Skip to main content
Please wait...

Podcast: What Apple's lawsuit against NSO Group means for digital rights

4 days 18 hours ago

Last week, Apple filed a lawsuit against NSO Group, the technology firm behind the Pegasus spyware. In its lawsuit, Apple seeks to hold NSO Group accountable for alleged surveillance of select iPhone users, as well as ban the firm from using any Apple products. While digital rights activists commend Apple for standing up for privacy rights, they say they want to ensure that the precedent set by the case applies only to bad actors and not organizations in support of user privacy. Computerworld executive editor Ken Mingis and senior reporter Lucas Mearian join Juliet to discuss what the lawsuit means for Apple, those affected by the spyware and digital rights overall.

To read this article in full, please click here

Juliet Beauchamp,

Ken Mingis,

Lucas Mearian

How to use FileVault to protect business data on Macs

4 days 20 hours ago

If you run a business on Macs (and many companies do) then you should become familiar with FileVault, the disk encryption system that's built into macOS. When used properly, it makes it extremely hard for any malicious person to access your company’s confidential data in the event your Mac is lost or stolen.

What's the problem FileVault tries to solve?

Most businesses possess various forms of sensitive data. This might include corporate  or supplier data, confidential order books, financial records, contact names and addresses, and more. That information has business value, but if compromised could also place you, your employees, or your customers at risk. In many industries, protection of such information is mandatory and legally required.

To read this article in full, please click here

Jonny Evans

Rise in employee monitoring prompts calls for new rules to protect workers

1 week ago

As remote work rose sharply during the COVID-19 pandemic, many businesses sought ways to keep track of workers no longer in the direct sight of managers. Now, with remote work strategies still in place — and office re-openings being pushed back —, the use of monitoring tools continues to grow.

In fact, the use of new and increasingly powerful technologies to manage and monitor workers has become so common that there are growing calls for regulators in the U.K. and U.S to update rules to protect employees.

“We have seen a significant increase of interest in employee monitoring technology through the pandemic,” said Helen Poitevin, VP analyst at Gartner focusing on human capital management technologies. “This continues as organizations plan for hybrid work environments, with employees working more flexibly from home and at the office.” 

To read this article in full, please click here

Matthew Finnegan

How to get more out of Edge (and bolster its security)

1 week ago

I use Edge, the built-in browser in Windows, though I’m very much in the minority. I even think it has the potential to be a better browser than Firefox or Chrome. Case in point: the recent “Super Duper Secure Mode” that has rolled out to the default Edge version after being in beta channels for several weeks. (Let’s call it the “SDSM” setting.)

As noted in a past Edge blog post, SDSM provides additional security features that allows you to disable just-in-time Javascript and then enable Controlflow-Enforcement Technology (CET) instead. Just-in-time Javascript has been used in many zero-day browser attacks in the past — thus, blocking it will help protect our systems and platforms going forward. In my testing so far, I have not seen any side effects running Edge in this mode, even when doing online shopping or banking.

To read this article in full, please click here

Susan Bradley

Apple’s NSO lawsuit targets illegal spying by oppressive regimes

1 week 4 days ago

Apple says its lawsuit against NSO Group this week is an attempt to hold the surveillance firm "accountable for ... the surveillance and targeting of Apple users." And it spared no ire in accusing the Israeli spyware company of its selling surveillance software to authoritarian governments — regardless of whether those governments use it to target dissidents, journalists, and activists.

NSO Group was already facing legal problems after messenger platform provider WhatsApp filed suit in 2019 for similar reasons. Earlier this month, the US Ninth Circuit Court of Appeals rejected the spyware company’s claim that it should be protected under sovereign immunity laws. In the high-profile case, WhatsApp alleged NSO’s spyware was used to hack 1,400 users of the messaging app.

To read this article in full, please click here

Lucas Mearian

Apple pulls no punches in lawsuit against 'amoral' NSO Group

1 week 5 days ago

Apple has punched back against the “amoral” surveillance as a service industry of smartphone snoopers, filing suit against the NSO Group and its owner, Q Cyber Technologies, and taking steps to further secure digital lives.

Why this should matter to your business

Israeli firm NSO Group is a spyware firm that provides surveillance services to governments. It effectively privatizes state-sponsored snooping and enables even the most repressive government to outsource such tasks. It has been widely reported that software from NSO Group was used to target family members of murdered Saudi journalist Jamal Khashoggi.

