Skip to main content
Please wait...

Slack talks up security with new encryption options, FedRAMP certification

12 hours 4 minutes ago

As Slack works to entice large organizations to deploy its channel-based collaboration app, the company is touting a variety of security upgrades, including an expanded enterprise key management (EKM) system and stronger compliance capabilities.

Among the updates announced Tuesday is the extension of EKM to give admins greater flexibility over the encryption of message data. Slack’s EKM, introduced in 2018 for Enterprise Grid customers, can now cover data sent by users accessing the Workflow Builder automation tool. The company also plans to expand EKM to messages sent in Slack Connect - the company’s  recently announced platform for multi-company conversations - when it launches later this year. 

To read this article in full, please click here

Matthew Finnegan

It's Patch Tuesday time. Make sure to have auto updates paused.

2 days 15 hours ago

If you want to join the ranks of the unpaid beta testers, please go right ahead. Don’t do anything and Patch Tuesday will find you. Make sure you tell us about any problems on AskWoody.com.

Every month we see the same pattern: Microsoft releases its Patch Tuesday regimen; the blogosphere flies into a frenzy about security holes that have to be patched right away; the patches bring bugs; the screams of imminent doom disappear as folks realize it takes a while – sometimes quite a while – for the security holes to turn into real, live exploits.

To read this article in full, please click here

Woody Leonhard

Firefox gets next-gen anti-tracking defense, stymies 'bounce' trackers

1 week 1 day ago

Mozilla today announced a new defense against advanced tracking tactics that it will be switching on in Firefox 79 starting immediately and pushing out to the remaining user base during the next few weeks.

Calling the improved technologies and techniques Enhanced Tracking Protection 2.0 – Mozilla said that ETP 2.0's primary job is to block redirect tracking, also known as bounce tracking.

[ Related: 9 steps to lock down corporate browsers ]

Trackers have been exploiting a loophole of sorts to continue following users browsing with Firefox, which enabled its first-generation ETP by default in June 2019. ETP takes a hands-off approach for first-party cookies – those tied to the site being browsed – because to do otherwise would break many of those websites or require users to, say, log in each time they returned.

To read this article in full, please click here

Gregg Keizer

Despite an unexpected monkey wrench, now is the time to install the July Windows and Office patches

1 week 5 days ago

The folks at Microsoft have pretty much exterminated the bugs they introduced in July’s patches. The Outlook-killing bug got fixed by an emergency update to Microsoft’s own servers. The Win7 .NET patch was fixed and re-released nine days after paying Win7 Extended Security customers started bellyaching.  

To read this article in full, please click here

Woody Leonhard

Microsoft Patch Alert: July 2020

1 week 6 days ago

July tends to be a leisurely month in Windows and Office patch land, and this one’s no exception.

We had a bit of a thrill July 15 when Outlook stopped working on millions of PCs all over the world, but Microsoft fixed the bug four hours later by updating its servers.

Folks who pay for Windows 7 Extended Security Updates felt rightfully miffed when the new .NET Framework 4.8 patch, KB 4565636, refused to install. Microsoft took nine days to fix the bug and re-ship the patch.

To read this article in full, please click here

Woody Leonhard

Windows Update is a bifurcated mess

2 weeks 5 days ago

This week’s “Preview” patches led to some bizarre, unexplained, and self-contradictory behavior. Here’s what we’ve been able to piece together, based on what actually happened – not on what Microsoft says is supposed to happen.

Two general sets of “Preview” patches arrived on Tuesday:

  • Optional, non-security, C/D Week Cumulative Updates for Win10 versions 1809, 1903, 1909, and various Servers, but not Win10 version 2004. Microsoft stopped distributing the C/D Week patches in March because of the “public health situation,” but started pushing them again this week.
  • July 21, 2020 Cumulative Update Previews for .NET Framework 3.5 and 4.8 on various versions of Win10. These are optional, non-security Preview patches released later in the month. Microsoft pushes Previews for .NET patches on Win10 infrequently; this year we’ve only seen two, one of them in January, the other in February.

They’re Previews, which means the fixes on offer are still in testing. Normal users shouldn’t go anywhere near them. 

To read this article in full, please click here

Woody Leonhard

At Microsoft Inspire, the new Edge browser took center stage

2 weeks 5 days ago

Disclosure:  Microsoft is a client of the author.

