Latest Security News

Texas ransomware attacks: to pay or not to pay? | TECH(feed)

Computer World Security - Thu, 08/22/2019 - 13:53
Nearly two dozen cities in Texas have been hit by a ransomware attack executed by a single threat actor. These attacks beg the question: Is it ever worth it to pay a cyber attacker’s ransom? In this episode of TECH(feed), Juliet discusses the pattern of ransomware attacks on local governments, how municipalities have responded and how to prevent a ransomware attack in the first place.
Categories: Latest Security News

Throwback Thursday: Eyes only

Computer World Security - Thu, 08/22/2019 - 04:00

Programmer pilot fish goes online to a message board for a development system that’s used for one of his company’s applications.

But he gets a message that the site is blocked. He can either forget about it, click a link to continue, or click a link to see the company’s access policy.

He clicks to continue, gets what he needs, and then, just out of curiosity, he clicks to see the access policy to get an idea of why this site is being blocked.

But instead of seeing the access policy, fish sees this message: Content blocked. Click here to access our internet resource policy.

Sputters baffled fish, “It actually blocked the policy!”

To read this article in full, please click here

Categories: Latest Security News

How to avoid using RDP in Windows

Computer World Security - Wed, 08/21/2019 - 04:00
Several new vulnerability disclosures in Windows Remote Desktop Protocol suggest it’s time to stop using it. Here’s how.
Categories: Latest Security News

Safari to ape Firefox, go all-in on anti-tracking

Computer World Security - Tue, 08/20/2019 - 12:53

The WebKit project - the open-source initiative that generates code for Apple's Safari browser - quietly announced last week that it would follow in Mozilla's footsteps and quash tracking technologies designed to follow users across the web.

In a short message on Aug. 14, the WebKit team pointed to its new Tracking Prevention Policy, a document that spells out its plans in detail, including what types of tracking it will create and how it will deal with any side effects.

[ Related: Get serious about privacy with the Epic, Brave and Tor browsers ]

"We have implemented or intend to implement technical protections in WebKit to prevent all tracking practices included in this policy," the document read. "If we discover additional tracking techniques, we may expand this policy to include the new techniques and we may implement technical measures to prevent those techniques."

To read this article in full, please click here

Categories: Latest Security News

Installing Windows 7 from a backup? You need a BitLocker patch right away

Computer World Security - Mon, 08/19/2019 - 10:33

No doubt you recall the warning back in February that Windows 7, Server 2008 and Server 2008 R2 patches starting in July would use the SHA-2 encryption protocol. If you want to install Win7 patches issued after July, you have to get the SHA-2 translator installed.

[ Related: Windows 7 to Windows 10 migration guide ]

A few days ago, Microsoft tossed a zinger into the FAQs down at the bottom of its SHA-2 post, 2019 SHA-2 Code Signing Support requirement for Windows and WSUS. That post now says that you have to install a seemingly unrelated patch, KB 3133977, entitled, BitLocker can't encrypt drives because of service crashes in svchost.exe process in Windows 7 or Windows Server 2008 R2.  

To read this article in full, please click here

Categories: Latest Security News

Microsoft warns of Visual Basic, VBA and VBScript 'procedure call' errors after August patches

Computer World Security - Thu, 08/15/2019 - 06:28

August is going to be a perilous patching month.

We’re tracking down credible reports of the Server 2012 R2 Monthly rollup breaking RDP logins, a conflict between the Win10 1903 cumulative update and last month’s version of Outlook 365, confusion about Win7 patches being branded as “IA64 only,” dealing with the lack of telemetry (!) in the August Win7 Security Only patch, much mayhem trying to install SHA-2 signed patches (including the Win7 Monthly Rollup) on systems using Symantec Endpoint Protection, even more confusion over the difference between Symantec Endpoint Protection and Norton Security Suite, and lots of the usual installation failures and rollbacks.

To read this article in full, please click here

Categories: Latest Security News

3 Google privacy tips for Mac and iOS users

Computer World Security - Thu, 08/15/2019 - 05:15

Alternative search engines such as DuckDuckGo are attracting growing numbers of privacy focused users, but there’s no doubt that Google dominates the industry, even on Apple products. Fortunately, there are several ways to make your Google activity more private.

