Skip to main content
Please wait...

JAMF warns: Many Apple-using businesses still aren’t secure

3 days 2 hours ago

Your enterprise security does not live in isolation — the threat environment extends across all your colleagues, partners, and friends.

That's why it’s very concerning that so many businesses continue to fail to meet basic security hygiene standards, according to the latest Security 360 report from Jamf.

Data is gold, which attackers recognize — even many in business don’t. Every stolen address, email, phone number, name, or even passport number is an ID attack waiting to happen, a path to enable a more complex phishing scam, or just an opportunity to call someone up and claim the target has a problem with their computer that they can help them with.

To read this article in full, please click here

Apple’s iMessage gains industry-leading quantum security

4 days 2 hours ago

Apple is preparing for future threats to iMessage by introducing upgraded encryption for its messaging service by using quantum computers.

Think of it as state-of-the-art quantum security for messaging at scale, the company says, resulting in Apple's messaging system being more secure against both current and future foes.

What is the protection?

Announced on Apple’s Security Research blog, the new iMessage protection is called PQ3 and promises the “strongest security properties of any at-scale messaging protocol in the world.”

To read this article in full, please click here

EU begins formal investigation of TikTok over potential violations of Digital Services Act

5 days ago

The European Commission has opened formal proceedings to assess whether TikTok may have breached the European Union’s Digital Services Act (DSA) in various ways associated with the protection of minors, advertising transparency, data access for researchers, and managing risk for addictive design and harmful content.

The formal investigation adds to the privacy and safety concerns that have plagued the video-sharing platform, giving enterprises yet another reason to consider banning its use by employees while they access corporate networks. The Commission had previously conducted a preliminary investigation and risk assessment that found further oversight to be necessary.

To read this article in full, please click here

Miro boosts security for its visual collaboration app

5 days 6 hours ago

Miro has unveiled a set of security tools designed to help businesses protect sensitive data shared on its digital whiteboard application. The new Miro Enterprise Guard includes features to automate detection and classification of sensitive data, manage content for legal audits, and provide IT admins with greater control over encryption.

Visual collaboration is one of the fastest-growing areas of the wider collaboration software market, according to IDC. Digital whiteboard apps provide a shared canvas for co-workers to brainstorm ideas and plan projects, with Miro competing against the likes of Mural, Figma, Microsoft and others.

To read this article in full, please click here

Microsoft fixes two zero-days with Patch Tuesday release

1 week 1 day ago

Microsoft on Tuesday released 73 updates in its monthly Patch Tuesday release, addressing issues in Microsoft Exchange Server and Adobe and two zero-day flaws being actively exploited in Microsoft Outlook (CVE-2024-21410) and Microsoft Exchange (CVE-2024-21413).

Including the recent reports that the Windows SmartScreen vulnerability (CVE-2024-21351) is under active exploitation, we have added “Patch Now” schedules to Microsoft Office, Windows and Exchange Server. The team at Readiness has provided this detailed infographic outlining the risks associated with each of the updates for this cycle.

To read this article in full, please click here

Microsoft and the Taylor Swift genAI deepfake problem

1 week 4 days ago

The last few weeks have been a PR bonanza for Taylor Swift in both good ways and bad. On the good side, her boyfriend Travis Kelce was on the winning team at the Super Bowl, and her reactions during the game got plenty of air time. On the much, much worse side, generative AI-created fake nude images of her have recently flooded the internet.

As you would expect, condemnation of the creation and distribution of those images followed swiftly, including from generative AI (genAI) companies and, notably, Microsoft CEO Satya Nadella. In addition to denouncing what happened, Nadella shared his thoughts on a solution: “I go back to what I think’s our responsibility, which is all of the guardrails that we need to place around the technology so that there’s more safe content that’s being produced.”

To read this article in full, please click here

Apple is ramping up its fight against malware

1 week 5 days ago

Ensuring platform security is hard, but when a company the stature of Apple begins to ramp up protection of its ecosystem, every IT decision maker should pay attention. Unfortunately, this is precisely what's happening: Apple is now updating fundamental protection at a faster clip than it's ever done before.

Apple’s security teams are alert

That important revelation comes from Howard Oakley at the excellent Eclectic Light Company blog. He notes that in the six weeks ending Feb. 9 Apple, has updated a Mac security feature called XProtect five times — introducing 11 new rules to the service.

To read this article in full, please click here

How to thwart cyber criminals seeking to target smaller businesses

1 week 5 days ago

Cyber criminals are increasingly targeting small and medium sized businesses (SMBs) in the belief that they have not invested in the security technology required to thwart attacks. In fact, 43% of cyberattacks are aimed at SMBs. Cybercriminals are rational, profit-driven and highly organised: they know that attacking easy targets can result in a bigger aggregate pay-day. 

 

To read this article in full, please click here

Cisco

Building the foundations of a sustainable innovation strategy

1 week 5 days ago

Modern customer demands and evolving technology capability mean smaller businesses are seeking digital transformation as eagerly as their enterprise counterparts.  

 

In the UK, for example, a recent survey by the Federation of Small Business (FSB) suggests that in the past three years, 69% of companies have either brought an entirely new product to market (25%), improved existing products (38%) or improved or introduced new internal or customer-facing processes (25%).  

To read this article in full, please click here

Cisco

The AI data-poisoning cat-and-mouse game — this time, IT will win

1 week 6 days ago

The IT community of late has been freaking out about AI data poisoning. For some, it’s a sneaky mechanism that could act as a backdoor into enterprise systems by  surreptitiously infecting the data large language models (LLMs) train on and then getting  pulled into enterprise systems. For others, it’s a way to combat LLMs that try to do an end run around trademark and copyright protections.

