Latest Security News

How and why Apple users should switch to DuckDuckGo for search

Computer World Security - 5 hours 8 min ago

Like liberty for all, privacy demands vigilance, and that’s why Apple users who care about those things are moving to DuckDuckGo for search.

Why use DuckDuckGo?

Privacy is under attack.

It doesn’t take much effort to prove this truth. At time of writing, recent news is full of creeping privacy erosion:

And then there’s Duck Duck Go.

To read this article in full, please click here

Categories: Latest Security News

How to manage Microsoft Windows BitLocker

Computer World Security - Wed, 07/17/2019 - 04:00
Use these techniques to inventory your network to determine which devices have BitLocker.
Categories: Latest Security News

What the FTC’s $5 billion fine really means for Facebook | TECH(feed)

Computer World Security - Tue, 07/16/2019 - 08:00
Last week, the Federal Trade Commission hit Facebook with a $5 billion fine for mishandling user data. The fine comes after the FTC’s investigation following the Cambridge Analytica scandal. On this episode of TECH(feed), Juliet discusses the implications of this fine -- and how Facebook may (or may not) change its practices.
Categories: Latest Security News

How to take control of Face ID (with tools you may not know exist)

Computer World Security - Mon, 07/15/2019 - 10:00

If you travel frequently and use an iPhone or iPad, then you simply must familiarize yourself with these two tips – they’ll make it much easier to secure your device and its contents when you are on the move.

In praise of Face ID

I’ve become very used to using Face ID. It’s seamless.

On the iPhone, I like that I can pay for groceries with a look and find it much easier to use in the dark than the Home button.

My iPad experience is similar, but I do get annoyed sometimes that I must raise the tablet slightly to get the face angle right – this isn’t always as intuitive as I would like.

[ Related: Get to know Apple’s 11+ new privacy tools ]

All the same, given Apple’s claim that there is a 1 in 50,000 chance that someone else's fingerprint will unlock your iPhone and a 1 in 1,000,000 chance that it will be unlocked by another person’s face, I’ll always opt for the highly secure choice.

To read this article in full, please click here

Categories: Latest Security News

Memory-Lane Monday: Even worse than you thought

Computer World Security - Mon, 07/15/2019 - 04:00

This government agency has cashiers’ stations for handling transactions with the public, and the treasurer’s office decides it needs new software to run those stations, according to a pilot fish in IT.

And there’s going to be one sign-on and password for all the stations, brag the higher-ups.

Bad idea, protest all the IT programmers and system administrators. For one thing, having a single user sign-on to the system will prevent tracking who is completing each transaction. They cite security, accountability and separation of duties, but their protests fall on deaf ears.

The vendor rep shows up one day, and he and the treasurer do a presentation for an audience that includes IT managers. The two sound excited, and a touch proud, when they tell everyone that the cashiers will sign on with the user ID “Cash.” They don’t share the top-secret password, though; that’s just for the cashiers to know.

To read this article in full, please click here

Categories: Latest Security News

Zoom fixes webcam flaw for Macs, but security concerns linger

Computer World Security - Thu, 07/11/2019 - 12:51

Zoom released a patch this week to fix a security flaw in the Mac version of its desktop video chat app that could allow hackers to take control of a user’s webcam. 

The vulnerability was discovered by security researcher Jonathan Leitschuh, who published information about it in a blog post Monday. The flaw potentially affected 750,000 companies and approximately 4 million individuals using Zoom, Leitschuh said.

[ Related: 6 tips for scaling up team collaboration tools ]

Zoom said it’s seen “no indication” any users were affected. But concerns about the flaw and how it works raised questions about whether other similar apps could be equally vulnerable.

To read this article in full, please click here

Categories: Latest Security News

How to set up Microsoft Cloud App Security

Computer World Security - Thu, 07/11/2019 - 09:00
This new add-on will let you set up alerts about suspicious sign-on activity for Office 365 and other cloud apps.
Categories: Latest Security News

New Windows 7 'security-only' update installs telemetry/snooping, uh, feature

Computer World Security - Thu, 07/11/2019 - 04:16

Back in October 2016, Microsoft divided the Win7 and 8.1 patching worlds into two parts.

Those who got their patches through Windows Update received so-called Monthly Rollups, which included security patches, bug fixes – and we frankly don’t know what else – rolled out in a cumulative stream.