In the new Microsoft, Azure has – to a certain extent – taken over the center stage from the company's Windows Server platform, and the new Chromium Edge Browser has taken center stage from Windows. The ongoing COVID-19 pandemic has accelerated this result as the market rapidly turns from focusing on local hardware to using the Cloud as its primary place to do computing. 

As a result, each new browser update now feels a bit like what the old Windows refresh cycles used to feel like – but without the old compatibility drama. 

[ Related: FAQ: What the new Edge offers the enterprise ]

Microsoft Inspire took place this week, so let’s talk about the browser's new features, mostly focused on business users (now mostly working from home) that look compelling. 

To read this article in full, please click here

Rob Enderle

How to securely erase your Android device in 4 steps

2 weeks 5 days ago

It's an inevitable moment in the smartphone-owning cycle, the point at which a newer, shinier model comes along and your trusty old device is no longer needed.

Maybe your company bought you a new Android phone. Maybe your old one was getting too slow. Or maybe you just love electronics and couldn't resist the lure of whatever sexy new Android device your favorite manufacturer started selling.

Whatever the case, it's common nowadays to find yourself with an extra phone. And while there are plenty of practical uses for an old Android device, there's also a time when the best choice is to sell, donate, or otherwise pass it along.

To read this article in full, please click here

JR Raphael

Microsoft releases some 'optional, non-security, C/D Week' Win10 patches. Avoid them.

3 weeks ago

I’ve always detested Microsoft’s “optional, non-security, C/D Week” patches because they’re confusing, easy to install accidentally, rarely solve any pressing problems, and potentially introduce yet more bugs. 

Guess what? They’re back. 

As promised last month, Microsoft has started pushing them out again.

To read this article in full, please click here

Woody Leonhard

Now let’s guess what fish’s new password is

3 weeks 1 day ago

It’s COVID-19 days, and everyone at this tech company is practicing social distancing by working from home. All is fine for weeks for this pilot fish, but then his password expires.

An expired password cannot be replaced remotely, so he’s going to have to go in to the office. Fish’s boss says that the building is open, and once fish arrives, he finds it deserted and, he realizes, safer than the supermarket — no one has been inside there for weeks.

After he replaces his password, fish has an inspiration: He stops by the bathroom to grab some industrial-grade toilet paper, a product absent from store shelves for weeks.

To read this article in full, please click here

Sharky

How to get one of iOS's best new privacy features on Android

3 weeks 1 day ago

Apple's latest iOS update may have taken plenty of inspiration from Android — to put it mildly — but iPhone owners will soon enjoy one important feature that isn't anywhere to be found here in the land o' Googley devices. And it's connected to a subject that's increasingly near and dear to many of our hearts: privacy.

The iOS 14 beta includes a new system that shows a visual alert anytime an app is using a device's microphone or camera, even in the background. It's a smart bit of added privacy protection, especially since traditionally — on iOS as well as on Android — once you've granted an app access to those parts of your phone, the app is technically able to tap into 'em anytime, with or without notifying you that it's doing it.

To read this article in full, please click here

JR Raphael

Mozilla launches its first revenue-generating service, VPN for Firefox

3 weeks 2 days ago

Mozilla last week launched its virtual private network (VPN) in the U.S., Canada, the U.K. and three other countries, part of its strategy to expand revenue opportunities for its Firefox browser.

Dubbed Mozilla VPN, the service costs $4.99 per month and is available for devices running Windows and Android. Besides the U.S., Canada and the U.K., Mozilla VPN is also available in Singapore, Malaysia and New Zealand. The service will be offered on macOS and Linux devices "soon," while the iOS version is currently in beta, Mozilla said. For the monthly fee, users can access the VPN from up to five devices.

[ Related: 9 steps to lock down corporate browsers ]

Mozilla kicked off a VPN preview – then tagged Firefox Private Network – nearly a year ago that relied on a browser extension and was free to users within the U.S. The Firefox Private Network was seen as the first of the paid services Mozilla would eventually introduce – another might be online storage – in an attempt to create new revenue streams to augment what the organization is paid to make specific search engines the Firefox default.