To read this article in full, please click here

What a future without browser cookies looks like

2 weeks 4 days ago

Most online users have experienced it. You do an online search for healthcare purposes, travel information, or something to buy and soon you’re being bombarded with emails and targeted online ads for everything related to your search. That’s because browser cookies were tracking you as you performed your searches; they identified you and your activity.

Over the past few years, the online advertising industry has been undergoing a sea change as regulators restricted how cookies can be used and browser providers moved away from their use in response to consumer outcries over privacy.

“They often feel surveilled; some even find it ‘creepy’ that a website can show them ads related to their behavior elsewhere,” according to a recent study by the HEC Paris Business School.

To read this article in full, please click here

When a customer gets defrauded, should the enterprise reimburse?

2 weeks 5 days ago

The New York Attorney General’s decision to sue Citibank last week for failing to reimburse customers who'd been victimized by fraud raised some interesting issues for business that go beyond just Citibank. Specificially, when should a customer be reimbursed for fraud and at what point do the customer’s own actions come into play?

To be clear, financial institutions have been routinely refusing to reimburse customers who have done nothing wrong. The far trickier issue is when the customer does indeed do something wrong.

To read this article in full, please click here

Apple accuses UK gov't of ‘unprecedented overreach’ on privacy

3 weeks 5 days ago

In the name of security, the UK government may well have put a cybersecurity target on the nation’s back, with Apple once again warning that proposed changes to the Investigatory Powers Act 2016 are a “serious and direct threat to data security and information privacy.

“We are deeply concerned about the amendments to the Investigatory Powers Bill currently before Parliament, which will put the privacy and security of users at risk," Apple said in a statement. “This is an unprecedented overreach by the government and, if implemented, the UK new user protections could be secretly vetoed globally, preventing us from ever delivering them to customers.”

To read this article in full, please click here

Russia hacks Microsoft: It’s worse than you think

3 weeks 6 days ago

Another day, another hack of Microsoft technology. Ho-hum, you might think, this has happened before and will happen again — as surely as the sun rises in the morning and sets at night.

This time is different. Because this time the targets weren’t Microsoft customers, but rather the top echelons of Microsoft itself. And the hacker group, called Midnight Blizzard, or sometimes Cozy Bear, the Dukes, or A.P.T. 29, is sponsored by Russia’s Foreign Intelligence Service (and has been since at least 2008).

To read this article in full, please click here

10 must-have security tips for digital nomads

1 month ago

I’ve been a digital nomad since 2006. Since then, I’ve spent more time abroad than in the United States, working all the while, no matter where. And I’ve learned a lot about safety, security and privacy in specific locations on the European, African, and American continents — often the hard way.

Lots of people travel for business or vacation. The difference with digital nomads abroad (and bleisure and workcation travelers) is that you’re more likely to be carrying your most expensive electronics, more likely to be staying at an Airbnb than a hotel, and more likely to have your work disrupted if you lose work computers and devices (not to mention passports and your wallet).

To read this article in full, please click here

The most significant number from Samsung's Galaxy S24 announcement

1 month ago

My goodness, there's a lot to be said about Samsung's newly announced Galaxy S24 family of flagship Android devices.

Aaaaand, spoiler alert: We won't be saying most of those things here, in this column, today.

Now, don't get me wrong: Samsung's latest and greatest Galaxy models have tons of good stuff going for 'em. From the eye-catching hardware to the specs to end all specs, Samsung rarely holds back with its top-of-the-line Android offerings. And this year's devices appear to be no exception.

To read this article in full, please click here

3 exceptional Android privacy power-ups

1 month 1 week ago

In many ways, privacy has become a bit of a conceptual buzzword — something that, similar to the AI craze of the moment, is as much about marketing a broad idea to people as it is anything specific or practical.

But all opportunistic hype aside, privacy absolutely does matter — once you dig in past that silly outer layer and actually think about what, exactly, you want to achieve. And here in the land o' Android, you've got plenty o' potential-packed possibilities to ponder.

Today, I want to draw your attention to one area where a teensy bit of effort can give you an awful lot of added privacy advantages — and that's in the ever-evolving domain of web browsing on your favorite Android gadget.

To read this article in full, please click here

How OpenAI plans to handle genAI election fears

1 month 1 week ago

OpenAI is hoping to alleviate concerns about its technology’s influence on elections, as more than a third of the world's population is gearing up for voting this year. Among the countries where elections are scheduled are the United States, Pakistan, India, South Africa, and the European Parliament.

“We want to make sure that our AI systems are built, deployed, and used safely. Like any new technology, these tools come with benefits and challenges,” OpenAI wrote Monday in a blog post. “They are also unprecedented, and we will keep evolving our approach as we learn more about how our tools are used.”

To read this article in full, please click here

Failed unsubscribes could be a clue your data's out of control

1 month 1 week ago

Anyone who's eveer tried to unsubscribe to an email list knows that "unsubscribe" button never seems to work — except to verify your email account is working. But what if that failure arises from something more problematic than an unethical person ignoring the request?

What if it is the latest symptom of the overly distributed data problem?

That's the same issue that undermines compliance and legal discovery rules such as GDPR’s Right To Be Forgotten rule. It’s also the same problem that makes it all-but-impossible for enterprises to have current and comprehensive datamaps. 

To read this article in full, please click here

Checked
40 minutes 43 seconds ago
Computer World Security
Subscribe to Computer World Security feed

About SecurityFeeds

SecurityFeeds Logo

Tim Weil is a Security Architect/IT Security Manager with over twenty five years of IT management, consulting and engineering experience in the U.S. Government and Communications Industry.  Mr. Weil's technical areas of expertise include IT Security Management, Enterprise Security Architecture, FISMA Compliance, Identity Management, and Network Engineering. Mr. Weil is a Senior Member of the IEEE and has served in several IEEE positions.