Skip to main content
Please wait...

Apple needs to act against fake app-privacy promises

8 hours 27 minutes ago

Apple will need to become more aggressive in how it polices the privacy promises developers make when selling apps in the App Store. What can enterprise users do to protect themselves and their users in the meantime?

What’s the problem?

Some developers continue to abuse the spirit of Apple’s App Store Privacy rules. This extends to posting misleading information on App Privacy Labels, along with outright violation of promises not to track devices. Some developers continue to ignore do-not-track requests to exfiltrate device-tracking information.

To read this article in full, please click here

Jonny Evans

A penchant for patching: After 20 years, the system’s still a mess

4 days 9 hours ago

As a Microsoft Patch Lady, I’ve been patching computers and servers for more than 20 years. We started with a process that wasn’t well planned. We had no set day or time for when patches were released, and no way to centrally manage and deploy updates. Over the years Microsoft has moved to a more dependable deployment plan and the ability to manage updates through platforms ranging from Windows Update to Windows Software Update Services to Cloud services.

So things should be better now, right? We’ve had 20 years to get this right.

And yet, here’s what I’ve seen regarding patching in just the last week.

We are now on three months and counting of continuing issues with printing caused by patches. (This month included yet another fix for another print spooler vulnerability.) I’ve seen businesses dealing with new side effects directly impacting printing and, interestingly enough, these are businesses that didn’t have problems with earlier updates. This month, Windows 10 peer-to-peer networks appear to be the most affected. (FYI: The trigger for all of these printer issues seems to be older Type 3 printer drivers. Moving to type 4 drivers might help if that’s an option for you.)

To read this article in full, please click here

Susan Bradley

Legacy apps are at risk with the September Patch Tuesday update

1 week ago

This week's Patch Tuesday was an unusual update from Microsoft and we have added Windows, the Microsoft development platform, and Adobe Reader to our "Patch Now" schedule.

These updates are driven by the zero-day patch (CVE-2021-40444) to the core Microsoft browser library MSHTML. In addition to leading to significant remote code execution worries, this update may also lead to unexpected behaviours in legacy applications that depend on or include this browser component. Be sure to assess your portfolio for key apps that have these dependencies and perform a full functionality test before deployment. (We have identified some key mitigation strategies for handling ActiveX controls and for protecting your system during your testing and deployment phases.)

To read this article in full, please click here

Greg Lambert

It’s been a big week for patches

1 week 1 day ago

This week brought updates that I consider critical for the “Big Three” — my operating system (Windows), my browser (Google Chrome) and my phone (from Apple). All three releases patch major zero-day vulnerabilities on all three platforms.

While I strongly recommend that you patch Chrome and your iPhone as soon as possible, I always recommend that you hold back on updating Windows. That remains true — at least until we see whether there are any trending side effects from the Patch Tuesday updates.

Let’s break down the patching to do right away.

First, prioritize patching Apple devices. Among this week’s patches is one for Pegasus spyware, which can open up access to the camera and microphone as well as text messages, phone calls, and emails.  iPhones, in particular, have been targeted. Apple typically pushes these updates overnight if your phone is plugged in and charging (and connected to the Internet). If you want to make sure your iPhone has received the update, click on Settings, then General, then tap Software Update. Typically, after my iPhone updates, some apps may need passwords again. I personally try to save critical ones in the iCloud keychain. Look for patches for iOS 14.8 and iPad OS 14.8, and Security Update 2021-005 for macOS Catalina and Big Sur 11.6.

To read this article in full, please click here

Susan Bradley

Windows 11: Just say no

1 week 1 day ago

It will be one thing, say, later this year or in 2022, to buy a new PC with Windows 11. We can be reasonably certain that Windows 11 will run on your new Dell, HP, or Lenovo PC. Maybe some of your drivers and programs won't run, but Windows 11 itself? No problem.

But, if you want to update your existing computers, especially those that have a few years on them — that’s another story. It's difficult to know whether any given computer will run Windows 11, which arrives Oct. 5. Yes, there's Microsoft's PC Health Check app and other programs to determine whether you can run Windows 11. But Microsoft pulled it the first time around and I'm none too sure how reliable it is this time around.

To read this article in full, please click here

Steven J. Vaughan-Nichols

Apple hits the alarm with multi-OS emergency update to patch zero-click flaw

1 week 3 days ago

Apple on Monday issued emergency security updates for iOS, macOS and its other operating systems to plug a hole that Canadian researchers claimed had been planted on a Saudi political activist's device by NSO Group, an Israeli seller of spyware and surveillance software to governments and their security agencies.

