Feed aggregator

Google asks Chrome users for help in spotting deceptive sites

Computer World Security - Wed, 06/19/2019 - 13:46

Google this week asked for help in identifying suspicious websites, offering users of its Chrome browser an add-on that lets them rat out URLs.

The Suspicious Site Reporter, which can be added to desktop Chrome, places a new flag-style icon on the top bar of the browser. "By clicking the icon, you're now able to report unsafe sites to Safe Browsing for further evaluation," Emily Schechter, a Chrome product manager, wrote in a Tuesday post to a company blog.

[ Related: How to protect Windows 10 PCs from ransomware ]

Safe Browsing is the name of the technology used by Google's search engine, Chrome, Mozilla's Firefox, Apple's Safari, and Android to steer users away from sites that host malicious or deceptive content. On the back end, Google uses robots to scan the web and build a list of websites that host malware, harmful downloads or deceptive ads and pages. Software developers can then plug into an API to integrate this list into their own applications, something rival browser makers have done for years.

To read this article in full, please click here

Categories: Latest Security News

What the latest iOS passcode hack means for you

Computer World Security - Tue, 06/18/2019 - 15:25

A mobile device forensics company now says it can break into any Apple device running iOS 12.3 or below.

Israeli-based Cellebrite made the announcement on an updated webpage and through a tweet where it asserted it can unlock and extract data from all iOS and "high-end Android" devices.

[ Further reading: The wireless road warrior’s essential guide ]

On the webpage describing the capabilities of its Universal Forensic Extraction Device (UFED) Physical Analyzer, Cellebrite said it can "determine locks and perform a full file- system extraction on any iOS device, or a physical extraction or full file system (File-Based Encryption) extraction on many high-end Android devices, to get much more data than what is possible through logical extractions and other conventional means."

To read this article in full, please click here

Categories: Latest Security News

How the Huawei ban could become a security threat | TECH(feed)

Computer World Security - Tue, 06/18/2019 - 08:00
We’ve already talked about how the Huawei ban may affect business, but how will it affect security? Google has already warned of security threats should the company be unable to send updates to Huawei’s Android-powered devices. And even if Huawei responds with its own OS, will people trust it? In this episode of TECH(feed), Juliet discusses those security implications and what some people think the U.S. should do instead.
Categories: Latest Security News

Time-Machine Tuesday: Get a room!

Computer World Security - Tue, 06/18/2019 - 04:00

This security pilot fish is a big believer in automated systems. And he’s very impressed when his company moves into new offices where the meeting rooms take the manual labor out of scheduling meetings.

“There are room wizards outside every door to assist in scheduling,” fish says. “And there’s full integration with Microsoft Exchange, so that your meeting information is accurate and timely and always shows the proper room.”

One of fish’s most important meetings is a committee meeting every month on the day after Patch Tuesday to consider how to handle that batch of Microsoft updates. It’s been a regular meeting for years, and after the move the new scheduling system seems to handle it fine.

To read this article in full, please click here

Categories: Latest Security News

WWDC: Has Apple closed the door on non-Mac App Store apps?

Computer World Security - Mon, 06/17/2019 - 08:58

Ever since Apple introduced the Mac App Store developers have warned it plans to close off its platform, so news the company will insist on App Notarization in macOC Catalina set those critics off again. The thing is, it’s a little more complicated.

What is Apple doing?

Yes, Apple is making it a little more difficult for Mac users to install apps that aren’t sold at the Mac App Store or made available from bona fide developers happy to submit their software for the company’s speedy App notarization service.

To read this article in full, please click here

Categories: Latest Security News

The case against knee-jerk installation of Windows patches

Computer World Security - Mon, 06/17/2019 - 04:10

Heresy. Yes, I know. Any way you slice it, from my point of view anyway, Windows Automatic Update is for chumps.

Just like the “users must be forced to change their passwords frequently” argument that’s no longer au courant, the “users must get patched immediately” argument is based on old, faulty, and totally unsubstantiated claims that make security people feel better — and little else.

With a few notable exceptions, in the real world, the risks of getting clobbered by a bad patch far, far outweigh the risks of getting hit with a just-patched exploit. Many security “experts” huff and puff at that assertion. The poohbahs preach Automatic Update for the unwashed masses, while frequently exempting themselves from the edict.

To read this article in full, please click here

Categories: Latest Security News

WWDC: Apple’s iOS 13 NFC improvements are good for business

Computer World Security - Thu, 06/13/2019 - 08:08

Apple will make NFC much more useful in iPhones running iOS 13, and these enhancements will impact the retail, medical, government and security industries.

What is Apple changing?

Apple already uses NFC to support Apple Pay and the Apple Pay Express Transit system which is rolling out at this time.