Do you have a Google account? (You probably do)

Do you use Gmail? Did you one use Google +? Perhaps you employ Google Drive, Google Docs or any of the company’s other products. If so, you have a Google account.

To read this article in full, please click here

Categories: Latest Security News

Chrome, Firefox to expunge Extended Validation cert signals

Computer World Security - Thu, 08/15/2019 - 04:00

Google and Mozilla have decided to eliminate visual signals in their Chrome and Firefox desktop browsers of special digital certificates meant to assure users that they landed at a legitimate site, not a malicious copycat.

The certificates, dubbed "Extended Validation" (EV) certificates, were a subset of the usual certificates used to encrypt browser-to-server-and-back communications. Unlike run-of-the-mill certificates, EVs can be issued only by a select group of certificate authorities (CAs); to acquire one, a company must go through a complicated process that validates its legal identity as the site owner. They're also more expensive.

[ Further reading: 10 must-have Safari extensions ]

The idea behind EVs was to give web users confidence that they were at their intended destination, that the site, for instance, was owned by its legal proprietor, IDG, and not a fishy - and phishy - URL run by It's Crooks All the Way Down LLC and chockablock with malware. Browsers quickly took to the concept, rewarding EV-secured sites with in-your-face visual cues, notably the verified legal identity in front of the domain in the address bar. The identity was often shaded in green as an additional tip-off. (Chrome dismissed the green in September 2018 as of Chrome 69.)

To read this article in full, please click here

Categories: Latest Security News

Why blockchain-based voting could threaten democracy

Computer World Security - Mon, 08/12/2019 - 04:00

Public tests of blockchain-based mobile voting are growing.

Even as there's been an uptick in pilot projects, security experts warn that blockchain-based mobile voting technology is innately insecure and potentially a danger to democracy through "wholesale fraud" or "manipulation tactics."

The topic of election security has been in the spotlight recently after Congress held classified briefings on U.S. cyber infrastructure to identify and defend against threats to the election system, especially after Russian interference was uncovered in the 2016 Presidential election.

To read this article in full, please click here

Categories: Latest Security News

Apple announces a new iPhone (and you can’t have it)

Computer World Security - Fri, 08/09/2019 - 07:55

Apple has announced a new iPhone for 2020, but it will only be made available to a select group of security researchers – along with huge bounties to anyone informing the company of a new OS vulnerability.

Probably the world’s most exclusive iPhone

Ivan Krstić, Apple’s head of security engineering provided big insights into Apple’s platform security during his presentation at Black Hat U.S. 2019.

To read this article in full, please click here

Categories: Latest Security News

The best privacy and security apps for Android

Computer World Security - Fri, 08/09/2019 - 04:01

Let's get one thing out of the way right off the bat: If you're looking for recommendations about Android security suites or other malware-scanning software, you've come to the wrong place.

Why? Because, like most people who closely study Android, I don't recommend using those types of apps at all. Android malware isn't the massive real-world threat it's frequently made out to be, and Google Play Protect and other native Android features are more than enough to keep most devices safe.

To read this article in full, please click here

Categories: Latest Security News

Many VPN apps on Apple’s App store can’t be trusted, researcher warns

Computer World Security - Thu, 08/08/2019 - 06:50

I’m told Apple is at last looking into the privacy and security of free VPN apps made available across its platforms, following a report from researcher, Simon Migliano.

Who owns your VPN service?

The researcher has flagged up several concerns that really should be recognized by anyone choosing a VPN service from both the Apple and Google App Stores:

  • Ownership: Migliano claims that almost 60 percent of the most popular VPN apps are actually owned (sometimes opaquely) by Chinese companies.
  • Privacy: The researcher also found that as many as 77% of these VPN apps may have what he calls “serious privacy flaws”,including no privacy policy at all, generic policies with no mention of VPN or no detailed logging policy.
  • Data protection: Migliano claims Apple is not enforcing its third-party data-sharing ban against VPN apps, with 80 percent of the top free VPN apps “in breach of the rules”, he said. Many are sharing data with third parties, he claims.

That last allegation is particularly concerning.

To read this article in full, please click here

Categories: Latest Security News

Almost half of tested free Android antivirus apps fail. That might prove very useful to IT.

