Skip to main content
Please wait...

DOJ reverses itself, says good-faith security researchers should be left alone

1 day 21 hours ago

In a move that could have a major impact on enterprise penetration testing and other cybersecurity tactics, the US Department of Justice last Thursday reversed one of its own policies by telling prosecutors not to prosecute anyone involved in “good-faith security research.”

This is one of those common-sense decisions that makes me far more interested in exploring the original DOJ policy (set in 2014, during the Obama era). 

The underlying law at issue is the Computer Fraud and Abuse Act, which made it illegal to access a computer without proper authorization. It was passed in 1986 and has been updated several times since then.

To read this article in full, please click here

Evan Schuman

IT salaries aren't keeping up with inflation — but that may soon change

1 day 21 hours ago

Pay for some IT professionals is failing to keep up with inflation, according to a salary survey by IT employment consultancy Janco Associates for calendar year 2021. But preliminary data indicates pay for tech workers could soon change drastically with job market in IT tight, and many companies eyeing major tech projects in the year ahead.

With inflation in the US running at about 8% over the past year, salary increases — even for IT execs — have failed to keep pace.

The mean compensation for all IT pros last year rose only 2.05%, with the median salary at $100,022 for those at large enterprises and at $95,681 for IT workers at mid-sized firms, according to Janco.

To read this article in full, please click here

Lucas Mearian

Not all patching problems are created equal

1 week 4 days ago

It’s the third week of the month — the week we find out whether Microsoft acknowledges any side effects it’s investigating as part of the monthly patch-release process.

First, a bit of background. Microsoft has released patches for years. But they haven’t always been released on a schedule. In the early days, Microsoft would release updates any day of the week. Then in October 2003, Microsoft formalized the release of normal security updates on the second Tuesday of the month. Thus was born Patch Tuesday. (Note: depending on where you are in the world, Patch Tuesday may be a Patch Wednesday.) The following day, or in some cases, over the next week, users and admins report issues with updates — and Microsoft finally acknowledges that, yes, there are issues.

To read this article in full, please click here

Susan Bradley

May's Patch Tuesday updates make urgent patching a must

1 week 6 days ago

This past week's Patch Tuesday started with 73 updates, but ended up (so far) with three revisions and a late addition (CVE-2022-30138) for a total of 77 vulnerabilities addressed this month. Compared with the broad set of updates released in April, we see a greater urgency in patching Windows — especially wiith three zero-days and several very serious flaws in key server and authentication areas. Exchange will require attention, too, due to new server update technology.

To read this article in full, please click here

Greg Lambert

Europe puts Apple’s CSAM plans back in the spotlight

2 weeks 1 day ago

Apple may have put some of its plans to scan devices for CSAM material on hold, but the European Commission has put them right back in the spotlight with a move to force messaging services to begin monitoring for such material.

CSAM is emerging as a privacy test

In terms of child protection, it’s a good thing. Child Sexual Abuse Material (CSAM) is a far bigger problem than many people realize; victims of this appalling trade end up with shattered lives.

To read this article in full, please click here

Jonny Evans

Just what does Windows 11 bring to the table?

2 weeks 4 days ago

The other day, my Dad — my bellwether for technology — mentioned in passing that he’d read online that Windows 11 shouldn’t be used and that the operating system wasn’t being adopted.

Dad had a point. He’s more of an Apple user now — I have him on my phone plan to support his tech needs, he uses an iPhone and has an iPad. As his needs have changed, his reliance on Windows devices has decreased. In fact, his current Windows needs involve applications not on the Apple platform. (And because he’s a standalone user, not a domain user, many of the advances in Windows 11 having to do with authentication won’t be available to him.)

To read this article in full, please click here

Susan Bradley

Google responds to EU data rulings with new Workspace controls

3 weeks 2 days ago

Google Cloud has announced a new set of Sovereign Controls for users of its Workspace productivity software, aimed at allowing organizations in both the public and private sector to better control, limit, and monitor data transfers to and from the European Union.