While it has incrementally extended the tasks NFC supports over the years, the company has limited its NFC support to the NDEF standard until now, but extends this with support for new standards in its Core NFC Framework in iOS 13.

To read this article in full, please click here

Categories: Latest Security News

Microsoft is better at documenting patch problems, but issues abound

Computer World Security - Thu, 06/13/2019 - 04:55

I don’t know about you, but I’ve given up on Microsoft’s ability to deliver reliable patches. Month after month, we’ve seen big bugs and little bugs pushed and pulled and squished and re-squished. You can see a chronology from the past two years in my patching whack-a-mole columns starting here.

[ Related: Windows 10 May 2019 Update: Key enterprise features ]

For the past few months, though, we’ve seen some improvement. Microsoft has started identifying and publicly acknowledging big bugs, shortly after they’re pushed. Consider:

To read this article in full, please click here

Categories: Latest Security News

Save yourself a headache: Make sure Windows automatic update is off

Computer World Security - Mon, 06/10/2019 - 05:22

Much has changed in the past month. We’ve seen an emergency cry for all Windows XP, Vista, Win7, Server 2003, 2008 and 2008 R2 systems to get patched in order to fend off widely anticipated BlueKeep attacks. We’ve also seen Microsoft officially release Windows 10 version 1903, with unsuspecting “seekers” now the prime targets.

To read this article in full, please click here

Categories: Latest Security News

WWDC: Get to know Apple’s 11+ new privacy tools

Computer World Security - Fri, 06/07/2019 - 06:22

Apple introduced an array of additional privacy protections at WWDC 2019. Many of these both offer protection and help us better understand how our privacy is undermined.

Why does this matter?

Apple CEO Tim Cook is passionate about the need to protect user privacy, and this is by no means a one-man mission.

Speaking with Vector, Apple’s vice president of software technology, Bud Tribble, stressed the need to educate people into the needs and benefits of privacy, a topic he believes is much more widely discussed now than before.

To read this article in full, please click here

Categories: Latest Security News

WWDC: Get to know Apple’s 11+ new privacy tools

Computer World Security - Fri, 06/07/2019 - 06:22

Apple introduced an array of additional privacy protections at WWDC 2019. Many of these both offer protection and help us better understand how our privacy is undermined.

Why does this matter?

Apple CEO Tim Cook is passionate about the need to protect user privacy and this is by no means a one man mission.

Speaking with Vector, Apple’s VP Software Technology, Bud Tribble stressed the need to educate people into the needs and benefits of privacy, a topic he believes is much more” widely discussed now than before.

To read this article in full, please click here

Categories: Latest Security News

Mozilla makes anti-tracking the Firefox default

Computer World Security - Thu, 06/06/2019 - 13:43

Mozilla this week began to switch on an aggressive anti-tracking technology in Firefox that it has touted since 2015.

With a June 4 update to Firefox 67, Mozilla turned on Enhanced Tracking Protection (ETP) by default for new users. Existing customers simply updating their browsers may enable ETP themselves. The default-of-on will be extended to those users "in the coming months," Mozilla said, apparently activating it in stages as a last-step quality control.

[ Related: What's in the latest Firefox update? ]

Mozilla also used the update to Firefox 67.0.1 to trumpet other privacy- and security-centric enhancements, including an add-on that brings its Lockwise password manager to the desktop browser and an improved Facebook Container, an extension designed to keep the social network behemoth from tracking users elsewhere on the web.

To read this article in full, please click here

Categories: Latest Security News

NSA, Microsoft implore enterprises to patch Windows' 'BlueKeep' flaw before it's too late

Computer World Security - Wed, 06/05/2019 - 14:16

The U.S. National Security Agency (NSA) on Tuesday called on IT administrators to apply security updates issued by Microsoft three weeks ago, adding to a chorus of voices urging haste.

"The National Security Agency is urging Microsoft Windows administrators and users to ensure they are using a patched and updated system in the face of growing threats," the NSA said in a June 4 advisory.

[ Related: Microsoft Windows 10 vs. Apple macOS: 18 security features compared ]

The agency's advice followed by several days that of Microsoft itself. On Thursday, May 30, a company official reminded users of the updates - which the company released May 14 - and implied that time is short. "We strongly advise that all affected systems should be updated as soon as possible," Simon Pope, the director of incident response at the Microsoft Security Response Center (MSRC), wrote in a blog post.

To read this article in full, please click here

Categories: Latest Security News

WWDC: What you need to know about Sign In with Apple

Computer World Security - Tue, 06/04/2019 - 12:32

There’s lots of interest in Apple’s new Sign In with Apple system, a highly secure, private way to sign in to apps and websites. Here’s what you need to know:

What is Sign In with Apple?