Updates to patch the under-active-exploit vulnerability were released for iOS 14; macOS 11 and 10, aka Big Sur and Catalina, respectively; iPad OS 14; and watchOS 7.

According to Apple, the vulnerability can be exploited by "processing a maliciously crafted PDF," which "may lead to arbitrary code execution." The phrase "arbitrary code execution" is Apple's way of saying that the bug was of the most serious nature; Apple does not rank threat level of vulnerabilities, unlike operating system rivals such as Microsoft and Google.

To read this article in full, please click here

Gregg Keizer

Apple backs off controversial child-safety plans

3 weeks ago

In a surprise Friday announcement, Apple said it will take more time to improve its controversial child safety tools before it introduces them.

More feedback sought

The company says it plans to get more feedback and improve the system, which had three key components: iCloud photos scanning for CSAM material, on-device message scanning to protect kids, and search suggestions designed to protect children.

To read this article in full, please click here

Jonny Evans

Podcast: Windows 11 overview: Hardware requirements, security updates and upgrade confusion

3 weeks 1 day ago

Microsoft will launch Windows 11 on October 5, but not every PC will be eligible for an immediate upgrade. Rollout will last well into 2022 for machines that meet the necessary hardware requirements, and Windows 10 will be supported through October 2025. But, there's still some confusion about what hardware is required to support Windows 11's beefed up security measures. Computerworld executive editor Ken Mingis and contributing editor Preston Gralla join Juliet to discuss Windows 11 security, whether it will require new hardware and what IT needs to know before upgrading. 

To read this article in full, please click here

Juliet Beauchamp,

Preston Gralla,

Ken Mingis

Windows 11 overview: Hardware requirements, security updates and upgrade confusion

3 weeks 1 day ago
Microsoft will launch Windows 11 on October 5, but not every PC will be eligible for an immediate upgrade. Rollout will last well into 2022 for machines that meet the necessary hardware requirements, and Windows 10 will be supported through October 2025. But, there's still some confusion about what hardware is required to support Windows 11's beefed up security measures. Computerworld executive editor Ken Mingis and contributing editor Preston Gralla join Juliet to discuss Windows 11 security, whether it will require new hardware and what IT needs to know before upgrading.

How to go incognito in Chrome, Edge, Firefox, and Safari

3 weeks 1 day ago

Private browsing. Incognito. Privacy mode.

Web browser functions like those trace their roots back more than a decade, and the feature — first found in a top browser in 2005 — spread quickly as one copied another, made tweaks and minor improvements.

Protect Your Privacy

But privacy-promising labels can be treacherous. Simply put, going "incognito" is as effective in guarding online privacy as witchcraft is in warding off a common cold.

To read this article in full, please click here

Gregg Keizer

Triggered by email? Some thoughts on how to stay safe

3 weeks 4 days ago

I got an email the other day, and it was nearly impossible for me to tell at first whether it was legitimate. Given that some vulnerabilities can gain access to your system if you merely preview an email in Outlook, I get nervous. But I do need to determine when an email is safe.

First and foremost, a healthy dose of skepticism is important. Always ask yourself whether the platform you're using is patched and ready to fend off attacks. If, for instance, you’re still using a version of Outlook that’s no longer supported, you are at risk; never open an unexpected email in an unpatched Office suite. You’re better off migrating to a newer email client that offers better protection. There are many third-party email clients that can be useful alternatives to Outlook. Thunderbird, eM Client, and Mailbird are three options I’ve found to be good — if you simply need light email and calendaring.

To read this article in full, please click here

Susan Bradley

What is Windows Hello? Microsoft’s biometrics security system explained

3 weeks 4 days ago

Windows Hello is a biometrics-based technology that enables Windows 10 users (and those who update to Windows 11) to authenticate secure access to their devices, apps, online services and networks with just a fingerprint, iris scan or facial recognition. The sign-in mechanism is essentially an alternative to passwords and is widely considered to be a more user friendly, secure and reliable method to access critical devices, services and data than traditional logins using passwords.

“Windows Hello solves a few problems: security and inconvenience,” said Patrick Moorhead, president and principal analyst at Moor Insights & Strategy. “Traditional passwords are unsafe as they are hard to remember, and therefore people either choose easy-to-guess passwords or write down their passwords.”

