Latest Security News
CryptoLocker. WannaCry. Petya. Bad Rabbit. The ransomware threat isn’t going away anytime soon; the news brings constant reports of new waves of this pernicious type of malware washing across the world. It’s popular in large part because of the immediate financial payoff for attackers: It works by encrypting the files on your hard disk, then demands that you pay a ransom, frequently in Bitcoins, to decrypt them.
Android security is always a hot topic on these here Nets of Inter — and almost always for the wrong reason.
As we've discussed ad nauseam over the years, most of the missives you read about this-or-that super-scary malware/virus/brain-eating-boogie-monster are overly sensationalized accounts tied to theoretical threats with practically zero chance of actually affecting you in the real world. If you look closely, in fact, you'll start to notice that the vast majority of those stories stem from companies that — gasp! — make their money selling malware protection programs for Android phones. (Pure coincidence, right?)
Think fast: How many times a day do you pick up your phone to look at something? Unless you live in the tundra or have far more self-control than most, the answer probably falls somewhere between "quite a few" and "more than any sane person could count." Assuming you keep your device properly secured, that means you're doing an awful lot of unlocking — be it with your face, your fingerprint, or the code you tap or swipe onto your screen.
And that's to say nothing of the number of times you type your password into your laptop or enter your credentials into an app or website during the day. Security's important, but goodness gracious, it can be a real hassle.
It's more than a few years back, and this oilfield services company is implementing a new email filter, says a pilot fish working there.
"It was part of an email security product," fish says. "The filter could identify emails containing language that was not considered business appropriate.
"We'd had HR incidents involving inappropriate language in the past, especially from field hands emailing to office staff -- it gave a new meaning to 'crude oil workers' -- so it was decided we should enable the feature with its default settings and give it a run.
"Only a few hours later we received an alert that a message had been identified with inappropriate language.
We’re always told never to click on a link we receive in an email in case doing so takes us to some dodgy phishing site where our account details are violated. But what if our email app warned us before we clicked malicious links?Can this app protect against phishing attempts?
MetaCert isn’t fully available yet, but it does seem to be a promising solution that provides email users in enterprise and consumer markets an additional line of defense against clicking on malicious links received in email messages.
The solution emerged from the developer’s earlier work building an API to help app developers add a layer of security to WebView.
Flashback a few decades to the glory days of online service CompuServe, when anyone could get an account -- but not everyone could use their real names, according to a pilot fish in the know.
"You logged in with your account number, but to join a forum -- a chatroom focused on a specific topic -- you had to give a real name," fish says. "The name on your billing record was the default.
"Of course there were fraudsters who used an official-sounding name to phish people for personal info and credit card data. So users were not allowed to have words like 'billing' as any part of their in-forum real name. This could only be overridden by the forum sysop. I was one.
Got Fi? Google's unusual wireless service may have shifted its name from Project Fi to Google Fi this fall, but its core proposition remains the same: Pay only for the data you use, and avoid all the traditional carrier gotchas and nonsense.
For the right kind of person, especially among those of us on Android, Fi can be a real cost- and hassle-saver. And aside from its most prominently promoted perks — the seamless network-switching, the public Wi-Fi use, the fee-free roaming and hotspot capabilities, and so on — Fi has some pretty interesting out-of-the-way options that can really elevate your experience.
Imagine using Face ID on your iPhone alongside a password and Touch ID on your computer in order to access highly secure websites, such as online banks, enterprise intranets and confidential online data services.
That’s a possibility as Apple begins testing a new security standard called WebAuthn.What is WebAuthn?
In a joint report for the Monitoring, Evaluation, Research and Learning (MERL) Technology conference this fall, researchers who studied 43 blockchain use cases came to the conclusion that all underdelivered on claims.
And, when they reached out to several blockchain providers about project results, the silence was deafening. "Not one was willing to share data," the researchers said in their blog post.
Amazon this week announced its latest data analytics product, one aimed at scouring unstructured data within electronic medical records (EMRs) to offer up insights that physicians can use to better treat patients.
Amazon's new Comprehend Medical AWS cloud service is a natural-language processing engine that purports to be able to read physician notes, patient prescriptions, audio interview transcripts, and pathology and radiology reports – and use machine learning algorithms to spit out relevant medical information to healthcare providers.[ Further reading: A.I. and speech advances bring virtual assistants to work ]
Amazon's Comprehend Medical software service is one of 13 new machine learning software products the company announced on Tuesday.