To read this article in full, please click here

Jonny Evans

Ransomware is a threat, even for the smallest of businesses

2 weeks ago

If I’ve heard it once, I’ve heard it a million times: “My business is too small for a cyber crook to bother with me.” Oh, my friend you are so, so wrong. No company is too big or too small for a ransomware dealer to come knocking at your virtual door.

A recent report from Webroot, The Hidden Costs of Ransomware, found the vast majority—85%—of managed service providers (MSPs) have reported attacks against small and midsized businesses (SMBs). Despite that appallingly high number, just 28% of SMBs consider ransomware a worry.

To read this article in full, please click here

Steven J. Vaughan-Nichols

A 20-second tweak for smarter, simpler Android security

2 weeks 6 days ago

Security is important. That much is obvious, right?

And despite all the over-the-top, hilariously sensational headlines suggesting the contrary, the most realistic security threats on Android aren't from the big, bad malware monster lurking in the shadows and waiting to steal your darkest secrets whilst drinking all of your cocoa.

Nope — the biggest risk to your security on Android is (drumroll, please...) you. The likelihood that you'll at some point provide personal information to an ill-intending person or fail to properly secure an account in some way is without a doubt the most realistic threat to your virtual wellbeing. Malware? Meh. That's rarely scary in anything more than a theoretical sense.

To read this article in full, please click here

JR Raphael

Microsoft releases its Windows 10 November 2021 update

2 weeks 6 days ago

Microsoft today announced the general availability of Windows 10 November 2021, also known as version 21H2, which includes new security, management, and virtualization features.

Microsoft reiterated that Windows 10 will continue to receive support until October 2025 and said the Windows 10 release cadence will join Windows 11 in returning to just one feature update a year from here on out.

The company also posted an online comparison of the features between the latest version of Windows 10 21H2 and Windows 11.

To read this article in full, please click here

Lucas Mearian

Stop looking over my shoulder!

3 weeks ago

Prospect, a 150,000-member U.K. trade union for technology professionals, recently reported that nearly one in three U.K. workers is now being monitored by their employer both at the job site and in their own homes. This is not acceptable. And it never has been.

As Prospect General Secretary Mike Clancy said, “We are used to the idea of employers checking up on workers, but when people are working in their own homes, this assumes a whole new dimension. New technology allows employers to have a constant window into their employees’ homes, and the use of the technology is largely unregulated by the government. We think that we need to upgrade the law to protect the privacy of workers and set reasonable limits on the use of this snooping technology, and the public overwhelmingly agrees with us.”

To read this article in full, please click here

Steven J. Vaughan-Nichols

Store your corporate card on an iPhone? Uh-oh

3 weeks ago

Apple and Google (and especially Visa) last week gave us yet another example of how security and convenience are often at odds with each other. And it looks like they opted for convenience.

The latest issue speaks to only a subset of iPhone and Android users — specifically, those who use their phones for mass transit payments. If you think of how subways work in a major city (I’ll use New York City as an example), they require extreme speed. Using facial recognition or entering a PIN right before paying to get on the subway would dramatically slow down the line. 

Instead of allowing authentication to happen earlier — say, perhaps within five minutes of a transaction — or by accelerating the process to a split second, Apple, Google, and Visa apparently chose to forego any meaningful authentication. (Note: I am focusing on Visa because the hole still exists for it. MasterCard and others have already patched the flaw.)

To read this article in full, please click here

Evan Schuman

Updates to Exchange and Microsoft Installer drive Patch Tuesday testing

3 weeks 3 days ago

This is a relatively light Patch Tuesday update from Microsoft, though wo significant vulnerabilities in the Windows platform (CVE-2021-38631 and CVE-2021-41371), both relating to Remote Desktop Protocol handling, have been disclosed and are lending some urgency to applying Windows updates. And we have another technically challenging update to Microsoft Exchange Server to manage as well.

To read this article in full, please click here

Greg Lambert

No, sideloading is not good for you

3 weeks 4 days ago

Apple is continuing its campaign to explain why sideloading on Apple’s devices is a bad idea.

Apple Software Vice President Craig Federighi appeared at Web Summit 2021 to passionately defend his company’s approach to platform security on iPhones. He was speaking against a clause in the EU’s Digital Markets Act that would force the company to support app sideloading on iPhones.

To read this article in full, please click here

Jonny Evans

What’s past is prologue: When code-signing in Windows 11 goes bad

4 weeks 1 day ago

Once upon a time in technology, many years ago, Microsoft previewed server software to great fanfare at a meeting of IT pros. The company demonstrated how easy it was to use the software, which would automatically install the server, email server, and SharePoint server — all in less than 30 minutes.

There was one problem: every time Microsoft went to demonstrate the server software, it would fail with an unclear error message.