To read this article in full, please click here

Gregg Keizer

Advisories and mitigations, oh my! Critical updates for Windows this July

3 weeks 5 days ago

This month's Patch Tuesday update from Microsoft attempts to address 123 unique security vulnerabilities including an urgent issue with Microsoft Outlook (CVE-2020-1349) and a very serious vulnerability in Windows (CVE-2020-1350). The big difference this month is that a “Patch Now” (as in right now-now) effort may not be enough. With average update cycles measured in weeks for most organizations, rapid mitigation strategies are required. Microsoft has offered registry-based fixes, some suggested code-based fixes, and a request to simply stop using certain features.

To read this article in full, please click here

Greg Lambert

It's Patch Tuesday; make sure you pause Windows Updates

4 weeks 2 days ago

Yes, with Windows you have to get patched sooner or later. No, you don’t have to do it right away.

Every month Microsoft releases buggy Patch Tuesday patches. Every. Single. Month. Every month we’re admonished to get patched right now, lest the bad guys start mining PCs for juicy morsels. Every month we see the same hype, with the same results.

To read this article in full, please click here

Woody Leonhard

Most bugs in Microsoft's June patches have been fixed; go ahead and patch

1 month ago

The most obvious problem with June patches was a conflict between Microsoft’s latest version of Windows and Microsoft’s latest version of Office (er, Microsoft 365) Click-to-Run: If you installed patches as soon as they came out, Outlook wouldn’t run. That bug got cleared up when Microsoft fixed Office a week later, even though Windows was to blame.

We also saw a bunch of belated patches for printers that didn’t work after installing the June Windows updates.

To read this article in full, please click here

Woody Leonhard

13 privacy improvements Apple announced at WWDC

1 month 1 week ago

Apple continues to focus on the challenge of providing tech-driven convenience while protecting customer privacy in its upcoming operating system releases. Here are all the privacy-related improvements to expect in iOS 14, macOS 11 and iPad.

Why privacy matters

Fundamentally, the challenge with mobile technologies is the sheer quantity of personal data that can be collected and used against people. A smartphone, for example, knows when it is picked up, how often, how high, by whom, who it is in contact with, which websites you visit and much, much more.

To read this article in full, please click here

Jonny Evans

Microsoft Patch Alert: June 2020

1 month 1 week ago

There's never a dull moment for folks who try to keep Windows and Office patched.

Windows 10 version 2004 continues to make slow inroads among the “Go ahead and kick me” crowd, in spite of its (now documented) lack of update deferral settings, while those of us who are still trying to keep Win10 versions 1909, 1903 and 1809 afloat have our hands full.

June saw two truly innovative patching methods: A fix for a Windows bug delivered as an update to Office Click-to-Run and a fix for a different Windows bug delivered through the Microsoft Store.

If you can’t fix things the normal way, I guess there’s always the back door.

The two printer bugs

All of the Win10 cumulative updates in June broke some printers, some of the time. The damage fell into two heaps:

To read this article in full, please click here

Woody Leonhard

Apple Watch's planned handwashing reminder feature? I don't trust it

1 month 1 week ago

When Apple rolled out its planned changes for iOS 14 and its companion WatchOS 7– both are expected to be available for download in mid-September – it included a variety of interesting tweaks. Two stood out as especially interesting: a COVID-friendly Watch handwashing app and an enterprise-IT-friendly facial recognition app for video cameras and doorbells.

The more straight-forward effort is positioned as a consumer feature, where video camera and doorbell apps within iOS will be able to identify visitors by name if they happen to appear within a user's photo library. It sounds rather cool for a consumer app, but I'm not sure how valuable it is. My doorbell app, for example, instantly shows me live video of the person at the door, so I can have a realtime conversation with whoever is there.

To read this article in full, please click here

Evan Schuman
Checked
49 minutes 46 seconds ago
Computer World Security
Subscribe to Computer World Security feed

About SecurityFeeds

SecurityFeeds Logo

Tim Weil is a Security Architect/IT Security Manager with over twenty five years of IT management, consulting and engineering experience in the U.S. Government and Communications Industry.  Mr. Weil's technical areas of expertise include IT Security Management, Enterprise Security Architecture, FISMA Compliance, Identity Management, and Network Engineering. Mr. Weil is a Senior Member of the IEEE and has served in several IEEE positions.