugs introduced by the Patch Tuesday “security” patches. By the end of the month, patches for those patches killed almost all of the bugs – even the inability of Win10 version 1803 to run on certain kinds of solid-state drives, including the one in some Surface Pros.

[ Related: Windows 7 to Windows 10 migration guide ]

We also saw Microsoft push Win10 version 1803 onto machines that were specifically set to avoid it. I haven’t seen any official response to Microsoft’s inquiry into the reports, but we now have a sighting of a Win7 machine being pushed onto Win10, in spite of its settings.

To read this article in full, please click here

Categories: Latest Security News

Apple's Health Record API released to third-party developers; is it safe?

Computer World Security - Thu, 06/07/2018 - 06:11

Apple at its Worldwide Developers Conference this week released an API that allows  developers and researchers to create applications that connect to Health Records, a feature released with iOS 11.3 that allows patients to port their electronic health info to mobile devices and share data between care providers.

While the move promises to streamline the sharing of healthcare data, it also could open the door to that highly sensitive data falling into the wrong hands.

To read this article in full, please click here

Categories: Latest Security News

Learn what the 'zero trust' security model really means | Salted Hash Ep 29

Computer World Security - Tue, 06/05/2018 - 06:00
Host Steve Ragan reports from RSA 2018 conference, talking with Wendy Nather, director, advisory CISOs at Duo Security, about how organizations can build a zero trust model, including consistently authenticating users.
Categories: Latest Security News

May Windows and Office patches are now relatively stable, but Win7 NIC problems persist

Computer World Security - Sat, 06/02/2018 - 22:34

At least the really bad bugs, introduced by “security” patches earlier this month, have been fixed. The problems that remain reside in the dregs — not likely to bite, but worth knowing about in case something suddenly goes bump in the night.

And if you’re using Win10 1803, you should definitely ask Microsoft for an increase in combat-duty pay. 

The ongoing Win7/Server 2008 R2 patching threat

Remember when Win7 was relatively stable? OK, OK; “stable” is a relative term that’s unlikely to apply to any version of Windows, but you know what I mean. Win7 and Server 2008 R2 have gone through months of problems with networking in general, and apoplectic network interface cards in particular.

To read this article in full, please click here

Categories: Latest Security News

What is Apple hiding with iOS 11.4?

Computer World Security - Thu, 05/31/2018 - 09:48

Have you installed iOS 11.4? Once you’d looked at AirPlay 2and Messages in iCloud, did you happen to take a look at the contents of the security updates?

‘Details available soon’

If you did you’ll have been disappointed.

Apple hasn’t disclosed details concerning the security content of the new software. It hasn’t revealed anything concerning USB Restricted Mode, which apparently makes it harder for people to hack into your device.

To read this article in full, please click here

Categories: Latest Security News

How to use Apple’s Messages in iCloud for iOS, Mac

Computer World Security - Wed, 05/30/2018 - 08:30

Along with key HomePod improvements, Apple also introduced Messages in iCloud with iOS 11.4. It’s a useful feature designed to store your Messages and attachments in iCloud, but enterprise users should think twice before enabling it.

Security is everything

I’m not saying iCloud is not secure – so long as you use a six-or more digit passcode or (better, but more awkward) an alphanumeric passcode, it’s highly secure. I’m reasonably confident a strong password, Apple’s own systems and its insistence you use two-factor authentication is enough for most of us.

To read this article in full, please click here

Categories: Latest Security News

Microsoft Patch Alert: Major bugs introduced in May fixed, plenty of problems remain

Computer World Security - Wed, 05/30/2018 - 06:49

Once more we have a monthly Windows/Office patch scorecard that needs a guidebook. Or two. And we just got a handful of buried warnings about problems in old patches, plus a brand new way to fry your network interface card.

Thus continues the tradition of two cumulative updates per month for all of the supported Windows 10 versions – that’s eight cumulative updates in total – in addition to bobs and weaves and a very long list of acknowledged bugs introduced by recent security patches in Windows 7.

Conflicts with Remote Desktop

The strange behavior of the CredSSP update – where the Patch Tuesday fixes for all versions of Windows seemed to break Remote Desktop Protocol with a strange error message: “This could be due to CredSSP encryption oracle remediation” has been resolved.