The folks who were willing to download and manually install patches were also given the option of installing “security-only” patches, not cumulative; these were meant to address just the security holes.

To read this article in full, please click here

Categories: Latest Security News

Microsoft delivers Defender ATP security service to Macs

Computer World Security - Tue, 07/09/2019 - 12:42

Microsoft on Monday made good on a March pledge by announcing that its most sophisticated endpoint security service is now available for Macs.

Microsoft Defender ATP (Advanced Threat Protection) for Mac shifted to what the company calls "general availability" on June 28, wrote Helen Allas, a principal program manager on the enterprise security team, in a July 8 post to a company blog. Core components of Defender ATP, including the latest - "Threat & Vulnerability Management," which made it to general availability a week ago - now serve Macs.

To read this article in full, please click here

Categories: Latest Security News

How Apple is improving iCloud this year

Computer World Security - Tue, 07/09/2019 - 08:06

Apple quite evidently plans many interesting improvements in its iCloud service this year. So, what’s going on?

What we know so far

Apple at WWDC made several announcements that will be reliant on iCloud – these include obvious things like new services and support for new functions, and less evident topics around sync, data and AI.

Most recently, the company began beta-testing Touch ID and Face ID access to online, meaning that if you happen to be using an Apple device (Mac, iPad, iPhone) you can access your online iCloud services with the touch of a finger or a quick eye scan.

This may also be Apple’s way of testing the privacy-protecting Sign-in with Apple service it intends launching later this year.

To read this article in full, please click here

Categories: Latest Security News

The top 8 problems with blockchain

Computer World Security - Mon, 07/08/2019 - 04:00

While blockchain holds tremendous potential for creating new financial, supply chain and digital identity systems, it's often erroneously seen as a panacea for business problems.

The myriad of pilots and proofs of concept by large corporations and government agencies are showing real promise, but those projects don't always lead to obvious business cases that justify doing something differently. Sometimes a tried and true technology like a relational database can perform the task much more efficiently than a distributed ledger based on peer-to-peer technology that will require complex governance and rules.

To read this article in full, please click here

(Insider Story)
Categories: Latest Security News

Throwback Thursday: Spoilsport

Computer World Security - Thu, 07/04/2019 - 04:00

This IT security pilot fish knows something about audits — and knows what he expects of auditors.

“I have more than 15 years of audit experience in IT,” fish says. “I have written and implemented policy and procedure, and developed incident response plans. I spent the better part of last year making sure that the external auditors could not find any inconsistencies in our control standards.”

Then the internal audit director decides to perform an audit of fish’s group — and sends a young auditor who thinks he knows everything IT.

After three weeks of research and testing, young auditor presents his results in a meeting with his boss the audit director and fish.

To read this article in full, please click here

Categories: Latest Security News

Message to IT: Trusting Apple and Google for mobile app security is career suicide

Computer World Security - Mon, 07/01/2019 - 06:47

Ready for the mobile security news that IT doesn't want to hear about but needs to? When security firm Positive Technologies started pen-testing various mobile apps, security holes were rampant.

We'll plunge into the details momentarily, but here's the upshot: "High-risk vulnerabilities were found in 38 percent of mobile applications for iOS and in 43 percent of Android applications" and "most cases are caused by weaknesses in security mechanisms — 74 percent and 57 percent for iOS and Android apps, respectively, and 42 percent for server-side components — because such vulnerabilities creep in during the design stage, fixing them requires significant changes to code."

To read this article in full, please click here

Categories: Latest Security News

Microsoft Patch Alert: The Windows patching heavens buzz with silver bullets

Computer World Security - Mon, 07/01/2019 - 05:36

How many bugs could a WinPatcher patch, if a WinPatcher could patch bugs?

Ends up that June’s one of the buggiest patching months in recent memory – lots of pesky little critters, and the ones acknowledged by Microsoft led to even more patches later in the month.

In June, we saw eight single-purpose Windows patches whose sole mission is to fix bugs introduced in earlier Windows patches. I call them silver bullets – all they do is fix earlier screw-ups. If you install security patches only, these eight have to be installed manually to fix the bugs introduced earlier. It’s a congenital defect in the patching regimen – bugs introduced by security patches get fixed by non-security “optional” patches, while waiting for the next month’s cumulative updates to roll around.