Computer World Security - Thu, 08/08/2019 - 04:00

One of the problems with enterprise mobile BYOD efforts is that corporate apps — and lots of corporate data, including sensitive intellectual property — must coexist on the same device with whatever employees choose to download on the personal side. That's far from ideal, but even worse is if employees choose to download a second antivirus program. Unlike doubling up on most apps (two VPNs, two word processors, two email programs, etc.), antivirus programs often conflict and fight each other, generating false positives and other bad results.

Unlike two deadbolts on a door, doubling up on security not only doesn't work with antivirus, it can actually sharply weaken security. This all assumes that both antivirus programs are professional, effective and well-intentioned. But that's often not the case. There are quite a few free antivirus programs out there, and they are disproportionately the ones employees opt to download. After all, if the company has already installed a high-level antivirus on the phone, why would an employee pay to install a second? But a free antivirus program is much more tempting.

To read this article in full, please click here

Categories: Latest Security News

Microsoft relaxes telemetry rule for PCs managed with Windows Update for Business

Computer World Security - Wed, 08/07/2019 - 14:12

Microsoft has quietly relaxed a rule that prevented privacy-first organizations from managing the Windows Update for Business (WUfB) service using group policies.

With Windows 10 1903, aka "Windows 10 May 2019 Update," which debuted in late May, organizations no longer are required to set the "diagnostic data level" for their devices to "Basic" or higher.

[ Related: Windows 10 May 2019 Update: Key enterprise features ]

That diagnostic data level is a multi-step categorization of what Microsoft pulls from Windows devices and sends to its own servers. Also dubbed "telemetry," the data harvesting is used by Microsoft for a range of tasks, notably deciding when a specific PC receives a feature upgrade.

To read this article in full, please click here

Categories: Latest Security News

How to set up Edge Chromium security options

Computer World Security - Wed, 08/07/2019 - 01:00
Edge Chromium can provide more protection for organizations that use older versions of Windows.
Categories: Latest Security News

Slack beefs up mobile security controls for Enterprise Grid

Computer World Security - Tue, 08/06/2019 - 09:00

Slack today unveiled new security capabilities for Enterprise Grid customers, including tighter controls for admins who oversee mobile device access.

Enterprise Grid was launched in 2017 for Slack’s biggest customers, with additional features to support large-scale deployments. Among the 150 organizations now using Enterprise Grid are Capital One, IBM and Target. 

Slack has continued to build out security and compliance features for the software since its introduction, including the addition of enterprise key management last September.  

To read this article in full, please click here

Categories: Latest Security News

Train to become an ethical hacker for only $39

Computer World Security - Tue, 08/06/2019 - 08:05

There are countless hackers and threats looming on the internet, so IT departments are in high demand for cybersecurity professionals to pinpoint threats before they strike. Luckily, there’s no better way to fight fire than with fire; ethical hackers study hacking techniques so that IT infrastructures will be better prepared for attacks. If you’re interested in becoming a hacker (legally, of course), then this $39 bundle is right for you.

To read this article in full, please click here

Categories: Latest Security News

It’s time to install most of July's Windows and Office patches

Computer World Security - Fri, 08/02/2019 - 11:09

With one glaring exception, July was a rather benign patching month. The Win10 versions got their usual two cumulative updates (the second considered “optional”). Visual Studio had some hiccups, but they’re fixed now.

To read this article in full, please click here

Categories: Latest Security News

Apple suspends Siri snooping (and promises more control for the rest of us)

Computer World Security - Fri, 08/02/2019 - 05:27

Apple has once again proved that it listens to valid criticism with the immediate global suspension of the Siri listening program that attracted so much controversy.

When it comes to privacy, Siri listens

At issue was quality control.

A small number of conversational snippets were shared with third party human contractors for quality control purposes.

To read this article in full, please click here

Categories: Latest Security News

Black Hat 2019 and DEF CON 27: What to expect at hacker summer camp | TECH(talk)

Computer World Security - Thu, 08/01/2019 - 14:00
Every year, thousands of hackers arrive in Las Vegas for three large security conferences -- DEF CON, Black Hat and Bsides Las Vegas -- taking place from Monday through Sunday next week. CSO Online's J.M. Porup chats with Juliet about what to expect at the conferences' sessions and what he's looking forward to.
Categories: Latest Security News


Subscribe to SecurityFeeds aggregator - Latest Security News