The changes look to have come in response to a range of recent European Union efforts to better protect the personal data of members when using cloud services, following the collapse of Privacy Shield.

To read this article in full, please click here

Charlotte Trueman

Enterprise mobility 2022: UEM adds user experience, AI, automation

3 weeks 3 days ago

The past two years have seen mobility management take on a greater importance than ever in the enterprise. As remote and hybrid work models take hold at many organizations, “mobility management” has expanded its meaning from management of mobile devices to management of all devices used by mobile employees, wherever they happen to be working from.

Unified endpoint management (UEM) has become a strategic technology at the center of companies’ efforts to control this increasingly complex environment. Essentially combining enterprise mobility management (EMM) tools with PC management tools, UEM platforms help companies manage and protect a range of devices including smartphones, tablets, laptops, and desktop computers across multiple operating systems — all from a unified interface.

To read this article in full, please click here

Bob Violino

Russia is losing the cyberwar against Ukraine, too

3 weeks 4 days ago

When Russia launched its all-out attack against Ukraine in February, the world expected the invaders to roll over the country quickly. That didn’t happen, and Ukraine today, though still under assault, has so far thwarted Russia’s ambitions to conquer it.

Russia has also been fighting a quieter war against Ukraine, a cyberwar, deploying what had been considered the most feared state-sponsored hackers in the world. And in the same way that Ukraine has fended off Russia’s military might, it’s been winning the cyberwar as well.

[ Ukrainian IT industry says it’s still open for business ]

In that cyberwar, as always, the terrain is primarily Windows, because it represents the largest and most vulnerable attack surface in the world. The facts about what exactly is going on have been shadowy. But there’s plenty of evidence that Ukraine may keep the upper hand.

To read this article in full, please click here

Preston Gralla

Think the video call mute button keeps you safe? Think again

4 weeks 1 day ago

Have you recently been on a video confefence call, hit the "mute" button and then offered up some nasty comments about a client or a colleague — or even the boss?

Or maybe while in a conference room with colleagues — muted — and pointed out that some proposed action would violate the terms of a secret acquisition in its final stages?

If you were comfortable that the mute button was actively protecting your secret, you shouldn't have been.

Thanks to some impressive experimentation and research from a group of academics at the University of Wisconsin-Madison and Loyola University Chicago, utterances made while the app is in mute are still captured and saved into RAM.

To read this article in full, please click here

Evan Schuman

Jamf adds network and endpoint security tools for enterprise Macs

1 month ago

Jamf has announced a series of significant updates to Jamf Protect, introducing a unique set of technologies designed to make enterprise devices more secure while also identifying and responding to incoming endpoint threats. The company also introduced, Jamf Trust, which aims to make this kind of security simple to use. (The latter is also available for Android and Windows.)

What’s new in Jamf Protect?

The big news for Mac security, Jamf Protect, now offers a comprehensive endpoint and network security solution, supplementing its existing protections with new tools for:

To read this article in full, please click here

Jonny Evans

When it comes to data, resist your inner packrat

1 month ago

Human beings are natural pack rats, as evidenced by the 2.3 billion square feet of self-storage space that's in use in the U.S. Fear of getting rid of stuff even has a name: disposophobia.

Keeping every pair of shoes your kids have ever worn isn't a problem for anyone except those with whom you share living space.

But the same rules don't apply to data.

All industries have records retention guidelines spelled out in compliance rules. They are usually strictly enforced for regulated companies, and firms that run afoul of them can be punished.

To read this article in full, please click here

Paul Gillin

In a remote-work world, a zero-trust revolution is necessary

1 month ago

Last summer, law enforcement officials contacted both Apple and Meta, demanding customer data in “emergency data requests.” The companies complied. Unfortunately, the “officials” turned out to be hackers affiliated with a cyber-gang called “Recursion Team.”

Roughly three years ago, the CEO of a UK-based energy company got a call from the CEO of the company’s German parent company instructing him to wire a quarter of a million dollars to a Hungarian “supplier.” He complied. Sadly, the German “CEO” was in fact a cybercriminal using deepfake audio technology to spoof the other man’s voice.

To read this article in full, please click here

Mike Elgan

12 Android settings that'll strengthen your security

1 month ago

You might not know it from all the panic-inducing headlines out there, but Android is actually packed with practical and powerful security options. Some are activated by default and protecting you whether you realize it or not, while others are more out of the way but equally deserving of your attention.

So stop wasting your time worrying about the Android malware monster du jour and which security company is using it to scare you into an unnecessary subscription, and take a moment instead to look through these far more impactful Android settings — ranging from core system-level elements to some more advanced and easily overlooked options.

To read this article in full, please click here

JR Raphael

California eyes law to protect workers from digital surveillance

1 month ago

The California State Assembly is considering new rules that would offer workers greater protection from the use of digital monitoring tools by employers.

The “Workplace Technology Accountability Act” (AB 1651), introduced by Assemblymember Ash Kalra, would create a way to protect workers against the use of technologies that can negatively affect privacy and wellbeing.

The bill would “establish much needed, yet reasonable, limitations on how employers use data-driven technology at work,” Kalra told the Assembly Labor and Employment Committee on Wednesday. “The time is now to address the increasing use of unregulated data-driven technologies in the workplace and give workers — and the state — the necessary tools to mitigate any insidious impacts caused by them.”

To read this article in full, please click here

Matthew Finnegan

Top 6 e-signature software tools

1 month 1 week ago

The COVID-19 pandemic did not just disrupt physical meetings and physical office spaces; workflows that relied on in-person interaction, such as signing documents and contracts, were also highly impacted. Electronic signature (e-signature) software has surged in popularity over the past two years as enterprises looked to modify their signature workflows to support a remote workforce, said Holly Muscolino, group vice president for content strategies and future of work at IDC.

With many companies returning to an in-person office environment or adopting a hybrid workforce approach, where employees work some days in the office and some at home, e-signature vendors are working to convince businesses that they are still relevant. Although the market has slowed down, Muscolino said, “it’s still showing healthy growth, because there are still companies who have not adopted this technology. There is still significant room for adoption.”

To read this article in full, please click here

Keith Shaw

When humans make tech mistakes

1 month 1 week ago

We often think vendors are perfect. They have backups. They have redundancy. They have experts who know exactly how to deploy solutions without fail. And then we see they aren’t any better than we are.

Let’s look at a few recent examples.

In the small to mid-sized business (SMB) space, StorageCraft has long been a trusted backup software vendor. One of the first to make image backups easy to do, it was used and recommended by many managed service providers. After StorageCraft was acquired by Arcserve in March 2021, there were no immediate major changes in how the company ran.

To read this article in full, please click here

Susan Bradley

April's Patch Tuesday: a lot of large, diverse and urgent updates

1 month 1 week ago

This week's Patch Tuesday release was huge, diverse, risky, and urgent, with late update arrivals for Microsoft browsers (CVE-2022-1364) and two zero-day vulnerabilities affecting Windows (CVE-2022-26809 and CVE-2022-24500). Fortunately, Microsoft has not released any patches for Microsoft Exchange, but this month we do have to deal with more Adobe (PDF) printing related vulnerabilities and associated testing efforts. We have added the Windows and Adobe updates to our "Patch Now" schedule, and will be watching closely to see what happens with any further Microsoft Office updates. 

To read this article in full, please click here

Greg Lambert
Checked
49 minutes 48 seconds ago
Computer World Security
Subscribe to Computer World Security feed

About SecurityFeeds

SecurityFeeds Logo

Tim Weil is a Security Architect/IT Security Manager with over twenty five years of IT management, consulting and engineering experience in the U.S. Government and Communications Industry.  Mr. Weil's technical areas of expertise include IT Security Management, Enterprise Security Architecture, FISMA Compliance, Identity Management, and Network Engineering. Mr. Weil is a Senior Member of the IEEE and has served in several IEEE positions.