Back then, I would sometimes post and answer questions in a Microsoft newsgroup. Just before Thanksgiving, I started seeing consultants trying to install the software see the same failure. One person in the forum thread figured out the issue: a specific SharePoint dll file used during the installation had a Nov. 23 expiration date. If you installed the server software before that date, you had no issues. If you tried to do it after, the installation would fail. The workaround? Go into the BIOS of the server, set the date back to before Nov. 23, install the software, then set the clock back to the correct time.

To read this article in full, please click here

Susan Bradley

What’s past is prologue: When code-signing in Windows 11 goes bad

4 weeks 1 day ago

Once upon a time in technology, many years ago, Microsoft previewed server software to great fanfare at a meeting of IT pros. The company demonstrated how easy it was to use the software, which would automatically install the server, email server, and SharePoint server — all in less than 30 minutes.

There was one problem: every time Microsoft went to demonstrate the server software, it would fail with an unclear error message.

Back then, I would sometimes post and answer questions in a Microsoft newsgroup. Just before Thanksgiving, I started seeing consultants trying to install the software see the same failure. One person in the forum thread figured out the issue: a specific SharePoint dll file used during the installation had a Nov. 23 expiration date. If you installed the server software before that date, you had no issues. If you tried to do it after, the installation would fail. The workaround? Go into the BIOS of the server, set the date back to before Nov. 23, install the software, then set the clock back to the correct time.

To read this article in full, please click here

Susan Bradley

5 Android 12 features you can bring to any phone today

1 month ago

Google's Android 12 software is packed with interesting treasures — but unless you're using one of Google's own Pixel phones, it's still a ways off from actually landing in your hands.

The tortoise-like pace of most Android updates is another subject for another day (as is the tortoise named Rupert who I'm pretty sure is responsible — that slimy-shelled rascal). Today, I want to explore some creative solutions for bringing a small but significant smidgeon of Android 12's goodness onto any device this minute.

To read this article in full, please click here

JR Raphael

5 Android 12 features you can bring to any phone today

1 month ago

Google's Android 12 software is packed with interesting treasures — but unless you're using one of Google's own Pixel phones, it's still a ways off from actually landing in your hands.

The tortoise-like pace of most Android updates is another subject for another day (as is the tortoise named Rupert who I'm pretty sure is responsible — that slimy-shelled rascal). Today, I want to explore some creative solutions for bringing a small but significant smidgeon of Android 12's goodness onto any device this minute.

To read this article in full, please click here

JR Raphael

How Apple's iCloud Private Relay creates a shadow IT nightmare

1 month 1 week ago

One can make the argument that Apple created the phenomenon of shadow IT when it introduced the iPhone and the App Store. Suddenly managers and individual users had the ability to source their own business software and services, bypassing IT departments completely. And they could do so with devices not connected to a corporate network, preventing IT from even realizing shadow IT was happening in their organizations.

To read this article in full, please click here

(Insider Story)
Ryan Faas

How Apple's iCloud Private Relay creates a shadow IT nightmare

1 month 1 week ago

One can make the argument that Apple created the phenomenon of shadow IT when it introduced the iPhone and the App Store. Suddenly managers and individual users had the ability to source their own business software and services, bypassing IT departments completely. And they could do so with devices not connected to a corporate network, preventing IT from even realizing shadow IT was happening in their organizations.

To read this article in full, please click here

(Insider Story)
Ryan Faas

Acronis gets deeper into the Apple enterprise with Addigy partnership

1 month 2 weeks ago

The burgeoning enterprise Apple space saw thousands of IT admins virtually attend this week’s JNUC event, and the week tails off with news from Addigy and cybersecurity firm Acronis.

Securing the Apple enterprise

Addigy has confirmed that its cloud-based Apple device management tools now integrate with Acronis. This integration means IT can use Addigy to extend Acronis security tools to Mac and iOS systems via Acronis Cyber Protect Cloud. The idea is to bring all this control inside one management tool.

To read this article in full, please click here

Jonny Evans
Checked
21 minutes 20 seconds ago
Computer World Security
Subscribe to Computer World Security feed

About SecurityFeeds

SecurityFeeds Logo

Tim Weil is a Security Architect/IT Security Manager with over twenty five years of IT management, consulting and engineering experience in the U.S. Government and Communications Industry.  Mr. Weil's technical areas of expertise include IT Security Management, Enterprise Security Architecture, FISMA Compliance, Identity Management, and Network Engineering. Mr. Weil is a Senior Member of the IEEE and has served in several IEEE positions.