To read this article in full, please click here

Categories: Latest Security News

Mozilla takes swipe at Chrome with 'Track THIS' project

Computer World Security - Thu, 06/27/2019 - 05:28

Mozilla this week touted Firefox's anti-ad tracking talents by urging users of other browsers to load 100 tabs to trick those trackers into offering goods and services suitable for someone in the 1%, an end-times devotee and other archetypes.

[ Related: Get serious about privacy with the Epic, Brave and Tor browsers ]

Tagged as "Track THIS," the only-semi-tongue-in-cheek project lets users select from four personas - including "hypebeast," "filthy rich," "doomsday prepper," and "influencer" - for illustrative purposes. Track THIS then opens 100 tabs "to fool trackers into thinking you're someone else."

To read this article in full, please click here

Categories: Latest Security News

How updates to MongoDB work to prevent data breaches | TECH(talk)

Computer World Security - Wed, 06/26/2019 - 13:37
CSO senior writer Lucian Constantin and Computerworld Executive Editor Ken Mingis talk database security and how MongoDB's new field-level encryption takes security to the next level.
Categories: Latest Security News

Microsoft beefs up OneDrive security

Computer World Security - Wed, 06/26/2019 - 12:49

Microsoft today announced changes to its OneDrive storage service that will let consumers protect some or even all of their cloud-stored documents with an additional layer of security.

The new feature - dubbed OneDrive Personal Vault - was trumpeted as a special protected partition of OneDrive where users could lock their "most sensitive and important files." They would access that area only after a second step of identity verification, ranging from a fingerprint or face scan to a self-made PIN, a one-time code texted to the user's smartphone or the use of the Microsoft Authenticator mobile app. (The process is often labeled as two-factor security to differentiate it from the username/password that typically secures an account.)

To read this article in full, please click here

Categories: Latest Security News

How ‘Find My’ Mac works in macOS Catalina and iOS 13

Computer World Security - Fri, 06/21/2019 - 09:13

Apple is changing how its Find My Mac tool works in macOS Catalina and iOS – it will now use Bluetooth and should find your Mac even when it is asleep.

How does ‘Find My’ Mac work?

Apple is combining two apps – Find My Friends and Find My iPhone into a new ‘Find My’ app.

The combined app offers what we are used to from each one of these individual apps, but introduces new tools based on Bluetooth.

The ideas is that it will use low energy Bluetooth signals to help bring people together with lost things.

To read this article in full, please click here

Categories: Latest Security News

Google asks Chrome users for help in spotting deceptive sites

Computer World Security - Wed, 06/19/2019 - 13:46

Google this week asked for help in identifying suspicious websites, offering users of its Chrome browser an add-on that lets them rat out URLs.

The Suspicious Site Reporter, which can be added to desktop Chrome, places a new flag-style icon on the top bar of the browser. "By clicking the icon, you're now able to report unsafe sites to Safe Browsing for further evaluation," Emily Schechter, a Chrome product manager, wrote in a Tuesday post to a company blog.

[ Related: How to protect Windows 10 PCs from ransomware ]

Safe Browsing is the name of the technology used by Google's search engine, Chrome, Mozilla's Firefox, Apple's Safari, and Android to steer users away from sites that host malicious or deceptive content. On the back end, Google uses robots to scan the web and build a list of websites that host malware, harmful downloads or deceptive ads and pages. Software developers can then plug into an API to integrate this list into their own applications, something rival browser makers have done for years.

To read this article in full, please click here

Categories: Latest Security News

What the latest iOS passcode hack means for you

Computer World Security - Tue, 06/18/2019 - 15:25

A mobile device forensics company now says it can break into any Apple device running iOS 12.3 or below.

Israeli-based Cellebrite made the announcement on an updated webpage and through a tweet where it asserted it can unlock and extract data from all iOS and "high-end Android" devices.

[ Further reading: The wireless road warrior’s essential guide ]

On the webpage describing the capabilities of its Universal Forensic Extraction Device (UFED) Physical Analyzer, Cellebrite said it can "determine locks and perform a full file- system extraction on any iOS device, or a physical extraction or full file system (File-Based Encryption) extraction on many high-end Android devices, to get much more data than what is possible through logical extractions and other conventional means."

To read this article in full, please click here

Categories: Latest Security News


Subscribe to SecurityFeeds aggregator - Latest Security News