Apple has noticed that sign-in systems for services, apps, and websites rely on services that use your action of signing in to place cookies on your computer and track what you do.

Apple’s focus on privacy means it is attempting to restrict such practices, which is why it has developed the new system as a more private way to sign into these apps and services.

To read this article in full, please click here

Categories: Latest Security News

It’s time to install the May Windows and Office patches

Computer World Security - Tue, 06/04/2019 - 06:08

May 2019 will go down in the annals of Patch-dom as the month we all ran for cover to fend off another WannaCry-caliber worm, but a convincing exploit never emerged.

Microsoft officially released Windows 10 version 1903 on May 21, but I haven’t yet heard from anyone who’s been pushed. All of the complaints I hear are from those “seekers” who went to the download site and installed 1903 with malice and forethought. A triumph of hope over experience.

This month, if you let Windows Update have its way on your machine, you may end up with a different build number than the person sitting next to you. Blame the gov.uk debacle for that: Folks with Windows set up for U.K. English get an extra cumulative update pushed onto their machines, whilst those who don’t fly the Union Jack will get the fix in due course next month.

To read this article in full, please click here

Categories: Latest Security News

Who watches the iOS parental control apps?

Computer World Security - Fri, 05/31/2019 - 08:36

Children are emotional. Protecting them matters. When it comes to technology, do you want developers you don’t know over whom you have no control watching what your children do on their devices?

Apple doesn't

Apple recently cut developers off from using MDM software to drive third-party parental control solutions.

Developers were upset, and seventeen smaller developers you’ve probably never heard of got together just days before Apple’s WWDC 2019 conference with a well-organized PR campaign and a professional website to demand access to new API’s that let them develop parental control software for iOS.

To read this article in full, please click here

Categories: Latest Security News

What do recent public SAP exploits mean for enterprises? | TECH(talk)

Computer World Security - Thu, 05/30/2019 - 11:38
Recently released public SAP exploits (dubbed 10KBLAZE) could pose a security risk for thousands of businesses. Computerworld executive editor Ken Mingis and CSO Online's Lucian Constantin discuss the fallout of 10KBLAZE, and how businesses using SAP should respond.
Categories: Latest Security News

Microsoft Patch Alert: Patching whack-a-mole continues

Computer World Security - Thu, 05/30/2019 - 05:16

In a normal month, you need a scorecard to keep track of Windows patches. Now, your scorecards need a scorecard. One ray of hope: It looks like some Windows 10 cumulative updates will include the new “Download and install now” feature.

The May 2019 Windows updates have taken so many twists and turns it’s hard to pin things down, but as of Thursday morning, here’s what we’ve seen.

Windows 10 cumulative updates

As of now, all of the recent versions of Win10 (1607/Server 2016, 1703, 1709, 1803, 1809/Server 2019) have had three cumulative updates in May. Depending on where you live (or, more correctly, which locality you’ve chosen for your machine), you’ve been pushed one or two of them. If you’re a “seeker” (and clicked “Check for updates” or downloaded and installed the patches), you’ve had at least two, and maybe three. Got that?

To read this article in full, please click here

Categories: Latest Security News

AT&T becomes first big mobile carrier to accept Bitcoin payments

Computer World Security - Fri, 05/24/2019 - 10:47

AT&T will allow customers to pay their mobile bills using Bitcoin, adding its name to a short list of major businesses and government agencies that allow the blockchain-based cryptocurrency to be used as a form of payment.

While not directly accepting cryptocurrency, AT&T is the first major U.S. mobile carrier to let customers pay in Bitcoin through a third-party service provider.

Customers using its online bill pay service or the myAT&T app will be able to choose BitPay, a cryptocurrency payment processor for payments. The customer pays in Bitcoin and BitPay verifies the funds and accepts the Bitcoin on behalf of the business.

To read this article in full, please click here

Categories: Latest Security News

Microsoft sets post-retirement patching record with Windows XP fix – 5 years after support ended

Computer World Security - Thu, 05/16/2019 - 11:03

Microsoft on Wednesday resurrected Windows XP and Windows Server 2003 long enough to push patches to the long-dead products. It was the first time since 2017 that Microsoft deemed the situation serious enough to warrant a security fix for XP.

Windows XP fell off the public support list in April 2014, while Windows Server 2003 was removed in July 2015.

[ Related: Windows 7 to Windows 10 migration guide ]

"If you are on an out-of-support version, the best way to address this vulnerability is to upgrade to the latest version of Windows," Simon Pope, director of incident response at the Microsoft Security Response Center, asserted in a post to a company blog. "Even so, we are making fixes available for these out-of-support versions of Windows."

To read this article in full, please click here

Categories: Latest Security News

Pages

Subscribe to SecurityFeeds aggregator