By far the most important reason for this month’s relative patching calm: Microsoft decided to wait and get the Windows 10 (version 1809) patch right instead of throwing offal against a wall and seeing what sticks.[ Related: Windows 7 to Windows 10 migration guide ]
What remains is a hodge-podge of Windows patches, some mis-identified .NET patches, a new Servicing Stack Update slowly taking form, a bunch of Office fixes – including two buggy patches that have been pulled and one that’s been fixed – the usual array of Flash excuses and Preview patches.
Just one day after Microsoft came clean with an explanation of a Nov. 19 outage that blocked users of Office 365 from logging into their accounts using Multi-Factor Authentication (MFA), today the service again went on the fritz.
"Starting at 14:25 UTC on 27 Nov 2018, customers using Multi-Factor Authentication (MFA) may experience intermittent issues signing into Azure resources, such as Azure Active Directory, when MFA is required by policy," read the Azure status dashboard. Two and a half hours later, the dashboard reported that after resolving a problem with an earlier DNS (Domain Name Service) issue, engineers rebooted the services. "They observed a decrease in the failure rate after the reboot cycles," the dashboard concluded.
Authentication: the act of proving one’s identity to the satisfaction of some central authority. To most, this process means typing in a username and a password. It’s been this way for years and years.
Windows Hello is a biometrics-based technology that enables Windows 10 users to authenticate secure access to their devices, apps, online services and networks with just a fingerprint, iris scan or facial recognition. The sign-in mechanism is essentially an alternative to passwords and is widely considered to be a more user friendly, secure and reliable method to access critical devices, services and data than traditional logins using passwords.
“Windows Hello solves a few problems: security and inconvenience,” said Patrick Moorhead, president and principal analyst at Moor Insights & Strategy. “Traditional passwords are unsafe as they are hard to remember, and therefore people either choose easy-to-guess passwords or write down their passwords.”
Encryption may sound like a subject best left to hackers and tinfoil hat wearers, but don't be fooled: It's a critical part of contemporary life and something that's important for everyone, especially business users, to understand. And one of the places where encryption is most relevant and misunderstood is in the realm of email.
If you're using Gmail for electronic communication — be it for business, for personal use, or a combination of the two — it's well worth your while to know how the service does and doesn't secure your information and what steps you can take to make sure you're getting the level of privacy you need.
Ready to dive in?
You might not know it from all the panic-inducing headlines out there, but Android is actually packed with powerful and practical security features. Some are activated by default and protecting you whether you realize it or not, while others are more out of the way but equally deserving of your attention.
So stop wasting your time worrying about the Android malware monster du jour and which security company is using it to scare you into an unnecessary subscription, and take a moment instead to look through these far more impactful Android security settings — starting with the core elements and moving from there into some more advanced and easily overlooked options.
Encrypted email service provider ProtonMail has launched a standalone virtual private network app for iOS devices. With iOS now added to its list, ProtonMail said it now offers protection for the most popular operating systems, which include Windows, MacOS, Linux and Android.
VPN functionality is prevalent in enterprise security products and management products, according to Phil Hochmuth, program director for IDC's Enterprise Mobility team. At the same time, consumers are increasingly looking at VPN services to shield their online activities on wired networks, as well as on LTE/4G connections, he said.
Pilot fish at a federal agency gets a visit from a power user who can't get access to the data he needs -- and he's not at all happy.
"We used a very effective security product that could narrow down access to a specific user or dataset," says fish. "But you had to be careful to install any new rules in the right place, because once a rule was found it was applied, even if one with more relaxed access followed.
"As soon as I checked, I could see that I had misplaced the rule I had created for him.
"Now, normally if I made a mistake I'd admit to it and apologize. This particular day this fellow, an otherwise nice guy, was at it like a dog with a bone, demanding How did it happen? Who did this? over and over.
There's been a lot of discussion about Apple's T2 security chip, particularly the restrictions it places on repairs not sanctioned by Apple. The controversy centers on an Apple utility needed to make changes like swapping out the built-in SSD drives. The overall argument ties into the right-to-repair fight, allowing hardware owners to make changes to their own devices.
Two related Office 2010 non-security patches issued on Nov. 6 were pulled on Nov. 17. KB 4461522 and KB 2863821 are both related to changes coming in the Japanese calendar next month attributed to the abdication of Emperor Akihito in favor of his son, Naruhito. The event has been compared to the Y2K problem in the west. It’s not clear why two patches were released on Nov. 6 to accommodate that calendar change, but both KB articles now sport the admonition: