Skip to main content
Please wait...

Russia’s iPhone ban and the digital supply chain

6 days 1 hour ago

Russia’s Kremlin ordered officials to stop using iPhones, apparently over concerns the devices could be vulnerable to Western intelligence agencies, Reuters reports. When surveillance-as-a-service firms sit exposed for brazenly undermining device security, it's hard to think there isn't an argument there. But the bigger story isn’t the harm to Apple’s small business in Russia, it's the threat to digital supply chains it shows.

To read this article in full, please click here

Patch Office and Windows now to resolve two zero-days

1 week 1 day ago

Microsoft has resolved 80 new CVEs this month in addition to four earlier CVEs, bringing the number of security issues addressed in this month's Patch Tuesday release to 84. 

Unfortunately, we have two zero-day flaws in Outlook (CVE-2023-23397) and Windows (CVE-2023-24880) that require a "Patch Now" release requirement for both Windows and Microsoft Office updates. As it was last month, there were no further updates for Microsoft Exchange Server or Adobe Reader. This month the team at Application Readiness has provided a helpful infographic that outlines the risks associated with each of the updates for this cycle.

To read this article in full, please click here

Feds to Microsoft: Clean up your security act — or else

1 week 4 days ago

The US government, worried about the continuing growth of cybercrime, ransomware, and countries including Russia, Iran, and North Korea hacking into government and private networks, is in the middle of drastically changing its cybersecurity strategy. No longer will it rely largely on prodding businesses and tech companies to voluntarily take basic security measures such as patching vulnerable systems to keep them updated.

Instead, it now wants to establish baseline security requirements for businesses and tech companies and to fine those that don’t comply.

It’s not just companies that use the systems who might eventually need to abide by the regulations. Companies that make and sell them, such as Microsoft, Apple, and others could be held accountable as well. Early indications are that the feds already have Microsoft in their crosshairs — they’ve warned the company that, at the moment, it doesn’t appear to be up to the task.

To read this article in full, please click here

Why you should use Apple’s Rapid Security Response

2 weeks 3 days ago

Mac, iPad, and iPhone users can choose to automatically install system security patches as they are released with a new Apple feature called Rapid Security Response.

Rapid Security Response aims to secure Apple’s platforms with automated security updates. The idea is that if every user automatically installs such patches, the entire ecosystem becomes inherently more secure.

Announced last year at WWDC 2022, Apple began testing the feature in October. During beta testing, it shared four content-free downloads to test its distribution system, including one recent test in March. While the feature can be enabled on devices running the latest operating system, as of this month Apple had not yet begun to ship genuine security patches.

To read this article in full, please click here

Jamf VP explains enterprise security threats — and how to mitigate them

2 weeks 4 days ago

Apple-focused device management and security vendor Jamf today published its Security 360: Annual Trends report, which reveals the five security tends impacting organizations running hybrid work environments. As it is every year, the report is interesting, so I spoke to Michael Covington, vice president of portfolio strategy, for more details about what the company found this year.

First, here's a brief rundown of some of the salient points in the report:

To read this article in full, please click here

Maybe one day every platform will be as secure as Apple

2 weeks 5 days ago

A look at the Biden Administration’s recently updated National Cybersecurity Strategy document seems to reflect some of the approaches to cybercrime Apple already employs. 

Take privacy, for example. The proposal suggests that privacy protection will no longer be something big tech can argue against – companies will be required to prioritize privacy. That’s fine if you run a business that does not require wholesale collection and analysis of user information, which has always been Apple’s approach. The best way to keep information private, the company argues, is not to collect it at all.

To read this article in full, please click here

For Apple’s enterprise success, endpoint management is the new black

3 weeks 2 days ago

Yet more data shows the acceleration of Mac adoption in the business world.

Okta’s recent Businesses at Work 2023 report shared numerous insights into the state of enterprise IT. One in particular grabbed my attention: endpoint management and security tools have become the most popular category of security product across the enterprise, with some players achieving really significant growth, partly on the back of their Mac support.

The data: Jamf Pro has seen 428% customer growth across the last four years, while smaller vendor Kandji experienced a 172% increase in its customer base in just the last year.

To read this article in full, please click here

Microsoft Intune Suite consolidates endpoint management and protection

3 weeks 3 days ago

Microsoft has launched the general availability of Microsoft Intune Suite, a consolidation of its endpoint management and security solutions to streamline protection for cloud-connected and on-premises endpoints. 

The consolidation is aimed to serve as a single vendor for all endpoint security needs for the customers to have single analytics, rather than multiple disparate datasets, with a consistent visibility to potential vulnerabilities and anomalies, according to a company blog post.

To read this article in full, please click here

Apple’s MFi scheme for USB-C is a good thing

3 weeks 3 days ago

Apple appears poised to make it more difficult to use cheap USB-C cables with its devices, and while it may well make a few dollars more from the purported plan, there are also good reasons to put the system in place.

Apple got to make a dollar or two

The claim is that Apple plans to replace Lightning ports and cables with USB-C in the iPhone 15, and when it does it will introduce a Made For iPhone (MFi) scheme for such products.  The idea is that consumers will be able to purchase cables and other devices in full confidence that they will be compatible with their iPhone.

To read this article in full, please click here

Software bugs that bug me – and how to swat them down

3 weeks 5 days ago

Nearly every day, software updates of some kind roll out for our systems. From operating systems to antivirus software, to cloud services, to hardware devices, virtually none of the technology we use is static. And with these updates come side effects and problems that sometimes take a while to get fixed.

I recently found an interesting bug that hasn’t gotten a lot of attention when I purchased a Lexmark multi-function printer. As part of the installation process, I went online to download the latest printer driver. (I always recommend going to a vendor website to grab the latest drivers because, after all, the latest software should have the latest fixes, right?) I was able to set up the printer to print, scan, and electronically fax and figured I was done for the day.

To read this article in full, please click here

Hard-to-spot Mac crypto-mining threat, XMRig, hits Pirate Bay

1 month ago

A new family of Mac malware that spreads through pirated versions of Final Cut Pro, Photoshop, and other key creative apps has been identified by the Threat Labs team at Jamf.

The new XMRig threat is a subtle cryptocurrency mining attack that has evaded detection for months. 

Piracy is bad karma, but good crypto

XMRig proliferates by attaching itself to pirated copies of creative applications, including versions of Final Cut Pro, Logic Pro X, and Adobe Photoshop. That’s the kind of "knock-off" Mac application you frequently find being distributed across peer to peer networks.

To read this article in full, please click here

EU parliamentary committee says 'no' to EU-US data privacy framework

1 month 1 week ago

The European Parliament’s Committee on Civil Liberties, Justice and Home Affairs has recommended that the European Commission reject the proposed EU-US Data Privacy Framework, which would govern the way in which the personal information of EU citizens is handled by US companies.

The committee's decision — formally, a draft motion for a resolution— represents a rejection of the European Commission’s recommendation, announced in December, that the data privacy framework should be adopted. The recommendation stated that US law now offers an “adequate” level of protection for the personal data of EU users of US companies’ services.

To read this article in full, please click here

Security tool adoption jumps, Okta report shows

1 month 1 week ago

Identity and access management (IAM) vendor Okta today released a report detailing app use and security trends among its broad user base. Among other trends it identified, the report found that zero trust security policies have become more common, and uptake of a wide range of security tools has been sharply on the rise.

Okta survyed 17,000 customers globally, and found that zero trust usage among its  clients has increased from 10% two years ago to 22% today, indicating both that the philosophy is more popular than ever and that a wide swathe of the market is still there to be captured, according to the report.

To read this article in full, please click here

Enterprise mobility 2023: UEM meets DEX

1 month 1 week ago

If there was ever any doubt about the future of unified endpoint management (UEM) as a key component of enterprise mobility strategies, the now-permanent shift to hybrid and remote work models has sealed the deal. UEM has become a critical part of enterprise efforts to manage this complex environment.

Forrester Research’s 2022 Business Technographics Infrastructure Hardware Survey shows that 28% of infrastructure hardware technology decision makers will be investing in UEM over the next 12 months. “This is in line with previous years, so we continue to see stable growth in the UEM market,” says Andrew Hewitt, senior analyst at Forrester.

To read this article in full, please click here

Download: UEM vendor comparison chart 2023

1 month 1 week ago

Unified endpoint management (UEM) is a strategic IT approach that consolidates how enterprises secure and manage an array of deployed devices including phones, tablets, PCs, and even IoT devices.

As remote and hybrid work models have become the norm over the past two years, “mobility management” has come to mean management of not just mobile devices, but all devices used by mobile employees wherever they are. UEM tools incorporate existing enterprise mobility management (EMM) technologies, such as mobile device management (MDM) and mobile application management (MAM), with tools used to manage desktop PCs and laptops.

To read this article in full, please click here

How to use Apple’s advanced iCloud security tools

1 month 1 week ago

Apple recently rolled out new iCloud security features that could help protect mobile professionals when they're on the road. The features include better iCloud data security, improved iMessage security, and more.

Here is how to use these new iCloud protections.

Secure your digital assets

No one should doubt that protecting personal or enterprise data has become more important than ever. Apple introduced Lockdown Mode for iCloud in 2022, following this up with even more protections in December and, most recently, introducing free privacy and security sessions in Apple retail stores in 2023.

To read this article in full, please click here

The best privacy and security apps for Android

1 month 1 week ago

Let's get one thing out of the way right off the bat: If you're looking for recommendations about Android security suites or other malware-scanning software, you've come to the wrong place.

Why? Because, like most people who closely study Android, I don't recommend using those types of apps at all. Android malware isn't the massive real-world threat it's frequently made out to be, and Google Play Protect and other native Android settings are more than enough to keep most devices safe.

To read this article in full, please click here

The best Android password managers

1 month 1 week ago

Protecting your online accounts is more important now than ever — and in spite of some recent high-profile hacks, relying on a third-party password manager is still the easiest and most effective way to ensure your most important credentials remain secure.

Why? It's simple: Reusing passwords puts you at a heightened risk for hacking. If someone discovers your password at just one website — via any sort of breach, be it large-scale or targeted — they can then use that same password to crack into your accounts at countless other places. It happens all the time.

To read this article in full, please click here

Qualys now supports macOS in its cloud security tools

1 month 2 weeks ago

Qualys, sometimes described as one of the pioneering SaaS vendors, has bent with the times to begin offering Mac support within its cloud security offering.

A pioneer in SaaS goes Mac

Since it launched in 1999, Qualys has traditionally offered its services to PCs, mobile devices, and cloud-native applications. The company’s original 2000 product, QualysGuard, was distinguished as one of the first to market vulnerability management tools.

To read this article in full, please click here

54 minutes 2 seconds ago
Computer World Security
Subscribe to Computer World Security feed

About SecurityFeeds

SecurityFeeds Logo

Tim Weil is a Security Architect/IT Security Manager with over twenty five years of IT management, consulting and engineering experience in the U.S. Government and Communications Industry.  Mr. Weil's technical areas of expertise include IT Security Management, Enterprise Security Architecture, FISMA Compliance, Identity Management, and Network Engineering. Mr. Weil is a Senior Member of the IEEE and has served in several IEEE positions.