To read this article in full, please click here

Matt Kapko,

Matthew Finnegan

Apple: It's time to bolster supply chain security

4 weeks 1 day ago

Supply chains are vulnerable to cyberattack and for the good of your business, it's time to move to secure them as best you can, according to Apple and the White House.

Apple to secure the tech supply chain

That’s one item of news to emerge following a high-level cybersecurity meeting between US President Joseph Biden and big tech firms, including Apple, IBM, Microsoft, Google, Amazon, and others. Most of the companies who attended the meeting have since announced plans to beef-up security resilience and awareness, with a focus on training and security awareness.

To read this article in full, please click here

Jonny Evans

The Windows print nightmare continues for the enterprise

1 month ago

Okay, Microsoft, we need to talk. Or rather, we need to print. We really do. We aren’t all paperless out here in the business world — many of us still need to click the Print button inside our business applications and print things out on an actual sheet of paper, or send something to a PDF printer. But over the last several months you’ve made it near impossible to stay fully patched and keep printing.

Case in point: the August security updates.

Microsoft made a change in how Group Policy printers are handled when it changed the default Point and Print behavior to address “PrintNightmare” vulnerabilities affecting the Windows Print Spooler service. As noted in KB5005652, “by default, non-administrator users will no longer be able to do the following using Point and Print without an elevation of privilege to administrator:

To read this article in full, please click here

Susan Bradley

How to protect your privacy in Windows 10

1 month ago

There has been some concern that Windows 10 gathers too much private information from users. Whether you think Microsoft's operating system crosses the privacy line or just want to make sure you protect as much of your personal life as possible, we're here to help. Here's how to protect your privacy in just a few minutes.

Note: This story has been updated for the Windows 10 May 2021 Update, version 21H1. If you have an earlier release of Windows 10, some things may be different.

[ Further reading: 15 ways to speed up Windows 10 ] Turn off ad tracking

At the top of many people's privacy concerns is what data is being gathered about them as they browse the web. That information creates a profile of a person's interests that is used by a variety of companies to target ads. Windows 10 does this with the use of an advertising ID. The ID doesn't just gather information about you when you browse the web, but also when you use Windows 10 apps.

To read this article in full, please click here

Preston Gralla

How to use iCloud Keychain to audit your passwords

1 month 1 week ago

Reports of a massive 100 million account data leak at T-Mobile should encourage any Apple user to double-check password and account security. Here's how to do that using Keychain.

iCloud Keychain to the rescue

Apple’s built-in password manager is called iCloud Keychain. It securely stores your saved account information such as account names and passwords across all your signed-in devices. It will automatically enter this information for you when you access an app or service.

To read this article in full, please click here

Jonny Evans

Apple’s botched CSAM plan shows need for digital rights

1 month 1 week ago

From the NSO Group’s ghastly iPhone hack to Apple’s recently revealed system to scan user devices, it’s time to put an end to the endless mission creep from tech convenience to surveillance.

Apple fixes one problem, creates another

Take Apple, for example. The brouhaha surrounding its decision to invent a technology to scan user images for CSAM material has apparently “surprised” the company.

To read this article in full, please click here

Jonny Evans

Apple's anti-porn overreach — good intent, bad execution

1 month 2 weeks ago

Oh, Apple. Can't you weigh into anything without making a mess?

The latest: Apple wants to use its extensive powers to fight child pornography. As is typical, the company  has good intentions, wants to advance a great goal — and then uses such overreach as to give people dozens of reasons to oppose them. To paraphrase the old adage, the road to hell in this case starts at One Apple Park Way. Alternatively, think of Cupertino as where good ideas go to become monstrous executions.

This started last week with Apple announcing plans to do something to slow down child pornography and children being taken advantage of. Fine, so far. Its tactics include telling parents when their offspring download nude or otherwise erotic imagery. Before we get into the technology aspects of all of this, let's briefly consider the almost infinite number of ways that this could go bad. (Maybe that's where the old Apple headquarters got its Infinity Loop name.)

To read this article in full, please click here

Evan Schuman
Checked
52 minutes 28 seconds ago
Computer World Security
Subscribe to Computer World Security feed

About SecurityFeeds

SecurityFeeds Logo

Tim Weil is a Security Architect/IT Security Manager with over twenty five years of IT management, consulting and engineering experience in the U.S. Government and Communications Industry.  Mr. Weil's technical areas of expertise include IT Security Management, Enterprise Security Architecture, FISMA Compliance, Identity Management, and Network Engineering. Mr. Weil is a Senior Member of the IEEE and has served in several IEEE positions.