To read this article in full, please click here

Categories: Latest Security News

WWDC: Apple’s NFC plan is a big developer opportunity

Computer World Security - Tue, 05/29/2018 - 11:01

Apple will open up fresh opportunities for developers as it extends Near Field Communications (NFC) support in iOS to more uses.

NFC: Apple’s story so far

Apple introduced support for a new NFC framework called Core NFC at WWDC 2017. Developers were pleased, but the implementations were rather limited.

[ Related: WWDC 2018 preview: What can we expect? ]

Core NFC let developers build apps that read NFC tags, but only for things like visitor attractions and museum exhibitions.

To read this article in full, please click here

Categories: Latest Security News

TSB phishing attacks | Salted Hash Ep 33

Computer World Security - Mon, 05/28/2018 - 07:00
TSB customers in the U.K. were already frustrated by the bank's technical problems, but now the situation has gotten worse as criminals take advantage of the chaos. Host Steve Ragan looks at recent TSB phishing attacks and the kit that powers them.
Categories: Latest Security News

Amazon's Echo privacy flub has big implications for IT

Computer World Security - Sat, 05/26/2018 - 11:34

Amazon has confirmed a report that one of its Echo devices recorded a family's conversation and then messaged it to a random person on the family's contact list, who is an employee of a family member.

But Amazon, in a statement emailed to Computerworld, confirmed every privacy advocate's worst nightmare with its explanation: “Echo woke up due to a word in background conversation sounding like 'Alexa.' Then, the subsequent conversation was heard as a 'send message' request. At which point, Alexa said out loud 'To whom?' At which point, the background conversation was interpreted as a name in the customer’s contact list. Alexa then asked out loud, '[contact name], right?' Alexa then interpreted background conversation as 'right.' As unlikely as this string of events is, we are evaluating options to make this case even less likely.”

To read this article in full, please click here

Categories: Latest Security News

Avast blames Microsoft for Win10 1803 upgrade blue screens, nonsensical options

Computer World Security - Fri, 05/25/2018 - 15:28

Looks as if we have a solution for the Avast-related blue screens in Win10 1803 upgrades that I talked about earlier this week. Avast heavyweight Ondrej Vlcek chose his words carefully but threw lots of shade at Microsoft for the upgrade installer’s bug.

Posting on the Avast forum, Vlcek says:

To read this article in full, please click here

Categories: Latest Security News

How your web browser tells you when it's safe

Computer World Security - Wed, 05/23/2018 - 16:27

Google last week spelled out the schedule it will use to reverse years of advice from security experts when browsing the Web - to "look for the padlock." Starting in July, the search giant will mark insecure URLs in its market-dominant Chrome, not those that already are secure. Google's goal? Pressure all website owners to adopt digital certificates and encrypt the traffic of all their pages.

The decision to tag HTTP sites - those not locked down with a certificate and which don't encrypt server-to-browser and browser-to-server communications - rather than label the safer HTTPS websites, didn't come out of nowhere. Google has been promising as much since 2014.

To read this article in full, please click here

Categories: Latest Security News

How deception technologies use camouflage to attract attackers | Salted Hash Ep 26

Computer World Security - Tue, 05/22/2018 - 06:00
Host Steve Ragan reports from the show floor at RSA 2018, where talks with Chris Roberts, chief security architect at Acalvio Technologies, about the benefits and misconceptions of deception technologies.
Categories: Latest Security News

Google details how it will overturn encryption signals in Chrome

Computer World Security - Mon, 05/21/2018 - 16:45

Google has further fleshed out plans to upend the historical approach browsers have taken to warn users of insecure websites, spelling out more gradual steps the company will take with Chrome this year.

Starting in September, Google will stop marking plain-vanilla HTTP sites - those not secured with a digital certificate, and which don't encrypt traffic between browser and site servers - as secure in Chrome's address bar. The following month, Chrome will tag HTTP pages with a red "Not Secure" marker when users enter any kind of data.

[ Further reading: What's in the latest Chrome update? ]

Eventually, Google will have Chrome label every HTTP website as, in its words, "affirmatively non-secure." By doing so, Chrome will have completed a 180-degree turn from browsers' original signage - marking secure HTTPS sites, usually with a padlock icon of some shade, to indicate encryption and a digital certificate - to labeling only those pages that are insecure.

To read this article in full, please click here

Categories: Latest Security News


Subscribe to SecurityFeeds aggregator - Latest Security News